[12:09] <ivoks> Innatech: yeah... those are older models
[12:10] <necrite_> hi all
[12:10] <Innatech> ivoks: ah. I suppose I got lucky, then. I didn't exactly do an exhaustive search before I bought, like I should have. 
[12:10] <necrite_> what is the daemon (service) which upgrade the server time?
[12:10] <Innatech> ntpd
[12:10] <necrite_> ty
[12:11] <Innatech> np
[12:13] <Nafallo> FFS
[12:13] <Nafallo> I had forgotten to install the damn SQL-server
[12:14] <Nafallo> lol. still can't configure it ;-)
[12:17] <Nafallo> wow
[12:17] <Nafallo> I think I got it running :-P
[12:19] <Nafallo> yepp yepp. uploading :-)
[12:21] <Nafallo> ScottK: is there a procedure for SRU other than yell at $RANDOM_ARCHIVE_ADMIN to let it through? :-)
[12:21] <ScottK> Main or Universe?
[12:21] <Nafallo> universe
[12:22] <Nafallo> bacula_1.36.3-2ubuntu3_source.changes: done.
[12:22] <ScottK> https://wiki.ubuntu.com/MOTU/SRU
[12:22] <Nafallo> thanks
[12:22] <ScottK> Nafallo: Are you a MOTU.  I don't recall (sorry)?
[12:23] <Nafallo> ScottK: yes. since hoary IIRC :-)
[12:23] <Nafallo> not very active those days though :-/
[12:23] <ScottK> OK.  Wasn't sure.
[12:24] <ScottK> You just dput to dapper-proposed and an Archive Admin will publish it.
[12:24] <ivoks> 'night all
[12:25] <Nafallo> hmm. bug report ;-)
[12:25] <Nafallo> yea.
[12:26] <ScottK> That would be good.
[12:26] <Nafallo> I just forgot about the bugreport. I talked to pitti about it before I started mangling the package though :-P
[12:27] <ScottK> In that case, just put "It's not in LP, but I talked to pitti about it, so it's OK for an SRU updload." in debian/changelog and I'm sure it'll be fine.
[12:27] <ScottK> ;-0
[12:27] <Nafallo> so if we forget about the bug in changelog I'm fine ;-)
[12:27] <Nafallo> I've already uploaded the changelog with just the things I've changed :-)
[12:28] <Nafallo> i.e. three deps in debian/control ;-)
[12:29] <Nafallo> *sigh*
[12:29] <Nafallo> I have updatedb eating 1 core
[12:30] <Nafallo> if I uninstall slocate that will be findutils instead, which is essential.
[12:30] <Nafallo> what should I do about the damn thing? :-/
[12:34] <Nafallo> ha!
[01:27] <kshahnjd> thanks all for help, gn&gl
[06:32] <halcyonCorsair> hi, can anyone tell me how to set the default route to be a particular interface?
[06:37] <halcyonCorsair> ah, nevermind...oops
[01:00] <iceval> hello
[01:01] <iceval> i use 7.04 for server
[01:01] <iceval> is it okay?
[01:01] <iceval> can i install squid?
[01:01] <Nafallo> yes
[01:01] <iceval> how to install squid sir?
[01:01] <iceval> Nafallo
[01:01] <Nafallo> apt-get install squid
[01:01] <ivoks> sudo apt-get install squid
[01:01] <ivoks> :)
[01:02] <Nafallo> :-P
[01:03] <iceval> does ubuntu have root?
[01:03] <iceval> coz i cant access my root
[01:03] <Nafallo> yes, but its locked by default
[01:03] <Nafallo> man sudo_root IIRC
[01:07] <iceval> ivoks: first time to use ubuntu
[01:07] <iceval> from windows98
[01:07] <iceval> =)
[01:07] <iceval> i want to use ubuntu to be my server
[01:07] <iceval> how to install squid?
[01:07] <iceval> i dont see the .exe
[01:08] <asisak> iceval: is it serious?
[01:10] <iceval> im serious
[01:10] <iceval> i email the ubuntu and they send me 7.04
[01:10] <asisak> iceval: sudo apt-get install squid
[01:10] <iceval> my name is cesar quinon from philippines
[01:10] <iceval> please cheak my email sir
[01:11] <iceval> done this sir sudo apt-get install squid
[01:11] <iceval> this one i follow ivoks: sudo apt-get install squid
[01:12] <iceval> i dont see the squid in applications-places-system
[01:15] <asisak> iceval: squid is not a desktop application that would show up in the menu
[01:16] <iceval> oh i see
[01:16] <iceval> how to see it sir?
[01:16] <iceval> so i could look for it and how to creat a proxy so that i will use it to my workstations
[01:16] <asisak> so you install squid on your server
[01:17] <asisak> and setup workstations to use that
[01:18] <iceval> yes
[01:18] <iceval> but i dont have workstation now connected
[01:19] <iceval> i will first make sure that squid
[01:21] <ivoks> iceval: http://tldp.org/HOWTO/TransparentProxy.html
[01:22] <ivoks> but... eh...
[01:22] <ivoks> you should know some basics first... :/
[01:22] <ivoks> and my guess is that you don't know them
[01:23] <ivoks> this one is better:
[01:23] <ivoks> http://www.e-healthexpert.org/node/431
[01:24] <iceval> thanks
[01:25] <iceval> reboot
[01:25] <iceval> =)
[01:25] <ivoks> reboot?
[01:25] <asisak> indeed
[01:26] <Nafallo> hmm
[01:27] <ivoks> asisak: from hungary?
[01:27] <ivoks> were you in budapest last year on conference?
