Re: courier,cyrus,imap
> Incidentally, does anyone know of a good link that explains > the differences between uw-imap, courier, and cyrus? Their feature pages, and the source. :) [ Their feature pages are quite good; I have ended up with Courier IMAP and recommend it highly. ] - Jeff -- "Can we have a special TELSABUG category, and everything gets dropped to fix them first?" - Telsa Gwynne -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Maildir vs mbox
> This is one thing I had meant to look into. I have disabled procmail on > postfix/maildir sites to this point because by default postfix delivers to > mbox format folders ... I know it supports maildir just need to do the > reading. home_mailbox = Maildir/ Works like a dream. - Jeff -- Australians don't dislike Americans, we just dislike the sight, sound and thought of them. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Postfix / LDAP Packages
I'm sure this is a common one. :) I've been using the LDAP packages that Wichert kindly made available on ftp.valinux.com, but it seems that the /people/ directory is offline now. Unfortunately, backporting this mess of packages is proving tough... Are there any sets of packages ready to roll for potato that I've missed? (Stephane's page doesn't seem to list any.) Thanks, - Jeff -- I used the word 'infrastructure' when describing her cooking style... and she didn't speak to me for a week. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: web cache
> Excuse me my ignorance, but ?can I use a wwwofle, squid, or any of "proxy > programs" like a web cache into my website? > Is a great mistake, or simply, I'm only the great mistake ;) ? Yes, squid in particular has a mode for doing this. Look up http acceleration in the documentation. - Jeff -- 100% Pure Slashdot Wisdom: "Source code gives a whole new meaning to free software." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: websites, clusters, and other pets...
> What is the better solution for one cluster (beowulf, etc)? I don't want a > warflame for this eh? ;) The clusters will run Apache and a dynamic site > with php and mysql. By the documentation I'm reading, I think the best > option is Mosix... Have a cluster /web more difficult for administration > than a "tradicional sort"?? What are the most adventage/disaventage of a > web based cluster? MOSIX is not going to help you much. Your best bet is to use round-dobin DNS on the low end, and various solutions like Ultra Monkey [1] on the high end. http://www.ultramonkey.org/ - Jeff -- "Ever had a morning where you were not kissed and told "I love you," when the night before you SCREWED so wildly that you could not remember? GOOD MORNING" - Andre Hedrick, Linux ATA Dude -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FreeSWAN VPN
> The gateways can't ping eachother Please read the documentation -> the gateways will *not* be able to ping each other. FreeS/WAN only routes the traffic to and from each subnet behind the gateway. - Jeff -- Toothpaste is the most important meal of the day. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Active Directory Vs GNU
> Is the domain function in Samba the way to provide logon scripts to those > clients? Samba supports Windows NT domains in version 2.2, and this will allow you to set up login scripts, etc. Note that earlier versions only support "pseudo-domains" for Windows 9x clients. - Jeff -- "From my observation, when it comes to porting Linux to a particular device, a point doesn't appear to be necessary." - mpt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: help with site+database
> Slashdot uses mySQL as its database and I don't think that anyone > could plausibly argue that /. isn't an intensive use of a database by a > very busy, and very successful, Web site. It's also a very botched job. The code that slashdot runs - the previous generation of SlashCode - is at best, shocking. They still run MySQL because the site was never designed with database abstraction in mind, and that's all they had at the time. They run it, because they're stuck with it, so it's not a good advertisement for MySQL at all! :) > The answer to the "which is better" question seems to depend on what > you are using the database for. My suggestion is to grab both databases, > populate them with your data and manually run some of your "typical" > queries on them. See which works better for *your* needs. The only problem with this is that you simply cannot do things in MySQL that you can with PostgreSQL - if you had to do anything remotely complicated it would be a comparison between PostgreSQL and MySQL (with a lot of glue and bodge code to fix up everything it doesn't do). - Jeff -- I was there when geek became chic. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: help with site+database
> I've found varying reviews to be mixed. Just by searching for "postgres > mysql comparison" like you said I found this: > http://phd.pp.ru/Software/SQL/PostgreSQL-vs-MySQL.html Any comparison should take note of PostgreSQL's incredible leaps in speed with version 7.1, and even more features that MySQL can't do (OUTER JOIN for example). For anyone who hasn't tried it out - it's quite different to MySQL, but it rocks very, very hard. Definitely worth learning and porting! :) - Jeff -- "If your life was a movie, would you pay to see it? Would you pay to see an advertisement for it?" - James Morris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: help with site+database
> I know oracle has "optimistic" locking and "versioning". I **think** > postgres does too? Comments? Postgres has better than row level locking (I'm sure Craig was just simplifying earlier), plus reading and writing are independent. See: http://postgresql.planetmirror.com/devel-corner/docs/postgres/mvcc.html Very groovy stuff. > I'm not sure the issue is mysql vs postgres, but what does it take to run > a particular site. If the site is heavily interactive with complex > queries and transactions, the choice seems limited. There aren't too many websites that would run with a "read only" style approach to their databases, as you mentioned earlier in your email. This is why I can't imagine using MySQL for anything truly useful. > Oh well... have they got a history in their cli yet? Heh. Time for you to catch up with newer Postgres releases, methinks. :) - Jeff -- "Boys will be boys, hackers will be hackers, geeks will be geeks, and cyberpunks will always just be ravers with Macintoshes." - Monkey Master, Crackmonkey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: rsync and named-xfer
> i hope this is useful to someone...there was no information at all on > the topic when i searched for it on google yesterday. Craig, that's very cool. I don't have an immediate use as yet, but thank you for publishing your hack to the list for everyone! - Jeff -- "And the beanbag is a triumph of modern day eclectic colourism..." - Catie Flick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Clustering mail servers - Cyrus or Courier ?
> However, AFAIK it can be done only with Cyrus with its IMAP Aggregator, or > with qmail-ldap + Courier-IMAP... You ought to check out Scalemail, which is being developed expressly for this purpose. It is a combination of Courier POP/IMAP and postfix. Very powerful combo. - Jeff -- "Funny, I have no trouble distinguishing my mobile phone from the others because it's in my _own fucking pocket_!" - Mobile Rage -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Clustering mail servers - Cyrus or Courier ?
> Hmmm, I can see it's in early stage of developement. Yes. :) > Does postfix support ldap nativly ? Absolutely! - Jeff -- Is Murphy's Law constitutional? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Clustering mail servers - Cyrus or Courier ?
