kirkland | jdstrand: auth-client-config question | 00:31 |
---|---|---|
=== freaky[t] is now known as fReAkY[t] | ||
RoAkSoAx | hey guys has anyone of you set up an active/passive config using heartbeat in HH ? | 01:12 |
=== emgent_ is now known as emgent | ||
kinema | Is there a standard way of loading iptables rules in Ubuntu? | 03:08 |
ScottK | kinema: See the ufw package. | 03:08 |
ScottK | It provides some basic standard settings for such. | 03:08 |
ScottK | Personally I have a shell script I like. | 03:09 |
kinema | Hmmm....denying all traffic when logged in via ssh isn't the smartest thing I've done today. | 03:21 |
ScottK | Trust me, you aren't the first one to do that. | 03:23 |
unewbi1 | :) | 03:24 |
kinema | What are the chances there is a decent Ubuntuish script or set of scripts for managing a firewall somewhere online that I could look at? | 03:30 |
kinema | There's something I find unsettling about ufw. | 03:33 |
* hads likes firehol | 03:34 | |
ScottK | kinema: If you find problems about ufw, please file bugs. | 03:38 |
* ScottK likes /sh, but probably not what you're after. | 03:39 | |
kinema | ScottK: I'm going to give ufw a chance. | 03:39 |
kinema | We'll see. | 03:39 |
kinema | Of course I'll file bugs if necessary. | 03:40 |
ScottK | OK, but please file bugs. It is actively developed within the Ubuntu Server team, so it's worth doing. | 03:40 |
kinema | ScottK: Would I be correct in assuming that rules are inserted into the various tabes/chains as soon as command is executed? | 03:41 |
ScottK | kinema: I'm not sure, as I've mentioned, I don't use it, but it's the recommended approach in Ubuntu Server for people who don't roll their own. | 03:42 |
kinema | Thanks. | 03:42 |
ScottK | Maybe jdstrand is around and can answer. | 03:45 |
kinema | I thought about it and the fact that running "sudo ufw default deny" killed my ssh connection shows that rules are inserted immediately. | 03:47 |
timboy | I just upgraded my hard drive and I can't resize my partition with my livecd... I can resize my swap just fine but can't do anything with my / partition. can someone give me a hand? | 03:51 |
ScottK | kinema: So I make a bug based on your experience. See Bug 253840. | 03:53 |
uvirtbot | Launchpad bug 253840 in ufw "ufw should detect if the command being given will cut off SSH access and warn if the user is connected via SSH." [Wishlist,New] https://launchpad.net/bugs/253840 | 03:53 |
ScottK | lamont: Ping. | 04:10 |
lamont | eep | 04:10 |
ScottK | lamont: Remember my proposed script for adding stuff to master.cf? | 04:10 |
lamont | yeah | 04:10 |
lamont | were you expanding that to also do chroot vs non-chroot? | 04:10 |
ScottK | Ball's in your court. What do you think? | 04:10 |
ScottK | There's a couple more I'd like to add, but I was hoping for some feedback on the first one? | 04:11 |
ScottK | I'd figured on doing add policy server next as it's very similar to add smtpd listener. | 04:11 |
lamont | ah, ok | 04:11 |
* lamont goes looking | 04:11 | |
ScottK | Then chroot/unchroot. | 04:11 |
lamont | attached to the bug report, yes? | 04:12 |
ScottK | IIRC. | 04:12 |
lamont | well, it wasn't in my email... :-) | 04:12 |
* lamont looks on L{ | 04:12 | |
lamont | LP evenb | 04:12 |
lamont | bug 247332 | 04:12 |
uvirtbot | Launchpad bug 247332 in postfix "Please add a script to allow filter services to be programatically added to master.cf" [Wishlist,In progress] https://launchpad.net/bugs/247332 | 04:12 |
ScottK | Yeah. In Bug 247332 | 04:13 |
ScottK | Heh. | 04:13 |
ScottK | Trust me I understand L followed by unprintable characters because you're cursing. | 04:14 |
lamont | heh | 04:14 |
lamont | 'twould be nice if USAGE were a function, just to have it not evaluate every run - but that's a nit | 04:15 |
lamont | and very minor grumbles about you making me update debian/copyright | 04:15 |