[01:35] <asisak> ivoks: yeah, nope :(
[01:35] <asisak> ivoks: how do you know?
[01:35] <Nafallo> asisak: well. have you checked what channels you hang on? ;-)
[01:36] <asisak> btw my name comes from the town near Zagreb
[01:36] <asisak> lol @ me
[01:40] <Nafallo> morning ScottK 
[01:41] <ScottK> Good morning.
[01:41] <asisak> (neither light nor tpd updates yet)
[01:59] <ivoks> asisak: heh
[01:59] <ivoks> asisak: i'm from zagreb
[01:59] <asisak> ivoks: yeah, that's why I said that
[01:59] <ivoks> asisak: i was in budapest, giving talk about CUPS, very bad talk, if i may add :/
[01:59] <asisak> you certainly know Sisak 
[01:59] <ivoks> croatia is so small that not only i know cities, but also villages :)
[02:00] <asisak> :)
[02:01] <ivoks> asisak: so, why (a)sisak? :)
[02:02] <ivoks> doh..
[02:02] <ivoks> never mind :)
[02:02] <asisak> so because of my first name
[02:02] <asisak> or last
[02:02] <ivoks> yeah, i figured that out :)
[02:03] <asisak> the winner is: ... ivoks :)
[02:10] <Nafallo> ivoks: where should I start reading to setup this beast? :-)
[02:10] <ivoks> which one?
[02:11] <Nafallo> bacula :-)
[02:11] <ivoks> hehe
[02:11] <ivoks> http://www.bacula.org/dev-manual/Brief_Tutorial.html
[02:11] <ivoks> http://www.bacula.org/rel-manual/index.html
[02:11] <ivoks> it will be difficult at start, but once you figure it out, you'll bowl to it every day
[02:12] <ivoks> it's complex cause it's so flexibile...
[02:12] <Nafallo> yea, that's why I choosed it :-)
[02:12] <Nafallo> thanks.
[02:13] <ivoks> np
[02:13] <ivoks> if you get stuck, feel free to nag me...
[02:13] <Nafallo> I will :-)
[02:13] <ivoks> that was figure of speach :)
[02:13] <ivoks> i was being polite :)
[02:13] <Nafallo> hehe
[02:14] <ivoks> it has very verbose logs, so one should get all the info from it
[02:25] <ivoks> Nafallo: if you have time, take a day or two and try figure out retenation and recycle definitions :)
[02:25] <Nafallo> ivoks: I haven't :-)
[02:28] <ivoks> Nafallo: keep File Retention =< 30 days
[02:29] <ivoks> Nafallo: Volume Retention depends on how much you want to ruse same volume
[02:30] <Nafallo> its a 2TB partition on RAID5 :-)
[02:30] <ivoks> :))
[02:30] <ivoks> so, one day? :)
[02:30] <Nafallo> I sure hope it can take more then that ;-)
[02:30] <ivoks> depends on what you're backing up
[02:31] <Nafallo> yea. will see how much space it will use :-)
[02:32] <ivoks> file retention is period after backup during which you want to be able to single pick one file
[02:32] <ivoks> volume retntion is period after backup during which you want to be able to recover data from that volume
[02:33] <ivoks> so, file retention is less than volume
[02:33] <soren> What's the point in having a volume with data on it, if you can't restore files from it?
[02:34] <ivoks> you can
[02:34] <ivoks> but you can't pick single file from it
[02:34] <ivoks> cause if you do daily backup
[02:34] <ivoks> and hold information about 1TB files in database
[02:34] <ivoks> that database will be very large after 30 days
[02:34] <soren> ivoks: Ah, I can only restore the entire backup then?
[02:34] <ivoks> yes
[02:34] <soren> ivoks: Entire volume, I mean.
[02:34] <soren> ok.
[02:35] <ivoks> it's possible to recover data even if volume is older than volume retention period
[02:36] <ivoks> but this includes scaning volume
[02:36] <ivoks> and... well... i didn't try it and don't plan to :)
[02:36] <Nafallo> hmm
[02:37] <Nafallo> I think the first step is going through the files in remembrance:/etc/bacula ;-)
[02:37] <ivoks> bacula-dir is most important one
[02:37] <ivoks> everything about the jobs is defined there
[02:38] <ivoks> what to backup, when, at which volume, retention periods, recycling, etc...
[02:38] <Nafallo> no default password?
[02:38] <ivoks> iirc, there is no by default
[02:39] <ivoks> but you should set one up, or two, or three :)
[02:39] <ivoks> director can use different password for different modules (-sd, -fd and console)
[02:40] <ivoks> but passwords are something you can setup at the end :)
[02:40] <ivoks> and are easiest thing to do :)
[02:41] <Nafallo> hmm.
[02:44] <Nafallo> aha. Jobs points to JobDefs. smart :-)
[02:47] <ivoks> don't forget, jobs can have RunBefore and RunAfter
[02:47] <ivoks> this is great stuf... program gets executed at fd, so on director you say 'oracle stop'
[02:47] <ivoks> and this gets executed before backup at client
[02:47] <Nafallo> seems most conf is done with vi rather than bconsole? :-)
[02:47] <ivoks> and after backup oracle start :)
[02:47] <dendrobates> stephanbuys: ping
[02:47] <ivoks> bconsole is not for configuration
[02:48] <ivoks> bconsole is for monitoring and reconfiguration
[02:48] <Nafallo> ah. oki :-)
[02:48] <ivoks> for example, in config you define maxvolumesize
[02:48] <ivoks> but if you used volume before with different maxvolumesize, then you can reconfigure it trough bconsole
[02:49] <ivoks> or lables...
[02:49] <Nafallo> why don't I just do the reconfig with vi then?
