--- Log opened Wed Apr 09 19:47:38 2003
-!- sweeper [~mbroome@moya.trilug.org] has joined #trilug-rhce
-!- Topic for #trilug-rhce: Next irc-meeting: Today @ 8:00 pm
-!- Topic set by SinnerBOFH [] [Wed Apr 9 19:04:17 2003]
[Users #trilug-rhce]
[@ChanServ] [ cybertooth] [ Jester_] [ SinnerBOFH] [ Tribot]
[ clotman ] [ jeremyp ] [ jtower ] [ sweeper ]
-!- Irssi: #trilug-rhce: Total of 9 nicks [1 ops, 0 halfops, 0 voices, 8 normal]
-!- Channel #trilug-rhce created Sun Apr 6 17:01:25 2003
-!- Irssi: Join to #trilug-rhce was synced in 1 secs
< SinnerBOFH> hi sweeper
< jeremyp> Evening folks.  The freenode people do need more servers, especially in the US.  
< jeremyp> If you look at the 'motd' when you join, you'll see that most of the current servers are in places like Italy or Sweden.
< jeremyp> Problem is it requires a lot of bandwidth, which few people have :/
< SinnerBOFH> how-dee jeremyp
< SinnerBOFH> at EcolNet we have "solved" this issue by creating an in-house network of irc (and news and...) servers
< cybertooth> Trilug should be able to host an irc server
-!- Nat_RH [~Nat@rdu74-184-217.nc.rr.com] has joined #trilug-rhce
< cybertooth> but as long as freenode works...
< SinnerBOFH> it's not very bandwidh consuming, really
< jeremyp> Well if we had a server for our own channels it wouldn't take much bandwidth, true.  But hosting a freenode leaf would.
< SinnerBOFH> we just really need #trilug #trilug-irc #trilug-bzf and #trilug-admin
< jeremyp> From a sysadmin point of view though, we like using Freenode because if/when the TriLUG servers go down the sysadmins can still communicate easily
< jeremyp> Since there's no dependence on any of the servers.
< SinnerBOFH> what about hosting irc servers on home servers?
< Jester_> I do that, but it's hard to link them with dynamic IPs
< jeremyp> Freenode is still a heck of a lot more reliable than home servers.  Seen how often Road Runner goes down?   Ugh
< cybertooth> You can link them via DNS with multiple entries in the DNS tables
< SinnerBOFH> that's more or less what EcolNet does
< jeremyp> Yeah but the IRC dameons still have to link to each other.  If the IP changes you're up a creek (Netsplit!)
< Jester_> Exactly
< jeremyp> When Freenode netsplits it's usually due to connectivity problems, not server problems.  And most of the freenode servers have good backbone connections.
< jeremyp> I don't think you could really do much better.
< SinnerBOFH> jeremyp: take a look at this (it takes a while to load) http://helvete.escomposlinux.org/ecolnet/
-!- ccw [~ccw@durham-ar1-4-64-250-023.durham.dsl-verizon.net] has joined #trilug-rhce
< Jester_> Only reason to really set anything up would be to go with something more secure, like silc
< SinnerBOFH> mmm, 8:00 pm
< jeremyp> SinnerBOFH: cool
< SinnerBOFH> time for refueling the drink
< cybertooth> I'm getting a beer.
< SinnerBOFH> jeremyp: as you see, the connections are mostly 128 Kbps home adsl systems
< jeremyp> Jester_: yeah, security is an interesting idea.  When we're discussing sysadmin stuff we have to be careful what we say, as who knows who's listening in
* Nat_RH puts a glass to the monitor
* SinnerBOFH knows nothing of invisible bots eavesdropping certaing irc channels...
< ccw> Somehow, I suspect that if we know about it ... so do "they".
< jeremyp> Yeah, like this:  http://www.trilug.org/~jeremy/pisg/
-!- ovrclokd [~lisa@moya.trilug.org] has joined #trilug-rhce
< ovrclokd> evening, all...
< jeremyp> ovrclokd!  Good evening
-!- RedWolfe [~chatzilla@durham-ar1-4-64-250-023.durham.dsl-verizon.net] has joined #trilug-rhce
< cybertooth> Lets let the bots start recording my password is ....
< jeremyp> I just noticed last week that your license plate on your car says the same thing, ovrclokd :)
< ovrclokd> sorry i'm late - in the middle of cooking dinner :(
< SinnerBOFH> good evening ccw and ovrclokd and RedWolfe
-!- [ECL]rock [~n@cpe-024-211-148-035.nc.rr.com] has joined #trilug-rhce
< RedWolfe> Wolfe
< SinnerBOFH> ovrclokd: no prob, still chit-chatting
< jeremyp> Hey Rock.
< ovrclokd> jeremyp: yup! :)  's mike's nickname for me (formatted for ncdmv)
< SinnerBOFH> hi [ECL]rock
< [ECL]rock> Hey
< Tribot> salut, [ECL]rock
< jeremyp> Hey, Tribot didn't greet me :/
< jtower> Tribot: insult jeremyp
< Tribot> jeremyp  is nothing but a festering accumulation of off-color jizzum.
< ccw> waves to all.
< jtower> there's your greeting
< ovrclokd> anybody play with rhl9 yet?
< cybertooth> I'm talking to you from it
* jtower raises his hand
< ovrclokd> cybertooth - neat!  i would be, but haven't gotten my wireless card working yet.
< jeremyp> Well I got it installed on my new desktop, but the freakin thing keeps crashing (not Linux's fault, some sort of hardware glitch)
* Nat_RH has "played" with it
* RedWolfe also raises hand
< jtower> i've had no problems with it whatsoever
* sweeper returns to the keyboard and starts reading the log to get caught up ...
