[02:07] <Drama> Hey, I have a Ubuntu-Server and I have a question regarding security-updated. I just successfully tried to exploit my Apache. There is information about a vulnerabilitie on USN but my server doesnt suggest to update anything! (Although I have security.ubuntu in my sourcelist)
[02:08] <Drama> Why Ubuntu dont suggest security-updates?
[02:11] <lenios> what's your apache version?
[02:11] <RoyK> Drama: is this a new exploit?
[02:13] <Drama> RoyK: No.http://www.ubuntu.com/usn/usn-1021-1
[02:14] <chrisjuric> does anyone know how to configure a base password for root on slapd (openldap?) i wasnt promted to choose on upon installation of apt-get install slapd
[02:15] <chrisjuric> thaks
[02:15] <patdk-lap> didn't realize openldap had a base password
[02:15] <chris-im> well it should ask u for a root one for it. im just trying to login with phpldapadmin
[02:16] <lenios> Drama, what's your installed apache version?
[02:16] <chris-im> is there away i can set one up after the fact?
[02:18] <Drama> lenios: 2.2.14
[02:18] <lenios> full version
[02:19] <qman__> dpkg -l | grep apache2
[02:19] <Drama> now I updated using a deb to 2.2.14-5ubuntu8.4
[02:20] <lenios> ubuntu8.4 should be on repositories
[02:21] <Drama> when i run apt-get upgrade i saw   linux-headers-generic linux-headers-server linux-image-server 0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
[02:21] <lenios> what does "apt-cache policy apache2-common | grep -v Candidate" returns
[02:21] <lenios> after an apt-get update
[02:21] <qman__> my servers are running ubuntu8.4
[02:22] <Drama> lenios: sure
[02:22] <patdk-lap> I see ubuntu8.4 in apt here
[02:22] <patdk-lap> and I have default installed sources
[02:22] <qman__> same
[02:22] <Drama> lenios: apache2-common:   Installed: (none)   Version table:
[02:23] <lenios> apache2 then
[02:24] <Drama> *** 2.2.14-5ubuntu8.4 0         500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
[02:25] <lenios> then you'll get it from repositories
[02:25] <patdk-lap> I show it in security and in updates
[02:25] <Drama> mh strange oO
[02:25] <patdk-lap> you didn't forget an apt-get update did you? :)
[02:27] <Drama> patdk-lap: mh nope ... but its almost 4 am maybe i rly did -.-
[02:33] <Drama> ill get some sleep thx!
[03:17] <Morocco> Night here..
[07:46] <AnAnt> Hello, how can I disable an LDAP account without deleting it ?
[07:46] <AnAnt> I am using OpenLDAP
[08:08] <joschi> AnAnt: assign an invalid password, e. g. just '!' instead of a password hash
[08:10] <AnAnt> joschi: ok, but I think the problem of this method is that if the user had already put his SSH key on some machine, he will still be able to login to that machine without password
[08:10] <joschi> AnAnt: not with a non-interactive shell like /bin/false or /sbin/nologin
[08:10] <AnAnt> joschi: so I shuld change the shell too
[08:11] <joschi> AnAnt: if you have users, which use another authentication mechanism than passwords, yes
[08:11] <joschi> AnAnt: generally it also depends on what kind of users you're talking about
[08:11] <joschi> AnAnt: system users, users for specific services with their own login mechanism, etc.
[08:15] <AnAnt> joschi: ok, I used ldapmodifyuser to change the pasword to !, but it is still a hash
[08:15] <joschi> AnAnt: yeah, because you entered '!' as password which is being hashed by ldapmodifyuser
[08:15] <AnAnt> so, what should I do ?
[08:16] <AnAnt> joschi: ^
[08:17] <joschi> AnAnt: use ! instead of a hashed password. or just try to assign another shell. maybe that's sufficient for your needs
[08:18] <AnAnt> joschi: I mean, how do I use ! instead of hashed password ? ldapmodifyuser seems to hash '!' when I enter it
[08:19] <joschi> AnAnt: change the value with ldapmodify
[08:19] <AnAnt> ok
[08:27] <AnAnt> joschi: same result with ldapmodify
[08:31] <AnAnt> joschi: ah, removing userPassword field from the user works ! Thanks !
[08:53] <cyclobs> hey guys, having trouble installing ubuntu server 10.10 tried USB and cd with same result. keeps coming up with a base install error. might need more info then that for yous. lol
[08:56] <cyclobs> using 64bit
[09:28] <chrisjuric> anyone active?
