/srv/irclogs.ubuntu.com/2008/08/01/#ubuntu-server.txt

kirklandjdstrand: auth-client-config question00:31
=== freaky[t] is now known as fReAkY[t]
RoAkSoAxhey guys has anyone of you set up an active/passive config using heartbeat in HH ?01:12
=== emgent_ is now known as emgent
kinemaIs there a standard way of loading iptables rules in Ubuntu?03:08
ScottKkinema: See the ufw package.03:08
ScottKIt provides some basic standard settings for such.03:08
ScottKPersonally I have a shell script I like.03:09
kinemaHmmm....denying all traffic when logged in via ssh isn't the smartest thing I've done today.03:21
ScottKTrust me, you aren't the first one to do that.03:23
unewbi1:)03:24
kinemaWhat are the chances there is a decent Ubuntuish script or set of scripts for managing a firewall somewhere online that I could look at?03:30
kinemaThere's something I find unsettling about ufw.03:33
* hads likes firehol03:34
ScottKkinema: If you find problems about ufw, please file bugs.03:38
* ScottK likes /sh, but probably not what you're after.03:39
kinemaScottK: I'm going to give ufw a chance.03:39
kinemaWe'll see.03:39
kinemaOf course I'll file bugs if necessary.03:40
ScottKOK, but please file bugs.  It is actively developed within the Ubuntu Server team, so it's worth doing.03:40
kinemaScottK: Would I be correct in assuming that rules are inserted into the various tabes/chains as soon as command is executed?03:41
ScottKkinema: I'm not sure, as I've mentioned, I don't use it, but it's the recommended approach in Ubuntu Server for people who don't roll their own.03:42
kinemaThanks.03:42
ScottKMaybe jdstrand is around and can answer.03:45
kinemaI thought about it and the fact that running "sudo ufw default deny" killed my ssh connection shows that rules are inserted immediately.03:47
timboyI just upgraded my hard drive and I can't resize my partition with my livecd... I can resize my swap just fine but can't do anything with my / partition. can someone give me a hand?03:51
ScottKkinema: So I make a bug based on your experience.  See Bug 253840.03:53
uvirtbotLaunchpad bug 253840 in ufw "ufw should detect if the command being given will cut off SSH access and warn if the user is connected via SSH." [Wishlist,New] https://launchpad.net/bugs/25384003:53
ScottKlamont: Ping.04:10
lamonteep04:10
ScottKlamont: Remember my proposed script for adding stuff to master.cf?04:10
lamontyeah04:10
lamontwere you expanding that to also do chroot vs non-chroot?04:10
ScottKBall's in your court.  What do you think?04:10
ScottKThere's a couple more I'd like to add, but I was hoping for some feedback on the first one?04:11
ScottKI'd figured on doing add policy server next as it's very similar to add smtpd listener.04:11
lamontah, ok04:11
* lamont goes looking04:11
ScottKThen chroot/unchroot.04:11
lamontattached to the bug report, yes?04:12
ScottKIIRC.04:12
lamontwell, it wasn't in my  email... :-)04:12
* lamont looks on L{04:12
lamontLP evenb04:12
lamontbug 24733204:12
uvirtbotLaunchpad bug 247332 in postfix "Please add a script to allow filter services to be programatically added to master.cf" [Wishlist,In progress] https://launchpad.net/bugs/24733204:12
ScottKYeah.  In Bug 24733204:13
ScottKHeh.04:13
ScottKTrust me I understand L followed by unprintable characters because you're cursing.04:14
lamontheh04:14
lamont'twould be nice if USAGE were a function, just to have it not evaluate every run - but that's a nit04:15
lamontand very minor grumbles about you making me update debian/copyright04:15
lamontcould you pretty please pick one of the standard licenses, and name it?04:16
ScottKOK.04:16
lamontI don't care if it's the postfix license, or another non-conflicting one04:16
* ScottK tries to remember04:16
ScottKThat's MIT license.04:16
lamontand I think PEP-8 (?) or somewhere wants imports to be one per line04:17
lamontor such04:17
lamontOTOH, you're much closer to PEP-8 that most of my stuff before I started paying attention to it under threat of pain04:17
lamontI also tend to make a function called __main__ or such and just say if __name__ == '__main__': \n __main__()04:18
lamontwhich gives me something I can call when I'm playing with python -i and such04:18
ScottKRight.04:19
ScottKI looked and PEP-8 says one per line.04:19
lamontso general feedback would be PEP-8 conformance, the muttering about main() and USAGE, and otherwise a handwavy "looks at least not-unreasonable, if not just plain reasonable, +1"04:20
lamontand is shutil all the rage these days?  /me hasn't ever used it04:21
