[00:00] kirkland: I'm on my livecd, help me CHROOT into my server install? [00:00] kirkland: putting on my sysadmin hat, I am not sure there is a sane default [00:01] we don't have a server that we can target our authentication/authorization lookups against [00:01] as such, it's all manual [00:02] kirkland: I'm on my livecd, help me CHROOT into my server install? Please? [00:02] jdstrand: i was thinking we should allow users with uid Invisionfree: are you at a command prompt? [00:02] Terminal, and by the time you tell me what to type I will be :P [00:03] kirkland: right, I understand, but what is 'N'-- some people may want to override some groups/users for some reason [00:03] Invisionfree: do you know the device that has your / partition? [00:03] hda1 [00:03] jdstrand: at the very least 0/root [00:03] jdstrand: i don't there's ever a case where root would ONLY exist in LDAP [00:03] kirkland: no, that is true [00:03] Invisionfree: mount /dev/hda1 /mnt [00:03] Invisionfree: chroot /mnt [00:04] kirkland: but, you can't get that fine-grained with libc/nss lookups, only pam [00:04] jdstrand: i know, i know, inadvisable to login as root [00:05] jdstrand: perhaps users in the admin group? [00:05] jdstrand: we specify those in pam [00:05] kirkland: yeah, pam_krb5 has a minimum_uid setting [00:05] eg account sufficient pam_krb5.so minimum_uid=1001 [00:05] I'm checking pam_ldap now, but am almost 100% it has it too [00:05] jdstrand: that's kinda the opposite, though [00:06] * kirkland smacks kirkland, nevermind [00:06] * Invisionfree smacks kirkland for the hell of it [00:06] :D [00:10] kirkland: man pam_ldap-- ignore_unknown_user [00:23] is it pam or nss thats causing the issue on boot? [00:54] Help [00:54] bipolar? [00:55] hmm? [00:55] The following packages have unmet dependencies: [00:55] libsasl2-modules-gssapi-heimdal: Depends: libsasl2-modules (= 2.1.22.dfsg1-12) but 2.1.22.dfsg1-9ubuntu2 is to be installed [00:55] E: Broken packages [00:55] How do I fix that? [00:55] how did you get there? [00:55] A Debian shell script to install ldap [00:56] umm.... what shell script? [00:56] http://noc.cluenet.org/distconf2.allinone.sh [00:57] that script calls other scripts. it must be part of a package you downloaded. [00:58] How do I get that version it needs? [00:58] it probbly doesn't work on ubuntu [00:58] .. [00:58] All it needs is a different version, why the hell wouldn't it? [00:59] ubuntu packages aren't always exact replicas of the debian packages with different numbers on them [01:00] Invisionfree: are you running gutsy? [01:00] Yes. [01:01] Invisionfree: the first thing I would try is running 'apt-get -f install' just to see if it can clean itself up. [01:01] I did, no solve. [01:04] libsasl2-modules-gssapi-heimdal may be broken [01:04] packages.ubuntu.org says exactly the same thing apt is telling you [01:05] it requres libsasl2-modules (= 2.1.22.dfsg1-12) but ubuntu has libsasl2-modules (2.1.22.dfsg1-9ubuntu2) [01:05] I would remove that package, unless you absolutly need it. [01:05] I absolutely need it. [01:06] I'm afriaid your screwed [01:06] would rebuilding it from the source package (And modifying it's dependancy manually) resolve this? [01:07] or at least, get past the dependancy issue (while potentially creating new issues down the line) [01:08] it's strange, the universe package looks newer then the non-universe one. [01:08] bipolar: [01:08] E: Version '2.1.22.dfsg1-12' for 'libsasl2-modules' was not found [01:08] yes, because 2.1.22.dfsg1-9ubuntu2 is what is available [01:09] How can I get that version then.. [01:10] You would need to download the source package, modify it's config file, and recompile [01:11] that version is not in the repositories [01:11] which is strange. [01:13] Maybe you could download the deb, and install it manualy [01:14] tell dpkg to ignore dependancys [01:15] Invisionfree: here is someone else with the same issue: http://ubuntuforums.org/showthread.php?t=599141 [01:16] Invisionfree: and there is already a bug reported for this issue: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2-heimdal/+bug/157035 [01:16] Launchpad bug 157035 in cyrus-sasl2-heimdal "libsasl2-modules-gssapi-heimdal not installable" [Undecided,Fix released] [01:17] looks like it's fixed for Hardy [01:19] ok so im working on getting a wap setup... iv followed a few guides and am stuck... i can connect to the network, and when i try to ping to the outside world, dns resolves the ip address but no ping [01:19] any ideas? [01:21] is IP forwarding enabled? [01:22] is WAP a wireless access point? if so, do you need to NAT wireless clients (have you got appropriate rules in iptables for this?) [01:23] if dns works but not the ping... ip tables? bridge? [01:23] yes ip fowarding is [01:23] i have these ip table rules.... [01:23] * Deeps hopes he pastebins [01:24] you can dump nice output using iptables-save (if no args specified it outputs on stdout) [01:25] k just a sec [01:26] http://pastebin.com/dbc2e250 [01:29] ok, which is your lan interface, which is your external interface, and is your wireless point a wireless card in your linux machine, or an external wap connected within your lan? [01:30] eth0 is the lan connected to the internet; ath0 is the wap (in this linux machine) [01:30] and eth1? [01:31] actually nm, eth0 always matches first [01:32] from a wireless client, can you ping a) the ip assigned to ath0, b) the ip assigned to eth0? [01:32] i can ping 10.1.1.1 which is the network setup by ath0 [01:32] not 192.168.1.44 the ip address assigned to eth0 [01:34] but when i ping (for example www.google.com); it resolves the ip address, just no return ping [01:34] what's your nameserver ip? [01:34] same as ath0? [01:35] nameserver is 192.168.1.1; the network assigned to eth0 [01:36] what OS on the wireless client? [01:36] ubuntu desktop [01:37] same thing happens with windows though [01:37] tested both [01:37] my thought was that it was possible that dns was being cached from an earlier state [01:38] no, i thought that too, but google has so many different addresses that it changes per each ping almost... [01:38] so i dont know what is stopping me [01:38] what's the output of route -n [01:39] from what you've told me, unless i'm being dense, it should look like: [01:39] 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 [01:39] 10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ath0 [01:39] 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 [01:40] yup [01:40] exactly except on eth0 flags = UG; Metric = 100 [01:41] you dont have any other routes for destination 0.0.0.0? [01:42] ok, double check that "cat /proc/sys/net/ipv4/ip_forward" returns 1 [01:42] and possibly cat /proc/sys/net/ipv4/ip_dynaddr" also returns 1, if your WAN ip isn't static [01:43] 2nd command returns 0 [01:43] 1st command returns 0 [01:44] ok, if the 1st returns 0, then that's definately your problem, you dont have IP forwarding enabled (the first thing i asked ;) [01:44] echo 1 > /proc/sys/net/ipv4/ip_forward [01:44] and try your pings again [01:44] hold on a sec, this is what i did to enable it... (i thought i had it on, oops) [01:45] nano /etc/sysctl.conf [01:45] net.ipv4.conf.forwarding=1 [01:46] that'll enable it at startup [01:46] so if you've not rebooted, you still need to enable it now [01:46] either through /proc/sys [01:46] and i restarted... any idea why that didnt work? [01:46] or through calling sysctl [01:47] oh [01:47] oh, that looks like the ipv6 forwarding [01:47] in ipv6, its net.ipv6.conf.forwarding, in ipv4, it's net.ipv4.ip_forward [01:48] although you can do the conf route too, you need to specify the interface(s) you want to enable forwarding on [01:48] minus the .conf and foward instead of fowarding? [01:48] cd /proc/sys/net/ipv4 [01:48] see the files that exist in there [01:49] follows the same hierarchy as the sysctl calls [01:49] i suspect net.ipv4.ip_forward=1 and net.ipv4.conf.all.forwarding=1 both do the same thing [01:50] just a sec, let me see if those changes changes fixed the problem [01:50] if echo 1 > /proc/sys/net/ipv4/ip_forward [01:50] has resolved your problem, then that was definately it [01:52] sure