[02:49] <ivoks> you can't
[02:49] <ivoks> hehe
[02:50] <ivoks> ok...
[02:50] <ivoks> if you want to change something, for example volume label
[02:50] <ivoks> you can change volume label for *new* volumes in config
[02:50] <ivoks> but old volumes need name change to; this you can do only trough bconsole
[02:51] <Nafallo> hmm. oki.
[02:51] <ivoks> cause, you need to rewrite volume and update sql entries
[02:51] <Nafallo> why is that? :-)
[02:51] <Nafallo> ah. oki.
[02:51] <ivoks> i know, you tought vi can do everything :)
[02:51] <Nafallo> hehe
[02:52] <ivoks> if you want, i could send you my config
[02:52] <ivoks> with comments
[02:52] <Nafallo> that would be kewl! thanks! nafallo@ubuntu.com :-)
[02:52] <ivoks> expect it later today
[02:52] <Nafallo> thanks :-)
[02:52] <ivoks> cause i don't have time now to comment it :)
[02:52] <Nafallo> hehe
[02:52] <ivoks> and edit :)
[02:53] <Nafallo> :-P
[02:54] <stephanbuys> dendrobates, hi there
[02:54] <dendrobates> stephanbuys: have you looked at the auth-client-config package that jdstrand created?
[02:55] <stephanbuys> dendrobates, nope - not yet - wasn't aware of it
[02:56] <dendrobates> stephanbuys: http://www.strandboge.com/software/auth-client-config/
[02:56] <stephanbuys> dendrobates, cool - will check it out
[02:57] <dendrobates> stephanbuys: It is a python script that configures pam.d and nssswitch.conf.
[02:57] <stephanbuys> dendrobates, yeah - I saw the posting. forwarded it to my team and I will also have a look at it
[02:58] <dendrobates> stephanbuys: what time zone are you in?  I want to schedule a meeting to discuss the spec, and all the packages and get agreement on how things should be done.
[02:59] <stephanbuys> dendrobates,  GMT +2
[02:59] <dendrobates> stephanbuys: BTW, debian has agreed to take our changes.  
[02:59] <stephanbuys> dendrobates, thats great news
[03:01] <stephanbuys> dendrobates, if this works well we can get use it in authtool
[03:01] <stephanbuys> dendrobates, also, there was a query from the Google Summer of Code project that could perhaps do just that for us :-)
[03:03] <dendrobates> that is my thought, I like the idea of the templates, admins could create and manage their own templates to easily configure many systems.
[03:12] <stephanbuys> dendrobates, we implemented templates in authtool as it allowed us to have a predictable, known-to-work, set of configurations
[03:38] <jdstrand> dendrobates: FYI: I put auth-client-config in launchpad at https://launchpad.net/auth-client-config
[03:39] <jdstrand> it will just poll my website for updates for now
[03:39] <jdstrand> no new changes yet
[03:44] <dendrobates> jdstrand:  Cool, I am referring to it in my spec as well, because we need to get it into Gutsy. 
[03:44] <jdstrand> yeah, I saw that.  great!
[03:45] <stephanbuys> jdstrand, dendrobates : any plans to support winbind (or AD) authentication with this frontend?
[03:46] <dendrobates> That is my plan.  But after gutsy.
[03:46] <dendrobates> I am trying to take a bitesize portion. So we can be sure to get it done.
[03:46] <jdstrand> stephanbuys: as far as auth-client-config is concerned, I just need appropriate nsswitch.conf and pam settings, and they can be added as one of the templates
[03:47] <jdstrand> stephanbuys: but even if it is not included right away, auth-client-config will (todo) support pulling in settings from files in /etc/auth-client-config/profile.d, so authtool or whatever can just drop files in there
[03:48] <jdstrand> stephanbuys: they will be automatically picked up at runtime
[03:49] <stephanbuys> jdstrand, I have found the RedHat tool to be a good reference on how to do this in action: http://www.koders.com/python/fid6E833D2322AF4119AF8F430040C948D7CDC0C43D.aspx?s=authconfig
[03:49] <stephanbuys> jdstrand, how about credential caching and offline usage?
[03:49] <stephanbuys> jdstrand, we had to enable nss-updatedb to make sure ldap auth does not break when going home :-)
[03:50] <stephanbuys> so unfortunately its not just as easy as setting nsswitch.conf and pam
[03:50] <stephanbuys> bain, ^^^
[03:50] <jdstrand> stephanbuys: auth-client-config really doesn't care about any of that.  It will have a database for settings for passwd, group and shadow for nsswitch, and auth, account, password and session in pam.  However Ubuntu or a sysadmin wants to configure the profiles is up to them.
[03:51] <stephanbuys> jdstrand, ok - fair enough. authtool can help with that (it also has a command-line mode)
[03:51] <jdstrand> auth-client-config will just provide a convenient way of maintaining a database and updating pam and nsswitch.conf, primarily for usage with debconf, but could apply to other situations
[03:51] <stephanbuys> jdstrand, I see the potential of using auth-client-config as the config backend for authtool
[03:52] <stephanbuys> jdstrand, we can then address the nuances like ccache, offline usage, etc through it
[03:52] <jdstrand> stephanbuys: I thought it could be applied there as well-- then authtool can focus on the ui
[03:52] <jdstrand> stephanbuys: and all that stuff you mentioned
[03:52] <bain> stephanbuys: here 
[03:53] <jdstrand> stephanbuys: it is one piece of a larger puzzle.  kindo of like update-inetd, but for nsswitch and pam
[03:53] <stephanbuys> jdstrand, ok - agreed. and _extremely_ usefull
[03:53] <dendrobates> I like the idea of pulling all config, including ccache and such out of any ui, and putting them in a separate package.