lamont | could you pretty please pick one of the standard licenses, and name it? | 04:16 |
ScottK | OK. | 04:16 |
lamont | I don't care if it's the postfix license, or another non-conflicting one | 04:16 |
* ScottK tries to remember | 04:16 | |
ScottK | That's MIT license. | 04:16 |
lamont | and I think PEP-8 (?) or somewhere wants imports to be one per line | 04:17 |
lamont | or such | 04:17 |
lamont | OTOH, you're much closer to PEP-8 that most of my stuff before I started paying attention to it under threat of pain | 04:17 |
lamont | I also tend to make a function called __main__ or such and just say if __name__ == '__main__': \n __main__() | 04:18 |
lamont | which gives me something I can call when I'm playing with python -i and such | 04:18 |
ScottK | Right. | 04:19 |
ScottK | I looked and PEP-8 says one per line. | 04:19 |
lamont | so general feedback would be PEP-8 conformance, the muttering about main() and USAGE, and otherwise a handwavy "looks at least not-unreasonable, if not just plain reasonable, +1" | 04:20 |
lamont | and is shutil all the rage these days? /me hasn't ever used it | 04:21 |
lamont | while understanding that it may be the new hotness and I'm not. :) | 04:21 |
ScottK | OK. The one functional shortcut that it takes that might be an excessive one is it just assumes if the name of the smtpd you want setup appears anywhere in master.cf it's a bad idea. | 04:21 |
ScottK | The shutil usage is a result of, "Gee, never had to do that before, let's see what the shiny new edition of Python in a Nutshell has to say about it." | 04:22 |
ScottK | Honestly I don't want to go to the effort to make it smart enough to do the case where it has to find out if it's a duplicative service name or something else. | 04:23 |
ScottK | Maybe I just add MIT to common-licenses and make it easy. | 04:23 |
lamont | anywhere as in anywhere? or anywhere as first token? | 04:24 |
ScottK | Anywhere like it parses line by line through your master.cf and if it finds the string you gave as your desired service name it says no thanks. | 04:25 |
ScottK | And stops. | 04:25 |
ScottK | For a helper script like this I think it's better to bail out in the face of any uncertainty that to try to be to smart about it. | 04:25 |
ScottK | The use case I'm thinking about it you don't want to run it twice by accident and end up adding the same service two times in master.cf. | 04:26 |
lamont | ScottK: makes sense | 05:55 |
=== kinema_ is now known as kinema | ||
kinema | Any ufw people here? | 06:46 |
=== `6og is now known as Kamping_Kaiser | ||
kaushal | hi | 07:47 |
kraut | moin | 08:07 |
kaushal | hi | 08:40 |
kaushal | I did apt-cdrom add and that got listed in /etc/apt/sources.list | 08:40 |
kaushal | but when i try to add apache2 it gets from Internet | 08:41 |
kaushal | and not from Cdrom | 08:41 |
elnewb | How much more RAM would I need to add a GUI (fluxbox or GNOME) to ubuntu server? | 08:53 |
MenZa | That would depend on how much you have now :P | 08:54 |
elnewb | 384MB (It's a really old Dell) | 08:55 |
_ruben | kaushal: then you need to disable the internet repositories in that file | 09:03 |
kaushal | ok | 09:04 |
elnewb | how do i install fluxbox? I tried with this "sudo apt-get install fluxbox x-window-system-core xdm" | 09:13 |
MenZa | 384mb ram should run even a light Gnome setup decently | 09:14 |
elnewb | ok | 09:21 |
thefish | hello | 09:55 |
thefish | anyone here use a free landscape alternative for updating multiple servers? i would like to eliminate the need to spend hours ssh'ing into boxes to update them... | 09:56 |
_ruben | we're using an in-house developed script with a cvs backend | 10:01 |
_ruben | far from perfect, but it does its job quite ok | 10:01 |
thefish | _ruben: cool, get updates from cvs? | 10:02 |
_ruben | thefish: the script does a cvs up every 10 mins .. and symlinks the files into place (which is one big downside of it, not all files can be 'replaced' with symlinks (chroots, sudoers file, etc)) | 10:04 |