> LMTP would be the best if talking about Cyrus). > It should support LDAP database. Postfix supports both of these. It is an *awesome* MTA. - Jeff -- I must be getting old... Buying toothpaste with gel in it is no longer an Absolute Necessity. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache/PHP
> I think the next step will probably be my own distro, like LFS > (http://www.inuxfromscratch.org/). I guess we should end the thread with a laugh, then. - Jeff -- Australians don't dislike Americans, we just dislike the sight, sound and thought of them. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache/PHP
> This is managable. You just have to keep one root shell open while trying > a second login, if you can't login again in another session then you still > have the first session open to fix things. Also have busybox-static (or > something similar) installed to fix problems with shared libraries. I like not having to have these considerations when administering a production machine. :) - Jeff -- No clue is good clue. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Webalizer
> Ah -- OK. Thanks for clueing me in -- I hadn't realised. deb http://solutionsfirst.com.au/debian stable sol1 > Is the difference worth it? (I.e. what can't-possibly-do-without > goodies am I going to get that will persuade me to roll my own before > >= v2.01 makes it into testing?) I reckon: http://mrunix.net/webalizer/news.html :) - Jeff -- "You know, the crunchy, folk-singer part of me wants to believe that a performance is a dialogue, but I can't hear a fucking thing you're saying." - Ani DiFranco -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache
> Is there a module or package that lets apache run > asp files ? It varies depending on whether you are talking about the ASP platform (which there are proprietary packages for Apache migration purposes) or just using VBScript, which there are faux-interpreters and some converters. It's important to distinguish between the ASP platform and VBScript before having a serious hunt for these products. - Jeff -- "Everyone says they like Free Software - not everyone is ready to make the tough choices to make it happen." - Maciej Stachowiak -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Smaller dial-in systems [was: portslave]
> Anything that can be done by getty, mgetty, radius-client, etc can be done > better by Portslave. Is portslave appropriate for a smaller system, say with only three dial-in ports? mgetty is not exactly the most polite software to administer, and there are lots of times I'd like a simple, easy to install, sub-10-port dial-in system. Thoughts or pointers? - Jeff -- "jwz? no way man, he's my idle" - James Wilkinson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
FreeRADIUS, starting ISP learning curve
Hi all, So, I'm beginning the ISP learning curve. I have to get my head around RADIUS, and I've been looking at FreeRADIUS given Russell's recommendation. I'll be interfacing with a couple of PM3s. Where's a good place to read up on this from a beginner's perspective? The documentation is reference material rather than descriptive. [ Both portslave (using this on another project, but need radius anyway) and freeradius backported pretty nicely. ] - Jeff -- "I believe in true love. But I am easily satisfied." - Miguel de Icaza -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Project 2000 on Debian (under Wine) ?
> I am looking for a Linux based tool that is designed to help manage a > variety of projects. This tool needs to be able to schedule and track > tasks MrProject from CodeFactory (codefactory.se) is kicking arse at the moment; perhaps you could pitch in and help out? > and interface with Outlook clients. Anybody know one? Interface with Outlook? Ain't going to happen. Unless everything is done via iCal, etc. I don't believe Project and Oulook use this as their primary interface on Windows anyway. You won't be getting this feature any time soon. - Jeff -- "A rest with a fermata is the moral opposite of the fast food restaurant with express lane." - James Gleick, Faster -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Project 2000 on Debian (under Wine) ?
> There is a Company at > http://www.bynari.net/Products/TradeServer/trade_server.html that has > info on using Outlook with Linux. I have never used it but it looks > interesting. Bynari are (trying to avoid libel suits and things like that)... very silly. - Jeff -- Money can't buy me grok. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RAID & Hard disk performance
> RAID-5 is another issue though. But then you have to consider that Linux > software RAID kills the performance of most hardware RAID controllers. Run > an Athlon 800 with two IDE drives in RAID-1 and expect 2-4 times the > performance for bulk IO that an entry level Mylex RAID controller with Ultra2 > SCSI 10K rpm drives. I expect that a top-end Mylex controller will perform > well (but who can afford one of them?). Wow! Russell, do you know of any Linux I/O and hard disk performance guides? I've recently read Adrian Likins' system tuning page [1] and am interested too see if there's anything more specific. Thanks for bonnie++ btw, - Jeff [1] http://people.redhat.com/alikins/system_tuning.html -- o/~ we all live in a yellow subroutine o/~ - auspex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RAID & Hard disk performance
> There's a number of guides that tell you about hdparm and what DMA is, but if > you already know that stuff then there's little good documentation. "Oh bum." :) > Then on the rare occasions that I do meet people who know this stuff > reasonably well they seem to spend all their time trying to convince me that > SCSI is better than IDE (regardless of benchmark results). :( Heh, there's a religious war waiting to happen. > > [1] http://people.redhat.com/alikins/system_tuning.html I've just found that iostat (in unstable's sysstat package) supports extended I/O properties in /proc if you have sct's I/O monitoring patches. Unfortunately, the last one on his ftp site is for 2.3.99-preBlah. I sent an email to lkml last night to see if there's a newer patch - I'll follow up here if so. Thanks Russell, - Jeff -- Wars end, love lasts. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mail server
> I'm going to be setting up a mail server (Exim + uwimapd + IMP webmail) > that will serve about 300-500 users. > > There will not be a major amount of traffic being put through it and was > wondering if anyone had any cost effective hardware recommendations for > CPU/RAM/HD space? You can reduce the recommended hardware a bit if you use Courier IMAP, which is far more performant than uwimapd. :) - Jeff -- "In addition to these ample facilities, there exists a powerful configuration tool called gcc." - Elliot Hughes, author of lwm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: replicating, balanced web-server with *write* access?
> Much is written about High-Availability servers but I still didn't find a > good solution how to build two load-balanced webservers _without_ > connecting them both to one RAID (single point of failure). RAID on Network Block Devices. You get the benefits of RAID, but over a number of different machines, perhaps even on different networks if the topology allows for the performance requirements. It's A CRAZY SCHEME, but it MIGHT JUST WORK! [1] - Jeff [1] It does. ;) -- http://www.xach.com/debian-users-are-beatniks.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: replicating, balanced web-server with *write* access?
