Re: dist-upgrade on remote server
Hello Andreas It should be possible. I upgraded a number machines from slink to potato - remotely but I have not started on remote potato to woody upgrades yet. If helps if you have practised on a local machine. I suggest you take a few precautions: - use apt-get -d to download everything you need before you start. - open 3 or more ssh sessions. Setup a ping in the spare sessions. Then if you loose your main one, the others should still be open to give you a back door. This can save you if something crashes during the setup of the new ssh. - use script or something similar to keep a record of the screen dump. Then if you miss a warning or error you can go back and read it. - be vary careful before you do anything that changes ipchains rules. - be vary careful before you re-boot the machine. Let me know how it goes. Good Luck. Ian On 4 Feb 2002, at 15:16, Andreas Rabus wrote: Hi, there was an thread about potaota/woody on the weekend, but i didn't get an important answer: I'd like to dist-upgrade our potato InternetServer in production to woodo and i have only a ssh and telnet-ssl connection to that box. So, what's the best way to do it? If i lost net connection, i'm stuck. (Grab a monitor, a keyboard etc. take it to the cellar of the box at the other end of the city, reboot, wait, repait and menawhile i got a few hoers downtime...) That's s.th. i'm afaraid of so i should try to avoid it... But how can a connecten get lost whiel dist-upgrade and what can i do to avoid this? I have an other box wich ist nearly similar t that interbox in the LAN, so i can try it there first, but they dont share the network connectin and config. An i can't switch boxes, the are to different. Has anybody done s.th. like that before? With succes? Failed? ar Andreas Rabus entity38 AG Theresienstraße 29 80333 München Tel +49 (89) 286772-27 Fax +49 (89) 286772-21 ISDN +49 (89) 286772-30 ICQ #132675697 [EMAIL PROTECTED] www.entity38.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: recheck for new partition without reboot?
On Sun, 3 Feb 2002 04:42, Nathan E Norman wrote: On Sat, Feb 02, 2002 at 02:02:31PM +0100, Marcin Owsiany wrote: On Fri, Feb 01, 2002 at 06:09:15PM -0800, Jeremy C. Reed wrote: I added a new partition (/dev/sda8). (Other partitions were already in use.) Is there any tool or kernel module to recognize this device without rebooting? I guess cfdisk calls some ioctls to force kernel to reread the new partition table after writing it... It does; however IIRC the ioctl call results in a successful reread of the partition table only if none of the other partitions on that drive are currently mounted. Since the OP says other partitions were in use, I assume he means they were mounted. I'm afraid in this case a reboot is called for, though I'd love to hear otherwise. It's in the kernel. It's not just mounted file systems, it's any open handle to the device. The code can be changed, and the relevant people are willing to accept such a patch if it's supplied... -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: dist-upgrade on remote server
On Tue, Feb 05, 2002 at 11:52:49AM +0200, I. Forbes wrote: Hello Andreas It should be possible. I upgraded a number machines from slink to potato - remotely but I have not started on remote potato to woody upgrades yet. If helps if you have practised on a local machine. I suggest you take a few precautions: [...] - be vary careful before you re-boot the machine. I just had to travel to a server that failed to come up from a reboot after remote upgrade to woody. The problem was kernel-2.4.17's initrd stuff didn't automaticly load the AHA-2940 module... In the 2.2.x series kernel this must have been compiled in, but for the new 2.4.x series it needed an entry in /etc/modules. I ended up manualy running modconf to add it in, then dpkg-reconfigure'd the kernel to make sure the initrd had it in. Another option that _might_ have worked is installing discover... Just something else to be wary of :-( -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
AW: dist-upgrade on remote server
Is it possible to compile a new kernel befor the reboot? Whats about Our remote box has an RAID Controler from GDT whos driver surely is not in the default kernel... -Ursprüngliche Nachricht- Von: Donovan Baarda [mailto:[EMAIL PROTECTED]] Gesendet: Dienstag, 5. Februar 2002 14:08 An: I. Forbes Cc: Andreas Rabus; [EMAIL PROTECTED] Betreff: Re: dist-upgrade on remote server On Tue, Feb 05, 2002 at 11:52:49AM +0200, I. Forbes wrote: Hello Andreas It should be possible. I upgraded a number machines from slink to potato - remotely but I have not started on remote potato to woody upgrades yet. If helps if you have practised on a local machine. I suggest you take a few precautions: [...] - be vary careful before you re-boot the machine. I just had to travel to a server that failed to come up from a reboot after remote upgrade to woody. The problem was kernel-2.4.17's initrd stuff didn't automaticly load the AHA-2940 module... In the 2.2.x series kernel this must have been compiled in, but for the new 2.4.x series it needed an entry in /etc/modules. I ended up manualy running modconf to add it in, then dpkg-reconfigure'd the kernel to make sure the initrd had it in. Another option that _might_ have worked is installing discover... Just something else to be wary of :-( -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: AW: dist-upgrade on remote server
Hello Andreas You should be able to upgrade potato to woody with a 2.2 series kernel. You can compile/upgrade your kernel after the debian upgrade. I would prefer to compile and test the kernel on a local machine and create a kernel-image...deb file. Then copy this onto the new server and install it with dpkg. But then you need to have the same hardware on your local machine to test it with. Regards Ian On 5 Feb 2002, at 14:35, Andreas Rabus wrote: Is it possible to compile a new kernel befor the reboot? Whats about Our remote box has an RAID Controler from GDT whos driver surely is not in the default kernel... -Ursprüngliche Nachricht- Von: Donovan Baarda [mailto:[EMAIL PROTECTED]] Gesendet: Dienstag, 5. Februar 2002 14:08 An: I. Forbes Cc: Andreas Rabus; [EMAIL PROTECTED] Betreff: Re: dist-upgrade on remote server On Tue, Feb 05, 2002 at 11:52:49AM +0200, I. Forbes wrote: Hello Andreas It should be possible. I upgraded a number machines from slink to potato - remotely but I have not started on remote potato to woody upgrades yet. If helps if you have practised on a local machine. I suggest you take a few precautions: [...] - be vary careful before you re-boot the machine. I just had to travel to a server that failed to come up from a reboot after remote upgrade to woody. The problem was kernel-2.4.17's initrd stuff didn't automaticly load the AHA-2940 module... In the 2.2.x series kernel this must have been compiled in, but for the new 2.4.x series it needed an entry in /etc/modules. I ended up manualy running modconf to add it in, then dpkg-reconfigure'd the kernel to make sure the initrd had it in. Another option that _might_ have worked is installing discover... Just something else to be wary of :-( -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- - Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: AW: dist-upgrade on remote server