did [01:52] so how do i make those changes permanent? [01:52] cool worked [01:52] modify your /etc/sysctl.conf to contain net.ipv4.ip_forward=1 [01:52] instead of net.ipv4.conf.forwarding=1 [01:52] so how do i make those changes permanent? [01:52] save the file? [01:53] ctrl+x i think, Y, enter [01:53] and thats it? [01:53] pretty much [01:54] with that setup i have for ipconfig, does that allow everything through without any restrictions? im pretty new to ipconfig... [01:54] iptables? [01:55] sorry, yea [01:56] http://pastebin.com/m53f1d0d0 [01:56] i've removed the 'eth1' entries [01:56] i'm not sure what that is, but having a second masquerade rule isn't going to be matched against anyway [01:57] urrr [01:57] mistakes in there [01:57] http://pastebin.com/m5c04e4f9 [01:57] line 19: should be -o ath0 and not -d ath0 [01:58] ic k [01:59] so will those rules allow anything other than port 80 through? [01:59] those rules will allow everything, and log port 80 [01:59] twice [02:00] ahh yea, so i need to delete line 16 also then [02:01] if you only want it logged once, and then the connection dropped: [02:01] http://pastebin.com/pastebin.php?diff=m55773a4e [02:01] i guess [02:02] well i want everything fowarded through so i can use it like it were attached to any other server [02:02] btw, i really appreciate the assistance [02:02] then remove the DROP line [02:02] line 17 [02:03] k [02:03] when dumping traffic, 2 easy ways to do it is with -j DROP or -j REJECT [02:03] DROP silently drops the packets, resulting in a timeout [02:03] REJECT dumps the traffic and responds with an icmp unreachable [02:04] so the other machine knows fairly quickly that the connection cant be made [02:04] ok so when i start closing the ports up to secure it, use one of the two... [02:05] the approach i tend to take is drop all, accept specific ports that i want [02:05] is there a good guide to getting all that setup? [02:06] no idea [02:06] i went from getting a chat like this to google to giving this chat, heh. [02:07] i want everything between the wap --> clients open and then close things off between the server and the internet [02:07] so you just googled all this? [02:07] no, when i was in your position i spent a lot of time on google [02:07] finding and reading guides [02:08] ohh ok [02:08] i was going to say, thats pretty impressive if you did, lol [02:08] hell, i still do, trying to work out routing between multiple links [02:08] so... http://pastebin.com/m5c04e4f9 will allow all the traffic between the wap & client? [02:09] yep [02:10] the best approach is to play around [02:10] worst that can happen is you prevent any traffic from reaching the machine [02:10] sweet... so whats the basics to disabling ports, if lets say i wanted to disable ports on eth0? or even easier to allow just a select number of ports? [02:10] yea [02:10] given that it's local, hook up and keyboard + monitor and undo it [02:11] well you want to drop all traffic coming into eth0 [02:11] but still allow inbound traffic with state related,established, otherwise you wont get any replies from remote machines when you make requests [02:11] (like you've done with clients behind ath0) [02:12] (only it's not forwarding data now, its incoming data to that machine) [02:12] and then to allow specific ports, -I INPUT -p --dport [02:13] so with my iptables now everything is being fowarded to ath0 and skipping eth0? [02:13] eg -I INPUT -p tcp --dport 1000:2000 would allow input to ports 1000-2000 inclusive [02:13] no, if a wireless client requests, say, a webpage [02:14] wifi client [request] -> ath0 -[nat]-> eth0 -> [interweb] [02:14] [interweb responds] -> eth0 -[nat, state related/established]-> ath0 -> wireless client [02:15] [interweb tries to create new connection] -> eth0 -> [if there's a service running on the target port, it handles it, if not, it rejects the request] [02:15] in your current state [02:16] k, so if lets say [client outside network] ---ssh request--> [eth0 responds by default] [02:16] indeed [02:17] in your current setup, anyone able to reach the machine will be able to get a response from ssh [02:18] oh, be careful, if you set a root password on your machine (instead of using sudo), it's worth updating yor /etc/ssh/sshd_config to reflect PermitRootLogin no (defaults to yes) [02:18] your* [02:18] gotcha, so the basics are that if a wireless client makes a request, it can get that specific request back... [02:18] yep. [02:19] so lets say i just want to only allow specific ports period to eth0, which command would i use in iptables? [02:19] 02:11:09 < Deeps> well you want to drop all traffic coming into eth0 [02:20] 02:11:27 < Deeps> but still allow inbound traffic with state related,established, otherwise you wont get any replies from remote machines when you make requests [02:20] 02:11:49 < Deeps> (like you've done with clients behind ath0) [02:20] 02:12:06 < Deeps> (only it's not forwarding data now, its incoming data to that machine) [02:20] 02:12:49 < Deeps> and then to allow specific ports, -I INPUT -p --dport [02:20] ahh ok, i thought that was a little different [02:21] http://pastebin.com/m2439a18e [02:21] things i've changed: your default INPUT policy to REJECT [02:21] added a rule to allow tcp/22 from anywhere [02:22] and allowing all established traffic already back in [02:23] so if i send a request out for something, it all can come back... except for ssh, which can recieve also [02:23] just trying to get this straight [02:23] that said, i dont think you can set polciy to reject [02:24] so you probably wanna change that to DROP [02:24] that's correct [02:24] means ssh can listen for new connections [02:24] while any other random ports cant, they can only listen for established connections already [02:25] will this setup cause any complications if... i run a file server off of that box, just for the wireless clients? [02:25] shouldn't do [02:25] k so change :INPUT REJECT to :INPUT DROP [02:25] yep [02:25] you can dump all of that in a file btw (remove the line numbers) [02:25] and then iptables-restore < /path/to/file [02:25] to have your rules replaced entirely [02:26] iptables-save > /path/to/file to see what the file should look like [02:27] if you don't mind me asking, what are you using your box for? [02:27] which one? [02:27] heh [02:28] most closely matched to you, i've got one routing my adsl connection [02:28] haha [02:28] usb adsl modem, 2 10/100 ethernet nics [02:29] then you set a server behind that? [02:29] no, that is the server [02:30] server has the usb adsl modem plugged into it, so my wan ip presents itself on atm0 [02:30] my local lan is on eth0, and the flat downstairs is on eth1 [02:31] the box doesn't do much eles [02:31] icic, so what kinda servers are you running? [02:31] I know this is slightly off topic but I was wondering if anyone could tell me from your experience which hardware raid has been faster 5 or 10? [02:31] mrtg graphing, simple web serving from there [02:32] nullbnx: got a few boxes online that i used to host services on for friends and family [02:32] currently sitting idle as i cant think of anything to do with them anymore [02:33] lol ic [02:33] well i appreciate the help [02:34] no problem [02:34] * Kamping_Kaiser puts his ubuntu mirror on a diet [02:34] im thinking about putting my removable (usb) hard drive on the server and using samba to share it [02:34] wonder how much room i'll have after this :D [02:34] gl [02:35] any advice? [02:35] guides on how to use samba are on ubuntu.com :) [02:35] haha i know how to do that [02:35] most of the problems you'll encounter have already been resolved on ubuntuforums.org [02:35] i think ill remove all permissions other than read after mounting the hard drive (other than read) so i dont risk someone removing anything [02:39] hmmm oops, xorg crashed on me [02:40] do you need to restart before iptables become active? [02:41] you never need to restart [02:41] unless you've installed a new kernel (and even that has ways around it) [02:42] you can either apply the rules manually, or you can apply the through iptables-restore as i explained earlier [02:42] so the new