> On Sun, Nov 11, 2001 at 02:09:01PM +1100, Jeff Waugh wrote: > > RAID on Network Block Devices. You get the benefits of RAID, but over a > > number of different machines, perhaps even on different networks if the > > topology allows for the performance requirements. > Does it really allow writing in *both* directions? I mean both servers > should be able to write to the same "filesystem" so they would have to > mount each other as nbd... Else it would only be good for one-way failover > service. Okay, how about this... It's ASCII ART TIME! _ _ _ | | | | | | | ND1 | | ND2 | | ND3 | NBD device machines: 1, 2 & 3 |_| |_| |_| \ / _ _ | | | | | FS1 | | FS2 | File server machines: 1 & 2 |_| |_| \ _ | | | CL1 | Client machine: 1, for the sake of the image. :) |_| The RAID member machines all run an NBD server, so let's say we have three network devices to make our RAID with. The two fileservers are for failover, so we really only use one. It uses the NBD devices, and operates the RAID. Our client machine uses the filesystem on the fileserver (however it needs it, it could be samba, nfs, appletalk, etc). If an NBD device machine goes down, the fileserver handles this as it would any other RAID situation. When the machine comes back up, the NBD can be resynced with the others. If a fileserver machine goes down, bring up the other one on the same IP address with heartbeat. It can also bring up the NBD devices and get the RAID going again. If the client goes down, thwack them on the head. ;) > > It's A CRAZY SCHEME, but it MIGHT JUST WORK! [1] > yeah, that's what I want to have on my production servers That's the spirit! LINUX UBER ALLES! ;) - Jeff -- "Basically my philosophy on release management is that it should be like police brutality." - Maciej Stachowiak -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mail
> Does anyone have the slightest clue how to host mail for multiple domains > such that every domain has a unique namespace? Thinking about the matter, > I realized I don't quite know how to accomplish this. Postfix virtual domains operate like this by default, however you can make it operate like sendmail virtual domains if you want to. - Jeff -- "It's only ironic because it's true." - Reflexive irony, overheard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: vmailmgr issue
> I hate admining email... no wonder I've never had to do this before. found in headers: X-Motto: Fuck you, I'm smart! X-Saying: Could not connect to database Might want to revise your motto. :) - Jeff -- make: *** No rule to make target `whoopee'. Stop. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Smaller dial-in systems [was: portslave]
> There's nothing stopping you from running Portslave with a single dial-in > line! Is that like sending in the tanks? :) > If your dial-in setup is serious enough to use a RADIUS server then it's big > enough for Portslave. > > Setting up the RADIUS server is likely to be the most difficult part of a > Portslave installation. Can I authenticate with PAM, etc. somehow? - Jeff -- "Trying to get a PC to analyse one of the most abstract forms of language - the poem - is like trying to drill for oil with a banana." - The Register -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Smaller dial-in systems [was: portslave]
> > Is that like sending in the tanks? :) > > I like tanks! ;) Not on my phoneline, thank you. ;) > Sure. AFAIK every RADIUS server in the Unix world supports PAM in some way. Cool. I've never really looked at it, as I've always thought, "oh no, that's for like, *lots* of modems." :) > I recommend FreeRadius, although last time I checked the Debian package was > still in limbo. :( I might pick it up if I get to like it. - Jeff -- "NASCAR is not race per se. It's just a contest about who can turn left the best." - Unknown -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Smaller dial-in systems [was: portslave]
> > > > Is that like sending in the tanks? :) > > > > > > I like tanks! ;) > > > > Not on my phoneline, thank you. ;) > > Why? The latest version is only an 80K deb! It's small, resource friendly, > fast, etc. I meant the tank. ;) > Well the latest version of Portslave (the one that is too experimental for > upload to Debian) has got some new code for direct authentication without > RADIUS (which hasn't been properly tested yet)... Very cool - I'm just getting my hands dirty with the current version as we speak. - Jeff -- "The GPL is good. Use it. Don't be silly." - Michael Meeks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: portslave for potato
> I have put a copy of the latest portslave compiled for potato online at > http://www.coker.com.au/portslave/ . I don't have a potato system to test it > though... Also it is a new version... Oh cool! I will test it for you! :) Thanks heaps Russell, - Jeff -- "Anyway - I need something more James Bond than Banana Man, if you know what I mean..." - Tom Gilbert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: User mode linux...
> Does anyone try the User Mode Linux to do virtual hosting? Is the UML > enought secure for this? In the web page said that virtual hosting is posible > but he doesn't know of anyone who's doing this... When I described doing this as "batshit insane" at linux.conf.au earlier this year, Jeff Dike smiled and nodded. :) I wasn't expecting him to pick up the Australian lingo, but I think he had a fair idea of what I was saying. You're honestly better off running simple chrooted systems or something like that. UML is great for various things (such as kickarse kernel debugging), but at this stage, it's not ready for doing something like this. Really CPU intensive. - Jeff -- She said she loved my mind, though by most accounts I had already lost it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to customize mbox format in postfix?
> They have various kinds of reasons. Some are reasonable, some not. > If they just insisit on mbox format and ask for imap service with mbox > support. Is there any compatible method to take? What are the reasons? It's not a worthwhile thing to change if it's not entirely necessary. You have a good setup already, there should be no reason to change it if it is providing good service. - Jeff -- "One World, one Web, one Browser." - Microsoft promotion "Ein Volk, ein Reich, ein Fuhrer." - Adolf Hitler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: sf-debian
> Warning: LDAP: Unable to bind to server: Invalid DN syntax in > /usr/lib/sourceforge/www/include/ldap.php on line 50 > > * The distinguished name of the search base: dc=dev.uprint.web Should be: dc=dev,dc=uprint,dc=web - Jeff -- We're passe with class, eh? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
FreeRADIUS issues
Hi all, Having some troubles with freeradius as packaged in woody. I'm doing a very quick auth migration for a PM3, taking usernames and crypted passwords from an old Qube, and putting them ni various files for service authentication. FreeRADIUS is not cooperating. ;) Here's an example of what I have in the fast_users file: [EMAIL PROTECTED] Auth-Type := Crypt-Local, Password == "6IVIw" garry Auth-Type := Crypt-Local, Password == "6IVIw" Many of those. I'm getting this error upon running radtest with: radtest garry blah localhost localhost pants Sending Access-Request of id 74 to 127.0.0.1:1812 User-Name = "garry" Password = "W)\204\310\316yvi\237\023(\013\027\316\336\225" NAS-IP-Address = whale NAS-Port-Id = "localhost" rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=74, length=20 The logs say: modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_fastusers: checking defaults rlm_fastusers: user not found modcall[authorize]: module "fastusers" returns notfound modcall: group authorize returns ok auth: No Auth-Type configuration for the request, rejecting the user auth: Failed to validate the user. Login incorrect: [garry] (from nas local port 0) Sending Access-Reject of id 74 to 127.0.0.1:32773 Anyone have pointers? - Jeff -- The implementation of any sufficiently advanced technology is indistinguishable from pr0n. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FreeRADIUS issues
