1147910405 M * gdm derjohn: i might come back in a day or two when i know how much longer the troubles might take 1147910480 M * derjohn gdm, ok. ah, and maybe you might consider joining the VServer working day. plans are here: http://linux-vserver.org/Work+Retreat 1147910531 M * gdm yes, i've seen that 1147910555 M * derjohn but: mv /me /home now ... 1147910560 M * derjohn *tired* 1147910625 M * gdm ok, sleep well :-) 1147910629 M * derjohn gdm, bye, n8 .. contact me if you need help. 1147910631 A * gdm is working nights today/tomorrow 1147910645 M * gdm derjohn: will do, thanks again :-) :-) 1147910724 Q * Methos Quit: Methos 1147911242 J * Methos ~mjoconr@hacker.pineview.net 1147911603 M * jpacheco hey guys 1147912317 M * gdm hia 1147912663 M * s0undt3ch derjohn: still arround? 1147912844 M * s0undt3ch anyone here running an ldap server on a guest? 1147913000 M * jpacheco s0undt3ch: i am 1147913017 M * gdm derjohn went to bed 1147913151 M * s0undt3ch jpacheco: how do you start your slapd? when doing a ldapadd on mine, it always tries to connect to the public ip 1147913169 M * s0undt3ch gdm: k, thaks 1147913181 M * jpacheco what distro? 1147913232 M * s0undt3ch gentoo 1147913485 M * s0undt3ch jpacheco: I tryied starting mine with "-h 'ldaps://10.1.0.250' -4" still goes to my public ip 1147913535 M * s0undt3ch jpacheco: see -> http://paste.linux-vserver.org/47 1147913594 M * s0undt3ch jpacheco: how do you do it? 1147913609 M * s0undt3ch jpacheco: do you forward port 636 to your guest? 1147913864 M * jpacheco huuum 1147913883 M * jpacheco i start mine on the localhost 1147913894 M * s0undt3ch I also tried that, same prob 1147913901 M * s0undt3ch oh, wait 1147913909 M * jpacheco ok, so you start it 1147913917 M * jpacheco and you know its running right? 1147913952 M * jpacheco what do you have in /etc/openldap/ldap.conf? 1147914019 M * s0undt3ch URI ldaps://ldap.ufsoft.org 1147914031 M * s0undt3ch that should be localhost also? 1147914213 M * s0undt3ch jpacheco: can't make it start on 127.0.0.250 1147914230 N * sarnold sars 1147914692 M * s0undt3ch jpacheco: still arround? 1147916178 M * Skram hey all 1147916727 Q * softi42 Ping timeout: 480 seconds 1147917330 J * softi42 ~softi@p549D587A.dip.t-dialin.net 1147921717 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1147929897 J * _coocoon_ ~coocoon@p54A07068.dip.t-dialin.net 1147929905 M * _coocoon_ morning 1147930179 Q * locksy Ping timeout: 480 seconds 1147930793 J * locksy ~locksy@mrtg.sisgroup.com.au 1147930902 N * otaku42_away otaku42 1147931232 M * Skram hey 1147932564 J * ntrs_ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1147932564 Q * ntrs Read error: Connection reset by peer 1147933146 Q * FireEgl Quit: Bye... 1147935757 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1147936927 J * dna ~naucki@dialer-180-252.kielnet.net 1147937605 J * enet ~jpduyx@adsl-228-22.dsl.uva.nl 1147937812 Q * bubulak Ping timeout: 480 seconds 1147938603 J * bubulak ~bubulak@cicka.wnet.sk 1147939131 M * tokkee When did VServer start? 