[09:28] <Patrickdk> never
[09:32] <chrisjuric> anyone know the best protocol to network wtth OSX snowleopard machnes... samba, ldap, afp?
[09:39] <clusty> chrisjuric: to exchange files ?
[09:40] <chrisjuric> ya basically as a NAS... set up shared drives
[09:41] <chrisjuric> ... but with authentications etc.
[09:42] <clusty> chrisjuric: i am using both AFP and SAMBA
[09:42] <cyclobs> 10.04.1 failed too :S
[09:42] <clusty> prefer AFP since autoumount does not throw an annoying window when losing connectivity
[09:43] <chrisjuric> any guides or links how to set up that up... are u using AFP for osx computers and SAMBA for windows? pointing to the same shares??....
[09:43] <cyclobs> why wont server 64bit install :S
[09:43] <chrisjuric> ya how do you use disable that error message.
[09:43] <chrisjuric> soo annoying
[09:44] <clusty> chrisjuric: linux shares all it can share. mac os can mount whatever it wants (usually AFP cause i also added an entry for bonjour to advertise services properly)
[09:44] <clusty> lemme look for it
[09:44] <chrisjuric> i got this guide. but looking for more cause its usually tricky..
[09:45] <chrisjuric> http://www.kremalicious.com/2008/06/ubuntu-as-mac-file-server-and-time-machine-volume/
[09:45] <clusty> chrisjuric: you need to give up if you find that tricky. linux might not be your thing
[09:45] <clusty> but it became easier
[09:45] <clusty> no need to recompile AFP
[09:45] <clusty> anymore
[09:46] <clusty> and no need to tweak share options either, just shares
[09:46] <clusty> chrisjuric: start sweating and if you run into trouble ask, and somebody will help
[09:48] <chrisjuric> lol dont worrie i wont give up over this lol... its just new to me...
[09:49] <chrisjuric> thanks.
[09:49] <clusty> chrisjuric: i'll stick around for some 30min more so you can ask. starting with installing afp (sudo apt-get install netatalk)
[09:50] <chrisjuric> im away from the serv just fishing for info... its almost 5am here i gatta hit the hay... im just learning netowrking/server admin (ubuntu) as a side project sorta. im a web developer thats looking to take up better business organization practises basically.
[09:51] <chrisjuric> want to get a little centralized network going for storing git repo's , staging sites, backups etc
[09:51] <chrisjuric> just toying as of now. no production deadline to install a huge company wide network or anything huge.
[11:53] <cemc> if I want TRIM support on Lucid, which kernel is recommended from here?: http://kernel.ubuntu.com/~kernel-ppa/mainline/ ? I need 2.6.33+
[13:23] <aegis> Hi all...  Does anyone know of a sever base ebay auction sniper for ubuntu that utilizes a web interface?
[14:03] <Slyboots_> Hi; and a Merry Christmas to everyone ;)
[14:09] <Slyboots_> Hm.. Im currently using vnc4server for my VNC needs; but an application I use needs XRender support.. but Im somewhat confused on how to actually enable it
[14:09] <Slyboots_> Id ont have an Xorg configuration file (its a headerless server with just X11-core installed (with Fluxbox)
[14:25] <Slyboots_> Anyone? :D
[17:13] <Karti> Hi all, is it better to give  server a fixed IP rather than lock it down to a fixed ip address from within a dhcp server ? Cheers
[17:19] <gobbe> fixed is better, if you dhcp server is down atleast your server has ip
[17:31] <Karti> gobbe, Good comment thanks
[17:32] <gobbe> Karti: but it's more like a safe case, of course it's much easier to change whole subnet when using dhcp but i would go with fixed ip's on servers
[17:34] <Karti> gobbe, Happy with that. I have stated along that line now so the dhcp going down is a good point
[18:00] <Enzoplex> Hello everyone. I have a minor issue and not sure how it started. Whenever I restart my home server, my /etc/resolv.conf is "erased". Here is the output of my /etc/resolv.conf:
[18:01] <Enzoplex> # Generated by NetworkManager
[18:01] <Enzoplex> Just that one line
[18:01] <gobbe> disable networkmanager
[18:02] <gobbe> Enzoplex: did you use server installation for that?
[18:02] <Enzoplex> Yes
[18:02] <gobbe> you could either remove whole package
[18:02] <gobbe> or just sudo update-rc.d NetworkManager remove
[18:04] <Enzoplex> Thanks gobbe. Let me reboot and see how that comes along. BRB.