thefish | aah ok, fair enough | 10:04 |
_ruben | writing a replacement for it is on my todo list, along with a gazillion other things :-/ | 10:04 |
thefish | i was thinking of something closer to landscape, which will use dpkg on the client with a package | 10:05 |
thefish | hehe i know the feeling | 10:05 |
_ruben | its a rather common one ;) | 10:06 |
thefish | im spending more and more time on just apt-get upgradeing - got to have a better way! | 10:22 |
thefish | redhat/fedora now has free spacewalk | 10:23 |
thefish | which is similar to landscape, but free as in beer as well as speech | 10:23 |
_ruben | thefish: oh, you're talking package management .. i was referring to configuration management .. package managment is smth i do by hand still (and far from as often as i should) | 10:32 |
thefish | _ruben: for configs, have you tried puppet? http://www.howtoforge.com/installing_puppet_on_ubuntu | 10:35 |
thefish | ive not tried, but it looks quite powerful | 10:35 |
uvirtbot | New bug: #253910 in samba (main) "package winbind 2:3.2.0-4ubuntu2 failed to install/upgrade: subprocess post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/253910 | 11:20 |
_ruben | thefish: dont know it, so: no ;) | 11:38 |
=== RainCT is now known as RainCT_ | ||
lch | hi | 11:52 |
lch | I'm having problems setting up the server on my PC, installation goes fine, but when I reboot I get a segfault after Grub initiates booting | 11:52 |
lch | I got the suggestion to use a generic kernel, how can I do that? | 11:52 |
lch | I have installed linux-image-2.6.24-19-generic via apt now | 11:55 |
lch | I suppose I need to get the kernel modules, too? | 11:55 |
Kamping_Kaiser | required modules should be pulled in automatically | 11:56 |
lch | why can't I use "admin" as an account name? | 12:19 |
lch | debian had no trouble with that | 12:19 |
lch | what is it that Ubuntu needs this name for? | 12:19 |
Kamping_Kaiser | what sort of error do you have? | 12:19 |
lch | it doesn't let me create a user with account name "admin" during installation | 12:20 |
lch | claiming that it's used by the system | 12:20 |
lch | or reserved | 12:20 |
Kamping_Kaiser | the group name is in use | 12:20 |
Deeps | sounds like an installer bug | 12:21 |
Kamping_Kaiser | not sure i agree tbh | 12:23 |
lch | I'm using "administrator" as a substitute, but that's kinda unnecessarily long | 12:24 |
Koon | lch: you can rename it afterwards | 12:24 |
Koon | lch: the installer probably tries to create a user and group with the name you provide, and the admin group is already taken | 12:24 |
lch | yup | 12:25 |
Deeps | thats what id susecpt too | 12:30 |
Deeps | as i was able to create a user admin as long as i specified a group for it to go into | 12:30 |
Deeps | hense being an installer bug if it's simply claiming the username is in use/reserved by the system | 12:39 |
=== lch_ is now known as lch | ||
=== fReAkY[t] is now known as freaky[t] | ||
lch | why is python installed automatically? | 14:49 |
lch | is it needed? | 14:49 |
lch | same question regarding perl | 14:49 |
sommer | lch: yes | 14:50 |
lch | what is it used for? | 14:50 |
sommer | lots of things... I believe apt needs perl and I'm sure there are multiple apps that need python | 14:51 |
lch | I know that in Gentoo, the system things are programmed in Python | 14:51 |
sommer | don't quote me on the apt thing, but basically they're installed as dependencies | 14:53 |
sommer | and probably most admins would want them :) | 14:53 |
maswan | and some system stuff is written in it | 14:54 |
maswan | go check out file * |grep python in, say, /usr/sbin | 14:54 |
maswan | and the same for perl | 14:54 |
maswan | I'm sure you can recognise some core component | 14:54 |
ScottK | In Ubuntu Python and Perl are both part of the required set of packages. | 14:55 |