< cybertooth> It's nice, RH gets more intelligent with every release
< ovrclokd> jtower: i think mine are a cisco firmware issue, hope to clear it up soon
< [ECL]rock> no mp3 no dvd
< [ECL]rock> no alsa
< ovrclokd> rock: yeah, but you can fix that pretty easily
< cybertooth> Read the list for howto add those
< jeremyp> [ECL]rock: mp3/dvd stuff is not RH's fault, please don't blame them!
-!- jtate [~jtate@rdu74-181-041.nc.rr.com] has joined #trilug-rhce
* ovrclokd needs to go cook some zucchini, back in 5min
< [ECL]rock> not blaming just discussing but on my machine it seems a little more than just find an rpm
< jtate> Ok.  I'm here.  We can start now.
< RedWolfe> BTW: Thanks for the CDs last week!
< jeremyp> ovrclokd: okay, aren't you leading tonight's session though?  :)
< cybertooth> The menu-ing on RH gets simplier with each release - more like Windows
< jeremyp> [ECL]rock: it's just one RPM for MP3 support in xmms
< jeremyp> Hey jtate.  We wouldn't have started without you :)
< [ECL]rock> I have xmms working i am still trying to get xine, ogle or mplayer working
< jtate> hehe.
< SinnerBOFH> cybertooth: more like Debian you mean...
< jeremyp> [ECL]rock: xine and mplayer work nicely with the freshrpms.net RPMs.  Just install apt and apt-get them
< jeremyp> Haven't tried ogle myself, can't recall if it's there too or not.
< [ECL]rock> I have been working with with freshrpms they are not installing
< cybertooth> SinnerBOFH: Not a Debian guy, but I hear it's nice.
< jeremyp> [ECL]rock: you're using apt-get ?  What error messages are you getting?
< cybertooth> I downloaded 48Mb of errata for RH9 today
< jeremyp> samba and glibc ?
< [ECL]rock> missing alsa libraries
< jeremyp> Ah, I can't comment on alsa, I thought we were talking about xine and mplayer
< jtate> What all was in that errata?
< [ECL]rock> I have not tried apt-get
< SinnerBOFH> cybertooth: I'm a drakeguy myself. But I learned that MDK menues are Debian menus :)
< RedWolfe> kernel and samba
< cybertooth> jtate: a new kernel, new glibc, new sendmail, a lot of stuff!
< jtower> a new kernel already?
< SinnerBOFH> [ECL]rock: apt-get is great to solve rpm-dependency-hell
< jtate> I've decided that no new install of mine will persist with sendmail on it.
< [ECL]rock> Is there an rpm for apt-get
< cybertooth> SinnerBOFH: I run drake on my main workstation, this laptop is my RHCE project laptop
< SinnerBOFH> :)
< RedWolfe> JTate: sendmail ain't so bad :-)
< jeremyp> [ECL]rock: like I said originally, that's at freshrpms.net (the rpm is just "apt" with version stuff)
< jtower> jtate: with rh9 you can actually deselect sendmail without breaking stuff
< [ECL]rock> cools will try
< SinnerBOFH> jtower: that's an improvement
< jeremyp> I think it's http://freshrpms.net/apt/
< cybertooth> Sendmail still *rules* the internet though!
< jtower> yeah, just like windows *rules* the desktop
< jtate> I've uninstalled sendmail just fine in 7.3.
< jeremyp> jtower: we don't have sendmail on any of the trilug servers (7.3 based) and it works fine
< jtate> I can still sendmail -oi blah.
< jeremyp> (using postfix)
< Jester_> I uninstall sendmail just fine everytime I put a new machine together
< cybertooth> yes, yes, I always recommend that folks use postfix
< jtower> i mean that you can deselcet sendmail during installation, i don't think that was ever an option before
< jtate> Well, after three straight remote exploits...
< cybertooth> Still Sendmail works fine.
< jtate> If you select individual packages it works ok.
< cybertooth> If your worried about an exploit on a non mail server then simply set Sendmail to only listen to localhost.  That is very easy to do.
< cybertooth> ... and your mail still gets moved around properly.
< jtower> ditto with postfix
< SinnerBOFH> ...and direct all your users to use @hotmail.com
< jeremyp> Except due to the nature of some of the exploits, you could still be hit if something like fetchmail retrieves a trojan'd email through a vulnerable sendmail.
< jeremyp> (even if it is listening only on 127.0.0.1, or behind a firewall, or whatever)
< jtate> question: in /etc/resolve.conf can you use more than one search domain?
< RedWolfe> postfix may have an "easier" configuration, but its still another language to use and learn
< SinnerBOFH> jtate: IIRC, no
< ccw> jate: yes
< jeremyp> The CERT advisories and RH errata were pretty clear that listening locally or being behind a firewall is NOT protection against the sendmail possible exploits
< SinnerBOFH> ccw: really? explain,please
* jeremyp will brb -- switching laundry
< cybertooth> jtate:  yes.
< ccw> jtate: have you read the BOG
< ccw> ...BOG?
< sweeper> jtate: just checked the man page for "resolv.conf" ... yes, you can have more than one search domain
< cybertooth> I am the DNS guru!
< RedWolfe> (BOG = BIND Operations GUide)
< sweeper> jtate: it says "The search list is currently limited to six domains with a total of 256 characters"
< ccw> RW: BOG - BIND Operations Guide
< cybertooth> jeremyp: listening only locally is protection against the exploit if there are no users that have local access
< ccw> That is correct ... there's even a buffer check (now).
< jtate> no I haven't read the BOG.
< jtower> if it was written more than 15 years ago, cybertooth is the man to ask (sendmail, bind, etc)
< jtate> Is there a plug in replacement for BIND yet?
< ccw> BIND's first incantation was around 1985 ...
< cybertooth> jtower: flattery will get you almost everywhere
< SinnerBOFH> ccw: kwel! Now I can have really evil resolv.conf files *evil grin*
< cybertooth> There are a lot of BIND replacements
< jtower> cybertooth: i'm not sure whether i meant that as a compliment or an insult
< jtate> are there any that are any good?