[03:53] <stephanbuys> jdstrand, we can handle the different auth backends with authtool then
[03:54] <stephanbuys> dendrobates, elaborate? (out of the authtool UI even?)
[03:54] <dendrobates> A user might want the functionality but not the full authtool package. 
[03:54] <stephanbuys> ok - so conceptually there is a dependency chain like this:
[03:54] <jdstrand> stephanbuys, dendrobates: authtool can do that, and different packages like ldap-auth-config, kerberos-auth-config, winbind-auth-config, ad-auth-config, laptop-auth-config,... can pull in whatever packages they need, and use auth-client-config as part of there configuration
[03:55] <stephanbuys> pam/nsswitch.conf/etc -> auth-client-config -> authtool
[03:55] <jdstrand> s/there/their/
[03:56] <dendrobates> It just seems like that functionality should be in auth-client config, but that is just my opinion.
[03:56] <stephanbuys> jdstrand, In authtool we will then have a couple of backends defined, for example: Local Authentication, LDAP (or Ubuntu) Server, Active Directory, eDirectory
[03:57] <stephanbuys> dendrobates, so enabling/disabling credential caching becomes a function of auth-client-config as well?
[03:58] <jdstrand> stephanbuys: your dependency chain is looks good to my thinking, except I would do s/authtool/(authtool|ldap-auth-config|kerberos-auth-config|...)/
[03:58] <dendrobates> since is is not specific to any one auth scheme, yes.
[03:58] <stephanbuys> dendrobates, ok - agreed. also it is one of the really subtle pieces in pam and a nightmare for a first-time administrator to get right
[03:58] <jdstrand> stephanbuys: as for the backend, auth-client-config only does nsswitch.conf and pam, so you can either give me your settings, or drop them into /etc/auth-client-config/profile.d (in 0.2)
[03:59] <stephanbuys> (ccreds in pam)
[03:59] <dendrobates> I also think those advanced features should be in the next release.  
[03:59] <dendrobates> think about how much better we are making things already.
[04:00] <stephanbuys> jdstrand, ok - how about: am/nsswitch.conf/etc -> auth-client-config -> ldap-auth-config|kerberos-auth-config -> authtool (for GUI)
[04:00] <jdstrand> stephanbuys: have to talk to dendrobates about ldap-auth-config-- I think he will be doing debconf there?
[04:01] <stephanbuys> dendrobates, jdstrand : a lot of debconf work has gone into authtool already, ajmitch envisioned using debconf where possible 
[04:01] <dendrobates> jdstrand: just ldap specific debconf.
[04:01] <stephanbuys> jdstrand, dendrobates : we even support dependency tracking and will install the missing auth debs if they are needed
[04:02] <dendrobates> stephanbuys: we should use that in ldap-auth-config
[04:02] <jdstrand> stephanbuys: just for clarity, ccreds and nss-updatedb settings in nsswitch.conf and pam is no problem.  It is just another profile type 
[04:02] <stephanbuys> dendrobates, jdstrand : also authtool is great for doing things like automatic DNS discovery of the kerberos servers or LDAP lookup (in the Root DSE) of the base_dn on a LDAP server
[04:03] <dendrobates> stephanbuys: great, that is something I really wanted, it gives us an advantage over the other distros.
[04:04] <stephanbuys> I also envisage "zeroconf" enabling all of this in the end so that if a user has a Ubuntu server that is ready for LDAP auth on the LAN it will be automatically detected
[04:05] <dendrobates> stephanbuys: that's my vision as well.
[04:06] <stephanbuys> dendrobates, will you drop me an email regarding the meeting you want to hold?
[04:07] <jdstrand> stephanbuys: I think that with the use of profiles in auth-client-config, switching between them via zeroconf or even network-manager is possible
[04:07] <dendrobates> stephanbuys: I plan on send out a request today.
[04:07] <jdstrand> stephanbuys: would have to carefully think about whether that is desirable though
[04:08] <stephanbuys> jdstrand, although it sounds simple we have found that in practice some things (like GDM) can be really pedantic about changes to nsswitch and pam
[04:08] <jdstrand> stephanbuys: yes-- I have found that to be true too-- sometimes a restart of the system is in order (I think it has something to do with glibc, but...)
[04:09] <jdstrand> stephanbuys: the idea was more to do it on boot, before gdm or anything.  But again, this is (way) down the road
[04:09] <stephanbuys> jdstrand, exactly :-)
[04:10] <stephanbuys> jdstrand, I think in practice users do not switch auth backends too frequently (it creates too much of a uid and gid mess), so we should be pretty isolated from that requirement for a while
[04:10] <stephanbuys> jdstrand, dendrobates : ever consider OpenID as a potential auth backend?
[04:10] <jdstrand> stephanbuys: agreed
[04:11] <jdstrand> stephanbuys: no, but checking it out now
[04:12] <dendrobates> stephanbuys: I thought openid was like ms passport.
[04:12] <dendrobates> Ahh I get it.
[04:13] <stephanbuys> dendrobates, its all about authentication, of course you might not "trust" all potential auth provides to log onto your work laptop (for example)
[04:13] <stephanbuys> s/provides/providers/
[04:13] <dendrobates> so you are saying sytem auth using openid?  Has this been done before?  What about nss?