iptables should be good to go? [02:42] i applied the tables in the .conf, and thats it? [02:42] in which conf? [02:42] iptables.conf [02:42] there's an iptables.conf? [02:43] /etc/iptables.conf [02:43] ok, you've created that yourself [02:43] yea, i was just following a guide [02:44] ok, well then i'd recommend finishing that guide as to how to apply the rules [02:44] if you've used the same format as would be generated by using iptables-save, you can apply the rules with iptables-restore < /etc/iptables.conf [02:47] i found what looks to be a pretty good guide, im going to read a whole bunch... i appreciate the help [02:48] Good plan! A well written guide will do more for you than I can. :) [02:48] you checked out 8.04 yet? [02:49] nope, i dont do well with beta software, barely have the patience for stuff that's considerred stable, heh [02:50] lol [02:50] im just wondering how secure 8.04 will be when it first comes out... [02:50] has me a little worried, i might upgrade my lappy but not the server [02:51] not sure if this usb port is USB 1.1 or 2 :S. deleting 40gb at 40mb/s will take a while [02:51] wouldn't worry about that kind of thing, security is rarely a concern with new releases, stability on the other hand... [02:51] that and the upgrade process [02:52] i kid, ubuntu's been through many upgrade cycles now, i'd expect the gutsy->hardy upgrade to be as smooth as a baby's bottom [02:52] ..within a month of release, at least, heh. [02:52] heh [02:53] yea... do you have any other recommendations for the server security other than iptables n no root ssh [02:53] hah, well i was reading around, seems like they got it well setup bc so many brave souls tried the beta & upgrading [02:54] dont run lots of random daemons that you dont need, if you do run them, have them bind only to interfaces that need them (ie, if it's only that machine, bind to localhost, if it's only for wireless clients, to ath0's ip, etc.) [02:55] have a strong secure password, dont give shell access to anyone you cant trust until you've learnt to harden up the machine [02:55] make sure you apt-get update + upgrade regularly [02:55] dont forget to lock your machine when you're not at it ;) [02:55] dont leave root shells lying around ;) [02:55] lol, i knew #2, 3, 4, 5 [02:55] ill have to look into bind [02:56] bind has 2 meanings [02:56] pretty easy to setup bind? [02:56] bind, the application [02:56] ScottK: you around? [02:56] or binding to interfaces, where an application picks what IPs to accept connections on [02:57] is there a quick and easy way to do that? [02:57] eg, chances are your ssh server is listening for connections on 0.0.0.0:22 (and ::22 if you have ipv6 enabled), ie, all interfaces [02:57] lamont: Yes. [02:57] I'm looking at the delta between 2.5.2-rc{1,2}.... [02:57] however, if you need, say, an snmp daemon, but only for local logging/monitoring purposes, you'd configure it to only listen on 127.0.0.1 (localhost) [02:57] OK. [02:58] each application has it's own configuration file [02:58] ic [02:58] sudo netstat -anp will show you all applications that are running, sockets that they're using, sockets that they're listening on [02:58] if we pulled the warn_if_reject check back into 2.5.1-ubuntu, is it worth separating out the qmgr fix that's there as well? [02:59] my life would be easier if Wietse just released 2.5.2 [02:59] lamont: I don't know. I was aware of the warn if reject one because it was discussed on the ML. [02:59] * ScottK just got back into down and just downloaded 1749 new mails. [02:59] heh [03:01] deeps, well iv only got ssh and named available to all..., so prolly not a huge problem [03:01] lamont: Without looking, I'd say upload the RC and we'll deal with it. [03:01] deeps, prolly don't need named to the outside either [03:01] lamont: Then if it's not released before we do, just SRU to the final. [03:01] I really don't want an RC in the LTS... [03:02] the alternative is to upload a 2.5.1 that happens to have a few backported fixes. [03:02] bzr commit -m'[LJ, trivial] dist-upgrade' [03:02] my favorite commit ever [03:02] Yeah, and then if 2.5.2 happens to make it, we go with it, if not, oh well. [03:03] * lamont will stare at the diff en toto, and then maybe poke you again in a bit. [03:03] K [03:08] what would be the purpose of running a dns server on a home server? === thesyko is now known as lilsyko [03:09] nullbnx: learning [03:09] Nafallo, haha other than that... [03:10] nullbnx: and well... the "because I can" thing is usually a strong one as well :-) [03:10] Nafallo, haha, so no real use running named in a network that looks like this... [03:11] nullbnx: well... caching would be good I guess :-) [03:11] depends on if you use to go to the same addresses a ot. [03:11] lot even [03:12] [internet] <---> [dsl modem] <----> [ubunut server (home network) w/ named] <----> [wireless clients] [03:12] (named was installed during installation by accident and im debating shutting it down [03:12] ) [03:13] :-P [03:14] from my lan: [03:14] chocha.truman.lan has address 192.168.1.49 [03:14] 49.1.168.192.in-addr.arpa domain name pointer chocha.truman.lan. [03:14] forward and reverse dns created automatically by dhcpd when it assigns the client's IP [03:14] reverse dns is almost entirely asthetic, forward proves useful if i want to connect to another machine, e.g. one not using NetBIOS [03:15] can connect to it's name rather than trying to work out it's ip [03:15] yea, so no real point... [03:16] i have dhcp set up also, and that takes care of everything internally [03:18] what does bind9 do? [03:20] dns [03:20] what you're calling named [03:20] (that's the user it runs as ) [03:21] ok thats what i thought, how do stop it from starting during boot? [03:21] i know i can stop it by /etc/init.d/bind9 stop [03:29] update-rc.d [03:29] update-rc.d -f bind9 remove [03:32] can you setup wpa on a wap? [03:32] i dont see why not [03:33] hopefully this works... [03:35] hello? [03:36] heyt [03:36] hello I am having trouble with an Ubuntu mysql server [03:37] I am getting a "cannot connect to remote server" error upon attempting to connect remotely to it [03:37] I can ping it and access it locally, but not remotely [03:37] there is no firewaill between the 2 LAN'd machines [03:37] any suggestions? [03:38] do you connect through a cable/dsl modem/router? [03:38] no, they are on a LAN [03:38] TCP/IP, same subnet [03:39] can ping each other [03:39] and your sure that you dont have iptables (the default ubuntu firewall) blocking you? [03:39] no, the only firewall is the NAT router itself [03:40] between the servers and the internet [03:40] hmmmm not to sure then.... [03:43] how would i be able to monitor what computers are connecting through my server? [03:44] by IP? try netstat [03:44] see the man page [03:44] also try snort [03:44] for logging [03:47] thanks =) [03:47] netstat by itself doesnt show it... [03:48] my computer is a access points other pcs connect through, im trying to figure out which pcs (by ip) are connecting [04:49] ScottK: 214933: sounds like 'fix released' to me... :) [04:57] can anyone recommend me a CLI download accelerator that allows you to use http basic authentication? Axel is great apart from that last point... can't find anything on how to to the authentication with it [05:07] Hi, how can I grant sudo access to LDAP users? [05:08] I have Ubuntu with Likewise, and can log in fine, bu must log in as local account to do admin activities. This is inconvenient. [05:08] There must be a way to add some group to sudoers. [05:08] . [05:08] ? [06:29] hello.. how to make ubuntu to fuse two separate networks? === SinTux is now known as Syntux [08:08] moin [09:06] anyone had any experience with IRC proxys? [09:06] * Kamping_Kaiser waves [09:06] no i havent, but hello [09:06] lol hiya kamping [09:07] yeah, i'm using U! [09:07] I can't imagine that its that hard to setup... I hope [09:08] n6rej: in which case? [09:08] I don't get though how connecting to the server via SSH would hep? [09:08] like a bouncer or a web-proxy? [09:08] kraut: hiya... yeah bouncer [09:08] n6rej: google: irssi-proxy [09:08] I want the folks on my lan to access