< cybertooth> There are two that I know of that are fairly good, but the most recent BIND 9.x is totally re-written from the ground up with security in mind
< cybertooth> The code base is totaly different from 8.x on down
< jtate> So nevermind about the replacement?
< ccw> Yeah, but BIND has had most of the bugs worked out by so many iterations ...
< cybertooth> jtate: nevermind about the replacements.
< jtower> there seem to be many replacements for caching nameservers, not so many for authoratitive
< SinnerBOFH> on HAcking Linux exposed book they recommend BIND 9.x instead and recommend against any previous version
< cybertooth> That's because 9.x was a total re-write with security as the primary concern
< ccw> second that rec.
< jtate> Right.  I'll remember that when I go about installing a name server.
< cybertooth> Also remember to put in a forwarders section
< SinnerBOFH> cybertooth: it seems like you are citing the book :)
< RedWolfe> overclokd is 16 mins idle
< cybertooth> SinnerBOFH: Hell, I wrote the book
< jtate> jtate sheepishly asks, what's a forwarders secton?
< cybertooth> The default RH does not put a forwarders section in the conf file for BIND
< sweeper> RedWolfe: she's in the kitchen.  I told her you guys are just discussing sendmail and BIND :)
< SinnerBOFH> cybertooth: which one is your alias? brian hatch? james lee? george kurtz?
< sweeper> all this disucssion on BIND is making me thing about next week's class (since I'm the guy on the hook to present it) ...
< ccw> forwarders aren't really that useful ...
< SinnerBOFH> sweeper: I guess she's glad to not be here, with all this pain
< cybertooth> The forwarders section tells BIND where to find information that it is not an authority for (and that is not currently in it's cache)
< jtate> Ahh.  Gotcha.
< sweeper> last week ovrclokd presented TCP/IP Fundamentals, Samba, HTTP/Apache, and FTP (but didn't cover anonymous ftp)
< SinnerBOFH> that was a very nice presentation BTW
< jeremyp> RHL 9 no longer has the "anonftp" package btw.  Since you can just configure it straight out of the vsftpd config file.
< SinnerBOFH> any redhat-config-ftp tool?
< jeremyp> (no extra packages / binaries/etc/ necessary)
< SinnerBOFH> (not yet?)
< cybertooth> Ask Chris Knowles how important "forwarders" are in BIND... you'll get an earful.
< jeremyp> SinnerBOFH: don't think so.
< sweeper> Email Delivery and Protocols was also originally on the schedule for last week, but that's a big topic:  MTAs (sendmail, postfix, ?), protcols (POP, IMAP, ?).  needs to be scheduled in another session
< ccw> ct: aren't you mixing that up with root hints?
< SinnerBOFH> sweeper: I agree. I thought that we had originaly schedulled "redhat services" in 2 sessions. ????
< sweeper> SinnerBOFH: we did/do have 2 sessions for network services, but that included 10 topics (!!)
< cybertooth> ccw: no they both work similarly
< sweeper> I think it's more realistic to cover about 4 per session, and Jeremy suggested adding automount to the NFS dicussion (which makes sense)
< SinnerBOFH> maybe we need 3, then?
< sweeper> SinnerBOFH: yeah, I think we need to add a 3rd network services class.
< ovrclokd> back now.  this is what happens when i don't look up from work and think about dinner until 7:15...
< sweeper> probably best/easiest to insert it in after between the 2nd on and the following .. which would mean meeting 6 on 4/30 would be a 3rd network services class
< sweeper> how's that sound?
* SinnerBOFH likes it
< ccw> except with forwarders you don't cache ...
< sweeper> btw, the schedule has "Other Red Hat Linux Network Services".  anybody have suggestions as to what those are?
< cybertooth> ccw: no, no, no. You do cache with forwarders, that's the whole point.
< cybertooth> ccw: do a dig and look at the lookup time useing the forwarder, then do it again, and this time it takes under 1ms to do the look-up because it's cached the info.
< jtower> sweeper: NIS?
< cybertooth> NIS should be done with NFS
< cybertooth> Their both easy
< jeremyp> Yeah NIS/NFS/automount all go together; they're not as hard as people think
< jtate> Hmm.  Other services?  LPRng?
< sweeper> jtower and cybertooth: ok, NIS.  I'll add that to NFS along with automount
< RedWolfe> (they're)
< jtate> What about postgres
< jeremyp> jtate: we already covered that in the session I did (printing)
< RedWolfe> CUPS
< jeremyp> RedWolfe: like I said, we already did printing.  I don't think we have time to go into any more detail than what we did, if we want to get this done in a reasonable amount of time
< jeremyp> jtate: is postgres on the RHCE?
< sweeper> jtate: I would put LPRng under printing rather than networking (although the line is blurry)  hmmm ... I don't see printing on the schedule, but I think jeremy covered it and lisa toughed on it
< jtate> Doubt it.  Probably need just a little bit of explanation on how to configure services.
< jtate> How to turn them on, off, run levels, etc.
< cybertooth> The new gui's make printing a non-brainer these days
< jeremyp> We already did that (jason did at the first meeting)
< jeremyp> (runlevels and chkconfig that is)
< jeremyp> We really have enough to cover in the future without rehashing old things ya know :)
< sweeper> cybertooth: definitely.  not like "back in the day" ;)
< ovrclokd> any volunteers for the 3rd network services session?
< RedWolfe> what's the aggregate topics for it?
* jeremyp pokes cybertooth
< cybertooth> Okay
< jtate> Sorry.  Brain's not totally here tonight.
< cybertooth> I'll go over NFS/NIS and touch on automount
< jtate> XP's been in the crapper, and my wife's got a paper due tomorrow.