[04:14] <jdstrand> stephanbuys: the concept seems similar to kerberos
[04:14] <stephanbuys> jdstrand, exactly, but potentially a 100 times easier to deploy :-)
[04:14] <David_CDRJ> hi there
[04:14] <stephanbuys> jdstrand, and "future proof" in a way
[04:15] <stephanbuys> dendrobates, no, not as far as I know
[04:15] <David_CDRJ> does anybody have problem with de e1000 module in ubuntu server 7.04
[04:15] <dendrobates> David_CDRJ: Hi
[04:15] <David_CDRJ> ?
[04:16] <jdstrand> stephanbuys: I know what you are saying, but with PAM, kerberos doesn't have to be a total nightmare.  Maybe just a bad dream.  :)
[04:17] <stephanbuys> jdstrand, lol
[04:18] <jdstrand> stephanbuys: really it is just finding the right combination of of ccreds, update-nss and kerberos.  That is what takes so long.  But with the work we are doing here, we should be able to take that pain away from users.
[04:18] <David_CDRJ> i tried to update de module to the newest version bug every time i reboot the server the old one came back!
[04:19] <stephanbuys> jdstrand, true, "Rome wasn't built in a day" seems appropriate
[04:19] <jdstrand> stephanbuys: it seems openid does just the authentication.  So still need ldap for network authorization.  Am I understanding this correctly?
[04:20] <stephanbuys> jdstrand, correct. OpenID is all about authentication. The "trust" of that authentication is then determined by the "service provider". which would then lead to authorization
[04:21] <stephanbuys> jdstrand, for example, I would only "trust" OpenID authentication from "logon.mydomain.com" to authorize users to access work computers
[04:21] <jdstrand> stephanbuys: I was thinking about uids and gids
[04:21] <jdstrand> stephanbuys: the provider doesn't handle that does it?
[04:21] <David_CDRJ> i guess my problem are a little less interesting that autentication...
[04:21] <stephanbuys> jdstrand, ah - I see. 
[04:22] <stephanbuys> jdstrand, theoretically it could 
[04:22] <stephanbuys> jdstrand, OpenID should allow the user to easily select an identity with certain meta-data. That meta-data could of course provide uid and gid
[04:23] <jdstrand> David_CDRJ: be patient-- people tend to check this less frequently than others.  For more immediate response, try #ubuntu
[04:23] <stephanbuys> jdstrand, but to be honest I haven't thought that through yet =)
[04:23] <David_CDRJ> jdstrand: thanks
[04:25] <stephanbuys> jdstrand, http://openid.net/specs.bml -> OpenID Attribute Exchange 1.0 - Draft 5
[04:30] <jdstrand> stephanbuys: looking through that and some googling, seems very website-centric, though there http://code.google.com/p/pam-openid/
[04:32] <stephanbuys> jdstrand, oh it is, still something to keep on the radar perhaps, and something to differentiate Ubuntu from other players. What I really like about it is that there are already loads of providers out there and that it seems very simple
[04:32] <jdstrand> stephanbuys: yeah-- seems cool
[04:39] <stephanbuys> jdstrand, dendrobates : I've got to run - good chatting to you. bye
[04:57] <kshahnjd> I'm having trouble with the vsftpd configuration, I followed the ubuntu server guide precisely, I can log in, but when using my client (filezilla) I receive 'critical transfer error' when attempting transfer to /var/www
[04:57] <kshahnjd> my home directory I receive the same error, but the transfer seems to work
[05:37] <tck-afk> has Debian ever used chkconfig?
[05:37] <tck-afk> or always used update-rc.d
[05:47] <tck-afk> its ok, i found sysv-rc-conf -- looks nice
[06:05] <ivoks> Nafallo: mail on its way
[06:05] <kshahnjd> can someone recommend me something besides vsftpd? I am not having a good time using it
[06:05] <Nafallo> kewl, thanks :-)
[06:05] <Nafallo> kshahnjd: I would recommend vsftpd :-)
[06:05] <kshahnjd> NO :(
[06:06] <ivoks> kshahnjd: yes, vsftpd or noftp
[06:06] <Nafallo> yes, I would :-)
[06:06] <kshahnjd> I can't seem to figure out the permissions for the /var/www directory
[06:06] <ivoks> what hard times?
[06:06] <mralphabet> sftp!
[06:06] <kshahnjd> i had my account join the www-data group
[06:06] <kshahnjd> and.. still weird things are going down
[06:07] <ivoks> like...?
[06:07] <ivoks> joing user www-data group shouldn't have any effect :)
[06:07] <kshahnjd> i still don't have permissions, I get errors, i chmod'ed a directory within /var/www
[06:07] <kshahnjd> and using filezilla i still get 'crticial transfer errors'
[06:07] <kshahnjd> but it appears to have uploaded successfully...
[06:08] <kshahnjd> someone pointed me to what seemed to be an overly complex virtual user config.. I don't feel like it needed to be that complicated, i may be wrong
[06:08] <kshahnjd> probably am
[06:09] <ivoks> maybe it would be better for you and us if you would say what you want to achive, not how you are doing it
[06:09] <ivoks> :)
[06:09] <kshahnjd> he, sry, alright, so I have an account, my username, kshah, I want to be able to whatever I want to the /var/www directory and subdirectories
[06:10] <kshahnjd> *to do whatever I want* as in, rwx, mkdir, deldir, etc
[06:10] <ivoks> ok
[06:10] <ivoks> this doesn't have anything to do with ftp
[06:10] <ivoks> chown -R kshah /var/www/
[06:10] <ivoks> and that's it
[06:10] <kshahnjd> but doesn't that steal permission away from www-data ?
[06:11] <ivoks> www-data doesn't have any permissions there
[06:11] <kshahnjd> ?