On Tue, Feb 05, 2002 at 03:38:22PM +0100, Andreas Rabus wrote: And that is not the case... i need the old kernel for backup, but the 2.2 Kernel wouldn't work with woody (devfs,...), this one is s.th i have tested... Any work around? or just be extar careful before re-booting? The way to go is by now: - open multiple connections to the host (ssh, telnet-ssl) - source.list points to woody - apt-get -d dist-upgrade to download all packages - apt-get dist-upgrade to install them. - recompile new kernel for the used hardware. - install that new kernel. - reboot - enjoy or curse the world... Am i missing s.th.? Be extra careful with network drivers! My No 1 mistake (2.2.x - 2.4.x) is, having a rtl8139 card, and forgetting to adjust modutils entry. The driver is renamed from rtl8139 to 8139too (in fact it's a different driver). Also perhaps the driver used to be built into the kernel, and you compiled it as a module. It is getting quite relaxed, if you have two remote computers connected with two serial null-modem cables (com1-com2, com2-com1), putting the console on a serial port. In fact, except you broke lilo or removed your old known good kernel or didn't enable serial console, I cannot imagine a case where you won't have access to your remote computer after rebooting. florian -- Florian Friesdorf [EMAIL PROTECTED] OpenPGP key available on public key servers -- Save the future of Open Source -- - Online-Petition against Software Patents - -- http://petition.eurolinux.org --- msg05243/pgp0.pgp Description: PGP signature
AW: AW: dist-upgrade on remote server
That's what we was thinking about, too. But we won't get a second box and the Rack is filled too. To bad... :( But all my kernels have serial console enabled, even the inhose ones... -Ursprüngliche Nachricht- Von: Florian Friesdorf [mailto:[EMAIL PROTECTED]] Gesendet: Dienstag, 5. Februar 2002 17:42 An: [EMAIL PROTECTED] Betreff: Re: AW: dist-upgrade on remote server On Tue, Feb 05, 2002 at 03:38:22PM +0100, Andreas Rabus wrote: And that is not the case... i need the old kernel for backup, but the 2.2 Kernel wouldn't work with woody (devfs,...), this one is s.th i have tested... Any work around? or just be extar careful before re-booting? The way to go is by now: - open multiple connections to the host (ssh, telnet-ssl) - source.list points to woody - apt-get -d dist-upgrade to download all packages - apt-get dist-upgrade to install them. - recompile new kernel for the used hardware. - install that new kernel. - reboot - enjoy or curse the world... Am i missing s.th.? Be extra careful with network drivers! My No 1 mistake (2.2.x - 2.4.x) is, having a rtl8139 card, and forgetting to adjust modutils entry. The driver is renamed from rtl8139 to 8139too (in fact it's a different driver). Also perhaps the driver used to be built into the kernel, and you compiled it as a module. It is getting quite relaxed, if you have two remote computers connected with two serial null-modem cables (com1-com2, com2-com1), putting the console on a serial port. In fact, except you broke lilo or removed your old known good kernel or didn't enable serial console, I cannot imagine a case where you won't have access to your remote computer after rebooting. florian -- Florian Friesdorf [EMAIL PROTECTED] OpenPGP key available on public key servers -- Save the future of Open Source -- - Online-Petition against Software Patents - -- http://petition.eurolinux.org --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim maildir
Michael Merritt [EMAIL PROTECTED] writes: It seems that exim is by default set up to deliver to standard mbox format. What steps do I need to complete to make it use Maildir so I can use Courier-IMAP and Courier-POP with exim? Is there a how-to or similar somewhere? If not, I'll write one once I get this figured out. There seems to be a dearth of information online on the subject in an understandable format. Thanks, -- I use this transport configuration for courier with virtual domains: virtual_localdelivery: driver = appendfile create_directory = true directory_mode = 700 directory = /var/spool/virtual/${domain}/${local_part}/ headers_remove = Bcc user = vmail group = vmail maildir_format mode = 660 HTH Ramin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim maildir
On Tuesday 05 February 2002 02:48 am, Ramin Motakef wrote: I use this transport configuration for courier with virtual domains: virtual_localdelivery: driver = appendfile create_directory = true directory_mode = 700 directory = /var/spool/virtual/${domain}/${local_part}/ headers_remove = Bcc user = vmail group = vmail maildir_format mode = 660 Ramin, This helps. Thank you. I'd like to pick your brain a little more, and show my ignorance. What do I need to do for Courier to authenticate multiple domain users? How should their user accounts be setup on the system? IE, how will courier distinguish between [EMAIL PROTECTED] and [EMAIL PROTECTED]? -- Michael MerrittO2/CO2 Conversion Specialist [w] [EMAIL PROTECTED] | www.miklm.com | (931) 205-1392 | AIM/MSN miklm Piracy is not a technological issue. It's a behavior issue. --Steve Jobs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: AW: dist-upgrade on remote server
-BEGIN PGP SIGNED MESSAGE- On Tue, 5 Feb 2002, Florian Friesdorf wrote: Be extra careful with network drivers! A small hint from someone currently 2000km away from his machines: I had to play with a new firewalling setup, meaning that there was a big chance to lock myself out. Given that your machine will boot correctly, but your network setup may be broken (no matter why), you could create a script that brings the machine back to a working state. That is, install a kernel that worked before, install old version of some scripts/configfiles etc. and maybe even reboot it. Then you make an estimate of how long you need to try your new setup, and when you want to get back into your machine in case something goes wrong. And finally, you tell at to fire up that script at a specified time, e.g. # at -f rollback.sh + 10 minutes See at(1) for details. Alex - -- Forgive me, but I'm talking to a politician. John Simpson, BBC World -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAwUBPGBDVGWTYnZjEXP1AQEpFAP/Y7n3rH4+GCsI5arF2aOzWOXZGjtziwzn ov2euim3EroavYae5E48fyV746cOKq7uIkVGtFNTnrCwbqpQSx8O2O1z+QIP85i5 3bHXQs2IrCF6XL+uyFRlCh2aNf68/GeyadBC9BsRX35BzUbj+Jprl0QKMFPSCvW6 poaJMheZKAQ= =5TrX -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
It's a simple and easy-to-follow plan and EVERY website will want this service
It's a simple and easy-to-follow plan and EVERY website will want this service. Can youspend just 10 minutes a day sending e-mails to ANY websites on the Internet? iFsothis UNIQUE program will make you a very good income every day!!! Its only costs $5 to start up which we refund back to you within 24 hours making this 100% FREE. Here are the BENEFITS to YOU. Your VERY OWN independent on-line business A steady stream of paid daily to you. No sales team, equipment or office required. Full step by step instructions to get you making money today. No hidden expenses, nothing to download or advertise. Multiple income streams possible from day one. Money deposited directly and immediately to YOUR account Fully automated setup. You can wake up tomorrow morning open your Email and find 'Notification for Payment Received" staring back at you. I never get tired of seeing that:)) Sign up today - Press the linkbelow and send just $5 and you will receive all the help and infomation you require by e-mail instantly. We will also send you $5 back just for signing up a new account so this is 100% FREE. PRESS HERE TO CONTINUE FULL 30 DAY MONEY BACK GUARANTEE.PART OF THE INTENERT DOT COM LTD GROUP OF COMPANIES -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: transparent firewall possible?