1147939140 M * tokkee Morning btw. ;-) 1147939153 M * doener_ morning 1147939278 M * doener_ http://www.cs.helsinki.fi/linux/linux-kernel/2001-40/1065.html -- that's the first thing I know of 1147939360 M * tokkee thx. 1147940032 Q * click Ping timeout: 480 seconds 1147940159 Q * enet Quit: 1147940226 Q * Methos Quit: Methos 1147941855 J * Methos ~mjoconr@hacker.pineview.net 1147942075 J * cryo ~say@psoft.user.matrix.farlep.net 1147943473 J * FireEgl ~FireEgl@Atlantica.US 1147944290 Q * doener_ Quit: leaving 1147945227 Q * shedi Quit: Leaving 1147945842 Q * ||Cobra|| Remote host closed the connection 1147945932 Q * pusling Ping timeout: 480 seconds 1147947742 Q * cryo Ping timeout: 480 seconds 1147947882 Q * s0undt3ch Ping timeout: 480 seconds 1147948141 J * yarihm ~yarihm@vpn-global-dhcp1-11.ethz.ch 1147949047 J * cryo ~say@psoft.user.matrix.farlep.net 1147949364 Q * locksy Ping timeout: 480 seconds 1147949373 J * locksy ~locksy@mrtg.sisgroup.com.au 1147951424 Q * Aiken Ping timeout: 480 seconds 1147952705 N * Bertl_oO Bertl 1147952711 M * Bertl morning folks! 1147952730 M * daniel_hozac morning Bertl 1147952752 M * derjohn Bertl, foo ;) ! 1147952922 M * Bertl hey derjohn! how was after-sports? 1147952977 J * harti ~hw@83-215-237-5.seek.stat.salzburg-online.at 1147952998 M * derjohn Bertl, LART me. I did billing stuff (I hate that), but I need to survive ;) 1147953021 M * derjohn Bertl, would you mind not to write it with a "-" ? :) 1147953154 M * derjohn derjohn, but: I will take the boxen _now_ and give them public ips ... 1147953192 M * Bertl derjohn: no, not-at-all! :) 1147953212 J * s0undt3ch ~s0undt3ch@bl7-252-84.dsl.telepac.pt 1147953420 M * tokkee Is that an appropriate visualisation of the vserver architecture: http://tokkee.org/~tokkee/tmp/Linux-VServer-arch.png? 1147953458 M * derjohn shm is isolated? 1147953495 M * derjohn tokkee, there is also a special context "1" 1147953511 M * derjohn (but maybe not needed for an overview) 1147953520 M * tokkee derjohn: I think shm is isolated as well... 1147953538 M * tokkee derjohn: How would you integrate ctx 1 - I didn't have a good idea ;-) 1147953540 M * derjohn (just to make sure noob _dont_ vserver foo build --context 1 ) 1147953583 M * tokkee Hehe ;-) 1147953658 M * derjohn tokkee, as the Bertl , but the context 1 is more restricted than the 0 ;) .. I think the /proc is managed via context 1, because all contexts share the same /proc 1147953701 M * derjohn But: I may be totally wrong. the enlightend ones may correct me ! Bertl daniel_hozac 1147953730 M * tokkee derjohn: Hm? Isn't /proc "managed" by capabilites? 1147953739 M * derjohn tokkee, really cool schema ! link it on the wiki pls ! 1147953777 M * tokkee derjohn: I'm not quite happy with it now - but of course I'll link it as soon as I am ;-) 1147953778 M * derjohn tokkee, http://linux-vserver.org/Proc-Security 1147953799 M * derjohn admin always visible in context 0, watch always visible in context 1, hide hidden 1147953800 M * tokkee Any ideas how to integrate ctx 1? 1147953806 M * tokkee Anything important missing? 1147953826 M * derjohn it seems context 1 is a "watch only, not modify thing" 1147953877 M * tokkee Yes, it is. 1147953891 M * derjohn tokkee, one "L" share more, same color as context 0, but with a or so 1147953914 J * lilalinux ~plasma@dslb-084-058-243-205.pools.arcor-ip.net 1147954007 M * tokkee derjohn: Hmmm... ctx 1 is the so called spectator context that (e.g.) can see all processes. So... maybe it should surround all other ctx's? 1147954091 M * derjohn nox, please no new, word for it. stay with "watch" context 1147954101 M * derjohn nox, sry 1147954131 Q * yarihm Quit: Leaving 1147954141 M * tokkee The VServer paper calls it like that... ;-) 1147954166 M * tokkee Well... need to go to my next lecture now... will be back some time tonight. 