| === m1dnight1 is now known as m1dnight_ | ||
| === Monthrect is now known as Piper-Off | ||
| === cpaelzer is now known as cpaelzer_afk | ||
| === cpaelzer_afk is now known as cpaelzer | ||
| === cpaelzer is now known as cpaelzer_afk | ||
| === Lcawte|Away is now known as Lcawte | ||
| === Piper-Off is now known as Monthrect | ||
| === Lcawte is now known as Lcawte|Away | ||
| === Lcawte|Away is now known as Lcawte | ||
| === stevenroose|BNC is now known as stevenroose | ||
| bill_ | does 14.03 server distribution not support wirelss network? | 17:27 |
|---|---|---|
| rbasak | Ubuntu Server connects to wireless networks fine. | 17:27 |
| bill_ | it won't recognise my card | 17:27 |
| rbasak | You may need to install the wpasupplicant package though, and you will need configure /etc/network/intefaces as usual. | 17:27 |
| rbasak | I believe it should recognise anything that Ubuntu generally does. If there's no support then it may be a Linux-wide thing. | 17:28 |
| bill_ | 14.04 desktop uses it when i boot the cd | 17:28 |
| rbasak | Maybe you need a firmware package or something. | 17:28 |
| bill_ | all other distributions use it | 17:28 |
| rbasak | If Ubuntu on the desktop can work with it then it can be made to work on Ubuntu Server. They share the same core platform, including kernel. | 17:29 |
| bill_ | i thought it should...but it doesn't | 17:29 |
| TJ- | bill_: -desktop installs network-manager whereas -server doesn't. network-manager handles a lot of the background plumbing for WiFi so it 'just works'. You can use network-manager service (without any GUI components) on -server, too | 17:29 |
| bill_ | i will run the disk check on the install cd | 17:29 |
| bill_ | maybe it's broken | 17:29 |
| bill_ | i will try that | 17:30 |
| bill_ | thank you TJ | 17:30 |
| rbasak | TJ-: if it's just a single wireless network that needs connecting to, then no need for network-manager. Just wpasupplicant and /etc/network/interfaces can achieve all that network manager can in terms of that. | 17:30 |
| bill_ | at the moment i have 14.04 desktop almost installed | 17:30 |
| bill_ | i'll strip out the desktop 'fluff and install some more serveices | 17:31 |
| rbasak | network manager is much higher up the stack than plain wireless driver problems. | 17:31 |
| bill_ | i only want it to store the backups from other computers on the network | 17:32 |
| bill_ | thanks for your help | 17:32 |
| bill_ | i'll revisit this later | 17:32 |
| === cpaelzer_afk is now known as cpaelzer | ||
| toor | Hello, I am trying to set up my ubuntu server as a mailserver but I can't get it to send the mails, it only receives them. | 17:53 |
| slidinghorn | toor: what error(s) do you receive when attempting to send mail? What are the logs telling you? Also, which version of Ubuntu Server are you using? | 17:54 |
| toor | There are no errors and I cannot find any error logs. Ubuntu 14.04 TLS. | 17:55 |
| toor | LTS* | 17:56 |
| slidinghorn | toor: are you using postfix or sendmail or something else? | 17:57 |
| toor | postfix, dovecot and I used the mail command. | 17:57 |
| slidinghorn | toor: you should be able to view your postfix log in /var/log/mail.log | 17:59 |
| toor | "No such file or directory" | 17:59 |
| slidinghorn | toor: then you've likely changed some kind of configuration on your system telling it to log elsewhere | 18:01 |
| toor | There is no such file anywhere on the system. | 18:01 |
| slidinghorn | toor: again, that's because you've changed something from the postfix default...please pastebin the result of postconf -n and link it here | 18:02 |
| TJ- | Cound be there's no syslog service, too | 18:03 |
| toor | http://pastebin.com/21wJeY2L | 18:03 |