Hi all, Just thought i'd let you know that I got the transparent firewall working, with the new bridging code patched into the kernel. Its a bit CPU intensive, but it is going fine on a Celery 400Mhz. It is a pretty thing, and can virtually be plugged in anywhere to provide instant firewall protection :-) And to think some companies charge $20K for a solution like this ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: dist-upgrade on remote server
On Tue, Feb 05, 2002 at 02:35:30PM +0100, Andreas Rabus wrote: Is it possible to compile a new kernel befor the reboot? kernel-package is your friend :-) never manualy install a kernel, create a deb and install that instead. Whats about Our remote box has an RAID Controler from GDT whos driver surely is not in the default kernel... You might be surprised. The 2.4.x series kernel packages are fully modular and have nearly everything compiled as a module. I haven't needed to compile my own kernel since they came out, except when I needed wierd patches applied. However, make sure you pick the right kernel, and make sure the right modules will be loaded when it boots. I installed the 2.4-17-686 kernel on this machine before I remembered it was a Pentium classic (-586tsc) not a Celeron. Fortunately I remembered while the reboot countdown was going, so I stopped it and installed the right one (only to still stuff it up). The discover package is pretty cool for automaticly loading the right modules. It gets it right about 90% of the time. The only thing I've seen it get wrong was the rtl8139 instead of 8139too for the 2.4.x kernels. But the safe way is modconf :-) Oh, yeah, the other thing to make sure of is your lilo.conf needs the initrd entry for the 2.4.x kernels. -Ursprüngliche Nachricht- Von: Donovan Baarda [mailto:[EMAIL PROTECTED]] Gesendet: Dienstag, 5. Februar 2002 14:08 An: I. Forbes Cc: Andreas Rabus; [EMAIL PROTECTED] Betreff: Re: dist-upgrade on remote server On Tue, Feb 05, 2002 at 11:52:49AM +0200, I. Forbes wrote: Hello Andreas It should be possible. I upgraded a number machines from slink to potato - remotely but I have not started on remote potato to woody upgrades yet. If helps if you have practised on a local machine. I suggest you take a few precautions: [...] - be vary careful before you re-boot the machine. I just had to travel to a server that failed to come up from a reboot after remote upgrade to woody. The problem was kernel-2.4.17's initrd stuff didn't automaticly load the AHA-2940 module... In the 2.2.x series kernel this must have been compiled in, but for the new 2.4.x series it needed an entry in /etc/modules. I ended up manualy running modconf to add it in, then dpkg-reconfigure'd the kernel to make sure the initrd had it in. Another option that _might_ have worked is installing discover... Just something else to be wary of :-( -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: AW: dist-upgrade on remote server
On Tue, Feb 05, 2002 at 03:38:22PM +0100, Andreas Rabus wrote: And that is not the case... i need the old kernel for backup, but the 2.2 Kernel wouldn't work with woody (devfs,...), this one is s.th i have tested... Huh? I have dual-booted 2.2 and 2.4 series kernels on a woody box. What's the problem? The 2.4 kernels have devfs compiled in, but not automaticly mounted so I'm not using it. -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mass installation procedure for Debian?
Hello! We install/reconfigure re-install almost on a daily basis via a local network, which is far the fastest way, better than any CD. On Mon, Feb 04, 2002 at 06:09:54PM +0200, I. Forbes wrote: Hello Oliver ... We use this installation procedure. It is not really mass but can generate a debian stable machine tailored for our customer's [...] We use a similar aproach and I can recommend it. I have played Fai once and actually I'm fiddling with bootcd. With Fai I came in closer contact with Cfengine and I started to like it that much, that I started to experiment with a generalized Cfengine setup, that will be casted into debian packages. These define setup-strategies with cfengine, mail-server, web-server, print-server, print-client, etc, etc, then I *only*: 1) install a minimal/moderate standar Debian System with a unique private IP number or with an IP number which is a handle for a predefined installation. 2) define the special caracteristics of the new computer by adding it to the corresponding cfengine classes on the Cfengine Master/Debian Mirror 3) Let Cfengine do the rest by running it from the newly installed computer. Note that this is (almost) a vapourware description, while it is true that I handle a home/Internet-Café/development network of about eight randomly assembled Debian boxes, it's not brewn out. A note about the mirror: There is one machine with a webserver and a 33.6 :-) Modem line to the Internet, where I upate my packages frequently. After each download/install/update I run apt-move update to get new packages into a www-mirror on the local harddisk. Each other computer only uses this local mirror. Big advantage: instead of browsing 9000 packages y only manage about 1000 most needed on the local computers, which are browsed manually rather quickly. Tip: don't make this computer a production server (as I do) since the update regularly breaks the machine. If you use an individual update server you can play around with software and then decide if you want to install or upgrade on the local network. Also jablicator has not been mentioned in this thread. It creates an empty Debian Packages which depends on all packages that are installed on your computer. So if you create various jablications for different computer setups and put them on a local debian-mirror you just install on a new computer the jablicated packages according to the needs of this machine. Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Sftp but no login via ssh
Greetings, I'd like to allow some of my users to transfer files via sftp (like using CuteFTP Pro), but I don't want them to be able to login or execute commands via ssh. Is there anyway to do that? Failing that, is there a more configurable secure daemon than the one in the ftpd-ssl package? -- C. R. Oldham Director of Technology NCA Commission on Accreditation and School Improvement [EMAIL PROTECTED] V:800-525-9517 F:480-965-9423 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mass installation procedure for Debian?
We install/reconfigure re-install almost on a daily basis via a local network, which is far the fastest way, better than any CD. if you are lucky enough to never have to do a remote install... I have played Fai once and actually I'm fiddling with bootcd. it does seem interesting. doesn't it. Also jablicator has not been mentioned in this thread. It creates an empty Debian Packages which depends on all packages that are installed on your computer. So if you create various jablications for different computer setups and put them on a local debian-mirror you just install on a new computer the jablicated packages according to the needs of this machine. very good idea, but I was wonering if anyone one the list has every made a custom boot cd, with specific packages and a custom kernel image/modules (xfs support, etc.) I have been searching the web, but not found much good information. thanks for the help. -chris zubrzycki == Security Is A Series Of Well-Defined Steps... chmod -R 0 / ; and smile :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
The Debian way to turn off accept_source_route.
