/srv/irclogs.ubuntu.com/2016/04/17/#ubuntu-server.txt

JanCKallis: maybe try asking in #samba also00:10
pmatulisKallis: i have never heard of a conversion from windows to Samba. also, you might want to wait a week to use 16.04 and not 15.1000:11
Kallispmatulis, yeah it would have just saved me resetting up all of the ACL for users, there are a lot QQ00:30
KallisJanC, I have asked in there as well thanks JanC :D00:30
devster31do I need to specify APT::Default-Release if I want to pin packages or can I just set Package: * Pin: release a=trusty Pin-Priority: 990 ?01:07
=== King- is now known as prince
patdk-lapsomething go wrong with apt-daily.timer05:09
patdk-lapit is appearing in my dmesg every few seconds :(05:10
patdk-lapbut not on all of my xenial machines, and not even on two mirror imaged ones05:12
patdk-laphttp://paste.ubuntu.com/15886862/05:12
UserUSanyone here have ubuntu server on there computer, and use the OS for other things as well?05:17
patdk-lapexactly how do you use an os for other things as well?05:20
UserUSirc, web browsing, making videos, skyping...etc05:20
patdk-lapyou cannot do that on ubuntu-server05:21
patdk-lapyou can do those on ubuntu-desktop though05:21
UserUSyes, you can?05:21
UserUSI've installed it and done so05:21
patdk-lapthe difference, is nothing, though05:21
UserUSyou just install gnome gui05:21
patdk-lapyou can run skype without a gui?05:21
UserUSyou install a gui mate05:22
patdk-lapand as soon as you did so, your using ubuntu-desktop05:22
UserUSjust install ubuntu-desktop05:22
UserUSyeah, but it keeps the server and  apache05:22
patdk-lapand, the same would be true if you install ubuntu desktop, and installed apache05:22
patdk-lapI don't see your point05:22
patdk-lapthe same would be the case if I installed windows 10, then installed apache05:22
UserUSmy point is, does it matter if i do so05:22
UserUSrun the server on the same pc05:23
UserUSor will it be deadly slow...etc05:23
patdk-lapit will be slower05:23
patdk-lapyou just added a bunch more crap into ram, cpu, ...05:23
UserUSor kick users from the site for lack of bandwith05:23
UserUSits an i7 with 16gb of ram05:23
UserUSfourth gen intel05:23
=== Exagone314 is now known as Exagone313
=== funkyHat1 is now known as funkyHat
=== Chrisfu- is now known as Chrisfu
=== med_ is now known as Guest15381
=== akaWolf1 is now known as akaWolf
=== marlinc_ is now known as marlinc
=== edwardly_ is now known as edwardly
=== yokel_ is now known as yokel
=== Deeps_ is now known as Deeps
=== tomaw_ is now known as tomaw
=== FMan is now known as Guest83720
=== Guest83720 is now known as FManTropyx
=== chuck__ is now known as zul
devster31so I have this right now: https://bpaste.net/show/07230537e2b5 how do package dependencies behave? meaning, does nginx-common automatically get updated if theres's the requirement on the newer package?13:48
=== klaas_ is now known as klaas
Kallishi there, looking at moving my windows server over to a linux server and am just going about setting up samba with acl, was just wondering if there was an easy way for me to copy all current user acl's that are in place on the windows server over to the new samba linux box please or do i need to redo all acl for all users on all directories15:07
RoyKKallis: never tried it, but if you enable ACLs in Samba and copy the files with Windows, that may be all you need15:11
RoyKKallis: you'll have to try it out15:11
KallisRoyK, ok cool, I mean worst that can happen is I spend a few days redoing all ACL's but if there was a faster way would have been nice15:12
RoyKKallis: make sure the filesystem is mounted with the 'acl' option and that ACLs are enabled in the samba config15:12
KallisRoyK, Yeah i have already enabled ACL in fstab and just about to do the Samba configs15:12
RoyKtry getfacl/setfacl somewhere to test it first15:13
patdk-laprobocopy :)15:13