> > [EMAIL PROTECTED] Auth-Type := Crypt-Local, Password == "6IVIw" > > garry Auth-Type := Crypt-Local, Password == "6IVIw" > > I haven't tried FreeRADIUS, so I may be talking nonsense, but > that password does not look crypted. It should look something > like this: X.SldLTDxGIGU or abB.3AxASd29. etc. i.e. 13 > characters from the set (a-zA-Z0-9./). Sorry, should have mentioned it was censored. > > modcall: entering group authorize modcall[authorize]: module > > "preprocess" returns ok rlm_fastusers: checking defaults rlm_fastusers: > > user not found modcall[authorize]: module "fastusers" returns notfound > > This looks to me like it didn't find the user in the file. Are you sure > you have the stuff in the right file? :) Are you sure you have the syntax > correct? I hope so, thus the pastage of the above lines. There's very little in the way of documentation and examples... Thanks, - Jeff -- o/~ we all live in a yellow subroutine o/~ - auspex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LinkWalker
> > Why don't you just update your robots.txt to explicitly specify which > > files you don't or do, allow spiders access to. If it's a rule-obiding > > spider, that will be the end of it. > > I wasn't aware that there was any format to robots.txt, I thought that the > mere presense of such a file would prevent robots from visiting. http://www.searchtools.com/robots/robots-txt.html - Jeff -- "Funny, I have no trouble distinguishing my mobile phone from the others because it's in my _own fucking pocket_!" - Mobile Rage -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
> What do you think would be the best way to duplicate a HD to another > (similar sized) HD? dd, using a large buffer size for reasonable performance - Jeff -- "Linux continues to have almost as much soul as James Brown." - Forrest Cook, LWN -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
> I've just done some tests on that with 33G partitions of 46G IDE drives. > The drives are on different IDE buses, and the CPU is an Athlon 800. > > So it seems to me that page size is probably a good buffer size to use. Cool! Nothing like Real Proper Testing to prove a point. ;) I'm surprised the difference between 512b and 4k wasn't greater though; I'm sure I've had more spectacular differences in the past. ... and I won't bring up anything about SCSI or IDE at this point. ;) - Jeff -- "I wanted to be Superman, but all I got were these special powers of self-deprecation." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
LVM [Was: Best way to duplicate HDs]
> LVM. Create a snapshot of the LV and then use dd to copy it. > > LVM solves this, but adds it's own set of problems. Russell, do you know of a good (reasonably practical *and* theoretical) intro to LVM? It's just seemed overly complicated when I've looked at it in the past. Any pointers appreciated. Thanks, - Jeff -- Penguinillas Pack GNUzis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LVM [Was: Best way to duplicate HDs]
> Any pointers appreciated. Never mind, the LVM HOWTO is making sense. Must be this hour of the morning, or the hangover or... - Jeff -- http://www.xach.com/debian-users-are-beatniks.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LVM [Was: Best way to duplicate HDs]
> Never mind, the LVM HOWTO is making sense. Must be this hour of the morning, > or the hangover or... I hope there are more hackers working on LVM than just Sistina. Another GFS snatcheroo would suck. [ Go to www.opengfs.org for the Free GFS. :) ] - Jeff -- "Can we have a special TELSABUG category, and everything gets dropped to fix them first?" - Telsa Gwynne -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
> For example, http://www.arcoide.com/ . To quote the function we're looking > at " the DupliDisk2 automatically switches to the remaining drive and > alerts the user that a drive has failed. Then, depending on the model, the > user can hot-swap out the failed drive and re-mirror in the background.". > So it "re-mirrors" in the background... how do they perform that > reliabily? That's just RAID 1, which has done it since the dawn of time [1]. You can achieve the same thing with Linux software RAID; you just pull out one of the drives and you have half a mirrored RAID set. It's pretty neat to watch /proc/mdstat as your drives are resyncing, too. ;) The advantage you get with this hardware is the hot-swap rack... and that's about it. - Jeff [1] May not be chronologically correct. -- "A rest with a fermata is the moral opposite of the fast food restaurant with express lane." - James Gleick, Faster -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
> Except that I've pointed out already that we're specifically NOT looking > at a live RAID solution. This is a backup drive that is suppose to be > synced every 12 hours or 24 hours. Sorry, but I don't see any benefit to having maximum 12 hour old data when you could have 0. The hardware solution you mentioned was RAID 1 anyway. Easiest thing to do is use it, and have both spare drives and spare machines ready to roll should you need to swap either. > The idea being that if there is a virus, a cracker, or hardware > malfunction, then the backup drives can be immediately pulled out and > inserted into a backup computer, and switch on to provide immediate > restoration of services (with data up to 12 hours old, but better than > having up-to-date information that may be corrupted or "cracked" versions > of programs). Well, there's your benefit to having old data. Who's to say you're going to know within 12 hours? This is not a particularly interesting problem, mostly because you're not curing the disease, you're trying to clean up after infection. - Jeff -- "The GPL is good. Use it. Don't be silly." - Michael Meeks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
> > It's called RAID-1. > > I dunno... whenever I think of "RAID" I always think of live mirrors that > operate constantly That's what they do post-sync. > and not a "once in a while" mirror operation just to > perform a backup (when talking about RAID-1). Am I mistaken in this > thinking? That's what they do when they sync (in very rough terms). > This would cause the 2 live HDs to be mirrored to the backups, and then > disengage the 2 "backup" HDs so they aren't constantly synced. > > Would the above work? Sorry if I seem naive, but I haven't tried this > "once in a while" RAID method before. It's a dirty hack to make it do what you want it to, that's all. Russell's solution was better, as at least you were getting the benefit of the running mirror if a drive failed (and buying three disks is not expensive). - Jeff -- "And up in the corporate box there's a group of pleasant thirtysomething guys making tuneful music for the masses of people who can spell "nihilism", but don't want to listen to it in the car." - Richard Jinman, SMH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs
> Sigh... and I was hoping for a simple solution like cp /mnt/disk1/* > /mnt/disk2/ :-/ This is the point at which we have one of those "Brady Bunch Moments", when everyone stands around chuckling at what they've learned, and the credits roll. - Jeff -- "And that's what it sounds like if you *download* it!" - John, They Might Be Giants -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs--talk more about rsync+ssh system
> I am sorry I could be kind of off-topic. But I want to know how to > cross-site rsync without authentication, say ssh auth.,? That's the best way. > I've read some doc. using ssh-keygen to generate key pairs, appending the > public keys to ~/.ssh/authorized_hosts on another host to prevent ssh > authentication prompt. Is it very risky? Chances are a cracker could > compromise one machine and ssh login others without any authentication. It's not "without authentication" - you're still authenticating, you're just using a different means. There's two parts to rsa/dsa authentication with ssh; first there's the key, then there's the passphrase. If a cracker gets your key, that's tough, but they'll need the passphrase to authenticate. If you make a key without a passphrase (generally what you'd do for scripted rsyncs, etc) then they *only need the key*. So, you should keep the data available with passphrase-less keys either read-only or backed up, depending on its importance, etc. - Jeff -- "I think we agnostics need a term for a holy war too. I feel all left out." - George Lebl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs--talk more about rsync+ssh system
