| === macd_ is now known as macd | ||
| pteague | is there any way i can fix the fact that i seem to keep getting error messages about stale nfs file handles? | 00:44 |
|---|---|---|
| uvirtbot | New bug: #320988 in samba (main) "error in libnss_wins.so causes NetBeans 6.5 to crash" [Undecided,New] https://launchpad.net/bugs/320988 | 00:45 |
| Hellsheep | Hey | 04:33 |
| Hellsheep | How do i use the Samba file server? | 04:34 |
| methods | how do i install vim without adding gnome support etc... ? | 05:33 |
| rdw200169 | methods, i think it's vim-nox package | 05:35 |
| rdw200169 | methods, i.e. vim No X | 05:35 |
| methods | cool | 05:35 |
| rdw200169 | methods, so it doesn't require ubuntu-desktop, etc... | 05:35 |
| methods | yea i was about to say.... | 05:35 |
| methods | so basically instead of having diff repos etc.. they just have diff packages ? | 05:36 |
| rdw200169 | what do you mean? | 05:36 |
| ScottK | The vim package doesn't require X | 05:36 |
| methods | i mean like in gentoo you have diff profiles | 05:36 |
| methods | but here you simply have diff versions of packages | 05:37 |
| rdw200169 | methods, ah, yes, debian package management is different | 05:37 |
| rdw200169 | methods, while vim-full has gvim, and X Server dependencies, vim-nox does not | 05:37 |
| ScottK | Neither does the vim package. | 05:38 |
| ScottK | sudo apt-get install vim is all you need to do. | 05:39 |
| rdw200169 | ah yeah, i missed that, there is a 'just vim' package | 05:39 |
| methods | why would "swapon /swap" tell me it's not permitted ? | 05:53 |
| ScottK | Because your doing it with insufficient permissions maybe? | 05:58 |
| methods | no | 05:59 |
| === picturesque is now known as domas | ||
| diggernet | anyone around with RAID experience? | 07:47 |
| domas | ghm | 07:48 |
| domas | yeah | 07:48 |
| domas | depends on what kind of RAID | 07:48 |
| domas | right | 08:05 |
| === picturesque is now known as domas | ||
| * [gnubie] waves.. | 08:57 | |
| [gnubie] | is the sysklogd and klogd == syslogd ? | 08:59 |
| domas | no | 09:01 |
| domas | klogd intercepts kernel messages and logs them somewhere (probably to syslog then) | 09:01 |
| [gnubie] | domas: i installed a base ubuntu-server 8.0.4.2 lts and there is no syslogd but there was klogd and sysklogd.. what happened to syslogd? | 09:09 |
| domas | ergh, sorry, sysklogd package provides you syslogd | 09:10 |
| domas | klogd package provides you klogd | 09:10 |
| [gnubie] | domas: if i am going to replace the old syslog way with syslog-ng, does it mean that i only have to remove the sysklogd? | 09:18 |
| domas | try installing it | 09:18 |
| domas | :) | 09:18 |
| [gnubie] | any cares to package the latest syslog-ng <http://www.balabit.com/downloads/files/syslog-ng/sources/3.0.1/source/> to ubuntu 8.0.4.2? | 09:45 |
| domas | well, 2.0 is packaged | 09:49 |
| [gnubie] | yes | 10:05 |
| domas | \o/ I FOUND MY PROBLEM | 10:15 |
| domas | "Under sustained, heavy disk and network I/O, Sun Fire X4140/X4240 servers might fail with a “soft lockup” displayed on the console or by hanging. The root cause is traced to the Nvidia ’forcedeth’ Ethernet driver. This problem might occur with the LSI HBA controller, but could also affect other disk controllers. This problem might occur with Red Hat Enterprise Linux version 5, but might also affect other implementations and vers | 10:15 |
| domas | ions of Linux." | 10:15 |
| Nafallo | sunfail | 10:16 |
| domas | these boxes are awesome, if not this problem | 10:17 |
| domas | now that I know at least two workarounds... | 10:17 |
| domas | heh, product notes are awesome | 10:22 |
| domas | "Sun Fire X4240/X4440 Quad-Core Systems Have Hypertransport Sync Flood Error Under High IO Load " | 10:22 |
| maswan | has anyone ever had anything nice to say about forcedeth? :) | 10:25 |
| domas | hehehe | 10:25 |
| * domas is all ecstatic atm | 10:25 | |
