/srv/irclogs.ubuntu.com/2010/12/26/#ubuntu-server.txt

=== coxn_ is now known as coxn
=== chrisjuric_ is now known as chrisjuric
DramaHey, I have a Ubuntu-Server and I have a question regarding security-updated. I just successfully tried to exploit my Apache. There is information about a vulnerabilitie on USN but my server doesnt suggest to update anything! (Although I have security.ubuntu in my sourcelist)02:07
DramaWhy Ubuntu dont suggest security-updates?02:08
lenioswhat's your apache version?02:11
RoyKDrama: is this a new exploit?02:11
DramaRoyK: No.http://www.ubuntu.com/usn/usn-1021-102:13
chrisjuricdoes anyone know how to configure a base password for root on slapd (openldap?) i wasnt promted to choose on upon installation of apt-get install slapd02:14
chrisjuricthaks02:15
=== chrisjuric is now known as chris-im
patdk-lapdidn't realize openldap had a base password02:15
chris-imwell it should ask u for a root one for it. im just trying to login with phpldapadmin02:15
leniosDrama, what's your installed apache version?02:16
chris-imis there away i can set one up after the fact?02:16
Dramalenios: 2.2.1402:18
leniosfull version02:18
qman__dpkg -l | grep apache202:19
Dramanow I updated using a deb to 2.2.14-5ubuntu8.402:19
leniosubuntu8.4 should be on repositories02:20
Dramawhen i run apt-get upgrade i saw   linux-headers-generic linux-headers-server linux-image-server 0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.02:21
lenioswhat does "apt-cache policy apache2-common | grep -v Candidate" returns02:21
leniosafter an apt-get update02:21
qman__my servers are running ubuntu8.402:21
Dramalenios: sure02:22
patdk-lapI see ubuntu8.4 in apt here02:22
patdk-lapand I have default installed sources02:22
qman__same02:22
Dramalenios: apache2-common:   Installed: (none)   Version table:02:22
leniosapache2 then02:23
Drama*** 2.2.14-5ubuntu8.4 0         500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages02:24
leniosthen you'll get it from repositories02:25
patdk-lapI show it in security and in updates02:25
Dramamh strange oO02:25
patdk-lapyou didn't forget an apt-get update did you? :)02:25
Dramapatdk-lap: mh nope ... but its almost 4 am maybe i rly did -.-02:27
Dramaill get some sleep thx!02:33
uvirtbotNew bug: #694398 in cyrus-sasl2 (main) "FTBFS in Natty" [Undecided,New] https://launchpad.net/bugs/69439802:56
MoroccoNight here..03:17
=== jpds is now known as Guest12343
AnAntHello, how can I disable an LDAP account without deleting it ?07:46
AnAntI am using OpenLDAP07:46
joschiAnAnt: assign an invalid password, e. g. just '!' instead of a password hash08:08
AnAntjoschi: ok, but I think the problem of this method is that if the user had already put his SSH key on some machine, he will still be able to login to that machine without password08:10
joschiAnAnt: not with a non-interactive shell like /bin/false or /sbin/nologin08:10
AnAntjoschi: so I shuld change the shell too08:10
joschiAnAnt: if you have users, which use another authentication mechanism than passwords, yes08:11
joschiAnAnt: generally it also depends on what kind of users you're talking about08:11
joschiAnAnt: system users, users for specific services with their own login mechanism, etc.08:11
AnAntjoschi: ok, I used ldapmodifyuser to change the pasword to !, but it is still a hash08:15
joschiAnAnt: yeah, because you entered '!' as password which is being hashed by ldapmodifyuser08:15
AnAntso, what should I do ?08:15
AnAntjoschi: ^08:16
joschiAnAnt: use ! instead of a hashed password. or just try to assign another shell. maybe that's sufficient for your needs08:17
AnAntjoschi: I mean, how do I use ! instead of hashed password ? ldapmodifyuser seems to hash '!' when I enter it08:18
joschiAnAnt: change the value with ldapmodify08:19
AnAntok08:19
AnAntjoschi: same result with ldapmodify08:27
AnAntjoschi: ah, removing userPassword field from the user works ! Thanks !08:31
cyclobshey guys, having trouble installing ubuntu server 10.10 tried USB and cd with same result. keeps coming up with a base install error. might need more info then that for yous. lol08:53
cyclobsusing 64bit08:56
=== chrisjuric_ is now known as chrisjuric
chrisjuricanyone active?09:28