> OK. My problem is, if I use rsync+ssh with blank passphrase among servers > to automate rsync+ssh backup procedure without password prompt, then the > cracker will not need to send any password as well as passphrase when ssh > login onto another server, right? No, password and rsa/dsa authentication are different authentication mechanisms. > Is there a good way to automate rsync+ssh procedure without > password/passphrase prompt, while password/passphrase is still requierd > when someone attempts to ssh login? 1) Use a minimally-privileged account for the rsync process, disable the password on this account, so it cannot be used to login. 2) Generate a passphrase-less ssh key with ssh_keygen. 3) Add this to authorized_keys for the above account, specifying the command that logins with this key are allowed to run. See command="" in sshd(1). Thus, no one can actually log in with the account normally, you can only connect with the rsa/dsa key, and you can only run a particular process. ssh-agent doesn't really help you in this instance, it's generally used to provide single passphrase authentication for a user's session. (I use it to log in to the ~30-40 machines I have my public key on, without typing passwords every five minutes.) - Jeff -- "jwz? no way man, he's my idle" - James Wilkinson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: long email names
> I have a customer who wants to host his own email server, and he wants > to have long email addresses, like .@domain.com , > and map it to a local name that is less than 8 chars. This is a sensible request... > What is the best email server to do this kind of mapping? But this is just emotional blackmail! ;) Postfix has a very handy canonical_maps (also canonical_sender and canonical_recipient maps) setting. It means that you can make the switcheroo 'at the border', both ways. So everyone sees 'jeff.waugh @ perkypants.org' on the outside when you send, and it gets changed back to 'jdub @ perkypants.org' when mail comes in. Just about every MTA will do similar, or a fairly close approximation, though. (I'm just familiar and happy with postfix.) - Jeff -- I wonder how many bugs have gone unfixed due to misspellings of "FIXME". -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Best way to duplicate HDs--talk more about rsync+ssh system
> > 3) Add this to authorized_keys for the above account, specifying the > > command that logins with this key are allowed to run. See command="" in > > sshd(1). > > I can't find the document about this section, can you show me > some reference or examples? Many thanks. man sshd, down the bottom. - Jeff -- No clue is good clue. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: user traffic accounting
> anyway, this is wicked, and i immediately want to give a virtual machine > to every single one of my users. Nice idea, but it's not going to work. Perhaps with some real love and affection from someone who purely wanted to achieve this (and wasn't primarily interested in using it as a debugging tool), it may happen, but in its current state, UML is not appropriate for this. - Jeff -- "I'm taking no part in your merry 5-way clusterfuck - sort that mess out between yourselves." - Alexander Viro -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Antiviral checking for small server using postfx
> I'd like to do antiviral filtering but budget is low. Any > recommendations? postfix + amavis + nod32 (www.nod32.com). Happens to be the best, too. - Jeff -- There's no horse higher, no mailing list taunt lower, no developer base wider. Rock My Software in the Bosom of Debian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RAID starter
> Russel, would you recommend software RAID with a production system? Have > you tried it? Curious. I would, and have. - Jeff -- He's not an idiot. The doctor said so. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: postfix problem
> Mar 24 22:29:08 lyta postfix/master[21216]: warning: process >/usr/lib/postfix/cleanup pid 21253 killed by signal 6 > Mar 24 22:29:08 lyta postfix/master[21216]: warning: /usr/lib/postfix/cleanup: bad >command startup -- throttling > > Any suggestions? Sounds like what happens if master.cf isn't upgraded properly when updating to newer postfixes; I had this happen with the Debian packages too. Check the postinst file, or the postfix lists. - Jeff -- "Think video. Think text flickering over your walls. Think games at work. Think anything where a staid, link-based browser is useless." "This person wrote for Ab Fab, right?" - Rich Welykochy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Email header parser?
> Do you know of any better shell tools for extracting from, cc, subject etc. > from the headers than procmail/formail? How about Python and its RFC822 modules? - Jeff -- "But in the software world, that's daily business." - Kent Beck "That's pissing money away and leaving scar tissue." - Alan Cooper -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to upgrade dozens of debian servers
> I have some debian servers and hav a pain when these is security > upgrade package available, for I have to check and upgrade them one by > one, making sure they are in safe status. > > I wonder how the administrator manage dozens or even hundreds of debian > servers in this case? Any tool or administration tips? *nix tools save the day. I use a for loop and ssh in a bash script. "Low tech" solutions are often highly efficient and flexible. :-) - Jeff -- So, "Jeffrey" seems to mean "the ineffectual, victimised guy in American movies" in four different languages. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
IMAP/POP3 + Maildir
Hi all, I'm using the unstable courier-imap packages recompiled on potato as my IMAP server, but I'm getting more and more requests for POP3. Supposedly there's POP3 support in version 1.3.4, but (and this surprised me greatly) it isn't in unstable yet. What can people recommend as a POP3 server that works with Maildir? Thanks! - Jeff -- [EMAIL PROTECTED] - http://lazarus.aphid.net/ -- "Everyone says they like Free Software - not everyone is ready to make the tough choices to make it happen." - Maciej Stachowiak, GNOME Hacker
Re: IMAP/POP3 + Maildir
> qmail :) I didn't think I'd have to specify DFSG. :) - Jeff -- [EMAIL PROTECTED] - http://lazarus.aphid.net/ -- "The ability to procrastinate is what separates us from the machines." - Chris Gregory, Desktop Magazine
Re: IMAP/POP3 + Maildir
> I use courier-imap and courier-pop from Stefan Hornburg's brand new > packages that I backported to potato. I could make my potato .debs > available (for use at your own risk) and even give a working > configuration, if you are interested. That would be great -> where are the news debs? Still waiting to enter unstable? - Jeff -- [EMAIL PROTECTED] - http://lazarus.aphid.net/ -- "Life is short. Forgive quickly. Kiss slowly." - Robert Doisneau
Re: compile vs. apt-get (dpkg)
> I undestand, that I loose all apt functionality, when starting to > compile my own source. > What way is the best to deal with a situation like this ??? apt-get source apache (you must have deb-src lines in your /etc/apt/aources.list) Then you can modify the build rules, diffs, etc., and build the package as per normal. Of course, if you're adding Free modules into the mix, send your patches back to the maintainer. :) [ The other way to do it is to compile then install using stow, but that's pretty urky with apache, and not as productive. ] - Jeff -- [EMAIL PROTECTED] - http://lazarus.aphid.net/ -- o/~ In spite of all those keystrokes, you're addicted to vim. *ka-ching!* o/~
Re: IMAP/POP3 + Maildir
> As far as I know, Stefan just recently uploaded them to unstable and > is now on vacation. I found the packages on > http://incoming.debian.org/. Sources are there too. Revisiting this thread. :) Seems the binary packages are in, but the source packages are not... Or is this just me being unobservant? - Jeff -- [EMAIL PROTECTED] - http://lazarus.aphid.net/ -- "Boys will be boys, hackers will be hackers, geeks will be geeks, and cyberpunks will always just be ravers with Macintoshes." - Monkey Master, Crackmonkey
Re: IMAP/POP3 + Maildir
> apt-get source courier should do the trick with a properly configured apt. > > I will try to package 0.32 later today. Ah, thanks very much! Much confusion over the odd versioning. :) - Jeff -- [EMAIL PROTECTED] - http://lazarus.aphid.net/ -- "It's only ironic because it's true." - Reflexive irony, overheard.
Re: mailing list software
> i'm confronted with setting up a mailing list with about 20-30k > subscribers. i find mailman very useful, > but i want to remove the password option. is there a patch available? You can set up a script to remove users without requiring a password very easily. Just interface with the command line utilties. In fact, you may want to hide the mailman web interface, and use a simpler front end. - Jeff -- [EMAIL PROTECTED] - http://lazarus.aphid.net/ -- For a list of points detailing how technology has failed to improve our lives, please press 3.