ScottK | Just to pick one thing for Python the LSB standard functions for init scripts is written in Python. | 14:55 |
lch | hmm | 14:57 |
lch | I need to shrink my installation, though | 14:57 |
lch | I already threw ppp over board because I don't need it, I'll do the same with the wireless and wpa stuff | 14:57 |
lch | anything else I can throw out? | 14:58 |
zul | kirkland: bad bad | 15:00 |
jdstrand | zul: in your nut work (that sounds a bit odd...) have you come across anything about tripplite UPSs not reporting their battery/line power properly? | 15:09 |
maswan | lch: /usr/share/doc ? :) | 15:10 |
maswan | lch: a bunch of kernel modules? | 15:10 |
jdstrand | zul: specifically, they toggle 'on battery' to 'on line power' and back frequently | 15:10 |
lch | yeah, about that... I installed linux-generic because my system wouldn't boot otherwise | 15:10 |
lch | but it's a hefty 125 MB | 15:11 |
zul | jdstrand: yeah it does sound a bit odd, its suppose to be fixed in intrepid I think but I havent backported the patch to hardy yet | 15:12 |
jdstrand | zul: oh excellent | 15:12 |
jdstrand | it is mighty annoying, and you have an eager tester :) | 15:13 |
zul | jdstrand: nifty are you running intrepid yet? | 15:13 |
jdstrand | zul: no, this is a production hardy machine | 15:14 |
=== RainCT_ is now known as RainCT | ||
zul | jdstrand: ah ok... | 15:14 |
jdstrand | zul: I don't mind recompiling on hardy though | 15:14 |
lch | maswan, so assuming I don't plan to change my hardware at all for the forseeable future, I suppose I can delete all the kernel modules that aren't in use at the moment? right or wrong? | 15:14 |
jdstrand | zul: or testing an SRU | 15:14 |
zul | jdstrand: I could probably backport it for hardy | 15:14 |
zul | ie: stick it in my ppa | 15:15 |
lch | I have 62M avail :( | 15:15 |
zul | jdstrand: but please open a bug in launchpad as well and I can see about getting a patch as well | 15:16 |
jdstrand | zul: I'm going to recompile intrepid's version on hardy, and let you know how it goes | 15:17 |
zul | jdstrand: sounds good | 15:17 |
kirkland | zul: bad bad, what? | 15:42 |
zul | kirkland: there was a typo in the winbind.init script for samba-3.2 | 15:43 |
zul | but it happens | 15:43 |
Koon | mathiaz: about tomcat6, I've written a spec to describe the implementation options I followed (Tomcat6StackSpec). One question is related to the webapp framework, or how we expect it to be | 15:54 |
mathiaz | Koon: I think that is a very good question | 15:55 |
Koon | mathiaz: are we aiming to install all webapps in a common folder ? Or have some kind of registry to point the future webapp framework to the applications wherever they appear to be ? | 15:55 |
mathiaz | Koon: hm - I've been thinking about that lately - I'm thinking about a kind of registery | 15:56 |
mathiaz | Koon: where you'd install a webapp pkg in /usr/share | 15:56 |
mathiaz | Koon: and then deploy it in /var/www, or /var/lib/tomcat6/webapps | 15:56 |
mathiaz | Koon: the way you do with the sample apps in a postinst | 15:57 |
mathiaz | Koon: it would be similar to the way dpkg operates | 15:57 |
mathiaz | Koon: but all this is still a bit fuzzy right now | 15:58 |
Koon | mathiaz: so where should I install the tomcat6 webapps ? Note that most of them are tied to tomcat6 | 15:58 |
Koon | (tomcat6-admin and tomcat6-docs) | 15:58 |
Koon | (one may consider the -examples as being usable on another servlet/jsp container) | 15:59 |
chmac | I've got two machines on a network, but only 1 has permission to access the internet. The two can talk to each other though. | 15:59 |
chmac | What's the easiest way to give the second one access to the internet via the first? | 15:59 |
chmac | Host a VPN server? | 16:00 |
Koon | mathiaz: in a common /usr/share/webapps directory ? or leave them under /usr/share/tomcat6/webapps and let the future registering thing handle them there ? | 16:00 |