Patrickdknever09:28
chrisjuricanyone know the best protocol to network wtth OSX snowleopard machnes... samba, ldap, afp?09:32
clustychrisjuric: to exchange files ?09:39
chrisjuricya basically as a NAS... set up shared drives09:40
chrisjuric... but with authentications etc.09:41
clustychrisjuric: i am using both AFP and SAMBA09:42
cyclobs10.04.1 failed too :S09:42
clustyprefer AFP since autoumount does not throw an annoying window when losing connectivity09:42
chrisjuricany guides or links how to set up that up... are u using AFP for osx computers and SAMBA for windows? pointing to the same shares??....09:43
cyclobswhy wont server 64bit install :S09:43
chrisjuricya how do you use disable that error message.09:43
chrisjuricsoo annoying09:43
clustychrisjuric: linux shares all it can share. mac os can mount whatever it wants (usually AFP cause i also added an entry for bonjour to advertise services properly)09:44
clustylemme look for it09:44
chrisjurici got this guide. but looking for more cause its usually tricky..09:44
chrisjurichttp://www.kremalicious.com/2008/06/ubuntu-as-mac-file-server-and-time-machine-volume/09:45
clustychrisjuric: you need to give up if you find that tricky. linux might not be your thing09:45
clustybut it became easier09:45
clustyno need to recompile AFP09:45
clustyanymore09:45
clustyand no need to tweak share options either, just shares09:46
clustychrisjuric: start sweating and if you run into trouble ask, and somebody will help09:46
chrisjuriclol dont worrie i wont give up over this lol... its just new to me...09:48
chrisjuricthanks.09:49
clustychrisjuric: i'll stick around for some 30min more so you can ask. starting with installing afp (sudo apt-get install netatalk)09:49
chrisjuricim away from the serv just fishing for info... its almost 5am here i gatta hit the hay... im just learning netowrking/server admin (ubuntu) as a side project sorta. im a web developer thats looking to take up better business organization practises basically.09:50
chrisjuricwant to get a little centralized network going for storing git repo's , staging sites, backups etc09:51
chrisjuricjust toying as of now. no production deadline to install a huge company wide network or anything huge.09:51
cemcif I want TRIM support on Lucid, which kernel is recommended from here?: http://kernel.ubuntu.com/~kernel-ppa/mainline/ ? I need 2.6.33+11:53
aegisHi all...  Does anyone know of a sever base ebay auction sniper for ubuntu that utilizes a web interface?13:23
Slyboots_Hi; and a Merry Christmas to everyone ;)14:03
Slyboots_Hm.. Im currently using vnc4server for my VNC needs; but an application I use needs XRender support.. but Im somewhat confused on how to actually enable it14:09
Slyboots_Id ont have an Xorg configuration file (its a headerless server with just X11-core installed (with Fluxbox)14:09
Slyboots_Anyone? :D14:25
uvirtbotNew bug: #694493 in postfix (main) "postfix default installation yields errors with encrypted user directories" [Undecided,New] https://launchpad.net/bugs/69449314:41
=== veovis_muaddib is now known as veovis_away
uvirtbotNew bug: #669371 in openssh (main) "Getting MAC corruption every first time I use ssh in some way" [Undecided,New] https://launchpad.net/bugs/66937116:10
uvirtbotNew bug: #694518 in cyrus-sasl2 (main) "saslauthd can't be started after installation" [Undecided,New] https://launchpad.net/bugs/69451817:11
KartiHi all, is it better to give  server a fixed IP rather than lock it down to a fixed ip address from within a dhcp server ? Cheers17:13
gobbefixed is better, if you dhcp server is down atleast your server has ip17:19
Kartigobbe, Good comment thanks17:31
gobbeKarti: but it's more like a safe case, of course it's much easier to change whole subnet when using dhcp but i would go with fixed ip's on servers17:32
Kartigobbe, Happy with that. I have stated along that line now so the dhcp going down is a good point17:34
EnzoplexHello everyone. I have a minor issue and not sure how it started. Whenever I restart my home server, my /etc/resolv.conf is "erased". Here is the output of my /etc/resolv.conf:18:00
Enzoplex# Generated by NetworkManager18:01
EnzoplexJust that one line18:01