Re: Compiling courier on potato
> I was looking at the unstable debian package for Courier, > courier_0.31.1-2.dsc. > > What chances are there to get this to compile on potato, or should I > just stick with the source distribution? Funny, I've been trying the same thing. :) I have emailed the maintainer about my problem too, but as yet have not received a reply. These are the final lines of the unsuccessful build: ldapaliasrc: LDAP_ALIAS: new LDAP_LOCATION: new LDAP_NUMPROCS: new LDAP_BASEDN: new LDAP_BINDINFO: new LDAP_TIMEOUT: new LDAP_MAIL: new LDAP_MAILDROP: new LDAP_SOURCE: new LDAP_VIRTUALMAP: new debian/fixlinks /home/jdub/src/debian/courier/courier-0.31.1/debian/tmp/usr/sbin make: execvp: debian/fixlinks: Permission denied make: *** [install] Error 127 This was done using fakeroot, under my home directory. Any clues are very, very welcome. :) - Jeff -- [EMAIL PROTECTED] - http://lazarus.aphid.net/ -- Money can't buy me grok.
Re: Remote shutdown ... of Win95
> Any ideas how can I shutdown Windows95 remotely from Linux ? Does a really strong ping flood help? - Jeff -- [EMAIL PROTECTED] - http://lazarus.aphid.net/ -- She said she loved my mind, though by most accounts I had already lost it.
Re: Firewall and remote access?
> Is it possible to have a secure way to access a computer behind a firewall > remotely? ssh, an ssh tunnel, vpns, etc. are secure ways of accessing machines behind firewalls. > Or would this destroy the whole point of the firewall? What's the point of a firewall? :) A firewall is there to stop everything you don't want coming in or going out... You're now specifying something that you *do* want; it's just a matter of selecting something appropriate, and making sure you know who's accessing it and when. - Jeff -- [EMAIL PROTECTED] - http://lazarus.aphid.net/ -- Is Murphy's Law constitutional?
Re: Funny Logs
> However I wonder what the motivation is. Has somebody come up with a scam > for using the open proxy to up the "hit count" on banners adds hosted on > his pages? Mwahahaa. Nice one. I'm sure people advertaising on the net are looking for any way possible to get click-throughs. ;) > If so who would be most interested in these log files? The dude doing the scamming, I'm sure. ;) - Jeff -- [EMAIL PROTECTED] - http://lazarus.aphid.net/ -- The implementation of any sufficiently advanced technology is indistinguishable from pr0n.
Re: VirtualHosts
> Listen 192.55.34.5:80 > NameVirtualHost 192.55.34.5:80 > > > DocumentRoot /var/www/xyz > ServerName www.xyz.net > NameVirtualHost means that you're defining the virtual hosts by name. Change the VirtualHost line to read: And make sure you use: ServerName xyz.net ServerAlias www.xyz.net Otherwise people like me get very cranky. :) - Jeff -- [EMAIL PROTECTED] - http://lazarus.aphid.net/ -- For a list of points detailing how technology has failed to improve our lives, please press 3.
Re: Auto 10/100Mb Negotiation falling back to 10 on 100 network
> These are cheap REALTEK 1039? 3039? Can't remember exactly. The ending is > 39... i know that for sure (because i also know they have 19, 29, and 39 > afaik). > > I still haven't been able to solve. I've upgraded to the latest of every > package related to networking, to no avail. Cheap and dirty cards... Not that I don't use them. :) Sounds like autoconfiguration issues between the cards and switch. - Jeff -- You'll see what I mean.
Re: transparent proxy
> but i haven't seen a package that installs squid as a > transparent proxy? am i missing something? i would be happy if somebody > could give me some help. thank ya. There is no package, just "configuration files". :) Check the transproxy howto from the LDP. - Jeff -- You'll see what I mean.
Re: An LDAP authentication howto for Debian?
> Out of curiousity, has anyone come across a sort of > "LDAP authentication howto for Debian?" The LDP has a perfectly good set of documents already; there's no need to duplicate the good work already done by them. A Debian-specific section may be of use, however there's nothing all that different (apart from Debian being set up sanely to begin with). - Jeff -- Is Murphy's Law constitutional?
Re: An LDAP authentication howto for Debian?
> the biggest case imho is understanding LDAP, LDIF and the permissions in > the database.. then it's just a matter of adding the correct objectclass > and filling in the blanks.. Indeed - best place to learn about this is in the book, "Understanding and Deploying LDAP Directory Services" by Howes, Smith and Good. Not only does it give a thorough theoretical overview, there are a number of case studies at the back. Good stuff. :) - Jeff -- ASCII stupid question, get a stupid ANSI.
Re: An LDAP authentication howto for Debian?
> The most important problem, I believe, is that using LDAP means > understanding many differents things and how they fit together. These > things are often documented properly (setting a LDAP server...) but > separately (setting LDAP clients is in a completely different place) and > you cannot get a global picture easily. (for instance, the LDP HOWTOs > about PAM and LDAP do not explain why you need, in most cases, to setup > PAM *and* NSS.) Okay, I'm convinced. I think the best way of going about it would be to take the LDP's two LDAP documents (LDAP HOWTO & LDAP Authentication HOWTO), add some very practical Debian guidelines (preferably as note points so other distribution users can add their directions) and combining them into one great tome. :) I'm doing some LDAP migrations in the next few weeks too, and can assign some manpower to this task. Groovy. - Jeff -- "Ever had a morning where you were not kissed and told "I love you," when the night before you SCREWED so wildly that you could not remember? GOOD MORNING" - Andre Hedrick, Linux ATA Dude
Re: An LDAP authentication howto for Debian?
> > > XML.. *runningaway* SGML as it turns out. Does that make it un-buzzwordy enough? ;) > Now let's not duplicate work. Pascal Pucci only needs to translate his > document from french to English instead of writing it. So, perhaps wait > until this is done, and the extent his documentation instead of starting > from scratch, even though you might have some manpower :-)... Indeed - duplication bad. Perhaps my gentle nudging and offer of help will convince him to do it soon. :D I will have to find out if we have any French-readers here, mine tres crap. (See?) :) - Jeff -- What do you get when you cross a web server and a hen? Apoache.
Re: courier,cyrus,imap
> Incidentally, does anyone know of a good link that explains > the differences between uw-imap, courier, and cyrus? Their feature pages, and the source. :) [ Their feature pages are quite good; I have ended up with Courier IMAP and recommend it highly. ] - Jeff -- "Can we have a special TELSABUG category, and everything gets dropped to fix them first?" - Telsa Gwynne
Re: Maildir vs mbox
> This is one thing I had meant to look into. I have disabled procmail on > postfix/maildir sites to this point because by default postfix delivers to > mbox format folders ... I know it supports maildir just need to do the > reading. home_mailbox = Maildir/ Works like a dream. - Jeff -- Australians don't dislike Americans, we just dislike the sight, sound and thought of them.