lamontwhile understanding that it may be the new hotness and I'm not. :)04:21
ScottKOK.  The one functional shortcut that it takes that might be an excessive one is it just assumes if the name of the smtpd you want setup appears anywhere in master.cf it's a bad idea.04:21
ScottKThe shutil usage is a result of, "Gee, never had to do that before, let's see what the shiny new edition of Python in a Nutshell has to say about it."04:22
ScottKHonestly I don't want to go to the effort to make it smart enough to do the case where it has to find out if it's a duplicative service name or something else.04:23
ScottKMaybe I just add MIT to common-licenses and make it easy.04:23
lamontanywhere as in anywhere? or anywhere as first token?04:24
ScottKAnywhere like it parses line by line through your master.cf and if it finds the string you gave as your desired service name it says no thanks.04:25
ScottKAnd stops.04:25
ScottKFor a helper script like this I think it's better to bail out in the face of any uncertainty that to try to be to smart about it.04:25
ScottKThe use case I'm thinking about it you don't want to run it twice by accident and end up adding the same service two times in master.cf.04:26
lamontScottK: makes sense05:55
=== kinema_ is now known as kinema
kinemaAny ufw people here?06:46
=== `6og is now known as Kamping_Kaiser
kaushalhi07:47
krautmoin08:07
kaushalhi08:40
kaushalI did apt-cdrom add and that got listed in /etc/apt/sources.list08:40
kaushalbut when i try to add apache2 it gets from Internet08:41
kaushaland not from Cdrom08:41
elnewbHow much more RAM would I need to add a GUI (fluxbox or GNOME) to ubuntu server?08:53
MenZaThat would depend on how much you have now :P08:54
elnewb384MB (It's a really old Dell)08:55
_rubenkaushal: then you need to disable the internet repositories in that file09:03
kaushalok09:04
elnewbhow do i install fluxbox?  I tried with this "sudo apt-get install fluxbox x-window-system-core xdm"09:13
MenZa384mb ram should run even a light Gnome setup decently09:14
elnewbok09:21
thefishhello09:55
thefishanyone here use a free landscape alternative for updating multiple servers? i would like to eliminate the need to spend hours ssh'ing into boxes to update them...09:56
_rubenwe're using an in-house developed script with a cvs backend10:01
_rubenfar from perfect, but it does its job quite ok10:01
thefish_ruben: cool, get updates from cvs?10:02
_rubenthefish: the script does a cvs up every 10 mins .. and symlinks the files into place (which is one big downside of it, not all files can be 'replaced' with symlinks (chroots, sudoers file, etc))10:04
thefishaah ok, fair enough10:04
_rubenwriting a replacement for it is on my todo list, along with a gazillion other things :-/10:04
thefishi was thinking of something closer to landscape, which will use dpkg on the client with a package10:05
thefishhehe i know the feeling10:05
_rubenits a rather common one ;)10:06
thefishim spending more and more time on just apt-get upgradeing - got to have a better way!10:22
thefishredhat/fedora now has free spacewalk10:23
thefishwhich is similar to landscape, but free as in beer as well as speech10:23
_rubenthefish: oh, you're talking package management .. i was referring to configuration management .. package managment is smth i do by hand still (and far from as often as i should)10:32
thefish_ruben: for configs, have you tried puppet? http://www.howtoforge.com/installing_puppet_on_ubuntu10:35
thefishive not tried, but it looks quite powerful10:35
uvirtbotNew bug: #253910 in samba (main) "package winbind 2:3.2.0-4ubuntu2 failed to install/upgrade: subprocess post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/25391011:20
_rubenthefish: dont know it, so: no ;)11:38
=== RainCT is now known as RainCT_
lchhi11:52
lchI'm having problems setting up the server on my PC, installation goes fine, but when I reboot I get a segfault after Grub initiates booting11:52
lchI got the suggestion to use a generic kernel, how can I do that?11:52
lchI have installed linux-image-2.6.24-19-generic via apt now11:55
lchI suppose I need to get the kernel modules, too?11:55
Kamping_Kaiserrequired modules should be pulled in automatically11:56
lchwhy can't I use "admin" as an account name?12:19
lchdebian had no trouble with that12:19
lchwhat is it that Ubuntu needs this name for?12:19
Kamping_Kaiserwhat sort of error do you have?12:19
lchit doesn't let me create a user with account name "admin" during installation12:20
lchclaiming that it's used by the system12:20
lchor reserved12:20
Kamping_Kaiserthe group name is in use12:20