[06:11] <ivoks> only read
[06:11] <ivoks> www-data can write only in /tmp and /var/tmp
[06:11] <ivoks> like every other user
[06:11] <kshahnjd> created by an app"
[06:11] <ivoks> you *don't* want to chown /var/www to www-data
[06:12] <kshahnjd> i see
[06:12] <kshahnjd> so I can chown only for one user, what if there are multiple ftp users that should all be able to toy around with that /var/www dir?
[06:13] <kshahnjd> should i then create a group which has permissions to it?
[06:13] <ivoks> create group, chgrp that dir to that group, and make it writable for that group
[06:13] <ivoks> don't make it writable for www-data, never!
[06:13] <ivoks> only cache dirs and upload dirs
[06:13] <kshahnjd> thats a security risk, right?
[06:13] <ivoks> yes
[06:14] <kshahnjd> so, lets say.. for instance i'm using drupal, a cms, which has certain files permissions set.. me changing owner will not effect that files permissions?
[06:14] <kshahnjd> it will just override them for em?
[06:14] <kshahnjd> *me?
[06:17] <ivoks> phone, sec
[06:28] <ivoks> back
[06:29] <ivoks> where were we? :)
[06:29] <ivoks> Nafallo: does it help?
[06:35] <Nafallo> ivoks: wow. -dir is damn huge to get the mind around :-)
[06:35] <Nafallo> and mine will probably be larger when I'm finished :-P
[06:36] <ivoks> :)
[06:36] <ivoks> right, every single thing is customisable
[06:37] <ivoks> Nafallo: i have even bigger, but this one isn't for sharing :)
[06:37] <Nafallo> :-P
[06:39] <ivoks> includes couple of autochangers :)
[06:40] <Nafallo> sarge. does that still have security support?
[06:41] <Nafallo> hmm. seems like it.
[06:43] <Nafallo> in -fd I just point to the director I just set up, right?
[06:44] <Nafallo> yea. looks like it.
[06:44] <ivoks> right
[06:48] <Nafallo> hmm
[06:49] <Nafallo> if I specify client in jobs instead of jobdefs I can have jobdef called servers with most other options included...
[06:49] <ivoks> yes
[06:49] <Nafallo> if I have options in JobDefs and specify other options that are already set in JobDefs in Jobs, which one will go though? :-)
[06:50] <ivoks> :)
[06:50] <ivoks> check out documentation :)
[06:50] <Nafallo> hehe
[06:51] <ivoks> JobDefs should be common settings
[06:51] <Nafallo> yea
[06:53] <Nafallo> so if I want to backup one host I do a JobDefs, two Jobs and two Schedulers then...
[06:53] <Nafallo> I guess
[06:53] <Nafallo> full daily and incremental from time to time :-P
[06:54] <ivoks> no
[06:54] <ivoks> one scheduler
[06:55] <Nafallo> oh?
[06:55] <ivoks> with couple of Run
[06:55] <ivoks> Rub = Full sun at 22:00
[06:55] <ivoks> Run = Incremental mon-sat at 22:00
[06:55] <ivoks> for example
[06:56] <ivoks> that's inside one schedule
[06:56] <Nafallo> but if I want full backup every 12h and incremental every hour?
[06:56] <Nafallo> hmm. oki
[06:56] <ivoks> two jobdefs only if you include something else in full backup
[06:57] <ivoks> but if fileset is the same, and only  diff is incremental/full
[06:57] <ivoks> then one scheduler with two Run's
[06:57] <ivoks> Runs
[06:57] <Nafallo> so one of everything and two jobs :-P
[06:57] <ivoks> no, one everything :)
[06:58] <Nafallo> ehrm.
[06:58] <ivoks> you can do with two schedulers, if you want, but it's not must have
[06:58] <ivoks> :)
[06:59] <Nafallo> so I don't need two Jobs for defining Level?
[07:00] <ivoks> if you have a client
[07:00] <ivoks> and file storage
[07:01] <ivoks> then define one jobdefs, one job, one client, one storage
[07:01] <ivoks> if you want to run daily incremental, and full on sunday
[07:01] <ivoks> then one scheduler
[07:01] <ivoks> with Run = Full mon-sat at 22:00
[07:01] <ivoks> eerrrr
[07:01] <Nafallo> I think I'm confused by Level then :-P
[07:02] <Nafallo> what is that doing in JobDefs?
[07:02] <ivoks> Level is default, but you can without it :)
[07:02] <Nafallo> ah
[07:02] <ivoks> let me check docs
[07:02] <ivoks> :)
[07:03] <ivoks> remove Level
[07:03] <ivoks> you don't need it
[07:03] <Nafallo> oki. thanks.
[07:11] <ivoks> np
[07:11] <Nafallo> this will take some time to get the mind around :-)
[07:12] <Nafallo> damn. the standard JobDefs is used by some Catalogthingie :P
[07:14] <ivoks> ?
[07:14] <ivoks> ah, Catalog
[07:14] <ivoks> yes, you need this
[07:15] <Nafallo> I wonder what was in the standard JobDefs then :-P
[07:15] <ivoks> it exports bacula's SQL into file and writes it to backup media
[07:15] <ivoks> :))
[07:16] <Nafallo> so I will need an -fd on localhost then=
[07:16] <Nafallo> ?
[07:17] <ivoks> yes
[07:18] <Nafallo> *sigh* thanks
[07:18] <Nafallo> to backup one host I need to backup two ;-)
[07:18] <ivoks> you don't backup host
[07:18] <ivoks> you backup bacula information
[07:19] <ivoks> that way your backup host can fail and you'll be able to recreate everything
[07:19] <Nafallo> yea, but need the daemon, so no real diff ;-)
[07:20] <Nafallo> oh! both the default JobDefs and that CatalogJob has Level :-P
[08:14] <Innatech> Is there any compelling reason to use the 64bit LTS on Xeon servers?