IRC via the lan-server [09:08] then it's more a kind of a web-proxy [09:08] then you need squid [09:09] or any other http-proxy. squid isn't the best soloution [09:09] irc over squid? [09:09] kraut: whats the diff between irssi and squid? [09:09] Kamping_Kaiser: sure [09:09] they will be using either chatzilla or some other irc client [09:09] Kamping_Kaiser: nearly every protocol is able to tunnel over a web-proxy [09:09] kraut: its a mixed OS envirorment, NIX, OSX and PC [09:09] n6rej: squid is a http-proxy and irssi-proxy is a proxy module for your irssi client [09:10] n6rej: that's no problem, just have a look on squid [09:10] kk, what is irssi client? IRC? [09:10] just google for it! [09:10] k I will [09:10] kraut, i'm not sure why you'd tunnel something like irc over squid though, its not like you can filter it (past the 'can cant' ACL levels) [09:11] Kamping_Kaiser: irc over http-proxy is like icq over http-proxy. it works! [09:12] kraut: would they use a regular irc client if I use squid? [09:12] kraut, *hm* [09:12] n6rej: yes, you just need to configure your irc-client to use the http-proxy [09:13] kk [09:13] !squid [09:13] Sorry, I don't know anything about squid - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi [09:13] and the http-proxy, in this case squid, need to allow irc from your internal lan. [09:13] it's called ACLs [09:13] ah, ok [09:13] it must be described in their docu [09:13] EOD, need to work [09:27] !irssi [09:27] Irssi is a terminal based IRC client. See https://help.ubuntu.com/community/Irssi for help. [09:30] !squid [09:30] Sorry, I don't know anything about squid - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi [09:30] stupid bot [09:32] kraut: lol yeah. [09:32] kraut: i'm carefully looking everything over... I don't want to proxy EVERYTHING just IRC [09:32] that's also possible with squid [09:33] and I don't want the IRC channel kept open all the time, only when called from the clients [09:33] just have a look on the ACLs [09:33] you could permit only IRC from your internal network with them and disallow anything else [09:33] anyhow, you'll run into the problem, that irc-servers will reject you, when you connect to often from the same ip [09:33] kraut: no thats just it... I don't want it messing with anything but IRC [09:34] ubotu, Squid is an industrial strength web proxy. Its flexability is matched only by the scaryness of its configuration file. [09:34] kraut: I'm on a dynamic ip [09:34] n6rej: you could allow or dissallow everything with the ACLs of squid [09:34] lol yeah I bet [09:34] n6rej: sure, but you've got only one IP for all of your users [09:34] kraut: so squid will act like a firewall right? [09:34] no [09:34] or yes [09:34] kraut: yeah, normally only 1 or 2 of us use the lan at a time [09:34] is a point of voiew [09:35] then it's ok [09:35] just read the squid-docu [09:35] well I have a FW already, I don't want it mucking with any of that lol [09:35] I am [09:35] it's not a firewall, it's a proxy [09:35] a firewall is more a concept and a proxy will fit into such a concept [09:36] well, everything is nat'd and stealthed, even the server. [09:36] stealth is a mystery [09:37] kraut: i love it... tech's try to access my system without permission and they get freaked cause they fall into a black hole. [09:38] then they go uh... ah.. mmm... your computer is off [09:38] LOL [09:38] ... [09:38] as i say, stealth is a mystery [09:38] your tech's are to stupid to understand the mechanism [09:38] kraut: yep. But it keeps me safe. :D [09:38] depends [09:39] first they gotta get through the stealth, then the nat, then onto my systems [09:39] by that time they've left a trail a mile long [09:39] there are still easier ways to get into your system [09:39] ? [09:40] I used to run Engarde on my server... nothing gets through that without permission. [09:40] there is allways a way, believe me [09:40] oh i'm sure.. well.. with Engarde their used to be a 100k reward if you could crack it... nobody ever has that I know of. [09:41] most of the time access is through front-ends not the server stuff [09:41] as far as I know they still use the NSA kernel [09:49] <\sh> guys, did anyone tested latest ubuntu-server iso on vmware, with guided partitioning? grub is failing on vmware (i386) somehow for this... [09:57] <_ruben> \sh: hardy beta jeos with guided worked fine on vmware for me [10:09] \sh: which version of vmware are you talking about? [10:09] \sh: server, ESX, workstation? [10:15] a friend installed hardy ubuntu-server over a remote connection, and at the end it asked if he wanted to install additional software. He chose to install ssh, so it went off and got the ssh packages and installed them, however it also wanted to remove a load of other stuff, which apparently barfed grub up so he had to reinstall again and choose not to install ssh that time [10:16] he says the cd he used was a beta one from march - would this be a known issue _or_ what package should he search for bugs in, or what package should he file bugs against? [10:17] How did he install over a remote connection? [10:17] HP ILO [10:17] Ah. [10:17] *shrug* [10:17] Good answer [10:17] Do you think you could get him to try with a recent CD? [10:18] a daily? [10:18] he used the most recent beta [10:18] It's not inconceivable that after the installer did an apt-get update, it wanted to remove a stack of things due to new dependencies, conflicts, whatever. [10:19] popey: Really? Has it been that long? Hm.. [10:19] he laughs and says that's pretty much exactly what happened, but would have been nice if grub had been left alone so that he at least had a bootable system :) [10:19] 17th march or thereabouts he said [10:19] (the cd release) [10:21] 20080318.1 was the cd he used [10:22] Hm... Well, if it's not too much trouble, if he could try with a daily that would be lovely. [10:22] I'll ask him. Thanks for the quick response. [10:23] Any time :) [10:27] <\sh> nijaba, vmware-server v1.0.3 [10:27] <\sh> _ruben, I used the normal ubuntu-server iso, not the jeos ones [10:27] \me needs to fix his server console to test this... [10:31] <_ruben> \sh: ah, havent played with those .. only hardy jeos guided partitioning and gutsy server custom partitioning [10:33] <\sh> _ruben, well, I'm redoing the installation now, and providing some logs for colin to investigate... [10:41] <_ruben> ah [10:48] <_ruben> hmm .. 48MB/s on linear reads from software raid10 (7200rpm sata) [11:12] ok, i'm really stupid tonight :( [11:12] I can't figure out how to add ctrlproxy to inetd [11:13] the dev said ctrlproxy --inetd but that doesn't seem to do anything that I can see [11:45] n6rej: don't you have just add entry to inetd or xinetd.conf file? [11:45] PecisDarbs: i thought so but its not starting :( [11:45] PecisDarbs: http://pastebin.com/d2141524d [11:47] n6rej: you use inetd or xinetd? [11:47] PecisDarbs: openbsd-inetd [11:51] try to debug it, see what is response when you poke that port [11:51] PecisDarbs: how do you poke a port? [11:54] n6rej: just telnet localhost port_ctrlproxy_uses [11:54] PecisDarbs: got it!... the silly port was declared by ircd [11:54] for example, usually admins test smtp server with telnet mail.example.com 25 [11:54] see? :) [11:55] easy [11:55] PecisDarbs: yeah,... so now I just have to figure out what its talkign to me about :D [11:55] <\sh> _ruben, the bugger was an old iso file, which wasn't overwritten by wget ... grmpf...so nothing's wrong with -server iso *phew* [11:57] <_ruben> \sh: ouch :p [11:57] anyone here how played with BIND DNSSec? [11:58] it's getting me mad, slowly :) [11:58] how/have/s [11:58] * n6rej would love to tie bind to a tree and shoot it! [11:58] why [11:58] he is such a nice fella :) [11:58] hahah :P [11:58] he gives me nightmares lol [11:58] seriously [11:58] what kind of? :) [11:59] yeah [11:59] OMG [11:59] lol [11:59] i'd rather program in VB then touch bind [11:59] usually nighmares with BIND == wrong syntax again, ups [11:59] smells like really spoiled relationship [11:59] PecisDarbs: i think bind is the only process that has given me fits all my *nix life [11:59] yep [12:00] but I started