RoyKpatdk-lap: can that do ACLs?15:13
patdk-laphmm, ya, since like always15:13
RoyKok15:13
RoyKKallis: listen to patdk-lap - he seems to know this a wee better than I ;)15:13
patdk-lapthe question is, do you have the users setup correctly in linux though?15:14
KallisRoyK, cool cool, patdk-lap yeah it is LDAP15:14
RoyKsame UIDs?15:14
Kallispatdk-lap, ldap is running fine with pbis15:14
KallisRoyK, yeah15:14
patdk-lapkerberos I hope15:14
Kallisyeah kerb15:15
RoyKThe Hound15:15
Kallisalso wanted to ask, i keep getting hammered by various ip addresses trying to brute force SSHD , I have setup a script to block an IP permanently after 3 failed logins, but is there anything else I can do ?15:16
Kallismost of the ip's geo are china15:17
RoyKfail2ban is nice15:18
RoyKsshguard too, although it's a bit paranoid15:18
Kallislol15:18
Kallisbut reall the only option is constantly banning the ip's yeah15:18
patdk-lapyou can always do security by obscurity? and move it to port ?rand?15:19
patdk-lapbut that doesn't fix anything, just cuts back on log noise for awhile15:19
RoyKdenyhosts is also good, although it hasn't been updated for years, so it's no longer in the repos15:19
Kallisyeah15:19
RoyK(iirc)15:19
Kallisi will probably just leave it as is then tbh, banning after 3 attempts has decreased log noise a lot15:24
Kallismaybe jusr change the port as well15:25
patdk-lapeven more if you set the ban time to like 30days :)15:29
=== devil is now known as Guest99389
=== Guest99389 is now known as devil_
=== devil_ is now known as devil__
=== devil__ is now known as devil_
baldiniHi, when will you fix the major issue with proftpd and your releases16:13
baldiniLoadModule mod_copy.c16:14
baldiniI thought you guys were cutting edge?16:14
baldiniIt leaves all servers using Ubuntu to a very serious hack16:16
baldiniSERIOUS16:16
baldiniother distros have apparently sorted it16:17
baldini1:)16:26
baldini1sort it guys16:26
baldini1I just lost a client with 5 dedies because of this16:27
baldini1one server fell foul and about 70 sites affected, then he closed his other servers16:28
baldini1all Ubuntu16:28
baldini1Ubuntu plz get your head out of your ass on this16:29
=== erisrenee_ is now known as erisrenee
=== seg_ is now known as seg
cowboydodohi guys, trying to setup an ldap authentication having a a posixAccount in "cn=Test Appsiting,ou=benutzer,dc=example,dc=com"16:37
cowboydodo and its gid is "appsiting", which in turn is "cn=appsiting,ou=gruppen,dc=example,dc=com" . My apache configurtation is: https://www.refheap.com/117749 but when trying to login with "testappsiting" I get a "invalid credentials, why is that?"16:37
tarpmancowboydodo: for a start, "ou=benutzer" != "ou=benutzer,dc=example,dc=com"16:41
tarpmancowboydodo: hard to do more than guess, since you haven't shown any debug logs, neither from apache nor the ldap server16:42
tarpmancowboydodo: since you said posixAccount, I also want to check - are you using LDAP groups (groupOfNames or groupOfUniqueNames) or RFC2307 groups (posixGroup)? 'Require ldap-group' is going to require the former16:43
tarpmancowboydodo: per https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html#reqgroup16:43
cowboydodotarpman: The apache2 log says user testappsiting: authorization failure for "/", the slapd i cant find, there is no /var/log/slapd.log, oh and cn=appsiting is a posixGroup. I'll change it16:51
baldini LoadModule mod_copy.c  when you going to fix this guys16:52
baldinianytime in the last year would have been fine16:52
tarpmanbaldini: it looks like bug 1462311 is just waiting for someone to propose a patch (debdiff) for review; maybe you could do that?16:52
ubottubug 1462311 in proftpd-dfsg (Ubuntu) "proftpd mod_copy issue (CVE-2015-3306)" [Undecided,Incomplete] https://launchpad.net/bugs/146231116:53
baldinilol16:53
baldiniwtf16:53