| slidinghorn | toor: have you restarted postfix & rsyslog? sudo service postfix restart && sudo service rsyslog restart | 18:06 |
| === cpaelzer is now known as cpaelzer_afk | ||
| toor | postfix/postfix-script: fatal: the Postfix mail system is already running | 18:12 |
| toor | [fail] | 18:12 |
| TJ- | sounds like a PID file is present but the process has died, or else you started the process manually | 18:14 |
| toor | I wrote "service postfix start" when the computer booted. | 18:15 |
| toor | Is there a guide or something that works in all cases? | 18:17 |
| toor | Could it be that it's Ubuntu's fault? I don't remember having problems installing on Debian | 18:19 |
| jelly | it's not likely ubuntu's QA would allow for completely broken packaging of postfix that did not log by default | 18:21 |
| toor | Well I could try to reinstall and try from scratch.. | 18:22 |
| toor | Could you private message me a tutorial that would work if I did that? | 18:22 |
| jelly | it would be better to try and understand the current state and the desired working state, instead of reinstalling blindly | 18:23 |
| toor | It's too complicated for me. | 18:24 |
| jelly | toor: for example: if the service command says the service is already running, can you verify that by looking at the process list? There should be a process named "master". | 18:24 |
| === cpaelzer_afk is now known as cpaelzer | ||
| jelly | toor: some amount of basic unix knowedge and analytical skills is needed to run a linux server. | 18:27 |
| === cpaelzer is now known as cpaelzer_afk | ||
| === hxm is now known as Guest96070 | ||
| === hxm- is now known as hxm | ||
| Sling | if i plan a cronjob for lets say 1 2 3 1,3 0 /path/to/script.sh | 21:11 |
| Sling | it runs at 2:01 on the 3rd of january and march | 21:12 |
| Sling | what would the 'dow' parameter do here, only run it when that date is a sunday? | 21:12 |
| bekks | Yes. | 21:12 |
| Sling | hm so i would want that to be * I guess :) | 21:13 |
| bekks | Yes. :) | 21:13 |
| Sling | would be a funny 'why didnt my letsencrypt certs renew' debug session | 21:13 |
| patdk-lap | heh mine are on manual | 21:20 |
| patdk-lap | lets encrypt is not very friendly much other than a certificate | 21:21 |
| patdk-lap | cannot use certificate pinning/dane/... with it, cause it changes so often, and you need to renew, but delay using it | 21:21 |
| Sling | patdk-lap: then you're pinning the wrong certs I guess | 21:21 |
| patdk-lap | how so? | 21:21 |
| Sling | well you can also pin the letsencrypt intermediate for example | 21:22 |
| patdk-lap | pinning an intermediate or ca certificate is a horrible thing to do | 21:22 |
| patdk-lap | it means anyone that uses that same ca, can spoof you | 21:22 |
| patdk-lap | and it assumes they dont rotate them out, most ca's rotate the intermediates yearly | 21:22 |
| patdk-lap | letsencrypt hasn't said how they plan to do it yet | 21:23 |
| Sling | true | 21:23 |
| patdk-lap | so you might just pin outself out of a useful website | 21:23 |
| Sling | (I don't have pinning atm) | 21:23 |
| patdk-lap | and there is no way to fix that, other than hope your old certificate isn't expired | 21:23 |
| patdk-lap | and the pin expiration time is highly short, and having it short is a bad idea | 21:24 |
| devster31 | why can't you pin them? | 21:24 |
| patdk-lap | well, I normally use 6month pins | 21:24 |
| patdk-lap | letsencrypt is only good for 3 | 21:24 |
| patdk-lap | I cannot pin a new one, till everyone knows about it | 21:25 |
| patdk-lap | so say, I give it a 1month overlap | 21:25 |
| patdk-lap | so the new cert is not useful for atleast 1 month | 21:25 |
| patdk-lap | I add it to my websites pin | 21:25 |
| patdk-lap | then after a month, I switch to it | 21:25 |