with *nix 5.0 so bind was really nasty then [12:00] no I take that back, there is one worse.... sendmail! [12:00] but it is a past, shouldn't we let it slip away? :) [12:00] lol [12:00] probably... but i'm an old dog [12:01] right now my cage is really rattled lol [12:01] stupid ctrlproxy stopped [12:02] hmmmmmmmmm.... says no configuration found maybe i'd like to run one with --init lol [13:16] anybody nows why Bind on Hardy pratically misbehaves when using DNSSec? [13:18] So marked -->[23:49] ScottK: 214933: sounds like 'fix released' to me... :) [13:19] PecisDarbs: You'll need to give some actual specifics about the problems you're seeing if you want help. [13:19] g'morning ScottK [13:20] dnssec-enable is enabled, ksk un zsk is created, deployed, zone signed and included in configuration, i also configured so dnssec stuff would log in seperate file [13:20] so far so good [13:20] but [13:21] whatever I do, log keeps silent, while normal.log which I created for rest of stuff in same dir grows and grows, so no permission involved, already checked it hundred times [13:21] Heya lamont. [13:22] PecisDarbs: What if you don't configure it to log to a separate file. Is it in the normal log? [13:22] ScottK: no difference, I tried to push dnssec stuff also in normal.log, but nohing appears there, other categories have lot of log material there [13:24] I set permissions to 777 while testing, checked out apparmor settings many times - nothing to cling on [13:24] PecisDarbs: it's probably because of apparmor, take a look at the logging section here: http://doc.ubuntu.com/ubuntu/serverguide/C/dns-troubleshooting.html [13:25] apparmor don't impact network, right? [13:25] PecisDarbs: at least inregards to log information to another file [13:25] if the bind apparmor profile is in enforce mode it will need to be configured for the new log file [13:26] I already did that [13:27] what one or two * means in apparmor conf? [13:27] non-recursive and recursive? [13:29] PecisDarbs: not sure what you mean by two '*'s ? [13:29] /etc/bind/* un /var/cache/bind/** for example [13:30] in /etc/apparmor.d/usr.sbin.named [13:31] PecisDarbs: mmm... mine doesn't have that, one sec while I update [13:31] ok [13:33] \sh: I just installed the latest hardy server x86 iso on vmware server with no issue. Did you use some particular settings? [13:33] \sh: and which iso did you use? [13:34] PecisDarbs: you might also check out this page: https://wiki.ubuntu.com/DebuggingApparmor [13:36] <\sh> nijaba, as I said, it was a problem with an old iso image...because wget doesn't overwrite a file which exists already with the same nam [13:36] <\sh> e [13:36] btw, it is possible that AppArmor blocks BIND DNSSec check? It would be kinda stupid, but.... [13:37] \sh: hmm... I did not see that. anyway, that force me to put my vmware server in a working state, so that time was not lost :) [13:39] PecisDarbs: I wouldn't think so, if it did there would be messages in /var/log/syslog, that should alert you [13:39] yep, I think so too [13:39] damn :( [13:40] ok, let's try aa-complain mode [14:16] what is your opnion about how the upgrader should deal with file overwrite problems? on the desktop we run with --force-overwrite. we don't do this on the server currently assuming the admin might want to know about these sorts of things. is that a sensible/valid decision? [14:17] I'd say so. [14:18] Is there a way to run the upgrader without force-overwrite? [14:20] that is the current default for the server upgrade (no --force-overwrite). there is currently no way to disable it on the desktop [14:20] but the logs will give you hints what packages are wrong [14:22] For future consideration, you might want to have no --force-overwrite as the desktop default for upgrades to the development release. That's when we'd want such problems exposed. [14:24] hm, maybe some middle ground, like a way to collect the overwrite and offer to report bugs about them, but carry on with the upgade [14:28] I think that's reasonable. [14:29] My theory is that we should strive to make the upgrader un-needed. To the extent we can, apt-get dist-upgrade should just work. [14:30] I don't think we'll get there, but it's a direction to head. [14:30] * delcoyote hi [14:42] ScottK: I agree, the less quirks code there is in there, the better. [14:43] So making such problems more obvious to people who upgrade prior to release (or maybe prior to RC) is a good thing. [15:20] hey [15:21] i just plugged in my USB to Serial Adapter: http://pastebin.ca/987395 [15:21] i used to came up as /dev/ttyUSB1 on my other linux boxes [15:21] any idea where i can find that device? [15:27] how are you hard drivers show as, ie hda, sda, etc... [15:28] huh? [15:28] serial, not usb memory [15:28] spiekey: check the output of dmesg [15:29] tail /var/log/dmesg - it should usually show you if it registered the device and where [15:29] faulkes-: have a look at my pastebin ;) [15:36] ah! Stupid USB Hub! :P === JaxxMaxx__ is now known as JaxxMaxx_ === JaxxMaxx__ is now known as JaxxMaxx_ === JaxxMaxx__ is now known as JaxxMaxx_ [15:58] is the 8.04 thats essentially available now [15:58] same thing that will be on the 8.04 iso's in 9 days? its essentially official, but just not by the "countdown logo" rofl [16:00] ? [16:00] ccvp: Changes are still being uploaded, but the difference between today and the final are likely to be small, but significant at least for the packages that are changed. === JaxxMaxx__ is now known as JaxxMaxx_ [16:01] im wondering if its something to not [16:01] really worry about [16:01] so i dont waste putting 7.10 on a vmware now [16:01] and then just rm'ing it later, to do 8.04 [16:03] I'm running 8.04 on several serves now and it's fine for me. No guarantees. No reason your couldn't upgrade the vmware image rather than redoing it, is there? [16:05] hello, after installing vmware on XP, what type of settings do I need to do to vmwar workstatio n6, so when ubuntu is booted in it, it will yank a host address, off of our 192.168.1.0/24 [16:05] oops [16:13] ccvp: if you need ubuntu to grab a network ip address it would have to be setup as NAT [16:13] ok === mathiaz_ is now known as mathiaz [16:33] jcastro: Hi - I'm thinking about running an Server Team introduction session during the UbuntuOpenWeek - what about Tuesday at 19:00 UTC ? [16:38] mathiaz: that sounds excellent [16:38] mathiaz: anything else in mind? [16:38] mathiaz: plenty of slots left, so we could do as many as you want. [16:39] jcastro: well - I though about doing something on virtualization [16:39] jcastro: and how to use virtualization to do development work [16:39] that sounds great too [16:39] I would love to see a ufw one as well, since it's new [16:39] jcastro: what's the target audience of the Ubuntu Open Week ? [16:40] jcastro: I'll update the wiki page with a session of the Server Team then [16:40] mathiaz: same as always [16:40] mathiaz: if you want to have multiple sessions of the same topic, you can do that as well [16:40] there is plenty of room and the people who are only available during certain days are already scheduled [16:40] jcastro: right - and the always is ??? [16:41] jcastro: in february, it was named Ubuntu Developer Week [16:41] jcastro: and it's Ubuntu Open Week [16:41] jcastro: so I guess it's targeted at potential contributor [16:41] this is a normal open week, not a developer week [16:41] right [16:41] and users. [16:41] developer week was specifically for potential developers, open week is for everyone on any topic [16:42] so user-oriented sessions are welcome [16:55] maybe how to setup kvm [16:58] mathiaz: mind if I move you an hour later for the intro, celso would like to do PPAs right after 'merging packages' [16:59] jcastro: wfm [16:59] ta === JaxxMaxx__ is now known as JaxxMaxx_ [17:30] I was in the middle of an apt-get upgrade and SSH timed out, is there way to view the status? [17:38] !raid [17:38] Tips and tricks for RAID and LVM can be found on https://help.ubuntu.com/community/RaidConfigurationHowto and http://www.tldp.org/HOWTO/LVM-HOWTO - For software RAID, see https://help.ubuntu.com/community/FakeRaidHowto [17:38] !recover [17:38] Some tools to recover lost data are listed and explained at https://help.ubuntu.com/community/DataRecovery - Recovering deleted files on !ext3 filesystems can be virtually impossible, although a method that might work in some cases is described at http://www.xs4all.nl/~carlo17/howto/undelete_ext3.html [17:38] !raidrecover [17:38] Sorry, I don't know anything about raidrecover - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi [17:38] grr [17:38] is there any quick howto, to recover a disk in a raid1 array? [17:40] !rebuild [17:40] Sorry, I don't know anything about rebuild - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi [17:46] nobody here or what!? [18:00] Gah, so bad, in here thrice now... [18:01] How would I go about using CVS to grab the latest source files for a particular package? trying to upgrade freeradius to 2.0.3 but the download .gz has something wrong in the changelog file, can't make a package with dpkg-buildpackage [18:02] the mailing list says the problem is in one line of the changelog file, and fixed in CVS [18:04] JaxxMaxx_: nobody will help you here, just feel safe and leave the channel... [18:06] mathiaz: is winbindd no longer part of the samba server tasksel? [18:06] sommer: it was yesterday [18:06] sommer: it is part of the iso check, and I found it when I check samba install [18:07] hrmm... I did pgrep winbindd, and didn't find it [18:07] sommer: I belive I did the same. let me check, I still have the vm [18:07] woops, false alarm... I actaully typed pgrep windbindd [18:08] there's no such thing as windbind :) [18:08] sommer: to tell you the truth, I did do the same mistake yesterday :) [18:08] the worste part is I mistyped it twice... doh [18:11] kraut: not sure if this helps, but it may point you in the right direction: http://currents.soest.hawaii.edu/docs/doc/ubuntu_docs/thirdparty_html/ubuntu_raid.html [18:12] * sommer has been meaning to learn software raid1 and friends [18:13] sommer: nijaba: FYI there are new isos to tests [18:13] mathiaz: why? did we change anything? [18:13] mathiaz: does the iso.qu.u.c take a little longer to update? [18:13] that's a pretty negative attitude, kraut. having a tough problem that's stumping these folks? [18:14] apparently iso.q.u.c has been updated yet [18:14] nijaba: sommer see #u-d [18:14] nijaba: sommer I've just asked about this [18:14] mathiaz: ah, party [18:16] mathiaz: can you summarize I was not on that channel and I think I missed the best part of it [18:16] mathiaz: or /msg paste [18:16] I synced at about 8:45am, do you know when it was released? [18:17] or, actually I can check the md5 [18:17] nijaba: slangasek is going to update iso.qa.u.c [18:17] nijaba: the isos were rebuilt earlier today and iso.qa.u.c wasn't updated [18:19] mathiaz: ok, thanks. Updating my isos [18:19] mathiaz: cool, I've been testing 20080416, but logged my tests under 20080415 [18:35] blargh. hurray for dpkg-buildpackage. this thing has dozens of dependancies... [18:39] I am trying to set up a new Ubuntu server to act as a webserver, and I'll be using it in conjunction with dyndns. Is there anyone who is able to help me set up the mailserver, or perhaps point me to a link that will help? [18:42] Lucutious: postfix is pretty easy to setup, here's a link to the server guide: http://doc.ubuntu.com/ubuntu/serverguide/C/email-services.html [18:47] how do I get screen to show me the scrollback? [18:49] pg-up? [18:53] hi there! [18:54] I want to use Apache2 under Ubuntu with IPv6 [18:54] e.g. I just want to access localhost via http://[::1]/ [18:54] how may I do that under Ubuntu? [18:54] it seems to be deactivated :-( [19:00] have you installed apache? [19:00] yes [19:00] ;) [19:00] http://localhost/ is working normally [19:00] but http://[::1]/ not [19:01] how's your /etc/hosts ? [19:01] just fine [19:01] one line for 127.0.0.1 localhost [19:02] look at your logs then. it is working [19:02] ping6 ip6-localhost does work normally [19:04] hmm, no unnormal log entries [19:04] wget can't connect, too [19:05] you have somethin with http://localhost? [19:05] yes [19:05] what have you doneafter installing apache then? [19:05] oh, moment - Apache2 not running ;) [19:06] but the behaviour was as before [19:07] hmm - it runs now [19:07] seems my server was down all the time I tested [19:07] amazing [19:07] at least, thanks for your attention ;) [19:08] ok, I have detected the problem now [19:09] http://ip6-localhost/ does work, but http://[::1]/ does not [19:09] not logical [19:10] is it still running? [19:10] yes [19:10] what's the entry in E/tc/hosts for ::1 ? [19:11] ::1 ip6-localhost ip6-loopback [19:11] funnily, a "ping ip6-loopback" does work [19:11] exactly? no * in fron or else? [19:11] no [19:11] and "ping6 ip6-localhost" too [19:13] what's the error message for http://[::1) [19:13] Ok, I'm feeling kind of stupid. This is my first time using any type of OS other than windows, but I catch on fairly quickly. I installed ubuntu server, and now I come up with a prompt. What I was told, is that I could remotely administer the system, like from my other computer, to install things such as SMF or other stuff [19:13] Is there anyone that can assist a newbie? I've been reading the documentation, but I fear either I'm making it too hard, or it's out of my grasp. [19:14] Lucutious: SMF? you can ssh into your server [19:14] and that's from a telnet connection, or do I need a seperate ssh application? [19:14] blue-frog_: using "wget http://[::1]" the output is "Connection refused." [19:14] Lucutious: the other waty is to install the desktop and control it vian vnc. [19:15] http://[::1] does what in firefox? [19:15] connection refused ;) [19:15] a desktop sure would be nice, I wasn't quite prepared for a command prompt type system, thought it would at least have some sort of gui [19:15] have you fiddled with the apache conf? [19:16] maybe a bit, yes [19:16] I have some VirtualHosts [19:16] the funny thing is: [19:17] Lucutious: command prompt is command prompt, if your computer has an internet connection, then sudo apt-get install ubuntu-desktop will get you GUI === mvo_ is now known as mvo [19:17] if I insert "Listen [::1]:80" into /etc/apache2/ports.conf and restart Apache2, I get the following error: [19:18] Syntax error on line 1 of /etc/apache2/ports.conf: [19:18] Listen setup failed [19:19] is this normal? [19:24] I am downloading Ubuntu 7.10 server to test it in an emulator [19:25] * faulkes- grumbles at the igb driver [19:32] anyone play with the quad-ethernet intel cards before? [19:32] igb module [19:35] blue-frog_: Sorry for the delay, had to step away. I issued that command you gave me, but it tells me that I'm not in the sudoers file, and that the incident is being reported. [19:37] hey all [19:37] is there a way to disable getting updates or scanning the mirror during installation? [19:38] Lucutious: what user have you created during installation? [19:39] the username is mike [19:39] maxownz: if you presse escape you may have the entire installation menu and you may ve able to skip update/scanning that way [19:40] Lucutious: is the one you are logged wiht now? [19:40] Yes. [19:40] well if you are not in the sudoers, ther's nothing you can do [19:40] at least, I think so [19:41] do you remember if you were asked for a root password then ? [19:41] I booted the machine and it came up with a login prompt. I used mike and the password I created, and this is where I'm at [19:41] Ohh yes, I have a root password as well - can you tell me how to log off mike so I can try as root? [19:42] su [19:42] lucutious you sure you have installed ubuntu? [19:44] blue-frog_: isn't there a way to disable my network card so it'll skip it altogether? [19:44] my first answer is yes I'm sure but now I'm not so sure. Liek I said it's my first time doing anything other than windows. I got the 7.10 somethign server version, burned the iso, checkeed the md3 checksum, and booted and ran the setup [19:44] marcreichelt: it must be something you changed when doing your virtual hosts. I have a default apache installation and it connects to [::1] [19:44] it rebooted, and this is where