| quizme | hey can somebody go to www.fuseme.com? What do you see? "Please come back soon? " Or an apache error page ? | 10:54 |
| hads | atelnet: Unable to connect to remote host: Connection refused | 10:56 |
| domas | <3 cutting branch you're sitting on: http://p.defau.lt/?iznLpg0WfyDqq_BxsQ4BNw | 10:59 |
| kraut | moin | 11:04 |
| domas | moinmoin | 11:04 |
| DawnLight | LVM on intrepid question: i'm on a custom kernel that my xen host provided me with that has dm_mod as a module which i load via /etc/modules. the /dev/{volume group} files don't get created. help? | 12:11 |
| JessicaParker | if it an easy job to make the ubutu server secure ? | 12:34 |
| Deeps | from a fresh install it is secure | 12:35 |
| Deeps | it's what you do afterwards that makes it potentially insecure | 12:35 |
| JessicaParker | ok ive got a few books on this topic as well so if i follow through these procedures i should be ok ? | 12:36 |
| JessicaParker | im neither a linux nor apache expert | 12:36 |
| ivoks | JessicaParker: define 'secure' | 12:36 |
| domas | JessicaParker: read up on AppArmor, you can make your server really really secure within a days work or so | 12:36 |
| domas | =) | 12:36 |
| JessicaParker | dont have credit card information on the server nor any personal damaging personal details | 12:36 |
| Jeeves_ | you can turn it off, that's secure :) | 12:37 |
| ivoks | JessicaParker: that depends on application | 12:37 |
| ivoks | not the server | 12:37 |
| domas | I find AppArmor incredibly useful for running any untrusted code | 12:37 |
| ivoks | i agree | 12:37 |
| ivoks | there's also mod_security for apache | 12:38 |
| ivoks | (not in ubuntu; license issues) | 12:38 |
| domas | there's mod_apparmor too | 12:38 |
| JessicaParker | im going to be running drupal | 12:38 |
| JessicaParker | which is relatively secure | 12:38 |
| ivoks | mod_apparmor? | 12:38 |
| domas | run mediawiki! | 12:38 |
| domas | ivoks: ye, it allows changing hats based on URIs, etc | 12:39 |
| ivoks | didn't know about that one | 12:39 |
| JessicaParker | im the only one that is going to have access to the server remotely | 12:40 |
| JessicaParker | and i was going to block all eastern block ips as well | 12:40 |
| domas | ghm | 12:40 |
| ivoks | JessicaParker: take a look at denyhosts for securing ssh | 12:40 |
| ivoks | eastern? | 12:40 |
| domas | would you block me too? | 12:40 |
| ivoks | what's eastern? | 12:40 |
| domas | this is a bit harsh | 12:40 |
| ivoks | i'm on the europe's east | 12:40 |
| JessicaParker | former eastern european countries including russina, romania, | 12:40 |
| domas | 'former eastern european countries' | 12:41 |
| domas | lol | 12:41 |
| domas | they're still in eastern europe, doh | 12:41 |
| JessicaParker | well now they are europe ? | 12:41 |
| domas | or do you think tectonic shift happened and they moved west? | 12:41 |
| ivoks | domas: maybe JessicaParker moved west :) | 12:41 |
| ivoks | or east | 12:41 |
| domas | moved east | 12:41 |
| domas | so countries became western! | 12:41 |
| ivoks | so, once west, now they are east :D | 12:41 |
| JessicaParker | i think i mean former ussr | 12:42 |
| JessicaParker | excluding romania | 12:42 |
| ivoks | JessicaParker: you won't achive anything with that | 12:42 |
| domas | what is wrong with former ussr? | 12:42 |
| JessicaParker | i though a lot of hacking dos attacks came from there | 12:42 |
| domas | have you ever seen how Estonia or Lithuania looks like nowadays? :) | 12:43 |
| JessicaParker | https://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=16849 | 12:43 |
| JessicaParker | it happened to our payment provider | 12:43 |
| domas | well, you can block RBN if you want ;-) | 12:43 |
| JessicaParker | im in europe | 12:44 |
| rdw200169 | at least they kept the mongols at bay ;) | 12:44 |
| JessicaParker | not been there but told its ok | 12:44 |
| JessicaParker | but corruption is very high | 12:44 |
| domas | corruption very high? | 12:44 |