1147954204 M * tokkee I'd appreciate some more feedback and suggestions for that schema - please hilight me, so I don't miss any ;-) 1147954343 M * Bertl okay, off for now .. our telekom is playing with the lines ... 1147954358 M * derjohn tokkee, eeeeeeergh ....... again a redundant term .... 1147954465 M * derjohn Bertl, have fun. See you after-line-replugging 1147954580 M * Bertl yep, hope so ... 1147954586 N * Bertl Bertl_oO 1147955595 Q * lilalinux Remote host closed the connection 1147955703 J * lilalinux ~plasma@dslb-084-058-243-205.pools.arcor-ip.net 1147956214 Q * harti Quit: Leaving 1147957650 M * tokkee derjohn: Huh? 1147957732 M * derjohn tokkee, I meant watch vs. spectator. context vs. xid vs. ctx vs. guest vs.... We should stick to same terms ot beginners will get nuts :) 1147957822 J * blizz ~blizz@evilhackerdu.de 1147957825 M * blizz hi 1147957834 M * tokkee derjohn: Hmmm... not all of them are redundant imho ;-) 1147957838 M * tokkee Hi blizz ;-) 1147957913 M * tokkee derjohn: context == ctx: representation in the kernel; xid: context id (just like process and pid); guest: system installed in one context... or something like that. 1147957922 M * tokkee IMHO at least ;-) 1147957929 M * daniel_hozac derjohn: it's always been called spectator i think. 1147957974 M * derjohn daniel_hozac, maybe pointy-haird but: http://linux-vserver.org/Proc-Security <-- "watch" 1147958033 M * tokkee daniel_hozac: What do you think about my little graphic? 1147958059 M * derjohn tokkee, not in lecture ;) ? 1147958080 M * tokkee derjohn: It's over already... 1147958159 J * brc bruce@20151231172.user.veloxzone.com.br 1147958180 M * daniel_hozac derjohn: probably because the #define is WATCH. 1147958259 M * daniel_hozac tokkee: looks fine. 1147959643 J * pusling pusling@195.215.29.124 1147961162 Q * cryo Ping timeout: 480 seconds 1147961632 J * cryo ~say@psoft.user.matrix.farlep.net 1147961809 J * doener ~doener@i5387DE89.versanet.de 1147962667 Q * _coocoon_ Ping timeout: 480 seconds 1147962677 J * yarihm ~yarihm@80-218-1-244.dclient.hispeed.ch 1147962741 J * _coocoon_ ~coocoon@p54A07FD5.dip.t-dialin.net 1147964840 Q * hallyn Quit: leaving 1147965025 J * stefani ~stefani@tsipoor.banerian.org 1147965688 Q * Methos Quit: Methos 1147966614 Q * mountie Ping timeout: 480 seconds 1147966645 J * hallyn ~xa@adsl-75-0-155-101.dsl.chcgil.sbcglobal.net 1147967761 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1147969194 J * Viper0482 ~Viper0482@p54974DE2.dip.t-dialin.net 1147970164 N * sars sarnold 1147970414 J * stefani_ ~stefani@208.99.202.102 1147970420 N * otaku42 otaku42_away 1147970422 Q * stefani Quit: ircII EPIC4-2.2 -- Are we there yet? 1147972436 M * blizz is there a way to outswap an xid's resources? 1147972448 P * sarnold 1147972457 M * blizz memory i speak of 1147972531 M * blizz a context's resources :-) xid sounds kinda not fitting becuase its just the contexts id bla.. ;-) 1147972649 Q * lilalinux Ping timeout: 480 seconds 1147972681 M * daniel_hozac hmm? you mean force the swapping of a guest? 