G'day, was just fiddling with my everything-server and thought I noticed what looked like a bit of source-routed traffic was going through it. I noticed /proc/sys/net/ipv4/conf/default/accept_source_route was '1', the same as all the interfaces. After getting a bit worried, it looks like the ../all/accept_source_route was '0'. I'm assuming the '../all/..' overides the individual interfaces, but then I'm not sure _what_ that little blip of traffic was. I know decent firewalling will kill source-routed traffic, but doing cat 0 /proc/sys/net/ipv4/conf/all/accept_source_route is probably also a good idea. Does Debian do this somewhere? What is the kernel default? If Debian doesn't already do this, what is the correct way to do it? The /etc/network/options will set '../all/forwarding', but nothing else. -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: unstable is unstable; stable is outdated
Hello! On Sat, Feb 02, 2002 at 06:39:46AM +0800, Jason Lim wrote: ... aspect of their distro pretty good. They are business people over there, and they know how frequent business users like to have updates, and when ... People here around *only* know RedHat, and it's *the best*, because each half year you can buy a new Version. So I can tell by what I see at others (i.e. not from personal experience) that RedHat a) changes essential issues every time it makes a new version, so on has to learn again, b) uses also some outdated software. I suppose the latter is, to not provoque the dependency avalanche. critical updates should be released. Your Point, Best Regards, Jorge León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: unstable is unstable; stable is outdated
Hello! On Sat, Feb 02, 2002 at 04:55:44AM +0800, Jason Lim wrote: ... I know that as a company, we could donate a bit of money (with the economy as it is, not much though), but from what I can see, money isn't really where the problem lies... it is somewhere else. ... Last Debian Weekly News says that a Maintainer dropped 18 packages out of frustration with the slow pace of Debian 3.0. It also says that this slow pace is because Bugs are simply not fixed. I'd love to become a Debian Maintainer or Bug-Squasher, if I could make a living out of it, whole or parttime. Your company could send me an offer. This is meant serious, although not intended to be an abuse of the list. If companies would a) adopt Debian packages (by inhouse programmers), and/or b) sponsor packages Maintainers, there would be some economic thrive behind the Debian Releases, and it would just be fair, because Debian is thriving a lot of companies, isn't it? Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix with LDAP smtp authentication
Hello! On Sun, Feb 03, 2002 at 01:53:15AM +0100, Paul Fleischer wrote: ... I have searched around, but could not find anything related with direct LDAP authentication, only SASL which too me looks like introducing an unnecesarry component. Sasl is yet needed for Mutt. You do *not* use Mutt??? Is there any way to do direct LDAP smtp authentication? Or do I have to write such a patch myself?? Did you check Pam/Pam-ldap? If your MTA autenticates against Pam you can just plug in libpam_ldap. (Did not do it yet!) Best Regards, Jorge-León -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Squid and FTP
Hi All Can someone explain to me how I can use Squid to proxy / cache FTP requests. I need to be able to restrict FTP downloads and it would be preferable to do it though Squid as I see it has the support in the config file. Any information would be appreciated as always :) Craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Squid and FTP
On Wed, Feb 06, 2002 at 09:35:51AM +0200, Craigsc wrote: Hi All Can someone explain to me how I can use Squid to proxy / cache FTP requests. I need to be able to restrict FTP downloads and it would be preferable to do it though Squid as I see it has the support in the config file. Any information would be appreciated as always :) Squid will do ftp proxying, but only on very strict terms - it'll proxy/cache requests from web browsers, that are sent in http-style. It will not proxy or cache for true ftp clients. There is a package called frox (apt-get install frox ;), that seems to do the trick nicely of transparently converting ftp access from ftp clients into proxyable ftp connections, which you can then put through squid. I don't know how it would go under load, and I note that the very act of what it does means ftp connections are slower (but not transfers, necessarily), but it might be what you're after. KJL -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: dns to ldap
On Mon Feb 04 2002 at 09:50:01PM -0500 'Thedore Knab' [EMAIL PROTECTED] wrote: I was wondering if anyone has their DNS in an LDAP directory. LDAP to DNS gateway [http://ldap2dns.tiscover.com/]. From the site: ldap2dns is a program to create DNS (Domain Name Service) records directly from a LDAP directory. It can and should be be used to replace the secondary name-server by a second primary one. ldap2dns reduces all kind of administration overhead: No more flat file editing, no more zone file editing. After having installed ldap2dns, the administrator only has to access the LDAP directory. Optionally she can add access control for each zone, create a GUI and add all other kind of zone and resource record information without interfering with the DNS server. ldap2dns is designed to write ASCII data files used by tinydns from the djbdns package, but also may be used to write .db-files used by named as found in the BIND package. Ciao Charl __ As far as the laws of mathematics refer to reality, they are not certain, and as far as they are certain, they do not refer to reality. --Albert Einstein __ [ Charl Matthee ] [ +27-11-721-3800 ] [ Entropic Reality Facilitator] [ +27-11-405-6508 ] __
Re: dist-upgrade on remote server
Hello Andreas It should be possible. I upgraded a number machines from slink to potato - remotely but I have not started on remote potato to woody upgrades yet. If helps if you have practised on a local machine. I suggest you take a few precautions: - use apt-get -d to download everything you need before you start. - open 3 or more ssh sessions. Setup a ping in the spare sessions. Then if you loose your main one, the others should still be open to give you a back door. This can save you if something crashes during the setup of the new ssh. - use script or something similar to keep a record of the screen dump. Then if you miss a warning or error you can go back and read it. - be vary careful before you do anything that changes ipchains rules. - be vary careful before you re-boot the machine. Let me know how it goes. Good Luck. Ian On 4 Feb 2002, at 15:16, Andreas Rabus wrote: Hi, there was an thread about potaota/woody on the weekend, but i didn't get an important answer: I'd like to dist-upgrade our potato InternetServer in production to woodo and i have only a ssh and telnet-ssl connection to that box. So, what's the best way to do it? If i lost net connection, i'm stuck. (Grab a monitor, a keyboard etc. take it to the cellar of the box at the other end of the city, reboot, wait, repait and menawhile i got a few hoers downtime...) That's s.th. i'm afaraid of so i should try to avoid it... But how can a connecten get lost whiel dist-upgrade and what can i do to avoid this? I have an other box wich ist nearly similar t that interbox in the LAN, so i can try it there first, but they dont share the network connectin and config. An i can't switch boxes, the are to different. Has anybody done s.th. like that before? With succes? Failed? ar Andreas Rabus entity38 AG Theresienstraße 29 80333 München Tel +49 (89) 286772-27 Fax +49 (89) 286772-21 ISDN +49 (89) 286772-30 ICQ #132675697 [EMAIL PROTECTED] www.entity38.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa -
Re: recheck for new partition without reboot?