< cybertooth> I hate automount, but it's not hard
< sweeper> I could nominate ccw for the BIND part since at 20:20 he said "I am the DNS guru!" :)
< jtate> To top it all off, my wireless keyboard is flaking out.
< ovrclokd> hey, good point - no reason one person has to do the whole session.  people could split up and each take one (or a group of) service(s)
< ovrclokd> jtate: ouch... :(  *sympathy*
< RedWolfe> negative - Cybertooth claimed the DNS GURU title
< jeremyp> I prefer the way we've been doing it, one person presenting per session.  Let's not make this needlessly complex?
< cybertooth> Bind is easy too.  Should I do that with the NFS/NIS/Automount
< ccw> no that was CT
< cybertooth> No, lets make it needfully complex
< sweeper> RedWolfe: doh! you are correct.  sorry, cybertooth
* sweeper can't read the back trace log and eat at the same time
< jeremyp> cybertooth: heh
< ccw> but I've been a DNS guru...not lately tho
< cybertooth> I'll bow and let ccw do DNS
< ccw> that's not exactly what I meant
< sweeper> now look what I started :\
< ccw> I haven't messed with 9 yet.
< cybertooth> I'm happy to do BIND too.  I've been writing up a class for it
< ccw> ccw can remember what he said from one moment to the next, too.
< cybertooth> I'll simply expand the class to include NFS/NIS/Automount
< jtate> What are the authentication methods on the exam?  NIS? Kerberos?  LDAP?
< jtate> Should we go over them?
< ccw> ct: want me to go over your notes?
< cybertooth> PAM
< jeremyp> Not sure if kerberos is on the exam or not.  NIS certainly is
< cybertooth> ccw: i'll put them out for public consumption/regurgetation next week sometime.
< RedWolfe> NIS/NFS/RPC?/Automount/BIND/ whatelse?
< ccw> Kerberos should be on it if it isn't...
< ovrclokd> redwolfe: dhcp?  squid? email delivery & protocols?
< jtower> is dhcp on the menu?
< ovrclokd> anonymous ftp?
< ccw> should probably talk about /etc/host with BIND ...
< cybertooth> Didn't ovrclokd cover dhcp last week
-!- jimstigator [~jim@moya.trilug.org] has joined #trilug-rhce
< cybertooth> ccw: yes and /etc/resolv.conf
< jtate> xinetd?
< RedWolfe> i thought that EMAIL was already in the current sched?
< cybertooth> ccw: and /etc/nsswitch.conf
< ovrclokd> cybertooth: nope.  tcp/ip svcs, samba, apache/http, and basic ftp
< sweeper> cybertooth: do you have a preference for giving a class next week (4/16) or 2 weeks later (4/30)?
< cybertooth> I remember talking about dhcp during the tcp/ip section
< cybertooth> 2 weeks later so I can procrastinate for 2 weeks.
< ovrclokd> i did cover /etc/host and /etc/host.conf as part of tcp/ip svcs, tho
< jtower> at the end i should be able to do a session on thin clients and/or diskless workstations, which would include dhcp, tftp, pxe, etc.
< jtower> if anyone wants, that is
< sweeper> we mentioned dhcp during a side discussion that had a life of it's own, but we didn't really cover clients, servers or config
< cybertooth> jtower: sound great
< ovrclokd> jtower: sounds good to me!
< jtate> I tried to set up a DHCP server this week on 7.3 and failed miserably.
< jtate> For whomever wants to know.
< jtower> what errors did you get/
< jtate> It never started.
< jtate> Is it supposed to run as a daemon or under xinetd?
< cybertooth> jtate: sometimes the syntax is tough
< sweeper> cybertooth: ok
< jtower> stand alone daemon
< jtower> the errors should have been logged
< cybertooth> It may be that you needed to create some of the files that it was expecting to see
< sweeper> so to kinda sum up we have two more networking services classes: (4/16) DHCP, Squid proxy, Email, other RHL networking svcs; (4/30) BIND, NFS, automount, NIS
< cybertooth> The older versions used to not be able to create - only modify files that it used for it's database.
< jtower> all you need is a valid /etc/dhcpd.conf, the others will be created automatically
< jeremyp> sweeper: sounds good
< cybertooth> jtower: that's the way it should be
< jtower> is privoxy replacing squid?
< jtate> heh.  for some unknown reason there was no /etc/dhcpd.conf file.
< jtower> thought squid was being depricated, but maybe i misread that somewhere
< RedWolfe> jtower: they have different purposes
< jtower> my bad, never mind
< jeremyp> jtate: That could be your problem.  No config file, da\emon does nothing?  :)
< sweeper> jtower: don't know, yet.  hopefully I'll know by next Wednesday :)
< jtate> Well, I created one and it still wouldn't start.
< jtower> jtate: if you run 'service dhcpd start' it should tell you what is wrong
< jeremyp> also check /var/log/messages
< jtate> It said staring dhcpd: then went back to the prompt.
< jtate> That I didn't do.
< cybertooth> you can also startup dhcpd in debug mode.
< sweeper> and if it doesn't tell you on the console/vty, it'll probably say in /var/log/messages
< jtate> Don't have the machine in front of me right now.
-!- davis [~davis@pixpat.austin.ibm.com] has joined #trilug-rhce
< jeremyp> *always* check /var/log/messages when you're having problems with dameons.  #1 troubleshooting step :)
< davis> hello
< Tribot> kon-nichi-wa, davis
< RedWolfe> tribot: excuse
< Tribot> RedWolfe: We had to turn off that service to comply with the CDA Bill.
< jeremyp> (do we have a general troubleshooting session planned?  That will be important for the exam)
< jtate> Still doesn't answer my question of why there's no default dhcpd.conf file installed with the Redhat dhcpd packages.
< jtate> Don't know if that's true for 8 or 9.