Deepssounds like an installer bug12:21
Kamping_Kaisernot sure i agree tbh12:23
lchI'm using "administrator" as a substitute, but that's kinda unnecessarily long12:24
Koonlch: you can rename it afterwards12:24
Koonlch: the installer probably tries to create a user and group with the name you provide, and the admin group is already taken12:24
lchyup12:25
Deepsthats what id susecpt too12:30
Deepsas i was able to create a user admin as long as i specified a group for it to go into12:30
Deepshense being an installer bug if it's simply claiming the username is in use/reserved by the system12:39
=== lch_ is now known as lch
=== fReAkY[t] is now known as freaky[t]
lchwhy is python installed automatically?14:49
lchis it needed?14:49
lchsame question regarding perl14:49
sommerlch: yes14:50
lchwhat is it used for?14:50
sommerlots of things... I believe apt needs perl and I'm sure there are multiple apps that need python14:51
lchI know that in Gentoo, the system things are programmed in Python14:51
sommerdon't quote me on the apt thing, but basically they're installed as dependencies14:53
sommerand probably most admins would want them :)14:53
maswanand some system stuff is written in it14:54
maswango check out file * |grep python in, say, /usr/sbin14:54
maswanand the same for perl14:54
maswanI'm sure you can recognise some core component14:54
ScottKIn Ubuntu Python and Perl are both part of the required set of packages.14:55
ScottKJust to pick one thing for Python the LSB standard functions for init scripts is written in Python.14:55
lchhmm14:57
lchI need to shrink my installation, though14:57
lchI already threw ppp over board because I don't need it, I'll do the same with the wireless and wpa stuff14:57
lchanything else I can throw out?14:58
zulkirkland: bad bad15:00
jdstrandzul: in your nut work (that sounds a bit odd...) have you come across anything about tripplite UPSs not reporting their battery/line power properly?15:09
maswanlch: /usr/share/doc ? :)15:10
maswanlch: a bunch of kernel modules?15:10
jdstrandzul: specifically, they toggle 'on battery' to 'on line power' and back frequently15:10
lchyeah, about that... I installed linux-generic because my system wouldn't boot otherwise15:10
lchbut it's a hefty 125 MB15:11
zuljdstrand: yeah it does sound a bit odd, its suppose to be fixed in intrepid I think but I havent backported the patch to hardy yet15:12
jdstrandzul: oh excellent15:12
jdstrandit is mighty annoying, and you have an eager tester :)15:13
zuljdstrand: nifty are you running intrepid yet?15:13
jdstrandzul: no, this is a production hardy machine15:14
=== RainCT_ is now known as RainCT
zuljdstrand: ah ok...15:14
jdstrandzul: I don't mind recompiling on hardy though15:14
lchmaswan, so assuming I don't plan to change my hardware at all for the forseeable future, I suppose I can delete all the kernel modules that aren't in use at the moment? right or wrong?15:14
jdstrandzul: or testing an SRU15:14
zuljdstrand: I could probably backport it for hardy15:14
zulie: stick it in my ppa15:15
lchI have 62M avail :(15:15
zuljdstrand: but please open a bug in launchpad as well and I can see about getting a patch as well15:16
jdstrandzul: I'm going to recompile intrepid's version on hardy, and let you know how it goes15:17
zuljdstrand: sounds good15:17
kirklandzul: bad bad, what?15:42
zulkirkland: there was a typo in the winbind.init script for samba-3.215:43
zulbut it happens15:43
Koonmathiaz: about tomcat6, I've written a spec to describe the implementation options I followed (Tomcat6StackSpec). One question is related to the webapp framework, or how we expect it to be15:54
mathiazKoon: I think that is a very good question15:55
Koonmathiaz: are we aiming to install all webapps in a common folder ? Or have some kind of registry to point the future webapp framework to the applications wherever they appear to be ?15:55
mathiazKoon: hm - I've been thinking about that lately - I'm thinking about a kind of registery15:56
mathiazKoon: where you'd install a webapp pkg in /usr/share15:56
mathiazKoon: and then deploy it in /var/www, or /var/lib/tomcat6/webapps15:56
mathiazKoon: the way you do with the sample apps in a postinst15:57
mathiazKoon: it would be similar to the way dpkg operates15:57
mathiazKoon: but all this is still a bit fuzzy right now15:58
Koonmathiaz: so where should I install the tomcat6 webapps ? Note that most of them are tied to tomcat615:58
Koon(tomcat6-admin and tomcat6-docs)15:58
Koon(one may consider the -examples as being usable on another servlet/jsp container)15:59