On Sun, 3 Feb 2002 04:42, Nathan E Norman wrote: On Sat, Feb 02, 2002 at 02:02:31PM +0100, Marcin Owsiany wrote: On Fri, Feb 01, 2002 at 06:09:15PM -0800, Jeremy C. Reed wrote: I added a new partition (/dev/sda8). (Other partitions were already in use.) Is there any tool or kernel module to recognize this device without rebooting? I guess cfdisk calls some ioctls to force kernel to reread the new partition table after writing it... It does; however IIRC the ioctl call results in a successful reread of the partition table only if none of the other partitions on that drive are currently mounted. Since the OP says other partitions were in use, I assume he means they were mounted. I'm afraid in this case a reboot is called for, though I'd love to hear otherwise. It's in the kernel. It's not just mounted file systems, it's any open handle to the device. The code can be changed, and the relevant people are willing to accept such a patch if it's supplied... -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
Re: dist-upgrade on remote server
On Tue, Feb 05, 2002 at 11:52:49AM +0200, I. Forbes wrote: Hello Andreas It should be possible. I upgraded a number machines from slink to potato - remotely but I have not started on remote potato to woody upgrades yet. If helps if you have practised on a local machine. I suggest you take a few precautions: [...] - be vary careful before you re-boot the machine. I just had to travel to a server that failed to come up from a reboot after remote upgrade to woody. The problem was kernel-2.4.17's initrd stuff didn't automaticly load the AHA-2940 module... In the 2.2.x series kernel this must have been compiled in, but for the new 2.4.x series it needed an entry in /etc/modules. I ended up manualy running modconf to add it in, then dpkg-reconfigure'd the kernel to make sure the initrd had it in. Another option that _might_ have worked is installing discover... Just something else to be wary of :-( -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key --
AW: dist-upgrade on remote server
Is it possible to compile a new kernel befor the reboot? Whats about Our remote box has an RAID Controler from GDT whos driver surely is not in the default kernel... -Ursprüngliche Nachricht- Von: Donovan Baarda [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 5. Februar 2002 14:08 An: I. Forbes Cc: Andreas Rabus; debian-isp@lists.debian.org Betreff: Re: dist-upgrade on remote server On Tue, Feb 05, 2002 at 11:52:49AM +0200, I. Forbes wrote: Hello Andreas It should be possible. I upgraded a number machines from slink to potato - remotely but I have not started on remote potato to woody upgrades yet. If helps if you have practised on a local machine. I suggest you take a few precautions: [...] - be vary careful before you re-boot the machine. I just had to travel to a server that failed to come up from a reboot after remote upgrade to woody. The problem was kernel-2.4.17's initrd stuff didn't automaticly load the AHA-2940 module... In the 2.2.x series kernel this must have been compiled in, but for the new 2.4.x series it needed an entry in /etc/modules. I ended up manualy running modconf to add it in, then dpkg-reconfigure'd the kernel to make sure the initrd had it in. Another option that _might_ have worked is installing discover... Just something else to be wary of :-( -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key --
Re: AW: dist-upgrade on remote server
Hello Andreas You should be able to upgrade potato to woody with a 2.2 series kernel. You can compile/upgrade your kernel after the debian upgrade. I would prefer to compile and test the kernel on a local machine and create a kernel-image...deb file. Then copy this onto the new server and install it with dpkg. But then you need to have the same hardware on your local machine to test it with. Regards Ian On 5 Feb 2002, at 14:35, Andreas Rabus wrote: Is it possible to compile a new kernel befor the reboot? Whats about Our remote box has an RAID Controler from GDT whos driver surely is not in the default kernel... -Ursprüngliche Nachricht- Von: Donovan Baarda [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 5. Februar 2002 14:08 An: I. Forbes Cc: Andreas Rabus; debian-isp@lists.debian.org Betreff: Re: dist-upgrade on remote server On Tue, Feb 05, 2002 at 11:52:49AM +0200, I. Forbes wrote: Hello Andreas It should be possible. I upgraded a number machines from slink to potato - remotely but I have not started on remote potato to woody upgrades yet. If helps if you have practised on a local machine. I suggest you take a few precautions: [...] - be vary careful before you re-boot the machine. I just had to travel to a server that failed to come up from a reboot after remote upgrade to woody. The problem was kernel-2.4.17's initrd stuff didn't automaticly load the AHA-2940 module... In the 2.2.x series kernel this must have been compiled in, but for the new 2.4.x series it needed an entry in /etc/modules. I ended up manualy running modconf to add it in, then dpkg-reconfigure'd the kernel to make sure the initrd had it in. Another option that _might_ have worked is installing discover... Just something else to be wary of :-( -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- - Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa -
AW: AW: dist-upgrade on remote server
And that is not the case... i need the old kernel for backup, but the 2.2 Kernel wouldn't work with woody (devfs,...), this one is s.th i have tested... Any work around? or just be extar careful before re-booting? The way to go is by now: - open multiple connections to the host (ssh, telnet-ssl) - source.list points to woody - apt-get -d dist-upgrade to download all packages - apt-get dist-upgrade to install them. - recompile new kernel for the used hardware. - install that new kernel. - reboot - enjoy or curse the world... Am i missing s.th.? and the i just need to dare the deed... :/ -Ursprüngliche Nachricht- Von: I. Forbes [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 5. Februar 2002 15:22 An: Andreas Rabus Cc: debian-isp@lists.debian.org Betreff: Re: AW: dist-upgrade on remote server Hello Andreas You should be able to upgrade potato to woody with a 2.2 series kernel. You can compile/upgrade your kernel after the debian upgrade. I would prefer to compile and test the kernel on a local machine and create a kernel-image...deb file. Then copy this onto the new server and install it with dpkg. But then you need to have the same hardware on your local machine to test it with. Regards Ian On 5 Feb 2002, at 14:35, Andreas Rabus wrote: Is it possible to compile a new kernel befor the reboot? Whats about Our remote box has an RAID Controler from GDT whos driver surely is not in the default kernel... -Ursprüngliche Nachricht- Von: Donovan Baarda [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 5. Februar 2002 14:08 An: I. Forbes Cc: Andreas Rabus; debian-isp@lists.debian.org Betreff: Re: dist-upgrade on remote server On Tue, Feb 05, 2002 at 11:52:49AM +0200, I. Forbes wrote: Hello Andreas It should be possible. I upgraded a number machines from slink to potato - remotely but I have not started on remote potato to woody upgrades yet. If helps if you have practised on a local machine. I suggest you take a few precautions: [...] - be vary careful before you re-boot the machine. I just had to travel to a server that failed to come up from a reboot after remote upgrade to woody. The problem was kernel-2.4.17's initrd stuff didn't automaticly load the AHA-2940 module... In the 2.2.x series kernel this must have been compiled in, but for the new 2.4.x series it needed an entry in /etc/modules. I ended up manualy running modconf to add it in, then dpkg-reconfigure'd the kernel to make sure the initrd had it in. Another option that _might_ have worked is installing discover... Just something else to be wary of :-( -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- - Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: woody's sendmail on potato
Not sure but it's safe to use Postfix, so why not use that? Let's not get into religious arguments, since that's not the question asked. He's got a running sendmail config; upgrading to a new version is less work than converting to a different mail system. Yes, this is the point. However, I failed at this conversion, so I'm now running the stable sendmail on a testing/unstable box... I have not experienced any trouble instaling-configuring the woody debian sendmail package on the potato host. It is on production now. Davi Leal
Re: dns to ldap
* [20020204 23:51] Thedore Knab ([EMAIL PROTECTED]) escribió: I was wondering if anyone has their DNS in an LDAP directory. For the people that have, does this cut down on adminstration time ? Are there any books, how-tos, or projects that you could recommend for this ? -Ted Take a look to: http://www.linuxdoc.org/HOWTO/LDAP-Implementation-HOWTO/dns.html Regards, German O. Gutierrez Departamento Operaciones Desarrollos Digitales S.A.