< jtower> jtate: can;t have one by default, it all depends on your specific IP info
< sweeper> jeremyp: the last class is titled "Routers, Firewalls, Clusters and Troubleshooting".  not sure if that troubleshooting is general or specific to firewalls, etc.  probably the latter
< jtate> But you could have a stub.
< jtate> That's what LDAP does.
< jtower> a redhat-config-dhcpd would be nice though
< cybertooth> jtower: then it would be *too* easy!
< cybertooth> I think there is a webmin for dhcpd
< jtower> cybertooth: they're trying to put us out of business!!!
< jeremyp> cybertooth: yeah, but webmin is not the red hat way (tm) :)
< cybertooth> jtower: what business?  $120/year
< cybertooth> jeremyp: know what you mean - just talking in general (to be helpful)
* RedWolfe sings "My way is the company way. . . . "
< jtower> considering my creative deductions i'm happy :)
< jeremyp> cybertooth: understood.  I like webmin; I set it up so our webmaster can give out accounts easily on the intranet web server without bugging me all the time
< jtower> jeremyp: with no redhat-config-dhcpd there is no red hat way (tm)
< cybertooth> jtower: not like a few years ago when I actually wrote off my RR connection as a business expense.
< jeremyp> jtower: well, except for vim :)
< jtate> I swear that Microsoft will be the death of me!
< jtower> i swear that i will be the death of microsoft
< cybertooth> MS's dhcpd works fairly well and is easy to setup.
< sweeper> jtate: well ... yeah :)
< jtower> cybertooth: i've had major problems with dhcpd on NT in the past.  haven't used w2k though
< cybertooth> MS's dhcpd will also do a ping test before handing out an IP - which really helps in on a network full of yabbo's
< jtower> it would run out of leases and refuse to use expired ones
< jtate> Windows could not start because the following file is missing or corrupt:\Windows\system32\config\system
< cybertooth> jtower: like everythig MS you have to patch the living hell out of it before it is stable.
< jtower> cybertooth: doesn't the ISC dhcp daemon do that too?
< jtate> By the time it's patched there's nothing original left.
< jtower> the ping thing i mean?
< cybertooth> jtower: I'm sure it does now.  I havent' setup a dhcp server on Linux in over a year.
< jeremyp> cybertooth: what do you mean by "yabbo's" ?
< jtower> i've never had a single problem with dhcpd on linux, knock on wood...
< cybertooth> tribot what is a yabbo
< Tribot> cybertooth: wish i knew
< cybertooth> jtower: well there was the problem where you had to define 255.255.255.255 to the linux box as a valid route or dhcp would fail...
< jtower> i've read about that but never experienced it in the wild, guess i'm lucky
< cybertooth> yabbo's are folks who *think* they know what they are doing, and also *think* they are being helpful by setting up their own dhcp services in competition with your corporate server.
< jtower> cybertooth: i did that once, i set up a dhcp server (on a cisco router) on my network.  but clients were getting IPs that i did not define.  turns out some idiot set the routers to forward broadcasts across the WAN
< jtower> so workstations in smithfield were gettings addresses from a dhcp server in boone
< cybertooth> jtower: ha ha - you gotta love that! :)
< jtate> Question:  I'm running LDAP for authentication on a 7.3 box.
< RedWolfe> jtow:: was it at leas in a friendly administrative domain?
< jtate> Now I'm trying to use sudo, but the new group I created with myself in it isn't being recognized.
< jtower> RedWolfe: friendly but stupid :)
< jtate> Probably because the group is also defined in /etc/groups huh?
< sweeper> jtate: why is that?  /etc/groups takes precedence?
< jeremyp> The order depends on /etc/nsswitch.conf
< jeremyp> "files" refers to /etc/passwd, group, hosts, etc
< jtate> I think according to my /etc/pam.d/auth_config it's higher in the stack.
< jeremyp> (other entries are ldap, nis, etc)
< jeremyp> jtate: I thought you were talking about groups, not passwords.  PAM has little to do with groups
< jeremyp> Authorization and authentication are two separate things here
< jtate> My bad.
< jtate> Sorry.
< jtate> I guess I'd forgotten about that nsswitch.conf file
< jeremyp> But you understand the differnce?  Things like /etc/group, permissions on files, etc, define who has access to what services, do things like UIDs, GIDs, etc... that's authorization
< jtate> Something else to add to my kickstart %post script.
< jeremyp> authentication is passwords, and is often what PAM deals with
* sweeper browses "man nsswitch.conf"
< jeremyp> (though PAM can do some other things)
< jtate> Yes, I understand.  I guess I forgot that PAM was the authentication module.
< sweeper> wow, nsswitch.conf sure controls a lot of stuff.  better remember it
< jtate> Like I said, I'm not all here tonight.
< jeremyp> authentication = proving you are who you say you are.  authorization = what resources people have access to
< cybertooth> sweeper: I'll cover nsswitch.conf in my talk
< jeremyp> jtate: yeah, just thought it would be helpful to explain myself to others
< sweeper> cybertooth: cool
< jtate> I put a # infront of the wheel entry in /etc/group, and now I can sudo.
< jtate> Thanks.
< sweeper> it's called "Name Service Switch".  I guess most of what it does is network related, but there are a number of non-network things, too (like groups, passwds)
< jtate> In a networked environment, groups and password is networked: NIS, kerberos, etc.
< jeremyp> sweeper: well, it is network related, because what it does is allow "name service" things (like group lookups) to happen over network services, instead of consulting the local files
< jeremyp> like jtate is just talking about
< cybertooth> sweeper: it determines the order in which various authentication systems are checked.
< sweeper> jeremyp: yep, I get it
< jtate> It's nice to have root in your local /etc/passwd file, so when all other networking is down, you can still log in.
< jeremyp> so jtate may have been able to solve his group problem by changing nsswitch.conf to lookup NIS first (for the wheel group), though commenting it out in /etc/group worked because it went on to NIS
< sweeper> cybertooth: isn't is authorization rather than authetication?  (per jeremyp's discussion earlier)
< jtate> Maybe some time spent on the nscd would be useful?