chmac | Create a virtual interface and then ip masquerade? | 16:00 |
chmac | Any suggestions? | 16:00 |
\sh | Chipzz: NAT | 16:00 |
\sh | sorry | 16:01 |
\sh | chmac: NAT | 16:01 |
chmac | chmac: Create a virtual interface and then nat the second machine through the first? | 16:01 |
\sh | chmac: use two interfaces | 16:01 |
jdstrand | zul: unfortunately nut 2.2.2-6ubuntu1 doesn't fix it | 16:01 |
chmac | Hahaha, I'm talking to myself, DOH! \sh that was for you ^^ | 16:01 |
\sh | two real nics | 16:01 |
chmac | \sh: I don't have two nics available unfortunately | 16:01 |
\sh | chmac: if you can't ifconfig eth0:1 192.168.1.1 (or whatever rfc priv addr) and then add some -t nat -A POSTROUTING magic | 16:02 |
zul | jdstrand: crap can you open a bug in launchpad and I can forward it upstream | 16:03 |
chmac | \sh: Ahh, I can create a virtual interface just with ifconfig eth0:1 can I? Or will I need to create that first in /etc/network/interfaces ? | 16:03 |
jdstrand | zul: I sure will | 16:03 |
chmac | My /etc/network/interfaces file doesn't list eth0 currently, it only lists lo and ppp0 | 16:03 |
\sh | chmac: oh...the real way to do it is through /etc/network/interfaces (auto eth0:1 \n iface eth0:1 inet static...) | 16:03 |
chmac | \sh: Ok, I found a howto on that, thanks :) | 16:04 |
zul | jdstrand: thanks | 16:04 |
jason__ | I | 16:09 |
jason__ | I'm not sure how to ask a question here, so I'll just do it. | 16:10 |
jason__ | I acedentaly changed the grounps for my main user to just its own group and www-data. Without sudo how can I add the admin and other groups back? | 16:10 |
sommer | jason__: do you have another admin user on the box? if not you'll need to boot into recovery mode which will allow you to re-add the groups | 16:11 |
* ScottK stops typing because sommer already said it better. | 16:12 | |
sommer | :) | 16:12 |
jason__ | no, thats the only user, how do I boot into recovery mode, I've never done it before | 16:12 |
sommer | jason__: just reboot and from the grub menu there should be a "recovery" option | 16:13 |
sommer | jason__: I forget the actual verbage, but it should be the one after the current kernel | 16:13 |
jason__ | I only have the one install and I dont see a grub loader like when I reboot my laptop with multiple partions. How can I force the grub loader? | 16:14 |
sommer | jason__: press escape right before booting a message should flash with a 3 second counter | 16:14 |
jason__ | ok, thanks | 16:14 |
jason__ | I'll give it a try | 16:15 |
jason__ | once I boot in recovery I just need to type "sudo usermod -G username,adm,uucp,dialout,cdrom,floppy,audio,dip,video,plugdev,scanner,netdev,lpadmin,powerdev,admin username" | 16:16 |
jason__ | is there any other groups to concider? | 16:16 |
billoutre_ | hello | 16:17 |
kirkland | dendrobates: mathiaz: fyi, I posted to debian-devel last night, asking for permission to do mass bug filing on the init script status actions | 16:17 |
ScottK | jason__: In the recovery console you'll be root, so no sudo needed. | 16:18 |
jason__ | I guess that should have be obvious | 16:18 |
ScottK | Once you're there the prompt will be #, so yes. | 16:19 |
=== edmoore_ is now known as edmoore | ||
jason__ | I'm going to my server room (bedroom closet) to give this a try, any more groups to add? | 16:19 |
ScottK | As long as you get admin, iirc, you can fix the rest later. | 16:20 |
jason__ | ok, thanks alot, be back later.. and be fixed I hope | 16:20 |
Koon | mathiaz: got to go now, please comment on the Tomcat6StackSpec directly with the location you prefer for Tomcat6 webapps. | 16:29 |
jdstrand | zul: bug #253999 | 16:37 |
uvirtbot | Launchpad bug 253999 in nut "nut with Tripplite UPS fills logs and console with "on battery" and "on line power" messages" [Undecided,New] https://launchpad.net/bugs/253999 | 16:37 |
zul | jdstrand: thansk | 16:37 |
jdstrand | np | 16:37 |