Re: AW: dist-upgrade on remote server
On Tue, Feb 05, 2002 at 03:38:22PM +0100, Andreas Rabus wrote: And that is not the case... i need the old kernel for backup, but the 2.2 Kernel wouldn't work with woody (devfs,...), this one is s.th i have tested... Any work around? or just be extar careful before re-booting? The way to go is by now: - open multiple connections to the host (ssh, telnet-ssl) - source.list points to woody - apt-get -d dist-upgrade to download all packages - apt-get dist-upgrade to install them. - recompile new kernel for the used hardware. - install that new kernel. - reboot - enjoy or curse the world... Am i missing s.th.? Be extra careful with network drivers! My No 1 mistake (2.2.x - 2.4.x) is, having a rtl8139 card, and forgetting to adjust modutils entry. The driver is renamed from rtl8139 to 8139too (in fact it's a different driver). Also perhaps the driver used to be built into the kernel, and you compiled it as a module. It is getting quite relaxed, if you have two remote computers connected with two serial null-modem cables (com1-com2, com2-com1), putting the console on a serial port. In fact, except you broke lilo or removed your old known good kernel or didn't enable serial console, I cannot imagine a case where you won't have access to your remote computer after rebooting. florian -- Florian Friesdorf [EMAIL PROTECTED] OpenPGP key available on public key servers -- Save the future of Open Source -- - Online-Petition against Software Patents - -- http://petition.eurolinux.org --- pgpiqwwa3kmUZ.pgp Description: PGP signature
AW: AW: dist-upgrade on remote server
That's what we was thinking about, too. But we won't get a second box and the Rack is filled too. To bad... :( But all my kernels have serial console enabled, even the inhose ones... -Ursprüngliche Nachricht- Von: Florian Friesdorf [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 5. Februar 2002 17:42 An: debian-isp@lists.debian.org Betreff: Re: AW: dist-upgrade on remote server On Tue, Feb 05, 2002 at 03:38:22PM +0100, Andreas Rabus wrote: And that is not the case... i need the old kernel for backup, but the 2.2 Kernel wouldn't work with woody (devfs,...), this one is s.th i have tested... Any work around? or just be extar careful before re-booting? The way to go is by now: - open multiple connections to the host (ssh, telnet-ssl) - source.list points to woody - apt-get -d dist-upgrade to download all packages - apt-get dist-upgrade to install them. - recompile new kernel for the used hardware. - install that new kernel. - reboot - enjoy or curse the world... Am i missing s.th.? Be extra careful with network drivers! My No 1 mistake (2.2.x - 2.4.x) is, having a rtl8139 card, and forgetting to adjust modutils entry. The driver is renamed from rtl8139 to 8139too (in fact it's a different driver). Also perhaps the driver used to be built into the kernel, and you compiled it as a module. It is getting quite relaxed, if you have two remote computers connected with two serial null-modem cables (com1-com2, com2-com1), putting the console on a serial port. In fact, except you broke lilo or removed your old known good kernel or didn't enable serial console, I cannot imagine a case where you won't have access to your remote computer after rebooting. florian -- Florian Friesdorf [EMAIL PROTECTED] OpenPGP key available on public key servers -- Save the future of Open Source -- - Online-Petition against Software Patents - -- http://petition.eurolinux.org ---
Re: exim maildir
Michael Merritt [EMAIL PROTECTED] writes: It seems that exim is by default set up to deliver to standard mbox format. What steps do I need to complete to make it use Maildir so I can use Courier-IMAP and Courier-POP with exim? Is there a how-to or similar somewhere? If not, I'll write one once I get this figured out. There seems to be a dearth of information online on the subject in an understandable format. Thanks, -- I use this transport configuration for courier with virtual domains: virtual_localdelivery: driver = appendfile create_directory = true directory_mode = 700 directory = /var/spool/virtual/${domain}/${local_part}/ headers_remove = Bcc user = vmail group = vmail maildir_format mode = 660 HTH Ramin
Re: exim maildir
On Tuesday 05 February 2002 02:48 am, Ramin Motakef wrote: I use this transport configuration for courier with virtual domains: virtual_localdelivery: driver = appendfile create_directory = true directory_mode = 700 directory = /var/spool/virtual/${domain}/${local_part}/ headers_remove = Bcc user = vmail group = vmail maildir_format mode = 660 Ramin, This helps. Thank you. I'd like to pick your brain a little more, and show my ignorance. What do I need to do for Courier to authenticate multiple domain users? How should their user accounts be setup on the system? IE, how will courier distinguish between [EMAIL PROTECTED] and [EMAIL PROTECTED] -- Michael MerrittO2/CO2 Conversion Specialist [w] [EMAIL PROTECTED] | www.miklm.com | (931) 205-1392 | AIM/MSN miklm Piracy is not a technological issue. It's a behavior issue. --Steve Jobs
Re: AW: dist-upgrade on remote server
-BEGIN PGP SIGNED MESSAGE- On Tue, 5 Feb 2002, Florian Friesdorf wrote: Be extra careful with network drivers! A small hint from someone currently 2000km away from his machines: I had to play with a new firewalling setup, meaning that there was a big chance to lock myself out. Given that your machine will boot correctly, but your network setup may be broken (no matter why), you could create a script that brings the machine back to a working state. That is, install a kernel that worked before, install old version of some scripts/configfiles etc. and maybe even reboot it. Then you make an estimate of how long you need to try your new setup, and when you want to get back into your machine in case something goes wrong. And finally, you tell at to fire up that script at a specified time, e.g. # at -f rollback.sh + 10 minutes See at(1) for details. Alex - -- Forgive me, but I'm talking to a politician. John Simpson, BBC World -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAwUBPGBDVGWTYnZjEXP1AQEpFAP/Y7n3rH4+GCsI5arF2aOzWOXZGjtziwzn ov2euim3EroavYae5E48fyV746cOKq7uIkVGtFNTnrCwbqpQSx8O2O1z+QIP85i5 3bHXQs2IrCF6XL+uyFRlCh2aNf68/GeyadBC9BsRX35BzUbj+Jprl0QKMFPSCvW6 poaJMheZKAQ= =5TrX -END PGP SIGNATURE-
It's a simple and easy-to-follow plan and EVERY website will want this service