< jeremyp> Yes, nsswitch.conf is related to authorization; PAM is for authentication stuff
< jtate> jeremyp:LDAP, but yeah.
< jeremyp> (though nsswitch.conf also controls DNS and other stuff0
* cybertooth is away: Opps... Daddy duty calls and I must away.
* sweeper likes man pages .. gotta go read "man nsswitch.conf" on a box later than RHL 7.2 to see if it's changed ...
< jeremyp> jtate: oops :)
< jtate> No biggee.
< jtate> Gonna attack kerberos tomorrow probably.
< jeremyp> kerberos is pretty cool.  I finally think I understand it (at least the basics) after playing around a lot last week.
< jeremyp> Google on "kerberos FAQ" -- that site is really good
< jeremyp> But it was actually the RHL manuals that got it working for me.
* jeremyp pimps the RHL manuals again -- they've got great tech writers!
< jeremyp> (The FAQ helped me really understand kerberos)
< jeremyp> (but the manuals actually got it working...that's what counts!)
< RedWolfe> are we/have we covered PAM?
< sweeper> RedWolfe: PAM is in the "User and Host Security" class (the penultimate class .. unless we add more)
< jtate> Not sure which would be better: remove the group from /etc/group or reorder nsswitch.conf.
< jeremyp> Well, we discussed the 'authconfig' and /etc/pam.d/system-auth a little bit.  But it will come up again in the NIS session
< ovrclokd> rhl manuals rock. :)
< jeremyp> (since NIS does both authentication and authorization, to bring up those a-words again...*grin* )
* sweeper pinps lisa's syllabus page: http://www.trilug.org/~lisa/syllabus.html
< ovrclokd> saction
< jtate> I'm not going to put root in LDAP, but I don't want it to have to go to LDAP when local lookup is nearly instantanesous.
< jeremyp> yeah, I think local first makes sense
< jeremyp> But I guess it depends on your network
< jtate> I'll probably just use a different group for sudoers other than wheel is in order.
< jeremyp> And having the "passwd" lookup (which really means user information, not actual passwords, remember) use files first is probably a good idea, so you can always login as root even if LDAP breaks
* cybertooth is back (gone 00:06:39)
< cybertooth> jeremyp: I believe you can specify in nsswitch to move on if an authentication type takes too long - then it moves to the next in the list
< jeremyp> Yeah, there are some neat options like that.
< jeremyp> Though what if your LDAP server is borked and returns wrong information, like a non-zero UID for root or something?  Then what do you do to login?  :)
< jtate> jtate can't do the tricky pimping, but attempts to pimp directory_administrator for LDAP authentication setup and maintenance.
< cybertooth> So you *could* lead with ldap, but if it is down, be prepared for some long waits for authentication.
< jtate> boot from cd to rescue mode.
< RedWolfe> boot "single"!
< jtate> Yep.
< cybertooth> knoppix rules
< cybertooth> Anymore biz tonight?  WW is on.
< jeremyp> Well, single user is your last resort, yes.  Not ideal for remote servers though.
< jtate> cybertooth? Don't you have TiVO?
< jeremyp> Tribot: what is WW?
< Tribot> jeremyp: no idea
< sweeper> cybertooth: WW is a rerun tonight (acording to TiVo)
< cybertooth> jtate: I buy the TiVO after unc-tv lets me put a cluster in for them!
< jeremyp> cybertooth: this crowd needs a better excuse than TV :)
< jtate> If not what about the "Open Source alternatives?"
< jtate> Bake your own TiVo.
< cybertooth> jeremyp: Oh, I'm out of beer... bye!
< jtower> jeremyp: yeah, like a good bzflag game :)
< RedWolfe> West Wing *is* a repeat
< jtate> Can't tell me you don't have enough spare computing around to make yourself one.
< jtower> i thought he ment wayne's world
< jeremyp> How much are TiVOs these days?  Have people come up with a way to avoid paying the $10/month and have it still work right?
< jtate> Stupid NTFS.
< jeremyp> I was thinking it was some sort of wrestling thing :)
< cybertooth> jeremyp: pay the $300 life time membership
< ovrclokd> jeremyp: yeah, pay $X upfront and have it work right.
< jeremyp> Aw, come on.  Surely someone's reverse engineered the protocol :)
< jtate> Get the replay if you don't want monthly fees.
< Jester_> Do they only work with DirecTV?
< cybertooth> jtate: isn't NTFS a form or wrestling?
< jtate> No-one's going to do that.
< jtate> Mostly.
< sweeper> jeremyp: IIRC, the series 2 standalone in just under $400.  lifetime subscription is about $300
< jtate> The hackers like hacking TiVO.  If they hack the subscription protocol, TiVO will shut down the other hacking.
< SinnerBOFH> cybertooth: NTFS is actualy a refined form of torture from the NW of the US of A
< sweeper> Jester_: yes, the have a DirecTiVo version
< jeremyp> So $700 for TV...wow.  Yeah, cybertooth will need to put in some clusters :)
< cybertooth> I saw an article that used TVguides site toload theinfo into their home-made tivo
< RedWolfe> TiVo? sheesh
< jtate> TiVo series 2 already is quite locked down.
< sweeper> jeremyp: no, you still have to supply your own TV :)
< Jester_> sweeper: No, the question was whether it works with anything else?  Like cable?
< jeremyp> sweeper: yeah, and cable service!
< jeremyp> Jester_: the full TiVOs work with cable or off-air programming, yes.
< jtate> I've got a usb ethernet adapter connected to my TiVO.  No phone line at the house is a beautiful thing.
* jtower is happy with his purchase of a TV card for his server
< sweeper> Jester_: yes .. or maybe.  there are 2 models - a standalone that works with cable and a directtivo that works with directtv.  I have the series 2 SA
< jtate> I've got several links to good sites, I just can't get to them right now.