[08:14] <Innatech> or am I just asking for dependency problems?
[08:14] <ivoks> i use 64bit on servers
[08:14] <Innatech> do you have to symlink everything?
[08:15] <Innatech> or do most 32 programs find the libs they need? 
[08:15] <Innatech> *32bit
[08:16] <ivoks> i don't use 32bit programs
[08:16] <ivoks> on 64bit servers
[08:16] <Innatech> ah.
[08:16] <ivoks> if you need 32bit programs
[08:16] <ivoks> use 32bit OS
[08:16] <ivoks> unless your server has more than 4GB of RAM
[08:17] <Innatech> I'm not entirely sure what I might need, eventually. Nah, not over 4GB yet. 
[08:17] <Innatech> Probably safest to go with the regular 32bit x86 version for now. 
[08:20] <Nafallo> 64-bit host with 32-bit VMs? :-)
[08:21] <ivoks> Nafallo: LTS is in question :)
[08:21] <ivoks> Nafallo: how's bacula coming along? :)
[08:22] <Nafallo> dunno. confusing enough for me to leave it off and go fetch something to drink ;-)
[08:22] <Nafallo> LTS can do XEN? I've seen tutorials.
[08:23] <ivoks> yes, you are right
[08:23] <Nafallo> we use openvz at work on LTS as well ;-)
[08:23] <mathiaz> dendrobates: you were struggling with openssl licensing a couple of weeks ago.
[08:24] <dendrobates> mathiaz: yes
[08:24] <mathiaz> dendrobates: have you looked at yassl -  http://yassl.com/ ?
[08:24] <mathiaz> dendrobates: that's what mysql is using.
[08:24] <dendrobates> mathiz: hmm?
[08:25] <mathiaz> dendrobates: I'm reading through mysql changelogs and they mention yassl
[08:25] <dendrobates> mathiaz: I'll look at it.
[08:25] <mathiaz> dendrobates: and some licensing issues. But I'm not sure how relevant this is to your openldap problem.
[08:27] <dendrobates> mathiaz: It might be useful if openldap could successfully compile with it.
[08:28] <mathiaz> dendrobates: they say that there is an openssl compability layer.
[08:29] <mathiaz> dendrobates: and it seems that they've updated their license to cover the linking of third party software.
[08:29] <dendrobates> mathiaz: gnutls has one as well, but it does not work with openldap.
[08:29] <mathiaz> dendrobates: in this case, it was apache linked to mysql linked to yassl
[08:30] <mathiaz> dendrobates: yeah I remember. Anyway, it may be worth to look at it. If it compiles, then I think, the licensing issue doesn't exist.
[09:34] <asisak> ScottK: I started to work on lighttpd (again)
[09:34] <ScottK> Great.
[09:35] <asisak> ScottK: can you please help me if there is some SRU tutorial and / or what bugs qualify serious enough to be put back?
[09:36] <ScottK> asisak: https://wiki.ubuntu.com/MOTU/SRU
[09:36] <ScottK> Since lighttpd is in Universe.
[09:36] <asisak> thanks... reading... 
[09:36] <asisak> yeah, I know
[09:37] <asisak> actually it was high time to do something universe-related since I want to become a MOTU :)
[09:37] <ScottK> https://wiki.ubuntu.com/SecurityUpdateProcedures for security bugs.
[09:38] <asisak> what does SRU exactly mean?
[09:38] <asisak> security related update?
[09:39] <ScottK> Stable Release Update
[09:39] <asisak> I see
[09:39] <ScottK> SRU is for serious, but non-security (e.g. crash/data loss/package not installable) fixes for released versions.
[09:40] <pircjo1> I'm running UBUNTU 6.06 server and I have connected a windows network drive via cifs I am getting an intermittent error when I cp files to it "Bad file Descriptor"
[09:41] <asisak> ScottK: I might get it wrong, but bug #127718 speaks about security fixes
[09:41] <ubotu> Launchpad bug 127718 in lighttpd "lighttpd security fixes" [Low,In progress]  https://launchpad.net/bugs/127718
[09:41] <ScottK> Yes.  You should use the security process for that one.
[09:42] <asisak> hmmm
[09:45] <pircjo1> Any advise on mounting a windows network drive?
[10:00] <Innatech> So-- kernel panic trying to install LTS x86 on a dual core opteron. "MP-Bios bug : 8254 timer not connected to IO-APIC"  "Kernel panic -- not syncing: IO-APIC+ timer doesn't work! " 
[10:01] <Innatech> apic=debug gives a little more information--mostly, that all of the workarounds failed. 
[10:01] <Innatech> What do I lose if I use noapic? This is a server, with a 3ware RAID card. I don't want to cause interrupt problems. 
[10:13] <ivoks> you already loose
[10:13] <ivoks> with broken hardware
[10:15] <ivoks> disable ioapic in bios if you can
[10:15] <Innatech> It's a brand new Silicon Mechanics / Supermicro server. Tested out on CentOS5. If anything's broken, its the LTS kernel/distro/installer. 
[10:16] <Innatech> I know how to work around it, I'm just trying to make sure that the workaround won't cause problems down the road. If I want to use a different distro, this is the time to decide. 
[10:18] <ivoks> well, you've got message from kernel
[10:18] <ivoks> IO-APIC doesn't work
[10:18] <ivoks> so, disabling it wouldn't harm
[10:18] <Innatech> Right. So--what do I lose by going with LTS w/o APIC -- versus, say, CentOS with it?
[10:18] <ivoks> are you sure it is with it?