[18:06] <Karti> Enzoplex, is the resolv.conf not recreated each time the network is restarted? I was under the impression that you could add the details to /etc/network/interfaces (however I am just learning :) )
[18:06] <gobbe> Karti: if you have static networking resolv.conf should not be recreated every boot
[18:06] <gobbe> in every boot
[18:07] <gobbe> that's just feature of networkmanager
[18:09] <Karti> gobbe, so if I delete resolv.conf from a server that has iface eth0 inet static then it doesnt matter that its there?
[18:09] <gobbe> what is there?
[18:09] <gobbe> if you delete it, you cannot access anything with names
[18:13] <Karti> sorry.....if I delete the resolv.conf will it matter that it doesnot exist?
[18:14] <gobbe> well. if it's not there you cannot access anything with names
[18:14] <gobbe> because DNS-servers are configured in resolv.conf
[18:14] <gobbe> :-)
[18:16] <Karti> gobbe, sorry to be a pain.....but as I am still learning this, I have added these details to my /netwok/interfaces
[18:16] <Karti> dns-nameservers 192.168.220.2
[18:17] <Karti> but in my resolv.cong I have nameservers 192.168.220.2
[18:17] <gobbe> aah, ok
[18:17] <gobbe> you can use that also
[18:17] <Karti> I thought this would stop the resolv.conf changing ech time
[18:17] <gobbe> that's one possible way
[18:17] <Karti> or at least not have an effect
[18:18] <Karti> I was just looking for the most effective as there are a number of ways to do it in Google :)
[18:18] <gobbe> Karti: yes. that's one way to do it, and maybe even better :-)
[18:18] <gobbe> Karti: but i'm old school and using just plain resolv.conf :-D
[18:19] <Karti> lol What I might have got it right!!
[18:19] <Karti> Admittedly its all VM but what better way to learn :)
[18:24] <tonyyarusso> Does anyone know if there is a plan for when Ubuntu will make Python 3 the default?  (Or is it already in Natty?)
[18:26] <Karti> gobbe, Many thanks for the help earlier :)
[18:29] <Enzoplex> gobbe: I rebooted a few times, and I have removed 'network-manager-kde' along with running the update-rc.d command.
[18:29] <Enzoplex> Still using the blank /etc/resolv.conf
[18:30] <Enzoplex> How do I reconfigure my network so that a new config is taken?
[18:30] <Enzoplex> Something is telling it to remove it all.
[18:46] <gobbe> Enzoplex: you need to change it also
[18:46] <gobbe> Enzoplex: add there your nameservers
[18:46] <gobbe> Enzoplex: nameserver x.y.z.y
[18:46] <gobbe> Enzoplex: or add line dns-nameserver x.y.z.y to /etc/network/interfaces
[18:49] <Nafallo> gobbe: that that options in /e/n/i actually do anything without the package resolvconf installed?
[18:51] <gobbe> hmmh
[18:53] <Enzoplex> I'm on my server now, I have a working /etc/resolv.conf.GOOD that I cp after every reboot.
[18:53] <Enzoplex> I just added the nameservers to the /etc/network/interfaces file.
[18:57] <Delerium_> Hi, I just got a brand new system and I'm trying to install Ubuntu Server 10.10.  Problem is: Ubuntu don't see my HD, while Windows 7 does.  It's a SATA 6GB.  Does Ubuntu server support Sata 6gb ?
[18:58] <qman__> Delerium_, it's not really a matter of supporting SATA 3, it's a matter if your disk controller is supported by the linux kernel version in ubuntu 10.10
[18:58] <qman__> step one is finding out what controller it is
[18:59] <qman__> step two is looking up whether it has linux support at all, and if it does, when it was added to the kernel
[19:00] <Delerium_> qman__: K, the onctroller is a "Marvel"
[19:01] <qman__> you'll have to find an exact model number
[19:01] <qman__> e.g. Silicon Image Sil3114
[19:01] <patdk-lap> lspci :)
[19:03] <qman__> most manufacturers still make their hardware for windows, not for linux
[19:03] <qman__> so when you buy a machine to run linux, you need to make sure it's compatible before you buy
[19:04] <qman__> compatibility is pretty good, but the bleeding edge, brand new stuff is still risky
[19:04] <Delerium_> I should have think of that before, you are right
[19:05] <qman__> it may just be that support exists but wasn't added until a newer kernel version
[19:05] <qman__> in which case you can probably work around it by netbooting the installer with the updated kernel
[19:06] <qman__> but you may have to wait a while before drivers exist, too
[19:06] <davros-> ? is it possiable to install or does server come with the ubantu GUI?