< jeremyp> Jester_: but the special "DirecTivo" version only works with DirecTV, and is cheaper (since it doesn't have the video compression codecs in it -- directv is already compressed)
< [ECL]rock> I like bittorrent instead of tivo
< jtate> If you've got DirectTV and a HD quality set, wait til this fall when you can get HD compatible DirecTiVO units.  Drool.
< Jester_> Ah, was just wondering how many of the features would be missing
< Jester_> Since I've got the dang cable box
-!- cybertooth [~cybertoot@rdu163-124-248.nc.rr.com] has left #trilug-rhce ["Client Exiting... Later amigos!"]
* sweeper sweeper almost got a TV card for his server for $10 at work, but somebody beat him to it
< jeremyp> Jester_: you still get the full programming info if you pay; it either connects to TiVo's home office via phone line, or your broadband Internet (via Ethernet)
< jtate> I think I royally hozed my XP NTFS machine.
< Jester_> jeremyp: But can it somehow switch channels if I ask it to record shows on multiple channels?
< sweeper> [ECL]rock: bittorrent serves up video?  (like the rest of the P2P networks, right?)
< jeremyp> Jester_: yes, there's an IR flasher you can program and hook up
< Jester_> jeremyp: Ah, no kidding... cool
< [ECL]rock> i have found the enterprise episodes easily
< jeremyp> Many VCRs come with IR flashers too, that's actually not that new a thing.  It's just that many people don't bother to program them :)
< jtate> www.cadsoft.de/vdr
< jeremyp> Usually it just becomes one of those spare parts in the bottom of the drawer that people ignore :)
< sweeper> Jester_: or, maybe, no.  the standalone can only record one channel (unlike the directivo which can handle 2, I think)
< Jester_> parabuthus, who is Jester_
< jtate> (Link from popular science)
< Jester_> sweeper: I don't necessarily mean concurrently... more like serially
< sweeper> Jester_: ah.  then, yes.
< sweeper> jtate: yeah, I have that issue.  I want to build one ... but we only have one tv and limited space in the entertainment center.  sigh.
< jtate> I think the tower case is going to become less popular over the next while.
< jtate> Towers don't fit well in Entertainment cases.
< jtate> I've still got room in mine, but no desktop case.
< jeremyp> Sorry for all the TiVo conversation here, we really should be directing that in #trilug
< jeremyp> Anyone have any further RHCE-related questions or comments ?
< sweeper> somewhere (probably /., maybe ars technica) I got to a web site about guys who put there entertainment PC in an old VCR chassis.  very slick.  DVD tray come out the slot.  had a little LCD screen
< jeremyp> Do we have the agendas for the next meeting finalized then ?
< sweeper> jeremyp: nope. ovrclokd will update the syllabus with what we decided.  we'll post it to the list so people can see the new dates
< jeremyp> so we did end up adding a meeting then?  That's what I wasn't clear on
< sweeper> jeremyp: yep, I have the agendas (I posted them a wile back)
< ovrclokd> sweeper: nope, not finalized?  sounded pretty finalized to me?
< jtate> Anyone know how to start a second X server?
< sweeper> jeremyp
< jeremyp> jtate: try "startx -- :1" when logged into a text VT
< RedWolfe> sweeper: could ovrcloked put a ling from ~ direct to the syllabus?
< sweeper> jeremyp: yes, we're adding a 3rd network services class on 4/30 and the rest of the class will get pushed out.
< ovrclokd> redwolfe: yes, ovrclokd could. ;)
< jeremyp> (that will get you an X session running on ctrl-alt-F8, or X display ":1" )
< jeremyp> sweeper: okay.
< jeremyp> Can I ask that we try not to add any more sessions though?
< RedWolfe> ovrcloked: pleas, would you?
< sweeper> RedWolfe: <confused> what does "from ~ direct to the syllabus" mean?
< jeremyp> We need to work hard to move quickly so this doesn't draw out forever.
< RedWolfe> the $HOME page
< jeremyp> RedWolfe: there is a link:  see http://www.trilug.org/~lisa/
< ovrclokd> redwolfe: ask and you shall receive.  go check ~. ;)
< sweeper> jeremyp: hmmm.  not sure we can cover the rest of the networking topics in one night ...
< ovrclokd> jeremyp: you mean "any more after the 3rd networking session" right?
< jeremyp> sweeper: I agree, but let's try to embargo new sessions from now on
< jeremyp> This is just my thought, I want to get this over with and take the RHCE before I waste the money I have saved for it.  :)  Others may be on a different timetable
< sweeper> jeremyp: agreed.  we could also look over the future sessions and see if any can be collapsed (maybe?)
< RedWolfe> Ovr: Merci beaucoup!
* sweeper just looked over the syllabus and doesn't see much we can compress
< jeremyp> Wait, I just noticed that meeting 8 has a lot of the stuff we've been talking about tongiht (LDAP, PAM, NIS)
* RedWolfe should know better to ask thing in the manner he did.
< jeremyp> So we don't really need the 3rd network services section -- except for the BIND part
< ccw> I don't think tonight's coverage was rigorous enough.
-!- cybertooth [~cybertoot@rdu163-124-248.nc.rr.com] has joined #trilug-rhce
< sweeper> jeremyp: I'd still like to have a class that covers LDAP and PAM since we get it haphazardly via irc
< cybertooth> I'm still looking forward to the LDAP class from Mr. Turner
< jeremyp> sweeper: right, that's meeting 8, that's what I was saying
< ovrclokd> jeremyp: you suggesting squeezing nfs/nis into meeting 8 and bind into next week's?