chmacI've got two machines on a network, but only 1 has permission to access the internet. The two can talk to each other though.15:59
chmacWhat's the easiest way to give the second one access to the internet via the first?15:59
chmacHost a VPN server?16:00
Koonmathiaz: in a common /usr/share/webapps directory ? or leave them under /usr/share/tomcat6/webapps and let the future registering thing handle them there ?16:00
chmacCreate a virtual interface and then ip masquerade?16:00
chmacAny suggestions?16:00
\shChipzz: NAT16:00
\shsorry16:01
\shchmac: NAT16:01
chmacchmac: Create a virtual interface and then nat the second machine through the first?16:01
\shchmac: use two interfaces16:01
jdstrandzul: unfortunately nut 2.2.2-6ubuntu1 doesn't fix it16:01
chmacHahaha, I'm talking to myself, DOH! \sh that was for you ^^16:01
\shtwo real nics16:01
chmac\sh: I don't have two nics available unfortunately16:01
\shchmac: if you can't ifconfig eth0:1 192.168.1.1 (or whatever rfc priv addr) and then add some -t nat -A POSTROUTING magic16:02
zuljdstrand: crap can you open a bug in launchpad and I can forward it upstream16:03
chmac\sh: Ahh, I can create a virtual interface just with ifconfig eth0:1 can I? Or will I need to create that first in /etc/network/interfaces ?16:03
jdstrandzul: I sure will16:03
chmacMy /etc/network/interfaces file doesn't list eth0 currently, it only lists lo and ppp016:03
\shchmac: oh...the real way to do it is through /etc/network/interfaces (auto eth0:1 \n iface eth0:1 inet static...)16:03
chmac\sh: Ok, I found a howto on that, thanks :)16:04
zuljdstrand: thanks16:04
jason__I16:09
jason__I'm not sure how to ask a question here, so I'll just do it.16:10
jason__I acedentaly changed the grounps for my main user to just its own group and www-data. Without sudo how can I add the admin and other groups back?16:10
sommerjason__: do you have another admin user on the box?  if not you'll need to boot into recovery mode which will allow you to re-add the groups16:11
* ScottK stops typing because sommer already said it better.16:12
sommer:)16:12
jason__no, thats the only user, how do I boot into recovery mode, I've never done it before16:12
sommerjason__: just reboot and from the grub menu there should be a "recovery" option16:13
sommerjason__: I forget the actual verbage, but it should be the one after the current kernel16:13
jason__I only have the one install and I dont see a grub loader like when I reboot my laptop with multiple partions. How can I force the grub loader?16:14
sommerjason__: press escape right before booting a message should flash with a 3 second counter16:14
jason__ok, thanks16:14
jason__I'll give it a try16:15
jason__once I boot in recovery I just need to type  "sudo usermod -G username,adm,uucp,dialout,cdrom,floppy,audio,dip,video,plugdev,scanner,netdev,lpadmin,powerdev,admin username"16:16
jason__is there any other groups to concider?16:16
billoutre_hello16:17
kirklanddendrobates: mathiaz: fyi, I posted to debian-devel last night, asking for permission to do mass bug filing on the init script status actions16:17
ScottKjason__: In the recovery console you'll be root, so no sudo needed.16:18
jason__I guess that should have be obvious16:18
ScottKOnce you're there the prompt will be #, so yes.16:19
=== edmoore_ is now known as edmoore
jason__I'm going to my server room (bedroom closet) to give this a try, any more groups to add?16:19
ScottKAs long as you get admin, iirc, you can fix the rest later.16:20
jason__ok, thanks alot, be back later.. and be fixed I hope16:20
Koonmathiaz: got to go now, please comment on the Tomcat6StackSpec directly with the location you prefer for Tomcat6 webapps.16:29
jdstrandzul: bug #25399916:37
uvirtbotLaunchpad bug 253999 in nut "nut with Tripplite UPS fills logs and console with "on battery" and "on line power" messages" [Undecided,New] https://launchpad.net/bugs/25399916:37
zuljdstrand: thansk16:37
jdstrandnp16:37
uvirtbotNew bug: #253993 in samba (main) "/etc/init.d/winbind has a parse error" [Undecided,Confirmed] https://launchpad.net/bugs/25399316:51
uvirtbotNew bug: #253999 in nut (universe) "nut with Tripplite UPS fills logs and console with "on battery" and "on line power" messages" [Undecided,New] https://launchpad.net/bugs/25399916:51
uvirtbotNew bug: #249878 in openldap2.3 (main) "CVE-2008-2952: BER Decoding Remote DoS Vulnerability" [Medium,Fix released] https://launchpad.net/bugs/24987816:56
kirklandzul: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/25399316:58