uvirtbot | New bug: #253993 in samba (main) "/etc/init.d/winbind has a parse error" [Undecided,Confirmed] https://launchpad.net/bugs/253993 | 16:51 |
uvirtbot | New bug: #253999 in nut (universe) "nut with Tripplite UPS fills logs and console with "on battery" and "on line power" messages" [Undecided,New] https://launchpad.net/bugs/253999 | 16:51 |
uvirtbot | New bug: #249878 in openldap2.3 (main) "CVE-2008-2952: BER Decoding Remote DoS Vulnerability" [Medium,Fix released] https://launchpad.net/bugs/249878 | 16:56 |
kirkland | zul: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/253993 | 16:58 |
uvirtbot | Launchpad bug 253993 in samba "/etc/init.d/winbind has a parse error" [Undecided,Confirmed] | 16:58 |
kirkland | zul: can you sponsor? | 16:58 |
edmoore | how is a server cpu different? if I'm building a headless box, should I avoid commodity intel core 2 type stuff? | 16:59 |
zul | kirkland: already fixed | 16:59 |
zul | 3.2.0-4ubuntu3 was uploaded this morning | 16:59 |
kirkland | zul: oh, thanks, you fixed it? | 17:03 |
zul | yep | 17:03 |
kirkland | zul: is there another bug? | 17:03 |
kirkland | zul: should this one be a duplicate? | 17:03 |
zul | it should be a duplicate | 17:03 |
kirkland | jdstrand: can you take a look at https://bugs.launchpad.net/bugs/253816 | 17:16 |
uvirtbot | Launchpad bug 253816 in ecryptfs-utils "pam_ecryptfs needs to be added to the common-password stack by auth-client-config" [Medium,Triaged] | 17:16 |
kirkland | jdstrand: i needed to add ecryptfs to the pam password stack, to rewrap your password if you change your login password | 17:17 |
edmoore | can you run different sized drives in raid1? so say i have a pair of 250GB hdds, and in 3 years time one of them falls over, do I have to replace it with a 250gb hdd, or can i get a much larger one? | 17:18 |
jdstrand | kirkland: oh so this is just a change to the ecryptfs-utils acc-profile? yeah, no problem. I assume you have tested the profile and it works in all cases? I was kinda surprised to not see 'use_first_pass'... | 17:21 |
kirkland | jdstrand: actually, that's part of what i wanted you to take a look at that | 17:21 |
kirkland | jdstrand: i'm actually not sure where in the stack it belongs | 17:22 |
kirkland | jdstrand: and if "required" is correct | 17:22 |
jdstrand | kirkland: well, it depends on what you want | 17:25 |
jdstrand | what you have will prompt for the password via pam_unix, if it fails, end pam processing | 17:26 |
jdstrand | if it succeeds, do the smbpass thing | 17:26 |
kirkland | jdstrand: okay, so if a user's password change is successful, we're going to use the old password to unwrap the mount passphrase, and re-wrap it with the new password | 17:26 |
kirkland | jdstrand: this should only run if the full password change is successful | 17:26 |
jdstrand | then ecryptfs-- which prompts theuser again, and if that fails, then pam fails | 17:26 |
kirkland | jdstrand: i tested it, and it did work in my one simple, direct test case | 17:27 |
jdstrand | you were prompted twice-- correct? | 17:27 |
jdstrand | (eg pam_unix and pam_ecryptfs) | 17:27 |
jdstrand | kirkland: does pam_ecryptfs support 'use_first_pass'? | 17:28 |
kirkland | jdstrand: lemme check.... | 17:29 |
kirkland | jdstrand: grep turns up no hits to that string in the pam_ecryptfs source code | 17:29 |
jdstrand | kirkland: I haven't done pam programming, but it seems clear that the best user experience is to get the password from pam_unix via 'use_first_pass' and send that to pam_ecryptfs | 17:31 |
jdstrand | kirkland: I wonder if it will just get that by linking into libpam.so.0 and libpam_misc.so.0? | 17:34 |
jdstrand | (which it does) | 17:34 |
kirkland | jdstrand: that's possible | 17:34 |
kirkland | jdstrand: i don't see any references in the pam_ecryptfs source code, but it *works* | 17:35 |
jdstrand | kirkland: so this time you aren't prompted twice? | 17:35 |