Postfix / LDAP Packages
I'm sure this is a common one. :) I've been using the LDAP packages that Wichert kindly made available on ftp.valinux.com, but it seems that the /people/ directory is offline now. Unfortunately, backporting this mess of packages is proving tough... Are there any sets of packages ready to roll for potato that I've missed? (Stephane's page doesn't seem to list any.) Thanks, - Jeff -- I used the word 'infrastructure' when describing her cooking style... and she didn't speak to me for a week.
Re: Smaller dial-in systems [was: portslave]
> There's nothing stopping you from running Portslave with a single dial-in > line! Is that like sending in the tanks? :) > If your dial-in setup is serious enough to use a RADIUS server then it's big > enough for Portslave. > > Setting up the RADIUS server is likely to be the most difficult part of a > Portslave installation. Can I authenticate with PAM, etc. somehow? - Jeff -- "Trying to get a PC to analyse one of the most abstract forms of language - the poem - is like trying to drill for oil with a banana." - The Register
Re: Smaller dial-in systems [was: portslave]
> > Is that like sending in the tanks? :) > > I like tanks! ;) Not on my phoneline, thank you. ;) > Sure. AFAIK every RADIUS server in the Unix world supports PAM in some way. Cool. I've never really looked at it, as I've always thought, "oh no, that's for like, *lots* of modems." :) > I recommend FreeRadius, although last time I checked the Debian package was > still in limbo. :( I might pick it up if I get to like it. - Jeff -- "NASCAR is not race per se. It's just a contest about who can turn left the best." - Unknown
Re: Smaller dial-in systems [was: portslave]
> > > > Is that like sending in the tanks? :) > > > > > > I like tanks! ;) > > > > Not on my phoneline, thank you. ;) > > Why? The latest version is only an 80K deb! It's small, resource friendly, > fast, etc. I meant the tank. ;) > Well the latest version of Portslave (the one that is too experimental for > upload to Debian) has got some new code for direct authentication without > RADIUS (which hasn't been properly tested yet)... Very cool - I'm just getting my hands dirty with the current version as we speak. - Jeff -- "The GPL is good. Use it. Don't be silly." - Michael Meeks
Re: portslave for potato
> I have put a copy of the latest portslave compiled for potato online at > http://www.coker.com.au/portslave/ . I don't have a potato system to test it > though... Also it is a new version... Oh cool! I will test it for you! :) Thanks heaps Russell, - Jeff -- "Anyway - I need something more James Bond than Banana Man, if you know what I mean..." - Tom Gilbert
Re: User mode linux...
> Does anyone try the User Mode Linux to do virtual hosting? Is the UML > enought secure for this? In the web page said that virtual hosting is posible > but he doesn't know of anyone who's doing this... When I described doing this as "batshit insane" at linux.conf.au earlier this year, Jeff Dike smiled and nodded. :) I wasn't expecting him to pick up the Australian lingo, but I think he had a fair idea of what I was saying. You're honestly better off running simple chrooted systems or something like that. UML is great for various things (such as kickarse kernel debugging), but at this stage, it's not ready for doing something like this. Really CPU intensive. - Jeff -- She said she loved my mind, though by most accounts I had already lost it.
FreeRADIUS, starting ISP learning curve
Hi all, So, I'm beginning the ISP learning curve. I have to get my head around RADIUS, and I've been looking at FreeRADIUS given Russell's recommendation. I'll be interfacing with a couple of PM3s. Where's a good place to read up on this from a beginner's perspective? The documentation is reference material rather than descriptive. [ Both portslave (using this on another project, but need radius anyway) and freeradius backported pretty nicely. ] - Jeff -- "I believe in true love. But I am easily satisfied." - Miguel de Icaza
Re: Project 2000 on Debian (under Wine) ?
> I am looking for a Linux based tool that is designed to help manage a > variety of projects. This tool needs to be able to schedule and track > tasks MrProject from CodeFactory (codefactory.se) is kicking arse at the moment; perhaps you could pitch in and help out? > and interface with Outlook clients. Anybody know one? Interface with Outlook? Ain't going to happen. Unless everything is done via iCal, etc. I don't believe Project and Oulook use this as their primary interface on Windows anyway. You won't be getting this feature any time soon. - Jeff -- "A rest with a fermata is the moral opposite of the fast food restaurant with express lane." - James Gleick, Faster
Re: Project 2000 on Debian (under Wine) ?
> There is a Company at > http://www.bynari.net/Products/TradeServer/trade_server.html that has > info on using Outlook with Linux. I have never used it but it looks > interesting. Bynari are (trying to avoid libel suits and things like that)... very silly. - Jeff -- Money can't buy me grok.
RAID & Hard disk performance
> RAID-5 is another issue though. But then you have to consider that Linux > software RAID kills the performance of most hardware RAID controllers. Run > an Athlon 800 with two IDE drives in RAID-1 and expect 2-4 times the > performance for bulk IO that an entry level Mylex RAID controller with Ultra2 > SCSI 10K rpm drives. I expect that a top-end Mylex controller will perform > well (but who can afford one of them?). Wow! Russell, do you know of any Linux I/O and hard disk performance guides? I've recently read Adrian Likins' system tuning page [1] and am interested too see if there's anything more specific. Thanks for bonnie++ btw, - Jeff [1] http://people.redhat.com/alikins/system_tuning.html -- o/~ we all live in a yellow subroutine o/~ - auspex
Re: RAID & Hard disk performance
> There's a number of guides that tell you about hdparm and what DMA is, but if > you already know that stuff then there's little good documentation. "Oh bum." :) > Then on the rare occasions that I do meet people who know this stuff > reasonably well they seem to spend all their time trying to convince me that > SCSI is better than IDE (regardless of benchmark results). :( Heh, there's a religious war waiting to happen. > > [1] http://people.redhat.com/alikins/system_tuning.html I've just found that iostat (in unstable's sysstat package) supports extended I/O properties in /proc if you have sct's I/O monitoring patches. Unfortunately, the last one on his ftp site is for 2.3.99-preBlah. I sent an email to lkml last night to see if there's a newer patch - I'll follow up here if so. Thanks Russell, - Jeff -- Wars end, love lasts.
Re: Mail server
> I'm going to be setting up a mail server (Exim + uwimapd + IMP webmail) > that will serve about 300-500 users. > > There will not be a major amount of traffic being put through it and was > wondering if anyone had any cost effective hardware recommendations for > CPU/RAM/HD space? You can reduce the recommended hardware a bit if you use Courier IMAP, which is far more performant than uwimapd. :) - Jeff -- "In addition to these ample facilities, there exists a powerful configuration tool called gcc." - Elliot Hughes, author of lwm
Re: customizing debian apache
> Has anyone managed to customize (as in "use your own Layout on") an > apache build from .deb source? I can't stand the debian Layout and want > to customize it (or even use an existing layout that comes with apache). > The problem is that all of the build scripts and whatnot assume you use > the Debian layout. Define "layout"? If it's just a matter of "where served files are on the filesystem" you can do that very easily post-install. I'm surprised you'd have any issues with the apache packages - they are one of the most well put together and administrator-friendly sets of packages I've ever seen. Please point out specific issues. - Jeff -- Cette menace est très sérieuse.