| JessicaParker | the amount of | 12:44 |
| domas | *shrug* | 12:45 |
| JessicaParker | and they arent very developed because half of them are now in london | 12:45 |
| domas | well, I for one am in Lithuania | 12:45 |
| JessicaParker | no offence dude, very hard working cultures | 12:45 |
| JessicaParker | we have a lot of Eastern Europeans in london | 12:46 |
| JessicaParker | any way about making secure ubuntu server | 12:47 |
| ivoks | interesting | 12:47 |
| ivoks | i'm from croatia | 12:47 |
| JessicaParker | ok | 12:47 |
| ivoks | will i get baned too? :) | 12:47 |
| JessicaParker | well it was just a thought | 12:47 |
| domas | *shrug*, quite a few of my friends did their masters in LSE | 12:47 |
| domas | are they ones you're talking about? :) | 12:48 |
| ivoks | JessicaParker: anyway, this article is about spam | 12:48 |
| JessicaParker | given there are a lot of underemployed intelligent people over in EE (the ones that dont make it to London! ) and higher wages to be earned from illegal stuff | 12:48 |
| ivoks | JessicaParker: more spam comes from USA then all eastern european countries :) | 12:48 |
| JessicaParker | no it was a DOS attach | 12:48 |
| ivoks | "We'd received loads of emails like this"... | 12:49 |
| JessicaParker | they had to re-route the traffic | 12:49 |
| domas | 155mbps is nothing %) | 12:49 |
| domas | that is minor news item for us :) | 12:49 |
| ivoks | one i was ddoes from israel | 12:49 |
| ivoks | of course, i didn't block whole israel | 12:49 |
| domas | it is not that distributed, if you can identify a country ;-) | 12:49 |
| ivoks | i blocked only the attacker :) | 12:50 |
| ivoks | right | 12:50 |
| ivoks | it was dos | 12:50 |
| JessicaParker | owever, during that time Malik contacted his ISP Pipex who were already threatening to "black hole" his website as the attack was impacting the whole Pipex network and asked them to implement a Cisco Guard solution which effectively rerouted all traffic and cleaned it of the malicious traffic being generated by the crippling denial of service | 12:50 |
| domas | I used to run 25k sized IRC network once, damn, pissing off any child could have resulted in DDoS :) | 12:51 |
| domas | once one guy managed to DDoS my 1mbps dsl with few hundred megabits of traffic | 12:51 |
| ivoks | ubuntu-hr.org is under ddos whole time | 12:51 |
| ivoks | it just has nice iptables rules :) | 12:52 |
| JessicaParker | about securing the server though | 12:52 |
| JessicaParker | it should be a relatively simple task ? just follow the instructions | 12:52 |
| domas | depends on level of security you want to achieve | 12:52 |
| JessicaParker | in the books / web | 12:52 |
| domas | best solutions are always custom-tailored :) | 12:52 |
| JessicaParker | just enough that no-one uses the email for spam | 12:52 |
| ivoks | JessicaParker: if you want secure server, you have to understand security | 12:52 |
| ivoks | and then follow howtos | 12:53 |
| JessicaParker | i understand some stuff | 12:53 |
| JessicaParker | like ip tables | 12:53 |
| JessicaParker | root access | 12:53 |
| ivoks | otherwise, you just render you server unusfull | 12:53 |
| domas | we used to get lots of security consultants telling our website CMS was broken and they could edit pages. | 12:53 |
| domas | they offered their services to fix our CMS. | 12:53 |
| ivoks | you want to block lots of countires, that's a fact that tells me that you are very week on understanding the security | 12:53 |
| domas | should I tell the site name? :) | 12:53 |
| JessicaParker | it was just a first line of defence | 12:54 |
| ivoks | that's not a line | 12:55 |
| JessicaParker | i read a list of stuff somewhere like disabling wget, hiding the apache edition, changing ports on remote connection | 12:55 |
| ivoks | what stops attacker from russia to take over a server in london and crack you down? | 12:55 |
| JessicaParker | opening only the ports that are required | 12:55 |