It's a simple and easy-to-follow plan and EVERY website will want this service. Can youspend just 10 minutes a day sending e-mails to ANY websites on the Internet? iFsothis UNIQUE program will make you a very good income every day!!! Its only costs $5 to start up which we refund back to you within 24 hours making this 100% FREE. Here are the BENEFITS to YOU. Your VERY OWN independent on-line business A steady stream of paid daily to you. No sales team, equipment or office required. Full step by step instructions to get you making money today. No hidden expenses, nothing to download or advertise. Multiple income streams possible from day one. Money deposited directly and immediately to YOUR account Fully automated setup. You can wake up tomorrow morning open your Email and find 'Notification for Payment Received" staring back at you. I never get tired of seeing that:)) Sign up today - Press the linkbelow and send just $5 and you will receive all the help and infomation you require by e-mail instantly. We will also send you $5 back just for signing up a new account so this is 100% FREE. PRESS HERE TO CONTINUE FULL 30 DAY MONEY BACK GUARANTEE.PART OF THE INTENERT DOT COM LTD GROUP OF COMPANIES
Re: transparent firewall possible?
Hi all, Just thought i'd let you know that I got the transparent firewall working, with the new bridging code patched into the kernel. Its a bit CPU intensive, but it is going fine on a Celery 400Mhz. It is a pretty thing, and can virtually be plugged in anywhere to provide instant firewall protection :-) And to think some companies charge $20K for a solution like this ;-)
Re: Multi-domain POP/IMAP server
Michael, I have several servers sitting around the country now working with this configuration (from previous jobs) with NO problems short of hardware failures... I now use the unofficial packages made available by Gerrit Pape for qmail and daemontools (I also use djbdns but it's not needed for this example) The information on how to get/install these packages (and others) are at this page http://smarden.org/pape/Debian/ After installing Daemontools and Qmail, install vpopmail available at http://inter7.com/freesoftware/ follow the directions carefully! I use the option of roaming-users so I had to convince vpopmail and qmail agree on the location of file allowing open relay for the roaming users I have not used the vchkpw debian package that looks like it is part of the vpopmail suite. You might want qmailadmin (very good) and vqadmin (I have not used this before) for web based administration. Now you can install courier-imap, you will need to install from source or use the debian source package? (I've just used the tgz download) and enable --auth-vchkpw. This enables the vpopmail authentication module for the imap server. With this module enabled as the only auth module, the imap server automagically knows where the users's mail is, as configured in vpopmail. The only problem with this system is the user MUST login with the username of [EMAIL PROTECTED] so vpopmail knows who to look up the password for. This doesn't seem to be a problem with the newer mail clients outlook, outlook express, eudora etc... Much thanks to Garret for making these packages available for those of us that just don't have time anymore to keep up to date on every source installed package on all of our systems! Loren Jordan At 02:50 PM 02/04/2002 -0600, you wrote: I need a POP IMAP server that support multiple (virtual) domains on a single IP address. Suggestions? -- Michael MerrittO2/CO2 Conversion Specialist [w] [EMAIL PROTECTED] | www.miklm.com | (931) 205-1392 | AIM/MSN miklm Piracy is not a technological issue. It's a behavior issue. --Steve Jobs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Loren Jordan Network Security Admin National White Collar Crime Center Internet Fraud Complaint Center Phone (304)363-4312 Ext 2011 http://www.nw3c.org http://www.ifccfbi.gov mailto:[EMAIL PROTECTED]
Re: dist-upgrade on remote server
On Tue, Feb 05, 2002 at 02:35:30PM +0100, Andreas Rabus wrote: Is it possible to compile a new kernel befor the reboot? kernel-package is your friend :-) never manualy install a kernel, create a deb and install that instead. Whats about Our remote box has an RAID Controler from GDT whos driver surely is not in the default kernel... You might be surprised. The 2.4.x series kernel packages are fully modular and have nearly everything compiled as a module. I haven't needed to compile my own kernel since they came out, except when I needed wierd patches applied. However, make sure you pick the right kernel, and make sure the right modules will be loaded when it boots. I installed the 2.4-17-686 kernel on this machine before I remembered it was a Pentium classic (-586tsc) not a Celeron. Fortunately I remembered while the reboot countdown was going, so I stopped it and installed the right one (only to still stuff it up). The discover package is pretty cool for automaticly loading the right modules. It gets it right about 90% of the time. The only thing I've seen it get wrong was the rtl8139 instead of 8139too for the 2.4.x kernels. But the safe way is modconf :-) Oh, yeah, the other thing to make sure of is your lilo.conf needs the initrd entry for the 2.4.x kernels. -Ursprüngliche Nachricht- Von: Donovan Baarda [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 5. Februar 2002 14:08 An: I. Forbes Cc: Andreas Rabus; debian-isp@lists.debian.org Betreff: Re: dist-upgrade on remote server On Tue, Feb 05, 2002 at 11:52:49AM +0200, I. Forbes wrote: Hello Andreas It should be possible. I upgraded a number machines from slink to potato - remotely but I have not started on remote potato to woody upgrades yet. If helps if you have practised on a local machine. I suggest you take a few precautions: [...] - be vary careful before you re-boot the machine. I just had to travel to a server that failed to come up from a reboot after remote upgrade to woody. The problem was kernel-2.4.17's initrd stuff didn't automaticly load the AHA-2940 module... In the 2.2.x series kernel this must have been compiled in, but for the new 2.4.x series it needed an entry in /etc/modules. I ended up manualy running modconf to add it in, then dpkg-reconfigure'd the kernel to make sure the initrd had it in. Another option that _might_ have worked is installing discover... Just something else to be wary of :-( -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key --
Re: AW: dist-upgrade on remote server
On Tue, Feb 05, 2002 at 03:38:22PM +0100, Andreas Rabus wrote: And that is not the case... i need the old kernel for backup, but the 2.2 Kernel wouldn't work with woody (devfs,...), this one is s.th i have tested... Huh? I have dual-booted 2.2 and 2.4 series kernels on a woody box. What's the problem? The 2.4 kernels have devfs compiled in, but not automaticly mounted so I'm not using it. -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key --
Re: Mass installation procedure for Debian?