| ianorlin | patdk-lap: then maybe not use letsencrypt for this | 21:25 |
| patdk-lap | and have the pin expire in a month | 21:25 |
| patdk-lap | use it for a month, and start process to new one again | 21:26 |
| Sling | renewing doesn't imply using a new private key though | 21:26 |
| Sling | so you could still use the same pin? | 21:26 |
| patdk-lap | using the same key is possible | 21:26 |
| patdk-lap | but kindof defeats the point | 21:26 |
| patdk-lap | half the point of getting a new cert, is to rotate the keys | 21:26 |
| patdk-lap | so the bruteforce would have to start over | 21:26 |
| patdk-lap | if you start reusing the keys, your likely going get yourself into trouble | 21:27 |
| Sling | not pinning the leaf isn't that bad though, plenty of people do it that way | 21:28 |
| Sling | even companies like github | 21:28 |
| Sling | they pin their root CA | 21:28 |
| Sling | anyway I still need to dive into that topic someday, first getting all my boxes set up with autmatic renewal + LE | 21:29 |
| ianorlin | I think someone could setup certs worse than letsencypt | 21:29 |
| patdk-lap | yes, I just wish they had a 6month option | 21:30 |
| patdk-lap | for usecases like this | 21:30 |
| patdk-lap | 3months is fine for if you don't need any leadtime for the cert | 21:30 |
| patdk-lap | atleast I got it programmed to update dane automatically | 21:32 |
| patdk-lap | but haven't picked a solution to delay activation yet | 21:32 |
| patdk-lap | probably will patch their program to keep two certs in the folder, and only use the old one | 21:33 |
| andol | patdk-lap: Another option might be to pregerante key+csr, publish parallel dane/tlsa record, and then renew based on on that explicit csr. | 21:40 |
| patdk-lap | but pinning is based only on the cert | 21:42 |
| patdk-lap | I think | 21:43 |
| andol | patdk-lap: No, pinning is based on the key material, and you can/should generate a backup pin based on an existing csr. | 21:44 |
| patdk-lap | actually it's both | 21:44 |
| andol | patdk-lap: How do you mean that it's both? | 21:44 |
| patdk-lap | you can do it either way | 21:45 |
| patdk-lap | pin by cert | 21:45 |
| patdk-lap | or pin by public key | 21:45 |
| andol | Ok, my bad. | 21:45 |
| andol | Only seen pins based on the public key. | 21:45 |
| andol | Why would you want to do it any other way? | 21:45 |
| patdk-lap | easier to do :) | 21:46 |
| andol | Well, writing that helper script is a one time thing in both cases. | 21:47 |
| patdk-lap | if everyone could write that :) | 21:48 |
| patdk-lap | most of the people using certificates have no idea how they work | 21:48 |
| patdk-lap | let alone there are two parts to them | 21:48 |
| andol | Not sure if one should try out HPKP unless one really knows what ones is doing? :-) | 21:49 |
| patdk-lap | that is the problem | 21:50 |
| patdk-lap | boss tells you to do it :) | 21:50 |
| patdk-lap | or, you are new into that department | 21:50 |
| patdk-lap | managing certs isn't exactly the highest and most important thing in a company view generally | 21:50 |
| patdk-lap | it's easy to kindof tell, based on all the dnssec issues | 21:51 |
| patdk-lap | certificate is annoying, and generally easily fixable, or worked around | 21:51 |
| patdk-lap | dnssec is normally very noticable | 21:51 |
| andol | Hmm, I think most DNSSEC issues are more about people not doing DNS right, which then becomes more much visable then you add DNSSEC. | 21:51 |
| andol | But yeah, I agree with your more general point, about there being stuff like certs, dns(sec), etc which isn't given the needed importance. | 21:54 |
| === Lcawte is now known as Lcawte|Away | ||
| === Monthrect is now known as Piper-Off | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!