1147972744 J * click click@ti511110a080-2007.bb.online.no 1147973152 M * cehteh blizz: not really .. i asked that some days ago .. well you can vkill -STOP the guest and wait for it swapped out ... maybe increase the /proc/sys/vm/swappiness 1147973189 M * blizz aye 1147973249 M * cehteh well as Bertl told .. pages have no relation back to the processes they use them 1147973262 M * cehteh some might be shared and such 1147973270 M * blizz right 1147973280 M * cehteh its not completely possible to swap a guest out 1147976054 Q * _coocoon_ Quit: KVIrc 3.2.0 'Realia' 1147977419 J * shedi ~siggi@inferno.lhi.is 1147977943 J * bonbons ~bonbons@83.222.38.81 1147980841 J * jm jm@d80-170-74-182.cust.tele2.fr 1147981317 Q * Viper0482 Remote host closed the connection 1147981418 Q * nox Remote host closed the connection 1147981437 J * nox ~nox@noxlux.de 1147981925 Q * nox Remote host closed the connection 1147981949 J * nox ~nox@noxlux.de 1147982109 J * shuri ~shuri@64.235.209.226 1147982115 M * shuri hi 1147982345 M * daniel_hozac hello 1147982414 Q * jm Ping timeout: 480 seconds 1147982433 M * shuri i got problem to create new vserver with vserver-build 1147982437 M * shuri ./vserver-build: line 206: -n: command not found 1147982455 M * shuri ./vserver-build got only 135 lines.... 1147982543 M * shuri forget it 1147982549 M * shuri i got it now 1147982964 Q * nox Remote host closed the connection 1147982984 J * nox ~nox@noxlux.de 1147983122 J * jm jm@d83-179-134-10.cust.tele2.fr 1147983274 M * daniel_hozac you updated to 0.30.210? 1147985297 Q * nox Ping timeout: 480 seconds 1147986014 Q * jm Ping timeout: 480 seconds 1147986065 M * tokkee *sigh* ... I should shoot myself: Left my parents' house an hour ago to realize that I forgot my keys :-( 1147986242 M * Skram oi 1147986454 M * Skram woo hoo, new gentoo box at abovenet is up 1147986455 M * Skram havent installed gentoo in a while 1147986480 Q * Zaki Ping timeout: 481 seconds 1147986718 J * jm jm@d80-170-23-162.cust.tele2.fr 1147987180 Q * bonbons Quit: Leaving 1147987545 J * Zaki ~Zaki@212.118.98.122 1147987800 M * tokkee Where can I find more detailed information how the chroot barrier works in current versions? 1147987890 M * daniel_hozac the source? :) 1147987932 M * tokkee I somehow expected that kind of answer ;-) 1147987973 M * doener tokkee: you explain me how routing in the kernel works, and I'll explain the chroot barrier... do we have a deal? ;) 1147987997 M * doener (ipv4/ipv6 routing) 1147988002 M * tokkee doener: Hum... I don't know how routing in the kernel works ;-) 1147988011 M * doener damn ;) 1147988017 M * tokkee ;-) 1147988051 M * tokkee doener: Which layer routing do you want to know? 1147988085 M * doener Been playing around with network virtualization this morning... Stopped when I had some funny bug I don't understand (looks like kernel source appearing in tcpdump output) and icmp replies don't reach the socket in network contexts anymore :) 1147988109 M * doener the whole fib_info, fib_alias, rtable stuff and how it is used 1147988144 M * doener google wasn't that much of a friend this time, and right now I'm actually busy with something else :( 1147988151 J * enet ~jpduyx@adsl-228-22.dsl.uva.nl 1147988153 M * tokkee Kernel source in tcpdump output is indeed very strange ;-) 1147988170 M * daniel_hozac are you reworking the old ngnet patches or reimplementing it all over? 1147988171 M * tokkee doener: Guess I can't really help you either :-( 1147988184 M * doener well, it just looked like it was kernel source code, but for sure it was something I've never seen before 1147988235 M * doener daniel_hozac: reimplementing a totally different approach. I'm not even sure that it will work at all, but it helps understanding the network stuff 1147988246 M * daniel_hozac ah, cool. 1147988312 M * doener I started by tagging ifas, then adjusted a bunch of code and started with