Hello! We install/reconfigure re-install almost on a daily basis via a local network, which is far the fastest way, better than any CD. On Mon, Feb 04, 2002 at 06:09:54PM +0200, I. Forbes wrote: Hello Oliver ... We use this installation procedure. It is not really mass but can generate a debian stable machine tailored for our customer's [...] We use a similar aproach and I can recommend it. I have played Fai once and actually I'm fiddling with bootcd. With Fai I came in closer contact with Cfengine and I started to like it that much, that I started to experiment with a generalized Cfengine setup, that will be casted into debian packages. These define setup-strategies with cfengine, mail-server, web-server, print-server, print-client, etc, etc, then I *only*: 1) install a minimal/moderate standar Debian System with a unique private IP number or with an IP number which is a handle for a predefined installation. 2) define the special caracteristics of the new computer by adding it to the corresponding cfengine classes on the Cfengine Master/Debian Mirror 3) Let Cfengine do the rest by running it from the newly installed computer. Note that this is (almost) a vapourware description, while it is true that I handle a home/Internet-Café/development network of about eight randomly assembled Debian boxes, it's not brewn out. A note about the mirror: There is one machine with a webserver and a 33.6 :-) Modem line to the Internet, where I upate my packages frequently. After each download/install/update I run apt-move update to get new packages into a www-mirror on the local harddisk. Each other computer only uses this local mirror. Big advantage: instead of browsing 9000 packages y only manage about 1000 most needed on the local computers, which are browsed manually rather quickly. Tip: don't make this computer a production server (as I do) since the update regularly breaks the machine. If you use an individual update server you can play around with software and then decide if you want to install or upgrade on the local network. Also jablicator has not been mentioned in this thread. It creates an empty Debian Packages which depends on all packages that are installed on your computer. So if you create various jablications for different computer setups and put them on a local debian-mirror you just install on a new computer the jablicated packages according to the needs of this machine. Best Regards, Jorge-León
Sftp but no login via ssh
Greetings, I'd like to allow some of my users to transfer files via sftp (like using CuteFTP Pro), but I don't want them to be able to login or execute commands via ssh. Is there anyway to do that? Failing that, is there a more configurable secure daemon than the one in the ftpd-ssl package? -- C. R. Oldham Director of Technology NCA Commission on Accreditation and School Improvement [EMAIL PROTECTED] V:800-525-9517 F:480-965-9423
Re: Mass installation procedure for Debian?
We install/reconfigure re-install almost on a daily basis via a local network, which is far the fastest way, better than any CD. if you are lucky enough to never have to do a remote install... I have played Fai once and actually I'm fiddling with bootcd. it does seem interesting. doesn't it. Also jablicator has not been mentioned in this thread. It creates an empty Debian Packages which depends on all packages that are installed on your computer. So if you create various jablications for different computer setups and put them on a local debian-mirror you just install on a new computer the jablicated packages according to the needs of this machine. very good idea, but I was wonering if anyone one the list has every made a custom boot cd, with specific packages and a custom kernel image/modules (xfs support, etc.) I have been searching the web, but not found much good information. thanks for the help. -chris zubrzycki == Security Is A Series Of Well-Defined Steps... chmod -R 0 / ; and smile :)
The Debian way to turn off accept_source_route.
G'day, was just fiddling with my everything-server and thought I noticed what looked like a bit of source-routed traffic was going through it. I noticed /proc/sys/net/ipv4/conf/default/accept_source_route was '1', the same as all the interfaces. After getting a bit worried, it looks like the ../all/accept_source_route was '0'. I'm assuming the '../all/..' overides the individual interfaces, but then I'm not sure _what_ that little blip of traffic was. I know decent firewalling will kill source-routed traffic, but doing cat 0 /proc/sys/net/ipv4/conf/all/accept_source_route is probably also a good idea. Does Debian do this somewhere? What is the kernel default? If Debian doesn't already do this, what is the correct way to do it? The /etc/network/options will set '../all/forwarding', but nothing else. -- -- ABO: finger [EMAIL PROTECTED] for more info, including pgp key --
Re: unstable is unstable; stable is outdated
Hello! On Sat, Feb 02, 2002 at 06:39:46AM +0800, Jason Lim wrote: ... aspect of their distro pretty good. They are business people over there, and they know how frequent business users like to have updates, and when ... People here around *only* know RedHat, and it's *the best*, because each half year you can buy a new Version. So I can tell by what I see at others (i.e. not from personal experience) that RedHat a) changes essential issues every time it makes a new version, so on has to learn again, b) uses also some outdated software. I suppose the latter is, to not provoque the dependency avalanche. critical updates should be released. Your Point, Best Regards, Jorge León
Re: unstable is unstable; stable is outdated
Hello! On Sat, Feb 02, 2002 at 04:55:44AM +0800, Jason Lim wrote: ... I know that as a company, we could donate a bit of money (with the economy as it is, not much though), but from what I can see, money isn't really where the problem lies... it is somewhere else. ... Last Debian Weekly News says that a Maintainer dropped 18 packages out of frustration with the slow pace of Debian 3.0. It also says that this slow pace is because Bugs are simply not fixed. I'd love to become a Debian Maintainer or Bug-Squasher, if I could make a living out of it, whole or parttime. Your company could send me an offer. This is meant serious, although not intended to be an abuse of the list. If companies would a) adopt Debian packages (by inhouse programmers), and/or b) sponsor packages Maintainers, there would be some economic thrive behind the Debian Releases, and it would just be fair, because Debian is thriving a lot of companies, isn't it? Best Regards, Jorge-León
Re: postfix with LDAP smtp authentication
Hello! On Sun, Feb 03, 2002 at 01:53:15AM +0100, Paul Fleischer wrote: ... I have searched around, but could not find anything related with direct LDAP authentication, only SASL which too me looks like introducing an unnecesarry component. Sasl is yet needed for Mutt. You do *not* use Mutt??? Is there any way to do direct LDAP smtp authentication? Or do I have to write such a patch myself?? Did you check Pam/Pam-ldap? If your MTA autenticates against Pam you can just plug in libpam_ldap. (Did not do it yet!) Best Regards, Jorge-León