uvirtbotLaunchpad bug 253993 in samba "/etc/init.d/winbind has a parse error" [Undecided,Confirmed]16:58
kirklandzul: can you sponsor?16:58
edmoorehow is a server cpu different? if I'm building a headless box, should I avoid commodity intel core 2 type stuff?16:59
zulkirkland: already fixed16:59
zul3.2.0-4ubuntu3 was uploaded this morning16:59
kirklandzul: oh, thanks, you fixed it?17:03
zulyep17:03
kirklandzul: is there another bug?17:03
kirklandzul: should this one be a duplicate?17:03
zulit should be a duplicate17:03
kirklandjdstrand: can you take a look at https://bugs.launchpad.net/bugs/25381617:16
uvirtbotLaunchpad bug 253816 in ecryptfs-utils "pam_ecryptfs needs to be added to the common-password stack by auth-client-config" [Medium,Triaged]17:16
kirklandjdstrand: i needed to add ecryptfs to the pam password stack, to rewrap your password if you change your login password17:17
edmoorecan you run different sized drives in raid1? so say i have a pair of 250GB hdds, and in 3 years time one of them falls over, do I have to replace it with a 250gb hdd, or can i get a much larger one?17:18
jdstrandkirkland: oh so this is just a change to the ecryptfs-utils acc-profile? yeah, no problem. I assume you have tested the profile and it works in all cases? I was kinda surprised to not see 'use_first_pass'...17:21
kirklandjdstrand: actually, that's part of what i wanted you to take a look at that17:21
kirklandjdstrand: i'm actually not sure where in the stack it belongs17:22
kirklandjdstrand: and if "required" is correct17:22
jdstrandkirkland: well, it depends on what you want17:25
jdstrandwhat you have will prompt for the password via pam_unix, if it fails, end pam processing17:26
jdstrandif it succeeds, do the smbpass thing17:26
kirklandjdstrand: okay, so if a user's password change is successful, we're going to use the old password to unwrap the mount passphrase, and re-wrap it with the new password17:26
kirklandjdstrand: this should only run if the full password change is successful17:26
jdstrandthen ecryptfs-- which prompts theuser again, and if that fails, then pam fails17:26
kirklandjdstrand: i tested it, and it did work in my one simple, direct test case17:27
jdstrandyou were prompted twice-- correct?17:27
jdstrand(eg pam_unix and pam_ecryptfs)17:27
jdstrandkirkland: does pam_ecryptfs support 'use_first_pass'?17:28
kirklandjdstrand: lemme check....17:29
kirklandjdstrand: grep turns up no hits to that string in the pam_ecryptfs source code17:29
jdstrandkirkland: I haven't done pam programming, but it seems clear that the best user experience is to get the password from pam_unix via 'use_first_pass' and send that to pam_ecryptfs17:31
jdstrandkirkland: I wonder if it will just get that by linking into libpam.so.0 and libpam_misc.so.0?17:34
jdstrand(which it does)17:34
kirklandjdstrand: that's possible17:34
kirklandjdstrand: i don't see any references in the pam_ecryptfs source code, but it *works*17:35
jdstrandkirkland: so this time you aren't prompted twice?17:35
kirklandjdstrand: right, i'm not prompted twice17:36
jdstrandkirkland: good-- the last bit is 'required'17:36
jdstrandhold on...17:36
jdstrandkirkland: do you think it is reasonable that the whole operation fail if ecryptfs fails for some reasn?17:41
jdstrandkirkland: I am thinking particularly about password expiration17:41
kirklandjdstrand: well, people's data will not be immediately accessible, if their login password changes, but their wrap passphrase doesn't17:42
jdstrandkirkland: when might this operation fail? if the passwords are out of sync certainly, any other times?17:43
jdstrandkirkland: and does pam_ecryptfs output a helpful message in the case of failure?17:44
kirklandjdstrand: i'm trying to think of what failure might occur17:45
jdstrandkirkland: what if the user just delete ~/Confidential (or whatever it's called these days)?17:45
kirklandjdstrand: ah, right, ~/.ecryptfs/wrapped-passphrase17:46
kirklandjdstrand: if that disappears17:46
jdstrandkirkland: what if $HOME is nfs/smb mounted and is unavailable?17:46
jdstrandkirkland: I didn't actually think about this before, but it seems that in auth it's required, but in session it's optional17:48
kirklandjdstrand: yeah, i'm not sure about that either...  sadly, i'm not a PAM expert17:49
jdstrandkirkland: that sounds wrong-- in case the user delete ~/.ecryptfs, *boom* no login17:49
jdstrandkirkland: np-- I think optional is the way to go for all of them. it'll work when it's supposed to, and fail gracefully17:50
kirklandjdstrand: yeah, that does sound better17:50