[19:06] <qman__> davros-, ubuntu server does not have a GUI installed, you can add one later if you really want to, but it's not recommended
[19:06] <Delerium_> qman: Thanks, I will reboot to get the right model, and come back soon
[19:06] <davros-> ok thx
[19:08] <davros-> thats fine i guess i have desktop for the gui then :)
[19:09] <qman__> you can install it, and it will work fine, but it adds significant overhead and increases your attack surface, and doesn't add any real benefit to administering a server
[19:09] <davros-> ahh ok....
[19:10] <qman__> servers should be configured to the bare minimum, do what you need and that's it
[19:10] <qman__> it keeps your performance high and risk of compromise low
[19:10] <davros-> ya cuz y would you really need a gui on a server lol
[19:12] <davros-> cool i'm gonna set up an apache and hosting server soon
[19:13] <davros-> file hosting
[19:22] <Delerium_> Ok, so controller is a Marvell 88se91xx
[19:27] <qman__> a quick google shows that at least some chips in that family have linux drivers
[19:29] <Delerium_> That's what I saw, I'm still googling around ;) Anyways, It's a box I setup for testing purpose, server, new os, and I'm in vacation for the whole week, so no rush at all
[19:29] <Delerium_> just playing around with new tech ;)
[19:31] <qman__> from what I
[19:31] <qman__> I've seen, marvell is pretty good when it comes to linux support, so I'd expect it to work out of the box when 11.04 releases
[19:31] <qman__> it might work if you netboot/USB boot a newer kernel
[19:32] <monotoko> hi guys, can anyone help me set up nameservers?
[19:35] <Delerium_> qman: Thanks, I'll try this wit a more recent kernel
[19:36] <Monotoko> I have 2 dedicated IP addresses and a dedicated server....but I'm not sure how to configure the IP's as nameservers so domains can hit my server
[19:36] <Delerium_> qman: got it to work!
[19:36] <Delerium_> qman: in the BIOS, set the Marvell Controle to AHCI instead of IDE
[19:37] <qman__> ah
[19:37] <qman__> you want AHCI anyway
[19:37] <qman__> IDE mode is just a compatibility trick for older systems like XP
[19:38] <Delerium_> That's what I just read... damn... I haven't been playing with PC for more than 4 years... Kind of lost a bit
[19:50] <patdk-lap> hehe :)
[19:50] <patdk-lap> ya, not using ahci is like 4years old :)
[19:51] <patdk-lap> monotoko, I have no idea what you want :)
[19:51] <patdk-lap> you have a server, and it has 2 ip's
[19:51] <patdk-lap> now you want to be able to use dns on that server? or you want other people to access your server to look up stuff?
[19:52] <Monotoko> say someone has a domain
[19:52] <Monotoko> I want them to be able to point to my nameservers
[19:53] <Monotoko> and those to point the domain to my server
[19:53] <patdk-lap> ok, so you just need to run a dns server on your ip
[19:54] <patdk-lap> and have people set the ns to your name, in their glue records at their domain registar
[19:54] <patdk-lap> normally you would name it something easy for them to remember, like, ns1.example.com
[20:02] <Delerium_> Another little question, not ubuntu related, but you know the answer: I dual boot with Ubunber Server + Windows 7. I have 500gigs in free space that I want to use to share VM for both OS, is that possible?
[20:02] <Delerium_> like using FAT32, so both OS can see the VM ?
[20:12] <Monotoko> its possible using virtualbox
[20:13] <Monotoko> as it is a cross-platform system
[20:20] <Delerium_> That's what I tought, thank Monotoko
[20:21] <Monotoko> Delerium_,  :) make sure you get the PUEL version and not the OSE on the Linux side
[20:21] <Monotoko> you will need to download the debs from the website
[20:24] <Delerium_> Mono: Thanks ;)  I'll give it a try
[21:17] <yann2> hi! has anyone tried using the "tmt" package lately? it seems quite broken to me, but it might be my parameters
[21:18] <yann2> tct sorry
[23:07] <ziesemer> How can I validate that a X509 private key belongs to a given public certificate?  Thinking I should be able to use certtool, but only get "Error in DER parsing errors".  Otherwise, is there another channel I should be asking in?