tarpmanbaldini: as the first comment on the bug says, proftpd is in universe, so not supported by the security team16:53
baldinitarpman:  please give me a break16:53
baldinijust dump the crap if its not secure16:54
cowboydodotarpman: groupOfNames  would be fine as well, right?16:54
tarpmancowboydodo: yes16:54
tarpmanbaldini: just to be clear - i'm not affiliated with ubuntu in any way. just trying to be helpful in a constructive way16:54
baldininp, I appreciated your input16:55
baldinibut really16:55
tarpmanbaldini: if you want help from the security team, asking nicely in #ubuntu-security might get more attention16:55
baldiniI do16:55
baldinifor the last 6 months16:55
baldinibut id proftpd is not secure it should be dropped16:55
baldiniif sry16:55
tarpmannot sure how you "drop" something that many users (apparently including yourself) have already installed16:56
baldinihow many people using proftpd on Ubuntu at the moment and totally unaware they are totally hackackable16:56
baldiniits a major security risk16:57
tarpmancowboydodo: slapd log -> https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-server-logging -- 'stats' would be a good log level to start with (logs every query)16:57
cowboydodotarpman: getting closer, instead of a "user not found" i now get a "authorization failure"16:57
tarpmanbaldini: proftpd is far from the only package in universe with glaring security problems16:57
baldinitarpman: agreed16:58
baldinibut that just affected me16:58
baldinimaybe its tile for Ubuntu to pack it in?16:58
baldinitime16:58
tarpmanbaldini: if you want to make sure you only run security-supported packages, you have to remove universe from sources.list altogether16:58
baldinitarpman:  noted16:58
baldiniall my installs are minimal16:59
tarpmanbaldini: or consider debian - the entire archive gets security support (in theory... in practice the security team there is also overworked)16:59
baldiniI know about overworked16:59
baldiniits all imploding16:59
tarpmanbaldini: but for the immediate problem you're working on (proftpd): the shortest path to a good solution for you and all the other proftpd users is for someone to propose a debdiff for review17:00
tarpmananyway, i'm going in circles now, i'll shut up :)17:00
baldinihehe17:00
baldinieasy fix is # the module17:00
=== funkyHat2 is now known as funkyHat
=== jml_ is now known as jml
=== InfoTest1 is now known as InfoTest
cowboydodooh my god i got it, thanks tarpan17:03
cowboydodohad to use the full dn17:03
cowboydodoafter require ldap-group17:03
profallIs it worth it to move to 16.04 yet?17:46
tarpmanprofall: for evaluation/pre-production use, or if you consider yourself an "early adopter", certainly17:50
profallWell, it will be used in a production environment. Just worried about setting up things on 14.04 and then having to move everything over 6 months from now...17:50
tarpmanprofall: for production use, depends on your risk tolerance; you might want to wait a month or two for the bugs found by initial adopters to be fixed17:51
profalltrue17:51
profallI think ill just wait, plus it gives me a job in the future :P17:51
tarpmanprofall: if you're just starting a project now, I'd say 16.04 is a better choice than 15.1017:51
profallHow long is 14.04 supported for?>17:53
tarpmanhttps://wiki.ubuntu.com/Releases -> April 201917:54
patdk-lapgenerally it's best to wait till 16.04.117:54
patdk-lapthat is normally aug time frame17:54
profallyea17:54
=== pesari_ is now known as pesari
=== mybalzit1h is now known as mybalzitch
=== devil is now known as Guest12521
=== TJ_Remix is now known as TJ-
=== Chrisfu- is now known as Chrisfu
=== daker_ is now known as daker
=== andyjones2001_ is now known as andyjones2001
=== stgraber_ is now known as stgraber
=== rharper` is now known as rharper
=== aluria` is now known as aluria
=== mikal_ is now known as mikal

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!