| JessicaParker | that i cant do anything about | 12:55 |
| ivoks | that's obsecurity, not security | 12:55 |
| JessicaParker | i understand that | 12:56 |
| JessicaParker | any particular areas i should be looking at more ? | 12:56 |
| JessicaParker | disabling unessary services | 12:56 |
| ivoks | by default, ubuntu doesn't open any ports | 12:56 |
| domas | put anything network-talking into apparmor jails, easy | 12:56 |
| ivoks | it's up to you to decide what you'll open | 12:56 |
| JessicaParker | Configuring Host-Based Access Restrictions . . | 12:57 |
| rdw200169 | a strong iptables firewall is still the best defense | 12:57 |
| ivoks | right | 12:57 |
| domas | lies | 12:57 |
| JessicaParker | ok that im reading more around and in detail so i understand what is going on ? | 12:57 |
| domas | firewalls are useless ;-) | 12:58 |
| rdw200169 | why do you say that? | 12:58 |
| domas | just don't run anything exposed to outside and you won't need a firewall! :) | 12:58 |
| ivoks | domas: not true | 12:58 |
| ivoks | domas: syn flood attacks? | 12:58 |
| JessicaParker | even u experts seem to be debating the basic security set up | 12:58 |
| JessicaParker | what hope is there | 12:58 |
| domas | I'd just go and have a cup of coffee in case of those ;-) | 12:58 |
| rdw200169 | i've always run a firewall, no matter what | 12:58 |
| rdw200169 | even if i'm behind a NAT | 12:59 |
| rdw200169 | security aside, -j LOG targets are waay to useful to give up | 13:00 |
| domas | *shrug*, I still believe, that packets aren't as threatening as payload ;-) | 13:00 |
| rdw200169 | can we 'agree to disagree', though, that security is daemon specific in 99% of the situations | 13:01 |
| domas | :) | 13:01 |
| domas | so true | 13:01 |
| rdw200169 | for example, security goes up 10-fold with a secure SSH server, i.e., strong authentication | 13:02 |
| rdw200169 | as does using sudo instead of root | 13:03 |
| rdw200169 | /192.168.0.201/PUBLIC/ /media/music cifs rw,mand,noexec,nosuid,nodev,user=randy,uid=randy,password=######,user 0 0 | 13:04 |
| rdw200169 | whoops, wront one | 13:04 |
| rdw200169 | wrong# | 13:04 |
| ivoks | haha | 13:04 |
| ivoks | and all the security goes down the toilet :D | 13:05 |
| domas | anyway, most of attacks will be via insecure PHP code anyway :) | 13:07 |
| rdw200169 | that's why i use only http for 99% of what i do ;) | 13:07 |
| rdw200169 | html i mean | 13:08 |
| rdw200169 | that and wiki spamming | 13:08 |
| ivoks | domas: and weak passwords | 13:11 |
| domas | once I ran email service for ~500k users, and more than 10% of passwords were 1234... sequences :) | 13:11 |
| ivoks | biggest security hole comes from social hacking :) | 13:11 |
| JessicaParker | ok weak passwords and insecure php will go on my list | 13:13 |
| ivoks | lol | 13:13 |
| rdw200169 | and just give up on setting up a mail server; for small applications google-apps can do it for you for free | 13:14 |
| ivoks | one can set up a really good mail server on ubuntu | 13:14 |
| rdw200169 | you can get a pseudo google mail account linked to a domain | 13:15 |
| JessicaParker | i need an outbound smtp | 13:15 |
| JessicaParker | and the host does not provide mail relay servers | 13:15 |
| JessicaParker | i did not want to use mail at all | 13:15 |
| JessicaParker | but my options seemed to be limited - i know mail configuration is tricky to say the least | 13:16 |
| JessicaParker | it is just for outbound | 13:16 |
| ivoks | that's easy | 13:16 |
| rdw200169 | gods, for what? | 13:16 |
| ivoks | postfix with disabled smtp | 13:16 |
| rdw200169 | what's the difference b/w using a local mail server and a smtp server out there on the internet? | 13:18 |
| JessicaParker | can i use any smtp server ? do you have to pay to use one ? | 13:23 |
| rdw200169 | that's what I was driving at, google apps provides smtp services | 13:24 |