I'm at. I'm going to reboot so I'm at a clear screen, it's entirely possible i fubar'd something [19:45] hmm, okay [19:45] maxownz: not sure but I think that when I tried without a card it tried as well. [19:46] Lucutious: no need to reboot, you 're not in windows [19:46] Ok [19:46] type su and press enter [19:46] and by the way, i sincerely appreciate your help blue-frog_ [19:46] enter your root password [19:47] Hmm says my password is incorrect. I bet I somehow mis-typed it when i installed [19:47] type groups [19:48] says: [19:48] mike adm dialout cdrom floppy audio dip video plugdev scanner lpadmin [19:49] Lucutious: somehow your install is borched [19:49] I'd bet a dollar it was user error :-) [19:50] ok, so let me ask this... Do i need to use the server version, or do you thing the regular version would work? [19:50] use the regular version and then install whatever server program you want [19:51] does the regular version come with the LAMP set? [19:51] no [19:51] but it is nothing to install [19:51] buggar, so I'll have to install them individually [19:51] nothing for you, learning process for me :-) - but [19:51] that's a good thing [19:52] Lucutious: it's as easy as your abc [19:52] with ubuntu gui (gnome desktop) comes a GUI apps installer programm (synaptic) [19:53] Awesome, I'm going to burn that regular version now so I can get the install going. You mind if I stay here and ask you if I run into snags that I can't fix? (I really do use google and other search tools before asking) [19:53] one thing before you move an ear [19:53] Shoot [19:53] do you have internet connection on this p right now? [19:53] pc [19:54] yes [19:54] reboot this pc in recovery mode ( I assume your are talking from another pc? [19:54] it's behind a router right now though, dunno if you'll be able to get in [19:54] ya [19:54] I will not get in [19:54] you will work [19:54] if i did ALT + CTL + F2 during the installation and got this shell how do i get out of it and back to the GUI installer? [19:55] F1? [19:55] i type EXIT and then it just shoots me back to "Please press Enter to activate this console" [19:55] or F4 try them all up to 7 [19:55] i want to deactivate this console [19:55] hmm now it has me logged in as root [19:56] mathiaz: will you chair the server meeting tonight? I was wondering if I can add a agenda item. the IS team brought it up, I wonder if we should run the upgrader with --force-overwrite in server mode or not. currently we don't and the upgrade will fail on file-overwrite problems. on the desktop we do run with --force-overwrite [19:56] dunno if you have network up Lucutious. try ping grc.com [19:56] got a good ping [19:57] good [19:57] maxownz: hit alt+f1 to go back to the installer [19:57] sommer: THANK YOU [19:57] lol how do you stop it - again, used to the windows 4-pings thing [19:57] maxownz: np [19:57] Lucutious: cat /etc/sudoers [19:57] i'm trying to no scan the mirrors [19:57] takes forever since i don't have an internet connection [19:57] i was trying to open the shell and turn off my etho1 [19:58] ctrl c Lucutious [19:59] blue-frog_: Thanks. Ok I did that, I believe it spit out the contents of the sudoers file [19:59] juste the end [19:59] down in the user privledge specification, mike is not listed - only root [19:59] do you have %admin ALL... [19:59] no [19:59] says [19:59] root ALL=(ALL) ALL [20:00] yes somehow your install is weird. nevermind we'll fix it [20:00] and that's it [20:00] Lucutious: onward to install a desktop [20:00] apt-get install ubuntu-desktop [20:01] ok, following those prompts now [20:02] blue-frog_: can you copy me the default apache.conf and the default VirtualHost configuration please? [20:04] marcreichelt: /usr/share/doc/apache2.2-common/examples/apache2/apache2.conf.gz [20:05] oh, thanks :) [20:07] hmm, this is not the default configuration [20:08] mvo: I will chair the meeting - please add your item to https://wiki.ubuntu.com/ServerTeam/Meeting and I'll make sure we discuss it :) [20:09] marcreichelt: are yuo using this server in prod right now§? [20:10] no ;) [20:10] but my real server (on Debian) works with IPv6 [20:10] I mean locally [20:11] marcreichelt: remove the conf files and sudo apt-get install --reinstall apache2 [20:11] mathiaz: great, thanks [20:11] mathiaz: added [20:11] okay [20:12] Lucutious: where you at? [20:15] blue-frog_it's downloading still [20:15] Says 15m left [20:15] ctrl z [20:16] bg %1 [20:16] like this it is continuing in the background [20:16] blue-frog_: this does not work [20:17] marcreichelt: what does not work? [20:17] the config files are not reinstalled [20:17] marcreichelt: sudo apt-get remove --purge apache2 [20:17] marcreichelt: then sudo apt-get install apache2 [20:18] Lucutious: you have the prompt now? [20:18] nothing ;) [20:18] apache2 is a meta package [20:19] maybe apache2-common [20:19] marcreichelt: oh yes ok common and/or prefork/mpmworker [20:20] blue-frog_ no, it went back to downloading, but now it only says 2 minutes kleft [20:20] left* [20:20] marcreichelt: dpkg -l apa* will tell you what is installed [20:21] bandwith really fluctuating from 200k to 2 meg or so [20:21] Lucutious: ctrl Z then bg %1 went back to downloading ? [20:22] yes. I'll try again [20:22] wait - it's donw downloading lol [20:22] preconfiguring packages [20:23] i think it's just sitting, no prompt [20:24] Lucutious: yes just tried myself, it does not what it should do with apt-get [20:24] ctrl alt F2 gives you another prompt then? [20:25] no ctrl alt f2 cleared the screen [20:25] it's another console [20:26] ohh [20:26] getent group | grep admin [20:26] just a blinking cursor >< [20:26] typed it, pressed enter, still just blinking [20:26] addgroup -system admin [20:27] blue-frog_: no, connection refused [20:27] it's not the Apache :-/ [20:27] marcreichelt: sorry really don't knw what to do for you [20:27] :-( [20:28] blue-frog_ I've typed what you said, but ever since the ctrl alt f2 it's just a blinking curser, blank screen [20:28] Lucutious: addgroup -system admin done? (adding a system group -id lower than 1000- named admin) [20:28] ok good [20:29] Yes I typed that, but like I said it's just a blinbking curser on a blank screen [20:29] usermod -aG admin mike (adding mike to newly created admin group) [20:30] ok typed that [20:30] visudo [20:30] can't see what I'm typing either [20:30] now at the end of that file, you will add [20:31] blue-frog_ I can't see anything buddy [20:31] what do you mean can't see? [20:31] It's just a blank screen, with blinking curser in upper left hand side. I type, and it changes nothing. [20:31] it's been that way ever since you had me ctrl alt f2 [20:31] ah [20:32] thought you had a prompt, not only ther cursor [20:32] nope, just blinking cursor [20:32] ctrl alt F then, we will wait [20:32] F1 [20:33] ok [20:37] * faulkes- slams head against desk [20:41] blue-frog_: thanks for your help [20:42] ty but I did nothing in the end. [20:43] I think the problem will be gone when I install Kubuntu 8.04 ;) [20:44] marcreichelt: ah possibly as I am talking to you from hardy. didn't think about that before you mention it [20:44] Ok blue-frog_ it says [1] STOPPED [20:44] and I'm back to a command prompt [20:44] Lucutious: ok try bg %1 [20:46] [1] STOPPED apt-get install ubuntu-desktop [20:47] i assume that means it's done installing [20:47] no [20:47] we interrupted the process with ctrl z [20:47] bg %1 is supposed to make it run in background [20:48] but apparently apt-get is a bit weird with all that [20:48] type jobs [20:48] ahh [20:48] [1] STOPPED apt-get install ubuntu-desktop [20:49] type bg (alone) [20:50] [1]+ apt-get install ubuntu-desktop & [20:50] [1]+ STOPPED apt-get install ubuntu-desktop [20:50] fg [20:51] to try to make it run in foreground [20:51] now it's spamming my screen [20:51] good [20:51] I suppose it's finishing installing [20:51] we're going to let it go like that then, try ctrl alt F2, you might have a decent prompt now [20:52] kk [20:52] nope, blank screen blinking cursor again [20:52] well might be ony one tty in recovery mode.. going to try with a virtual machine to see [20:53] ctrl alt F1 then [20:53] kk [20:54] Lucutious: sorry about that, yes indeed only one tty in recovery mode [21:03] hrmm, wednesday [21:04] meeting in an hour? [21:05] faulkes-: yes [21:06] blue-frog_: My friend, I need to thank you for all your help thus far. It seems it's still installing, and my son just got home and informed me he lost his glasses. Gotta love 6-year olds, I have to go look for them [21:06] I'll probably return, but again, Thank you for everything === blue-frog__ is now known as blue-frog [21:07] Lucutious: http://pastebin.com/d1d24408d [21:07] mathiaz: guess I better send my alcohol engineer out for "office supplies" then [21:08] Lucutious: the installation of ubuntu-desktop might as well have created the admin group by the way [21:08] Awesome, I'll keep that up for when I return. I'll re-post so you can see, think your client was ghosted. [21:08] blue-frog_: My friend, I need to thank you for all your help thus far. It seems it's still installing, and my son just got home and informed me he lost his glasses. Gotta love 6-year olds, I have to go look for them [21:08] I'll probably return, but again, Thank you for everything [21:09] will be in bed by then :) [21:10] Lucutious: if in trouble, download 8.04 alternate and install from there [21:12] blue-frog - setup finished, back at command prompt - how do I start the gui then? [21:12] (wife still getting dressed) [21:12] reboot to be on the safe side (eventhough init 2 should do the trick) [21:13] does anyone is specting problems with gmail's imap? [21:13] Lucutious: btw re boot is reboot on command line :) [21:25] hello [22:28] ok so im trying to setup my wap (which works perfectly) to have a wep encryption... im trying to use wpa, but i cant seem to get my /etc/network/interfaces configed correctly [22:29] anyone on with any experience? [22:37] hello [22:43] hi, i've access to a server via ssh, i needed php 5.2.3 and since it was running edgy i upgraded it to gutsy, tre upgrade process complained about update-grub missing, so i installed grub package [22:44] Steven: how did you upgrade to gutsy? wich commands? [22:44] (the machine was using lilo as bootloader), then i installed grub, and now it isn't booting anymore [22:44] Steven: also you need to go edgy>feisty>gutsy, noet edgy>gutsy [22:44] something similar to do-upgrade-... [22:44] apt-get upgrade [22:44] or [22:44] sergevn: yes i've done two updates [22:45] apt-get dist-upgrade [22:45] major difference [22:45] neither [22:45] Steven: you need to get back to where you can boot your machine [22:46] that's more of a general #ubuntu problem than one specific to #ubuntu-server [22:46] there are lots more people in #ubuntu than here [22:46] balzac: wait a sec :P [22:46] hi, what's the best irc server app? [22:46] i see ircd, ircd-hybrid, ircru, and bahamut [22:47] upgraded with sudo do-release-upgrade, the server does not boot anymore, but i can boot with a rescue cd the housing company provide, now i need to install lilo again.. can you help me? [22:47] I'm a newbie [22:47] dlee: irssi or xchat [22:47] but you'll find more action in #ubuntu [22:48] sergevn: server, not client [22:48] dlee: sorry, it's late :) [22:48] I'd use whatever freenode is using [22:48] balzac: how do you find out? [22:48] well, I suppose each server is different, correct? [22:48] lemme google [22:48] Is somebody using OpenVZ and agrees on bug 218411? [22:48] Launchpad bug 218411 in vzctl "DEF_OSTEMPLATE should be Ubuntu" [Wishlist,New] https://launchpad.net/bugs/218411 [22:50] http://www.ircd-hybrid.org/ <--- most popular irc server on efnet... [22:51] http://freenode.net/hyperion.shtml [22:52] dlee, that should be it right there [22:52] balzac: thanks [22:53] you can find dancer-ircd in the ubuntu repositories [22:53] hyperion is forked from that, so it's probably close enough [22:53] i'm using hardy heron, btw [22:53] not sure about your version and repositories [22:54] sergevn: can you help me, please? [22:55] balzac: i'll be using hardy or gutsy [22:55] well, you can see dancer is forked from hybrid, hyperion is forked from dancer [22:55] not sure which one is really most widely used but freenode is hyperion [22:57] I'm trying to figure out ebox [22:57] It's a struggle so far [22:57] balzac: what's ebox? [22:58] ebox is the new interface for networking services [22:58] it should be an integral part of ubuntu server soon [22:58] you can configure squid and firewall rules [22:58] http://ebox-platform.com/installation-guide/ [22:59] looks good for securing an ubuntu server [22:59] Steven: yeah sure [22:59] Steven: lets switch to #ubuntu [22:59] but networking can't be simplified very much. it's a struggle because I'm not a networking guy. [23:00] there's no action at all in #ebox or #squid [23:00] ubuntu-server is pretty quiet [23:01] balzac: That would be because we were all just in a meeting :) [23:01] what was on the agenda? [23:02] balzac: https://wiki.ubuntu.com/ServerTeam/Meeting [23:02] hopefully, making things easier for a newb [23:02] balzac: Actually we were making sure you have a distribution to boot in a fortnight or so :) [23:02] cool [23:05] is there a seperate bug tracker for server variant or should I just post it in the main bug tracker? [23:14] Cahan: Post it in the normal bug tracker. [23:15] kk [23:30] Is there any voice -chat help available for me to get this box running? [23:30] Even if I have to pay [23:30] Like phone, ventrilo, something [23:33] Lucutious: both free and paid help are described at http://www.ubuntu.com/support [23:41] using linux,i have some friends sharing my internet. i have 30k vacant and 3 friends. is there a way that i define the combine band limit for 3 users combined as 30 k . not 10k for each. that way if 2 are online they can share 15k each. and if all 3 are online. they will be spreaded 10k each in managed behaviour. any way.i have a dlink switch. and in futer i may take a fourth one and give him a dedicated 20k limit alone. so i need control?c@ [23:42] Lucutious: see also ebox [23:42] !ebox [23:42] ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See the plans for Hardy at https://wiki.ubuntu.com/EboxSpec [23:43] Lucutious: though you would want to use that on hardy (now in beta) not gutsy... [23:47] !ebox [23:47] ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See the plans for Hardy at https://wiki.ubuntu.com/EboxSpec [23:51] using linux,i have some friends sharing my internet. i have 30k vacant and 3 friends. is there a way that i define the combine band limit for 3 users combined as 30 k . not 10k for each. that way if 2 are online they can share 15k each. and if all 3 are online. they will be spreaded 10k each in managed behaviour. any way.i have a dlink switch. and in futer i may take a fourth one and give him a dedicated 20k limit alone. so i need control? [23:55] user1: sounds more like a question for the maker of your dlink switch, since any bandwidth shaping would be done there, unless you want to make a linux box into a switch [23:55] I told him the same thing in ubntu+1 [23:56] nealmcb ya. but is it possible in linux? [23:56] everything is possible in linux :-) but you'd want to find the right channel - this is for servers, not networks [23:57] nealmcb: ubuntu servers can be used as primitive network routers too, y'know ;-) [23:57] nealmcb Tuv0k by wondershaper or ebox. or any other, what i have in mind is 30k for 3 users. if all are online 10k is given to each. if 2 are online 15k to each. 1 then 30k to him. and other 4th user gets 20k seperat dedi bandwidth.. how can i do it? [23:57] !spam [23:57] Unsure how you should behave on this channel? See (in a private message with the bot, /msg ubotu ): !AskTheBot, !CoC, !Guidelines, !Offtopic, !Language, !Attitude, !Repeat, !Enter, !Paste, !NickSpam, !PM, !English - And most importantly, use common sense... [23:57] user1: You'll want to read through the information in http://lartc.org/ [23:58] user1: You wont find anyone in here willing to write your configuration for you, but if you read through the information available at that site, and understand how it works, you'll be able to write your own rules in no time. :-) [23:58] great link