the routing stuff, then I got lost (I know where to look next, but I need deeper knowledge before I do that) 1147988344 M * doener semantics are quite a bit different from what they are now... 1147988476 M * doener basically, you create the ifas while being inside a network context, so they get tagged... ifconfig/iproute address/interface virtualization is quite easy and done, route virtualisation is partially there but broken... you even get a primary ifa per network context (woohoo!), but that might also break stuff (need to check that) 1147988580 M * doener and some setups might create "interesting" effects... address sharing is impossible (between network contexts), each has that address for himself and packets from the outside will only reach one of them (well, basically the same as with 2 different boxes) 1147988581 M * daniel_hozac sounds cool, i guess that also avoids the packets-travel-the-stack-twice problems? 1147988671 M * doener yep, packets travel the stack only once, the overhead boils down to some additional nid comparisons AFAICT, but it's too incomplete to tell 1147988718 M * doener and of course you get no virtual devices (ie. device stats are still "shared") 1147988734 M * daniel_hozac yeah. 1147988829 M * doener per vserver routing should be possible without a multi-table setup (actually it's mandatory right now and causes some overhead), need to think about semantics there, once I know if I can finish that thing at all 1147988998 M * tokkee Sounds great :-) 1147989324 M * doener I wonder why my DSL modem or my router (didn't track it down yet) starts to get slower and slower until I plug the cord for a few minutes... usually I have a 2Mbps downstream, now, after a week of uptime, it's down to about 700kbps 1147989614 Q * jm Ping timeout: 480 seconds 1147989694 Q * FireEgl Quit: Bye... 1147989747 M * tokkee daniel_hozac: Can you point me to the right place to look for chroot barrier stuff in the source code? 1147989805 M * tokkee And I'm looking for some example code that shows how the context isolation works. 1147989854 M * doener tokkee: got cscope at hand? 1147989864 M * doener (and vim for a perfect setup ;) 1147989881 M * tokkee doener: Of course I got vim ;-) What is cscope? 1147989896 M * doener do you know (exuberant-)ctags= 1147989900 M * doener s/=/?/ 1147989919 M * tokkee I've heard about it some time I think.... 1147989945 M * doener cscope is like ctags reloaded ;) you can use it to search for global definitions, symbols, places from where a function is called etc. etc. 1147989996 M * tokkee Sounds interessting... I should have a closer look at it some time :-) 1147990002 M * doener vim has cscope support and there's a map file to create keyboard commands to browse source quickly 1147990014 M * doener s/to create/that creates/ 1147990043 M * tokkee For now, grep should be enough though ;-) 1147990078 M * doener IS_BARRIER is the macro to look out for 1147990108 M * tokkee doener: thx. 1147990125 Q * enet Quit: 1147990206 M * tokkee if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN)) { 1147990206 M * tokkee vxwprintk(1, "xid=%d did hit the barrier.", 1147990206 M * tokkee vx_current_xid()); 1147990206 M * tokkee return -EACCES; 1147990206 M * tokkee } 1147990224 M * tokkee That looks fairly good :-) 1147990264 J * Aiken ~james@tooax6-009.dialup.optusnet.com.au 1147990277 J * jm jm@d213-103-202-228.cust.tele2.fr 1147990883 M * tokkee xid_permissions is used to check permissions while being context aware? 