Re: customizing debian apache
> Look in the the debian dir of the src deb. The rules, post*, pre*, and > apacheconfig files are all hardcoded to assuming the Debian Layout. You haven't mentioned what's wrong, or requires customisation... > That's all fine and good, but it restricts customization. I'm not sure > how foobarred everything would get if a package that depends on apache > being in a certain spot, either. The package requiring apache to be in a certain place would be foobarred, in this instance. Specifics! What is wrong with it? - Jeff -- She said she loved my mind, though by most accounts I had already lost it.
Re: Journaling FS for Production Systems
> Are there many xfs users our there? Is the development active? > If not is it because the xfs is stable, or has the xfs initiative > lost momentum? My home machine: :r! mount | grep hd /dev/hda2 on / type xfs (rw,noatime) /dev/hdc2 on /var type xfs (rw,noatime) /dev/hdc3 on /home/music type xfs (rw,noatime) Remember that XFS has had a long time to mature as part of IRIX. Only the port to Linux could be seen as unstable, the filesystem itself is long proven. XFS lost a bit of momentum as Linuxcare pulled out of the porting efforts, but I still use the SGI CVS kernels, which are regularly updated. XFS is really good stuff, has good tools (reiser does not), and has a long track record of stability. Add POSIX ACLs and the other advanced features, and you have a kickarse filesystem (particularly good for a reliable SAMBA machine, as it happens). - Jeff -- "Can we have a special TELSABUG category, and everything gets dropped to fix them first?" - Telsa Gwynne
Re: replicating, balanced web-server with *write* access?
> Much is written about High-Availability servers but I still didn't find a > good solution how to build two load-balanced webservers _without_ > connecting them both to one RAID (single point of failure). RAID on Network Block Devices. You get the benefits of RAID, but over a number of different machines, perhaps even on different networks if the topology allows for the performance requirements. It's A CRAZY SCHEME, but it MIGHT JUST WORK! [1] - Jeff [1] It does. ;) -- http://www.xach.com/debian-users-are-beatniks.html
Re: replicating, balanced web-server with *write* access?
> On Sun, Nov 11, 2001 at 02:09:01PM +1100, Jeff Waugh wrote: > > RAID on Network Block Devices. You get the benefits of RAID, but over a > > number of different machines, perhaps even on different networks if the > > topology allows for the performance requirements. > Does it really allow writing in *both* directions? I mean both servers > should be able to write to the same "filesystem" so they would have to > mount each other as nbd... Else it would only be good for one-way failover > service. Okay, how about this... It's ASCII ART TIME! _ _ _ | | | | | | | ND1 | | ND2 | | ND3 | NBD device machines: 1, 2 & 3 |_| |_| |_| \ / _ _ | | | | | FS1 | | FS2 | File server machines: 1 & 2 |_| |_| \ _ | | | CL1 | Client machine: 1, for the sake of the image. :) |_| The RAID member machines all run an NBD server, so let's say we have three network devices to make our RAID with. The two fileservers are for failover, so we really only use one. It uses the NBD devices, and operates the RAID. Our client machine uses the filesystem on the fileserver (however it needs it, it could be samba, nfs, appletalk, etc). If an NBD device machine goes down, the fileserver handles this as it would any other RAID situation. When the machine comes back up, the NBD can be resynced with the others. If a fileserver machine goes down, bring up the other one on the same IP address with heartbeat. It can also bring up the NBD devices and get the RAID going again. If the client goes down, thwack them on the head. ;) > > It's A CRAZY SCHEME, but it MIGHT JUST WORK! [1] > yeah, that's what I want to have on my production servers That's the spirit! LINUX UBER ALLES! ;) - Jeff -- "Basically my philosophy on release management is that it should be like police brutality." - Maciej Stachowiak
Re: stable vs testing
> Anyway, thats our take on it... and its never failed us so far. Takes > quite a bit of effort though... so watch out. Just to chime in, we use stable only, with quite a few backports. [1] Often enough there's a package I'd really like - right now it's a fresh postfix - but I find greater stability and less trouble sticking with known good software for as long as possible. For environments in which change management is a big task, it is *far* saner to stick with stable. - Jeff [1] deb http://solutionsfirst.com.au/debian potato sol1 -- "A rest with a fermata is the moral opposite of the fast food restaurant with express lane." - James Gleick, Faster
Re: Mail
> Does anyone have the slightest clue how to host mail for multiple domains > such that every domain has a unique namespace? Thinking about the matter, > I realized I don't quite know how to accomplish this. Postfix virtual domains operate like this by default, however you can make it operate like sendmail virtual domains if you want to. - Jeff -- "It's only ironic because it's true." - Reflexive irony, overheard
Re: sf-debian
> Warning: LDAP: Unable to bind to server: Invalid DN syntax in > /usr/lib/sourceforge/www/include/ldap.php on line 50 > > * The distinguished name of the search base: dc=dev.uprint.web Should be: dc=dev,dc=uprint,dc=web - Jeff -- We're passe with class, eh?
Re: how to customize mbox format in postfix?
> They have various kinds of reasons. Some are reasonable, some not. > If they just insisit on mbox format and ask for imap service with mbox > support. Is there any compatible method to take? What are the reasons? It's not a worthwhile thing to change if it's not entirely necessary. You have a good setup already, there should be no reason to change it if it is providing good service. - Jeff -- "One World, one Web, one Browser." - Microsoft promotion "Ein Volk, ein Reich, ein Fuhrer." - Adolf Hitler
FreeRADIUS issues
Hi all, Having some troubles with freeradius as packaged in woody. I'm doing a very quick auth migration for a PM3, taking usernames and crypted passwords from an old Qube, and putting them ni various files for service authentication. FreeRADIUS is not cooperating. ;) Here's an example of what I have in the fast_users file: [EMAIL PROTECTED] Auth-Type := Crypt-Local, Password == "6IVIw" garry Auth-Type := Crypt-Local, Password == "6IVIw" Many of those. I'm getting this error upon running radtest with: radtest garry blah localhost localhost pants Sending Access-Request of id 74 to 127.0.0.1:1812 User-Name = "garry" Password = "W)\204\310\316yvi\237\023(\013\027\316\336\225" NAS-IP-Address = whale NAS-Port-Id = "localhost" rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=74, length=20 The logs say: modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_fastusers: checking defaults rlm_fastusers: user not found modcall[authorize]: module "fastusers" returns notfound modcall: group authorize returns ok auth: No Auth-Type configuration for the request, rejecting the user auth: Failed to validate the user. Login incorrect: [garry] (from nas local port 0) Sending Access-Reject of id 74 to 127.0.0.1:32773 Anyone have pointers? - Jeff -- The implementation of any sufficiently advanced technology is indistinguishable from pr0n.