gobbedisable networkmanager18:01
gobbeEnzoplex: did you use server installation for that?18:02
EnzoplexYes18:02
gobbeyou could either remove whole package18:02
gobbeor just sudo update-rc.d NetworkManager remove18:02
EnzoplexThanks gobbe. Let me reboot and see how that comes along. BRB.18:04
KartiEnzoplex, is the resolv.conf not recreated each time the network is restarted? I was under the impression that you could add the details to /etc/network/interfaces (however I am just learning :) )18:06
gobbeKarti: if you have static networking resolv.conf should not be recreated every boot18:06
gobbein every boot18:06
gobbethat's just feature of networkmanager18:07
Kartigobbe, so if I delete resolv.conf from a server that has iface eth0 inet static then it doesnt matter that its there?18:09
gobbewhat is there?18:09
gobbeif you delete it, you cannot access anything with names18:09
Kartisorry.....if I delete the resolv.conf will it matter that it doesnot exist?18:13
gobbewell. if it's not there you cannot access anything with names18:14
gobbebecause DNS-servers are configured in resolv.conf18:14
gobbe:-)18:14
Kartigobbe, sorry to be a pain.....but as I am still learning this, I have added these details to my /netwok/interfaces18:16
Kartidns-nameservers 192.168.220.218:16
Kartibut in my resolv.cong I have nameservers 192.168.220.218:17
gobbeaah, ok18:17
gobbeyou can use that also18:17
KartiI thought this would stop the resolv.conf changing ech time18:17
gobbethat's one possible way18:17
Kartior at least not have an effect18:17
KartiI was just looking for the most effective as there are a number of ways to do it in Google :)18:18
=== jbernard_ is now known as jbernard
gobbeKarti: yes. that's one way to do it, and maybe even better :-)18:18
gobbeKarti: but i'm old school and using just plain resolv.conf :-D18:18
Kartilol What I might have got it right!!18:19
KartiAdmittedly its all VM but what better way to learn :)18:19
tonyyarussoDoes anyone know if there is a plan for when Ubuntu will make Python 3 the default?  (Or is it already in Natty?)18:24
Kartigobbe, Many thanks for the help earlier :)18:26
Enzoplexgobbe: I rebooted a few times, and I have removed 'network-manager-kde' along with running the update-rc.d command.18:29
EnzoplexStill using the blank /etc/resolv.conf18:29
EnzoplexHow do I reconfigure my network so that a new config is taken?18:30
EnzoplexSomething is telling it to remove it all.18:30
gobbeEnzoplex: you need to change it also18:46
gobbeEnzoplex: add there your nameservers18:46
gobbeEnzoplex: nameserver x.y.z.y18:46
gobbeEnzoplex: or add line dns-nameserver x.y.z.y to /etc/network/interfaces18:46
Nafallogobbe: that that options in /e/n/i actually do anything without the package resolvconf installed?18:49
gobbehmmh18:51
EnzoplexI'm on my server now, I have a working /etc/resolv.conf.GOOD that I cp after every reboot.18:53
EnzoplexI just added the nameservers to the /etc/network/interfaces file.18:53
Delerium_Hi, I just got a brand new system and I'm trying to install Ubuntu Server 10.10.  Problem is: Ubuntu don't see my HD, while Windows 7 does.  It's a SATA 6GB.  Does Ubuntu server support Sata 6gb ?18:57
qman__Delerium_, it's not really a matter of supporting SATA 3, it's a matter if your disk controller is supported by the linux kernel version in ubuntu 10.1018:58
qman__step one is finding out what controller it is18:58
qman__step two is looking up whether it has linux support at all, and if it does, when it was added to the kernel18:59
Delerium_qman__: K, the onctroller is a "Marvel"19:00
qman__you'll have to find an exact model number19:01
qman__e.g. Silicon Image Sil311419:01
patdk-laplspci :)19:01
qman__most manufacturers still make their hardware for windows, not for linux19:03
qman__so when you buy a machine to run linux, you need to make sure it's compatible before you buy19:03
qman__compatibility is pretty good, but the bleeding edge, brand new stuff is still risky19:04
Delerium_I should have think of that before, you are right19:04
qman__it may just be that support exists but wasn't added until a newer kernel version19:05
qman__in which case you can probably work around it by netbooting the installer with the updated kernel19:05