1147991122 M * tokkee doener: Do you know any good (source) quote to demonstrate the context stuff? 1147991314 M * doener tokkee: hm, where do you see xid_permissions? 1147991332 M * tokkee doener: in fs/namei.c 1147991353 M * doener which kernel version? 1147991379 M * tokkee 2.6.14.4-vs2.1.0 1147991410 A * s0undt3ch pings derjohn 1147991413 M * doener ah ok, it's called dx_permission in 2.1.1-rc20 1147991431 M * derjohn s0undt3ch, icmp echo reply 1147991470 M * tokkee doener: What is it used for? 1147991477 M * doener tokkee: anything special you're interested in regarding separation? process hiding, mount hiding, ip address hiding? 1147991500 M * s0undt3ch hello there, got ldap running, but doin' a getent passwd | grep 0:0 which acording to an how to should give me 2 results for root, actually gives me one. 1147991510 M * tokkee doener: process hiding sounds good. 1147991520 M * tokkee doener: But it can be anything else ;-) 1147991538 M * tokkee doener: I just need a short piece of code to use as an example. 1147991564 M * derjohn s0undt3ch, hm, a) your ldap runs in a guest? what does a ldapsearch -x -LLL -D "...youadmindn" show you? 1147991577 M * s0undt3ch derjohn: I migrated passwd groups etc using the migration tools and pam.d/system-auth has the ldap entries there, what should be done to see if it's really working? 1147991616 M * s0undt3ch derjohn: a) ldap runs in a guest, and that shell command was used inside it 1147991634 M * derjohn s0undt3ch, do you see the root user als an object there? 1147991665 M * derjohn s0undt3ch, besides that I would have been easier to create a test user which only exists in ldap, but ... 1147991726 M * derjohn s0undt3ch, the ldapsearch shoudl deliver about the same info as "slapcat". (slapcar directly accesses /var/lib/ldap instead of querying the OpenLDAP) 1147991813 M * derjohn s0undt3ch, in the next step, we'll check if /etc/libnss-ldap is corretly configured and if /etc/ldap.secret (0700 !!) if filled with the right PW. 1147991831 M * s0undt3ch derjohn: slapcat gives me some root entries, ldapsearch -x -LLL -D "dc=UfSoft,dc=org" -W states "wrong credentials" 1147991858 M * s0undt3ch derjohn: I don't have /etc/ldap.secret, I'm passing -W 1147991918 M * s0undt3ch derjohn: although ldapsearch -x -D "cn=Manager,dc=UfSoft,dc=org" -W -LLL shows some entries 1147991949 M * s0undt3ch well all I think :) 1147991956 M * derjohn s0undt3ch, /etc/ldap.secret .. how do you expect libnss to ask queries to the ldap without an PW? I think there is an substential mistake with the ACLs you use.... ahh ... yes, Manager is your adminDN ? 1147991983 M * derjohn s0undt3ch, ok, you need to put bindrootdn "cn=Manager,dc=UfSoft,dc=org" into /etc/libnss-ldap 1147991995 M * s0undt3ch derjohn: my guess is Yes, my adminDN 1147992015 M * derjohn (or similiar .. my typos are just a test for your awareness) 1147992049 M * derjohn and put the PW of that user un /etc/ldap.secret (as mentioned in the comment of /etc/ldap.secret where the rootbinddn is ... 1147992060 M * s0undt3ch derjohn: and ldap.secret is the plain passwd? 1147992073 M * derjohn s0undt3ch, yes, plain. 0700 rights !" 1147992085 M * derjohn s0undt3ch, but you can arrange something better later 1147992114 M * derjohn s0undt3ch, like "cn=proxy,dc=UfSoft,dc=org" which can only read users and hashes, nothing else .. 