| JessicaParker | as there is like automatic password reset, notification emails for the customers, etc | 13:24 |
| domas | JessicaParker: local postfix instance would do just fine | 13:24 |
| JessicaParker | ok thank you - that would solve the problems | 13:24 |
| JessicaParker | but arent google worried about spammers using it ? | 13:25 |
| domas | you'd have to configure SMTP authentication for your applications, what may be quite painful :) | 13:25 |
| domas | though of course, you can do that with postfix yet again | 13:25 |
| rdw200169 | true, that's the only drawback | 13:25 |
| domas | feed emails to local postfix queue, and have postfix use google as smarthost | 13:25 |
| JessicaParker | i think drupal comes with options to add a smtp connection so as long as i can use that, it will be fine | 13:26 |
| rdw200169 | domas, but what what about reverse dns problems? | 13:26 |
| rdw200169 | domas, my provider won't do reverse dns for me | 13:26 |
| domas | rdw200169: so I say, use postfix to feed emails into google ;-) | 13:26 |
| rdw200169 | domas, then, i didn't know you could do that | 13:27 |
| rdw200169 | domas, i always used the sendemail package | 13:27 |
| JessicaParker | thanks guys that has really resolved a major headache " port 587 with tls" | 13:27 |
| JessicaParker | and there is a smtp module for drupal | 13:27 |
| domas | smtp_sasl_auth_enable (no) | 13:27 |
| domas | Enable SASL authentication in the Postfix SMTP client. | 13:27 |
| domas | :) | 13:27 |
| domas | rdw200169: you can do pretty much everything with postfix %) | 13:29 |
| ivoks | postfix rulez | 13:32 |
| domas | once I had a server that was listening on multiple IPs, masquerading as multiple servers, etc - and the guy who was taking over asked why it was done that way | 13:32 |
| domas | the answer was very simple - so that other SMTP servers would think there're multiple servers and process queues much faster | 13:33 |
| domas | there were certain other mailhubs that were feeding with hundreds of emails a second :) | 13:33 |
| rdw200169 | yeah, a while back i really gave up on setting up a mail server; i got tired of the mail i sent either being mis-routed or ending up in spam because of the lack of SRV records and reverse DNS resolution, etc... | 13:35 |
| rdw200169 | real pain. | 13:35 |
| rdw200169 | i think i'll stick with trying to get Unicode + LaTeX working the way i want ;) | 13:38 |
| ivoks | what's so hard with that? | 13:38 |
| rdw200169 | Korean Unicode + Ascii Unicode + Koma-Scripts | 13:39 |
| ivoks | oh, korean... | 13:39 |
| rdw200169 | i finally got it recently | 13:39 |
| rdw200169 | my problem, was that i didn't want to write LaTeX, i wanted to use the LaTeX output form sphinx or docutils; because I write in reStructured Tex | 13:40 |
| rdw200169 | *Text | 13:40 |
| rdw200169 | xetex + explicit font declarations (mainfont sansfont and monofont) finally worked | 13:41 |
| rdw200169 | now i can use all the document classes i want, i.e. KOMA, article, python, etc... | 13:41 |
| orogor | hi here , anyone know<s what sthe default setting for the ubuntu memory split ? becaus ei do have 4Gb of ram and i see a commitlimit of 2GB ? | 14:15 |
| domas | orogor: actually, depends on kernel, with server kernel you'd be able to address 2.5G | 14:17 |
| domas | PAE lowers the amount a bit | 14:17 |
| orogor | shouldn t i use the 1/3gb memory split ? | 14:18 |
| domas | well, there's difference between how much userland can use in total, and how much can one program address | 14:22 |
| orogor | domas, as i understand first step is anyway to install linux sqerver to better take advantage of the 4gb | 14:25 |
| domas | ubuntu server kernel uses PAE | 14:25 |
| uvirtbot | New bug: #321091 in bacula (universe) "Probleme de dependance" [Undecided,Confirmed] https://launchpad.net/bugs/321091 | 14:26 |
| orogor | domas, not sure i need that , i run an amd64 | 14:26 |
| domas | orogor: then you don't need to care about memory split? | 14:27 |