jdstrandkirkland: it will require testing though, in various failure modes17:50
jdstrands/modes/situations/17:50
kirklandjdstrand: i'll do some testing here, and resubmit the patch17:51
jdstrandkirkland: excellent! :)17:51
* delcoyote hi17:55
RainCTWhy does "dpkg-reconfigure slapd" ask for an organization name, if it isn't used for anything?19:07
sommeranyone know if there is a way to restrict "sudo bash"?19:23
Deepsafaik you can restrict what commands can be run by sudo19:24
Deepsman sudoers would know more19:24
sommerDeeps: heh, true thanks19:24
Deepshappy to help :)19:25
stiv2kDoes anyone here use ddclient? It's not updating my ***** IP address19:51
egoleois not dd19:52
egoleois dhclient19:52
egoleoi gues19:52
stiv2kegoleo: No, it's ddclient I'm talking about19:52
egoleooh ok19:52
egoleosorry19:52
egoleonever used that19:53
Deeps Description: Update IP addresses at dynamic DNS services19:53
stiv2kDeeps: It just isn't updating.  I can't figure out why... it used to though19:53
Deepsdont use it either, sorry19:53
* stiv2k drop kicks his server.19:53
egoleohow do i upgrade ubuntu server 6.04 to 8.04 server19:54
=== kraut_ is now known as kraut
egoleoany link plse19:54
=== kwa is now known as K-Mile
keeswinbind status has a typo and is making it uninstallable.20:05
K-MileHi folks, I am having difficulty with network connectivity using 2 interfaces on an server running in VMware Server (both Ubuntu 7.04). Either LAN works, WAN works, or neither. I can't figure out if the host or the guest drops the connections. VMware (bridged networking) should not get in the way, right?20:05
keeskirkland: ^^ (winbind)20:06
kirklandkees: it's fixed20:06
keeskirkland: ah, okay, I just got unlucky.  :)20:06
kirklandkees: needs to be sync'd out20:06
kirklandkees: yeah, sorry20:06
keeskirkland: np :)20:06
bamedK-Mile: I know this is a dumb question, but just to make sure, your WAN and LAN aren't on the same subnet are they?20:07
K-Milebamed: no, both are on a different router, different IP ranges, and I can connect from LAN using either the public or the local IP address..20:08
K-Milebut the setup is shaky, since I had some trouble with conflicting DNS settings provided.. they are both on DHCP, that might not be an optimal solution..20:09
K-Milethe reason I want the two interfaces is that I want to expose Apache and SSH to the world, but they rely on LDAP authentication to a local server in the LAN20:11
bamedVMWare creates a couple of virtual NIC's; make sure those subnets don't conflict with anything, I've seen the vmnet interface cause routing problems in such cases20:12
K-Milethanks.. just found out that my VMware died on me... expired beta it seems20:13
K-Milewhy do they timebomb that thing?!20:13
K-Milewill check those vmnet interfaces though20:14
K-Milethe vmware server has 2 default gateways..20:16
_rubenthey timebomb it so ppl wont end up using beta stuff for ages when better (more) final versions are out20:16
K-Mileyeah, figured that out.. I remember how hard it was getting this thing running, so I feel reluctant to go through that again :/20:17
K-Milecould be me though...20:17
_rubenvmware server 2 is easier to setup than vmware server 1 actually20:18
_rubensince ubuntu 7.10 and 8.04 are actually supported for 2 and not for 120:18
egoleohow can i upgrade from 6.04 to 8.0420:19
egoleoserver20:19
Deeps6.04? o_O20:19
egoleo620:20
egoleoserver20:20
Deepsoh, dapper20:20
egoleoyeah20:20
egoleois that possible20:20
_rubenfirst hit of google: http://www.ubuntu.com/getubuntu/upgrading20:20
egoleois the server20:20
egoleook20:20
K-Mile_ruben: is there a package for VMware, or is it just a install from src from VMware?20:23
K-Milebinary from VMware I mean20:24
bamedbinary vrom VMware is the only way I know to, and it won't run without some tweaking to your system, but there's some good info in the wiki20:27
bameds/vrom/from20:27
egoleohey guys anyone running exim mail server?20:27
egoleoi am receiving all sort of junk mails and also getting my IP been blocked all the time20:28
egoleoany help on that20:28
K-Milebamed:  thanks.. will take a while before I can get to those networking issues ;)20:28
K-Milevmnets are in different subnets btw20:28
bamedif you're wanting data from the WAN to be passed to the LAN then make sure net.ipv4.ip_forward = 020:29
bamedI mean = 120:29
K-Milebamed: no, I don't want to route from WAN to LAN.. I just want to expose some services over WAN20:32
K-MileI could try just to enable the WAN interface on the guest OS20:34