< cybertooth> I was going to do all that at once
< sweeper> but I think scrubbing the syllabus is in order ... I noticed that the current meeting 6 has s/w raid which was covered during meeting 2
< jeremyp> well, maybe our original plan is fine, but we can retool meeting 8
< jeremyp> we didn't really talk about software raid configuration with the md tools, only the Disk Druid GUI stuff though
< sweeper> jeremyp: oh, ok.
* sweeper has never setup software raid so doesn't know the extent of it
< cybertooth> I dont' think for the RHCE you need to worry about sw-raid outside of setting it up via the installer.
* ovrclokd thinks we should have additional meeting for nfs/nis/bind/automount, cybertooth presents, and then do everything else in meeting 8 as listed
< jeremyp> well let's go with our current plan then (two more network services meetings, sweeper doing the next one, and cybertooth doing the follow one)
* sweeper agrees with ovrclokd's plan
< jeremyp> then we'll probably havce some other things we can add to meeting 8 when we get to it
-!- clotman [~clotman@moya.trilug.org] has quit ["off to bed"]
< ovrclokd> jeremyp: makes sense
< jeremyp> There's always plenty of stuff to talk about with respect to security :)
< cybertooth> The mysterious meeting 8...
< jeremyp> "the meeting 8 my homework, teacher!"
* ovrclokd giggles at jeremyp
< jeremyp> By the way, regarding our previous discussion of Freenode's stability, there was just an interesting "Global Notice" sent out -- check your IRC client's "console" window
< sweeper> someone (?) could put together a general troubleshooting talk and throw that into meeting 8 ... ?
< cybertooth> His longing overtook him, and he could no longer keep quite about his longing ache for the mysterious meeting 8...
< Jester_> Speaking of running an irc server, didja read the freenode news?
* sweeper found that hitting ^D a few times exits from irssi and logs him out. thank goodnees for screen :0
* Nat_RH holds on as the freenode servers begin to crash
< jeremyp> Jester_: see my comments three lines above yours :)
< Jester_> jeremyp: Yeah, just saw it... sorry
-!- [ECL]rock [~n@cpe-024-211-148-035.nc.rr.com] has quit []
< ovrclokd> cybertooth: stop it, man, yoiu
< ovrclokd> you're scarin' me!
< ovrclokd> (okay, who put the ' next to the enter key...)
< Jester_> hehe
< cybertooth> ovrclokd: damn bill gates and his ergonomit keyboard!
< ovrclokd> cybertooth: damn bill gates, period. :)
< Jester_> parabuthus saveall
< Jester_> damn client
< jeremyp> what is the signifigance of "parabuthus" ?
< sweeper> tribot: who is parabuthus
< Tribot> sweeper: i don't know
< Nat_RH> jeremyp: Don't ask...u prob. don't wanna know  :)
< jeremyp> Nat_RH: a type of scorpion?  huh?
< Nat_RH> He is one with many animals
< Jester_> jeremyp: Yes
< Nat_RH> <----scared of all those critters!
< Jester_> jeremyp: Added an infobot type script to it... trying to get the thing working
< RedWolfe> 22:03 - ?bedtime?
-!- cybertooth [~cybertoot@rdu163-124-248.nc.rr.com] has left #trilug-rhce ["Client Exiting... Later amigos!"]
< jeremyp> RedWolfe: probably.
< jeremyp> Thanks all -- good session tonight!
* sweeper seconds the motion for bedtime
< RedWolfe> sweeper: so, the syllabus will be adjusted and posted?
< sweeper> RedWolfe: yep.  ovrclokd will do it :)
< sweeper> (I'll give her the info and the log from tonight's irc session)
< RedWolfe> many thanks to Ovrcloked
< RedWolfe> tribot: excuse
< Tribot> RedWolfe: wrong polarity of neutron flow
< SinnerBOFH> that's an excuse!
< ovrclokd> redwolfe: you're welcome... :)
< ovrclokd> have a good night, y'all! ;)
* SinnerBOFH wonders what tool, aside from vi or emacs , people use to code
< SinnerBOFH> g'night ovrclokd! see you tomorrow!
< RedWolfe> Sinner, how about a compiler :-)
< ovrclokd> sinnerbofh: see you tomorrow.  if it only takes 1:45 then i should be able to get there a little early
< ovrclokd> i'll call from the road and let you know how it's looking...
< sweeper> SinnerBOFH: I use nedit as my editor (when I have X windows)
< SinnerBOFH> ovrclokd: cool. drive safe!
< ovrclokd> sinnerbofh: will do.  thanks!
-!- ovrclokd [~lisa@moya.trilug.org] has quit ["leaving"]
< SinnerBOFH> sweeper: does it has syntax colouring & completion?
< sweeper> SinnerBOFH: it has syntax highlighting and a pretty good macro language.  don't think is has completion  (completion of what?)
< SinnerBOFH> of commands, variables and such
< jtate> try eclipse.org
< jtate> SinnerBOFH: try eclipse.org
< SinnerBOFH> jtate: does it support php?
< jtate> Don't think so.
< jtate> That'd be sweet.
< jtate> VI's got pretty nice syntax hiliting for PHP.
< sweeper> SinnerBOFH: nope, no competion.  it has really cool text selection and moving, including rectangular selections
-!- jtower [~jason@moya.trilug.org] has left #trilug-rhce []
< jtate> The stock emacs one is lacking.
< ccw> waves g'night
< sweeper> fwiw, nedit is at nedit.org
< SinnerBOFH> jtate: mmm, thanks, i'll look into it
< SinnerBOFH> g'night ccw
-!- ccw [~ccw@durham-ar1-4-64-250-023.durham.dsl-verizon.net] has quit ["Client Exiting"]
* RedWolfe waves and gives g'nites to all
< sweeper> g'night all
< SinnerBOFH> g'night all me too
--- Log closed Wed Apr 09 22:17:12 2003

Generated by irclog2html.pl 2.1 by Jeff Waugh - find it at freshmeat.net!