1147992185 M * doener tokkee: namei.c in do_lookup(), the if-part that checks for PROC_SUPER_MAGIC. That code hides procfs entries from processes in a context 1147992189 M * s0undt3ch k, now I can use just ldapsearch -x -LLL, still getent passwd | grep 0:0 only gives me one entry 1147992225 M * derjohn doener, btw: 'ip a' :) 1147992270 M * doener derjohn: that one already works fine with my patch, it's "ip r" that is broken ;) 1147992273 M * derjohn s0undt3ch, ah, you configured /etc/ldap/ldap.conf to use the ldap.secret? anyway ... you may need a reboot to get it working now. 1147992276 M * tokkee doener: thx. 1147992292 M * s0undt3ch derjohn: that "cn=proxy,dc=UfSoft,dc=org" goes where? ldap.secret? 1147992323 M * s0undt3ch derjohn: about the ldap.secret, I didn't do anything else besides creating it :) 1147992326 M * derjohn # grep rootbin /etc/libnss-ldap.conf 1147992326 M * derjohn rootbinddn cn=Directory Administrator, o=ispman 1147992359 M * derjohn cat /etc/ldap.secret 1147992359 M * derjohn fvserverIscool 1147992370 M * derjohn s0undt3ch, clesar? 1147992405 M * tokkee How do I restrict the size of the harddisk for one guest? 1147992430 M * derjohn the prob is: if a process loads glibc, it does not recognize changes in your /etc/libnss-ldap.conf ... so restaret at least the bash or better restart the guest/machine. 1147992451 M * s0undt3ch restarting the guest 1147992457 M * derjohn s0undt3ch, BTW: /etc/libnss-ldap.conf conatins the host entry. in a guest i wouldnt use 127...... 1147992472 M * derjohn s0undt3ch, do you have a debian guest? 1147992506 M * s0undt3ch derjohn: gentoo all the way, and I'm using 10.1.0.250 for the host 1147992546 M * derjohn s0undt3ch, so there was already a (commented) /etc/libnss-ldap.conf ? 1147992590 M * derjohn s0undt3ch, besides that you have to emerge the libnss-ldap stuff ... but I assume you already did that. 1147992622 M * s0undt3ch derjohn: guest rebooted, still only one entry for the getent, and No, after a lot of strugling, I noticed it only worked like that, I can't even use the host name in /etc/openldap/ldap.conf because it tries to connect to my public ip 1147992648 M * s0undt3ch yes, nss_ldap and pam_ldap are present in the system 1147992648 M * derjohn s0undt3ch, take the ip. for several reasons. 1147992716 M * derjohn s0undt3ch, in /var/logs/syslog there should be lots fo blabla from slapd if you set LogLevel to hmmm 256 ... 1147992732 M * derjohn (so you see if libnss wants to look up the users) 1147992743 M * s0undt3ch k, trying that 1147992762 M * derjohn s0undt3ch, can you paste your /etc/libnss.. and sladp.conf ? 1147992783 M * derjohn (private msg or pastebin) 1147992868 Q * yarihm Quit: Leaving 1147992903 J * Methos ~mjoconr@hacker.pineview.net 1147992951 Q * dna Quit: Verlassend 1147993214 Q * jm Ping timeout: 480 seconds 1147993503 M * Loki|muh tokkee: quota-stuff is easiest with lvm imo 1147993537 M * tokkee Loki|muh: I already found the howto on linux-vserver.org ;-) thx anyway ;-) 1147993726 M * Loki|muh good luck for t+8h ^^ 1147993746 M * tokkee thx.... t+8h would be nice ;-) 1147993766 M * tokkee I'm still working on the fine-tuning of my slides :-/ 1147993781 M * tokkee s/fine/not-so-fine/ 1147993869 J * jm jm@d83-177-200-43.cust.tele2.fr 1147994060 M * tokkee Off to bed now... good night everyone, doener thx again for your help. 1147994066 M * doener np 1147994069 M * doener sleep well 1147994093 M * tokkee I will... I'm pretty much asleep already ;-) 1147994219 Q * stefani_ Quit: leaving