| orogor | the commit limit is the total adressable limit when is because i currently use a 2/2 split , no ? | 14:28 |
| domas | you can address as much as you want on amd64 | 14:28 |
| domas | see, you're no longer bound by 32-bit constraints, are you? :) | 14:29 |
| orogor | well , no | 14:29 |
| orogor | domas, http://rafb.net/p/mgZBeH18.html | 14:30 |
| domas | CommitLimit is only adhered to if strict overcommit accounting is enabled.. | 14:33 |
| domas | it is calclated by vm.overcommit_ratio * physical ram | 14:33 |
| orogor | hooo, didn t knew that | 14:33 |
| domas | it is in meminfo documentation | 14:34 |
| domas | \o/ CommitLimit: 17487052 kB | 14:34 |
| orogor | hehe | 14:34 |
| domas | doesn't make sense though | 14:34 |
| orogor | well sometime strict overcommit is good | 14:34 |
| domas | I don't get the reasoning here | 14:35 |
| domas | CommitLimit: 17487016 kB | 14:35 |
| domas | machine has 32GB of memory, and isn't running anything | 14:35 |
| rdw200169 | wow, that's a lot of ram! | 14:35 |
| domas | check http://p.defau.lt/?bnzeja85kFZQ5c6uvZN_Yw | 14:35 |
| domas | heh, can try looking at busy server | 14:35 |
| domas | here: busy box: http://p.defau.lt/?gPpiBwTBBzP4s7ymi_qlwQ | 14:36 |
| domas | so, CommitLimit means nada | 14:36 |
| domas | rdw200169: recently I was working on a box with 320GB of memory | 14:37 |
| orogor | it does, it prevent process to run crazy | 14:37 |
| domas | orogor: well, my processes are 31GB sized on 32GB boxes ;-) | 14:37 |
| rdw200169 | yay 64 bit, then! | 14:39 |
| domas | indeed | 14:39 |
| domas | I was very very happy when first opterons arrived | 14:39 |
| rdw200169 | bollocks to intel... | 14:39 |
| domas | well, indeed, AMD was kickass at that time | 14:39 |
| rdw200169 | they still are! | 14:40 |
| domas | mmm, intel was ahead with quadcores | 14:40 |
| ivoks | still? | 14:40 |
| rdw200169 | yes, of course, but for me, AMD is cheaper | 14:40 |
| ivoks | amd is inferior to intels | 14:40 |
| orogor | i need to buy 2x32gb system for the office | 14:40 |
| orogor | need server consolidation with vmware | 14:40 |
| ivoks | iirc, intel lowered prices ~50% for quad core | 14:40 |
| domas | woodcrest was ahead | 14:41 |
| rdw200169 | only b/c AMD exists | 14:41 |
| ivoks | of course | 14:41 |
| rdw200169 | if there's no market competition... | 14:41 |
| domas | though our new boxes are AMDs | 14:41 |
| domas | not that I care too much about CPU performance | 14:41 |
| domas | it is all mostly I/O and RAM and such :) | 14:41 |
| rdw200169 | 6 months ago, you could build a quad-core AMD desktop for under $900, fantastic | 14:42 |
| rdw200169 | well... a lot less if you wanted to e-bay and newegg yourself to death... | 14:44 |
| orogor | trying reboot with server kernel | 14:48 |
| uvirtbot | New bug: #321185 in mysql-dfsg-5.1 (universe) "Package mysql-server-5.1 failed to install: tried to ovewrite `/usr/sbin/mysqld', witch is already in package mysql-server-core-5.0" [Undecided,New] https://launchpad.net/bugs/321185 | 16:55 |
| notez | Yo, How do I reset video effects back off? I enabled it and now I can't see nothing on the screen but white | 18:37 |
| notez | but I can click stuff and see the mouse icon | 18:37 |
| ivoks | wrong channel, goto #ubuntu | 18:37 |
| notez | on serve | 18:37 |
| notez | server | 18:38 |
| ivoks | there are no video effects on server | 18:38 |
| notez | well | 18:38 |
| ivoks | there is no graphic interface on server | 18:38 |
| notez | I got gui inatLLEED | 18:38 |
| notez | gnome | 18:38 |
| notez | or w/e it's called | 18:38 |
| ivoks | then you have ubuntu desktop, not server | 18:38 |
| andol | Anyone feel like taking a look at my suggested solution to bug #296952? | 19:14 |
| uvirtbot | Launchpad bug 296952 in mysql-dfsg-5.0 "mysqlhotcopy failed on table with hyphen in name" [Undecided,Confirmed] https://launchpad.net/bugs/296952 | 19:14 |