qman__but you may have to wait a while before drivers exist, too19:06
davros-? is it possiable to install or does server come with the ubantu GUI?19:06
qman__davros-, ubuntu server does not have a GUI installed, you can add one later if you really want to, but it's not recommended19:06
Delerium_qman: Thanks, I will reboot to get the right model, and come back soon19:06
davros-ok thx19:06
davros-thats fine i guess i have desktop for the gui then :)19:08
qman__you can install it, and it will work fine, but it adds significant overhead and increases your attack surface, and doesn't add any real benefit to administering a server19:09
davros-ahh ok....19:09
qman__servers should be configured to the bare minimum, do what you need and that's it19:10
qman__it keeps your performance high and risk of compromise low19:10
davros-ya cuz y would you really need a gui on a server lol19:10
davros-cool i'm gonna set up an apache and hosting server soon19:12
davros-file hosting19:13
Delerium_Ok, so controller is a Marvell 88se91xx19:22
qman__a quick google shows that at least some chips in that family have linux drivers19:27
Delerium_That's what I saw, I'm still googling around ;) Anyways, It's a box I setup for testing purpose, server, new os, and I'm in vacation for the whole week, so no rush at all19:29
Delerium_just playing around with new tech ;)19:29
qman__from what I19:31
qman__I've seen, marvell is pretty good when it comes to linux support, so I'd expect it to work out of the box when 11.04 releases19:31
qman__it might work if you netboot/USB boot a newer kernel19:31
monotokohi guys, can anyone help me set up nameservers?19:32
=== monotoko is now known as Monotoko
Delerium_qman: Thanks, I'll try this wit a more recent kernel19:35
MonotokoI have 2 dedicated IP addresses and a dedicated server....but I'm not sure how to configure the IP's as nameservers so domains can hit my server19:36
Delerium_qman: got it to work!19:36
Delerium_qman: in the BIOS, set the Marvell Controle to AHCI instead of IDE19:36
qman__ah19:37
qman__you want AHCI anyway19:37
qman__IDE mode is just a compatibility trick for older systems like XP19:37
Delerium_That's what I just read... damn... I haven't been playing with PC for more than 4 years... Kind of lost a bit19:38
patdk-laphehe :)19:50
patdk-lapya, not using ahci is like 4years old :)19:50
patdk-lapmonotoko, I have no idea what you want :)19:51
patdk-lapyou have a server, and it has 2 ip's19:51
patdk-lapnow you want to be able to use dns on that server? or you want other people to access your server to look up stuff?19:51
Monotokosay someone has a domain19:52
MonotokoI want them to be able to point to my nameservers19:52
Monotokoand those to point the domain to my server19:53
patdk-lapok, so you just need to run a dns server on your ip19:53
patdk-lapand have people set the ns to your name, in their glue records at their domain registar19:54
patdk-lapnormally you would name it something easy for them to remember, like, ns1.example.com19:54
Delerium_Another little question, not ubuntu related, but you know the answer: I dual boot with Ubunber Server + Windows 7. I have 500gigs in free space that I want to use to share VM for both OS, is that possible?20:02
Delerium_like using FAT32, so both OS can see the VM ?20:02
Monotokoits possible using virtualbox20:12
Monotokoas it is a cross-platform system20:13
Delerium_That's what I tought, thank Monotoko20:20
MonotokoDelerium_,  :) make sure you get the PUEL version and not the OSE on the Linux side20:21
Monotokoyou will need to download the debs from the website20:21
Delerium_Mono: Thanks ;)  I'll give it a try20:24
yann2hi! has anyone tried using the "tmt" package lately? it seems quite broken to me, but it might be my parameters21:17
yann2tct sorry21:18
=== squishy is now known as SquishyNotHere
=== SquishyNotHere is now known as squishy
ziesemerHow can I validate that a X509 private key belongs to a given public certificate?  Thinking I should be able to use certtool, but only get "Error in DER parsing errors".  Otherwise, is there another channel I should be asking in?23:07

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!