[10:19] <Innatech> Yup. 
[10:19] <ivoks> then report kernel bug if you have time
[10:19] <Innatech> Yes. Great. But, meanwhile I have to do my job. I've never been able to figure out what the practical consequences of disabling APIC are. 
[10:19] <ivoks> er...
[10:20] <ivoks> APIC is for SMP machines
[10:20] <Innatech> dual core.
[10:20] <tck-afk> can the new landscape app install ubuntu onto remote machines a la windows SMS 
[10:20] <ivoks> Innatech: disabling apic would mean disabling second core
[10:20] <Innatech> >blink<
[10:21] <Innatech> are you sure about that?
[10:21] <Innatech> We're talking about APIC, not ACPI. 
[10:22] <ivoks> http://wiki.linuxquestions.org/wiki/APIC
[10:23] <Innatech> ah, nice. Thanks.
[10:23] <ivoks> it is possible that CentOS is using UP kernel for installation (i'm not sure, but could be...)
[10:26] <Innatech> Well, this is a tested CentOS install that Silicon Mechanics left on the system when they were done testing. 
[10:26] <Innatech> It's not an installer. 
[10:27] <Innatech> Still, I suppose I'll go ahead with the LTS install and see what happens. I don't really want CentOS on this box. 
[10:27] <ivoks> try with nolacpi first
[10:27] <ivoks> beh
[10:27] <ivoks> nolapic
[10:27] <Innatech> yeah, no lapic. 
[10:27] <Innatech> that's an idea. 
[10:28] <ivoks> something that works often for me is 'pci=nommconf'
[10:28] <ivoks> this is when i get random lockups
[10:29] <ivoks> not related to APIC, but wouldn't hurt to try...
[10:30] <tck-afk> i would love to get my hands on this -> http://www.canonical.com/landscape
[10:32] <ivoks> tck-afk: then wait just a bit more :)
[10:32] <tck-afk> we will get the client
[10:32] <tck-afk> the main package is for subscribers only
[10:32] <ivoks> 'we'?
[10:32] <tck-afk> users, clients
[10:32] <ivoks> yes :)
[10:33] <tck-afk> http://packages.ubuntu.com/feisty/admin/landscape-client : empty
[10:33] <tck-afk> they are teasing us
[10:33] <ivoks> that means it will be open source
[10:33] <ivoks> so everybody could write their own server part
[10:33] <tck-afk> well theres the client and the server side i guess
[10:34] <ajmitch> ivoks: sure, though I'd say the server part is fairly complex
[10:35] <ivoks> ajmitch: i guess it is, yes
[10:35] <ajmitch> I'm glad there's at least something more than just rumours now 
[10:35] <tck-afk> if it can do what Windows SMS or HP's radius does i'd be well impressed
[10:35] <tck-afk> i wonder could it push down images 
[10:35] <ivoks> images?
[10:35] <ivoks> like network install?
[10:36] <tck-afk> clients could pxe boot etc..
[10:36] <tck-afk> yeah
[10:36] <tck-afk> be wicked
[10:36] <ivoks> you can do that already :)
[10:36] <tck-afk> managed centrally ? 
[10:36] <ivoks> you don't manage installation procedure, you start it and wait for it to finish
[10:37] <tck-afk> i like the Semi-connected management:
[10:37] <ivoks> without interaction
[10:37] <tck-afk> i wonder how many in-house developers they have coding all this stuff
[10:37] <Innatech> Yay! nolapic works. So, what's the difference between noapic and nolapic?
[10:37] <tck-afk> they certainly churn out alot of slick apps and tools
[10:39] <ivoks> Innatech: Local APIC interrupts
[10:39] <Innatech> yeah, I get that. So what's the difference between APIC and local APIC?
[10:40] <ivoks> http://en.wikipedia.org/wiki/Intel_APIC_Architecture#Local_APICs
[10:40] <ivoks> lapic is part of apic
[10:40] <Innatech> hmm. Interesting. 
[10:42] <ivoks> tck-afk: anyway, i would love to see landscape too :/
[10:43] <ivoks> i guess it will be expanded RHN :)
[10:43] <tck-afk> having used windows SMS on my last contract
[10:44] <tck-afk> it could really change how businesses look at a large scale rollout
[10:44] <tck-afk> to use HP's radia (http://support.openview.hp.com/radia.jsp) is over 100,000 euro
[10:45] <tck-afk> afaik M$ give SMS (Systems Management Server) away for free
[10:49] <ivoks> 'night all
[11:54] <coNP> ScottK: debian seem to have fixed these issues
[11:54] <coNP> some of the at least
[11:55] <ScottK> coNP: For lighttpd?  We need to patch the released versions in Ubuntu, not bring in new Debian versions.
[11:55] <coNP> sure, but neither debian will bring in new versions to fix security issue
[11:55] <coNP> s
[11:57] <coNP> but I am too sleepy to investigate this any more
[11:57] <coNP> security things are hard
[11:58] <coNP> see you
[11:58] <ScottK> OK.  
[12:04] <Innatech> I have an Intel dual PT/1000 NIC (PCI-E) in my router. A couple days ago, LTS was happily recognizing it, although I had to shove it's PCI ID into /sys/.../new_id for it to be recognized. However, since then the devices it's assigned to seem to change mysteriously--first it was eth3 & eth4 (which made sense as 0, 1 & 2 are on the motherboard.) However, now they show up as eth3 & eth5 (which doesn't make much sense) -- and neith
[12:04] <Innatech> er one of them seems to detect a link. How do I troubleshoot this? One thing I noticed is that lsmod doesn't show any active use of e1000 -- but ethtool says that they're using e1000.