| uvirtbot | New bug: #321233 in bind9 (main) "Failed to install upgrade package" [Undecided,New] https://launchpad.net/bugs/321233 | 19:55 |
| === Mohammad[B] is now known as |boozary | ||
| === Mohammad[B] is now known as iqson716 | ||
| RainCT | Hi | 21:07 |
| RainCT | I've setup a Hardy box to authenticate through LDAP (on another Hardy box) and sudo/su/etc work fine, but GDM lets the users login even if the password is wrong. | 21:08 |
| RainCT | Any idea? | 21:08 |
| RainCT | yeha, nvm, got it :) | 21:20 |
| andol | RainCT: What was the problem? | 21:25 |
| RainCT | I had "auth sufficient pam_unix.so nullok_secure auth sufficient pam_ldap.so use_first_pass" in /etc/pam.d/common-auth | 21:26 |
| RainCT | andol: changing that to "auth sufficient pam_ldap.so nullok_secure auth requried pam_unix.so use_first_pass" fixed it | 21:26 |
| andol | yes, I can see how two sufficient and no required can cause trouble :) | 21:27 |
| RainCT | hehe | 21:28 |
| * RainCT doesn't know how all this PAM stuff works :P | 21:28 | |
| andol | RainCT: Well, once get friendly with PAM it allows you to do all kinds of creative and useful stuff :) | 21:29 |
| === |boozary is now known as Mohammad[B] | ||
| JessicaParker | how do i open up port 465 | 21:47 |
| RainCT | JessicaParker: Open it where? On a firewall, router..? | 21:48 |
| JessicaParker | firewall but i dont think ive configured one | 21:48 |
| JessicaParker | i will also need to look at the router - thanks for that i will do that........so need help with firewall | 21:49 |
| RainCT | you could check if there's some unwanted iptables rule.. not sure how that's done, though (perhaps man iptables will help) | 21:49 |
| JessicaParker | at the moment on the firewall i have 3306 , 80 631 and 25 open | 21:50 |
| andol | JessicaParker: what firewall do you use? | 21:50 |
| JessicaParker | not sure | 21:51 |
| JessicaParker | :) | 21:51 |
| JessicaParker | it came as standar | 21:51 |
| JessicaParker | standard | 21:51 |
| JessicaParker | if any | 21:51 |
| RainCT | afaik there is no firewall by default | 21:51 |
| JessicaParker | ok then no firewall but......i thought that controlled the ports that are open ? | 21:51 |
| JessicaParker | it could be the router then ? | 21:51 |
| RainCT | ports are "open" if something is listening on them and they are not blocked | 21:52 |
| andol | JessicaParker: Is your computer/server directly on a public IP or is behind some kind of router on a NAT, using an internal ip-address? | 21:53 |
| JessicaParker | router | 21:54 |
| JessicaParker | internal ip | 21:54 |
| JessicaParker | so when i do a netstat i get a few open ports | 21:55 |
| JessicaParker | not everything is open | 21:55 |
| JessicaParker | still getting the following SMTP Error: Could not connect to SMTP host. | 21:57 |
| JessicaParker | ok opened all the ports | 22:09 |
| JessicaParker | still get the same problem | 22:09 |
| JessicaParker | can anyone assist ? | 22:09 |
| kansan__ | sudo: unable to resolve host ec2-174-129-X.compute-1.amazonaws.com | 22:16 |
| kansan__ | what does that mean, and should i be worried? | 22:16 |
| brundlefliege | hi guys - running ubuntu 8.10 - can i use the /etc/ssl/private/ssl-cert-snakeoil.key for my server cert needs? or should i generate my own (if I am wrong and the said key is not automatically generated upon my individual installation that is)? | 22:43 |
| jtaji | brundlefliege: there's nothing wrong with using the snakeoil cert | 22:43 |
| brundlefliege | ok thanks | 22:44 |
| brundlefliege | why is it named "snakeoil" - is it because i am "lame" because i didn't generate it myself? | 22:45 |
| brundlefliege | lol | 22:45 |
| jtaji | it's a dumb name really :p | 22:45 |
| brundlefliege | good to know ;) i thought it would be related to this http://www.faqs.org/faqs/cryptography-faq/snake-oil/ | 22:46 |
| jtaji | no not at all | 22:46 |
| brundlefliege | yeah thanks again :) | 22:48 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!