K-Milebut I need apache to authenticate with LDAP in the LAN..20:34
uvirtbotNew bug: #254053 in samba (main) "[intrepid] winbind /etc/init.d/winbind error during upgrade" [Undecided,New] https://launchpad.net/bugs/25405320:36
_rubenK-Mile: the binary package provided by vmare for server 2 (rc1) installs just fine on ubuntu 8.0420:43
K-MileHmm.. I've got Feisty AFAIK20:43
_rubenfor 7.04 and 7.10 there's an ubuntu package for server 1 in the partner repo20:43
_rubenhavent tried server on feisty myself20:44
_rubenbut it is support by vmware iirc20:44
K-Mileyeah, I know, but I already run server 2, so I can't really downgrade20:44
K-Milewill try the binary package20:44
K-Milefrom VMware20:45
K-Milecould the fact that I have 2 default gateways on the host interfere with WAN access to the guest OS?20:45
_rubenit ougta be pretty painless .. except for you having install a package or two from the ubuntu repos (like a compiler and some libs)20:46
_ruben2 default gateways is asking for troubles, unless configured 'perfectly'20:46
K-Milethey probably aren't ;-)20:46
_rubengotta go for now .. might be back in a bit20:46
K-Milewill set the wan interface to static20:46
K-Milek, thanks so far!20:46
=== freaky[t] is now known as fReAkY[t]
=== fReAkY[t] is now known as freaky[t]
Deepshaha21:02
Deepscomparing debian testing with ubuntu hardy21:02
Deepsapt-get --help21:02
Deepsdebian: autoremove - Remove automatically all unused packages21:02
Deepsubuntu: autoremove - Remove all automatic unused packages21:02
Deepsbrilliant21:02
ograDeeps, and the fun stuff is that its the same maintainer :)21:05
Deepslmao21:05
ograhardy was frozen way before lenny though ... that explains why the fix is in debian testing, unstable and intrepid21:08
Deepssafe21:09
K-Milethat21:10
K-Milethat's weird.. the second time my server freezes while working on the network settinga21:10
K-Milea=s21:10
K-Milegot one ssh session still going, two died on me, as well as the local terminal21:11
K-Mileand calling ifconfig also screwed my last session :(21:13
K-MileI expected the SSH session to go when I reset my networking, not the entire system EXCEPT the SSH session..21:14
_rubenssh usualy survives a network restart, unless an ip change is involved21:19
K-Mileyeah, but two out of three died, as well as the box itself...21:19
K-Milenum-lock does not even respond.. cant switch to different terminal with alt-Fx21:20
K-MileI really don;t like hard-resetting the box two times in a row...21:21
_rubenstrange21:24
K-Mileyeah..21:24
K-Mileits an almost new dell poweredge.. so far no issues.. except today when I unplugged a network cable, same thing happened21:25
_rubenhmm .. scary21:28
K-Mileyeah21:29
K-Miledoes respond to SysReq combinations..21:29
K-Milerebooted..21:29
K-Milehttp://xkcd.com/349/21:34
K-MileWhat started out as an attempt to expose Apache over WAN, got me reinstalling VMware and now checking my systems memory and filesystem because of system freezes..21:34
K-Mileone of those nights.. ;-)21:34
hocminDoes ubuntu support installs on a headless server?  If so, are there any guides?22:25
hocminNo one knows?22:31
kirklandhocmin: sure22:33
K-Milewhat are you going to use your server for?22:33
kirklandhocmin: can you elaborate?22:33
hocminkirkland: bought a ibm eserver.  I'd like to install ubuntu server on it22:33
hocminkirkland: what other information do you need?22:34
f11f12does anyone use anjuta?22:34
kirklandhocmin: and you don't have a monitor hooked up to it?22:34
hocminK-Mile: simple web server, file server, maybe e-mail if I'm feeling adventurous22:34
hocminkirkland: right, no monitor22:35
K-Milewell, almost everything can be done using SSH, only during installation you'd need to hook up peripherals22:36
hadsTraditionally you'd just find a monitor to hook up while you are installing.22:36
hocminK-Mile, so then ubuntu does not support a headless install22:36
hocminok22:36
K-MileI'm not sure if you can install it without22:36
K-Milelive CD22:36
K-Mile's don't have a root password set22:37
hocminactually, I need to find some sort of c2t/vga adapter, but ok22:37
K-Mileso that makes external access a bit tricky22:37
hocminthanks for the info22:37
f11f12hocmin: is the serial port an option?22:37
K-Milemaybe use a KVM switch?22:37
hocminf11f12: there is a serial port.  What can I do with that?22:37
hocmin(9 pin if it matters)22:37
f11f12hocmin: pass this kernel option (in grub): console=ttyS1,9600 console=tty022:37
hocminf11f12: how do I pass kernel option on a headless box?22:38
K-Mileyou could create a live cd with the correct settings22:38
K-Mileand boot it up and install from there22:38
f11f12hocmin: better this one: console=ttyS0,960022:38
f11f12hocmin: you will have to make a special CD for it or boot once with a keyboard/screen22:39
hocminok, never done this before, but I can look for a guide.  I'm assuming this is pretty easy thing?22:42
f11f12hocmin: if you remove the graphics adapter form the machine, it might not boot, depending on your bios, a VGA Card is maybe mandatoty (you get beep codes)22:42
hocminI don't think I got a beep code when I booted it22:43
f11f12hocmin: http://tldp.org/HOWTO/Remote-Serial-Console-HOWTO/index.html22:43
hocminit's possible I bought a server that's lacking parts to run, but I think that's a little unlikely22:43
hocminok cool22:43
hocminI'll read up on that guide and try to connect to the server22:43
f11f12hocmin: did you detach the speaker too? ;-)22:44
hocminI haven't detached anything22:44
hocminI just bought the thing22:44
hadsFinding a monitor to use for an hour or so might be easier :)22:45
hocminit's not the monitor22:45
hocminit's getting an adapter for it22:45
hocminno vga port22:45
hadsNo adapter at all? How odd.22:45
K-Milewhat kind of server is it?22:46
K-Mileyou just bought it?22:46
hocminibm eserver 33522:47
hocminit's got c2t22:47
hocminhad to look that up22:47
hocminand it's got serial22:47
K-Mileyou'd need an IBM kvm switch for that22:47
f11f12hocmin: if it is a server w/o vga card, then it usually responds on the serial console, my siemens board does it.22:47
* hocmin dies a little inside22:48
hocminf11f12, yeah that is sounding like my best option22:48
hocminf11f12, I'll read the guide on making my own live CD, how to work on serial, and then give it my best shot22:48
K-Milegood luck with that ;-)22:48
hocminthanks22:50
K-Mileah crap, somebody shoot me...22:50
K-Milei downloaded the 32bit version of VMware22:50
K-Mileand I'm behind a slow connection :(22:50
K-Mile(and a 64bit box)22:50
f11f12hocmin: you do have a serial (null-modem) cable?  :-)22:53
K-Milejust a quick question while I download a new VMware...22:57
K-Milei have a server with a wan and lan connection22:57
duiuIS there a way to make 'sudo shutdown -h now' to run when I hit the power button?22:58
K-Milei need the DNS lookup of the lan connection, but my preferred gateway is the wan22:58
K-Mileis it a bad idea to mix those up too much?22:58
K-Mileduiu: do you have ACPI23:01
duiuIs that default, I know I don't have APIC?23:01
K-Mileduiu: probably, if you have a modern pc23:02
K-Mileduiu: you could try modifying /etc/acpi/powerbtn.sh23:02
K-Mileduiu: if you have that one23:03
duiuK-Mile: thanks23:03
duiuK-Mile: It's not there23:04
duiuno acpi folder23:05
K-Mileduiu: do you have the /etc/acpi folder?23:05
duiuno23:05
K-Milek23:05
K-Mileand /proc/acpi23:06
K-Mile?23:06
duiu /proc/acpi is there23:07
K-Mileyou could try installing acpi-support23:09
duiuinstalling...23:11
K-Milesee https://help.ubuntu.com/community/SuspendHowto#Event%20Processing23:12
duiuK-Mile: that gave me the folder, thanx23:15
K-Milenp23:16
duiuK-Mile: That did it, thanx again!23:18
K-Milegreat!23:19
duiuI'd help you, but I don't know much about DNS23:19
duiuI mean, resolv.conf23:19
K-Mile:-)23:19
K-Mileyeah, been struggling with getting two interfaces, one LAN, one WAN, to work nicely on a host and VMware guest machine23:20
duiuthere might be a 'force hostname resolution' parameter23:20
duiuyou could try that23:20
kirklandjdstrand: mathiaz: kees: zul: hey, ecryptfs-utils has been promoted to main and pitti asked me to added to a seed.  i put it in the server-ship seed under filesystems.  who can commit this for me?23:33
kirklandhttps://code.launchpad.net/~kirkland/ubuntu-seeds/ubuntu.intrepid23:33
* kees leaves seeds to soren and mathiaz. there are subtlties I'm less aware of.23:34
mathiazkirkland: is there any reason to put it on the cd ?23:39
kirklandmathiaz: i have changes in the pipeline that will make 'adduser' depend on ecryptfs-utils23:39
kirklandmathiaz: which means that ecryptfs-utils would be used in the installation23:40
mathiazkirkland: for intrepid timeframe ?23:40
kirklandmathiaz: yes23:40
kirklandmathiaz: those changes have been on ice until the MIR for ecryptfs-utils got approved23:40
mathiazkirkland: well - if it goes into adduser as a dependency it will pulled into main anyway23:41
kirklandmathiaz: agreed, but in case that adduser change were controversial, i wanted to make sure it was in the server23:42
kirklandjdstrand: you still around?23:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!