kirkland | jdstrand: right, i'm not prompted twice | 17:36 |
jdstrand | kirkland: good-- the last bit is 'required' | 17:36 |
jdstrand | hold on... | 17:36 |
jdstrand | kirkland: do you think it is reasonable that the whole operation fail if ecryptfs fails for some reasn? | 17:41 |
jdstrand | kirkland: I am thinking particularly about password expiration | 17:41 |
kirkland | jdstrand: well, people's data will not be immediately accessible, if their login password changes, but their wrap passphrase doesn't | 17:42 |
jdstrand | kirkland: when might this operation fail? if the passwords are out of sync certainly, any other times? | 17:43 |
jdstrand | kirkland: and does pam_ecryptfs output a helpful message in the case of failure? | 17:44 |
kirkland | jdstrand: i'm trying to think of what failure might occur | 17:45 |
jdstrand | kirkland: what if the user just delete ~/Confidential (or whatever it's called these days)? | 17:45 |
kirkland | jdstrand: ah, right, ~/.ecryptfs/wrapped-passphrase | 17:46 |
kirkland | jdstrand: if that disappears | 17:46 |
jdstrand | kirkland: what if $HOME is nfs/smb mounted and is unavailable? | 17:46 |
jdstrand | kirkland: I didn't actually think about this before, but it seems that in auth it's required, but in session it's optional | 17:48 |
kirkland | jdstrand: yeah, i'm not sure about that either... sadly, i'm not a PAM expert | 17:49 |
jdstrand | kirkland: that sounds wrong-- in case the user delete ~/.ecryptfs, *boom* no login | 17:49 |
jdstrand | kirkland: np-- I think optional is the way to go for all of them. it'll work when it's supposed to, and fail gracefully | 17:50 |
kirkland | jdstrand: yeah, that does sound better | 17:50 |
jdstrand | kirkland: it will require testing though, in various failure modes | 17:50 |
jdstrand | s/modes/situations/ | 17:50 |
kirkland | jdstrand: i'll do some testing here, and resubmit the patch | 17:51 |
jdstrand | kirkland: excellent! :) | 17:51 |
* delcoyote hi | 17:55 | |
RainCT | Why does "dpkg-reconfigure slapd" ask for an organization name, if it isn't used for anything? | 19:07 |
sommer | anyone know if there is a way to restrict "sudo bash"? | 19:23 |
Deeps | afaik you can restrict what commands can be run by sudo | 19:24 |
Deeps | man sudoers would know more | 19:24 |
sommer | Deeps: heh, true thanks | 19:24 |
Deeps | happy to help :) | 19:25 |
stiv2k | Does anyone here use ddclient? It's not updating my ***** IP address | 19:51 |
egoleo | is not dd | 19:52 |
egoleo | is dhclient | 19:52 |
egoleo | i gues | 19:52 |
stiv2k | egoleo: No, it's ddclient I'm talking about | 19:52 |
egoleo | oh ok | 19:52 |
egoleo | sorry | 19:52 |
egoleo | never used that | 19:53 |
Deeps | Description: Update IP addresses at dynamic DNS services | 19:53 |
stiv2k | Deeps: It just isn't updating. I can't figure out why... it used to though | 19:53 |
Deeps | dont use it either, sorry | 19:53 |
* stiv2k drop kicks his server. | 19:53 | |
egoleo | how do i upgrade ubuntu server 6.04 to 8.04 server | 19:54 |
=== kraut_ is now known as kraut | ||
egoleo | any link plse | 19:54 |
=== kwa is now known as K-Mile | ||
kees | winbind status has a typo and is making it uninstallable. | 20:05 |
K-Mile | Hi folks, I am having difficulty with network connectivity using 2 interfaces on an server running in VMware Server (both Ubuntu 7.04). Either LAN works, WAN works, or neither. I can't figure out if the host or the guest drops the connections. VMware (bridged networking) should not get in the way, right? | 20:05 |
kees | kirkland: ^^ (winbind) | 20:06 |
kirkland | kees: it's fixed | 20:06 |
kees | kirkland: ah, okay, I just got unlucky. :) | 20:06 |
kirkland | kees: needs to be sync'd out | 20:06 |
kirkland | kees: yeah, sorry | 20:06 |
kees | kirkland: np :) | 20:06 |
bamed | K-Mile: I know this is a dumb question, but just to make sure, your WAN and LAN aren't on the same subnet are they? | 20:07 |
K-Mile | bamed: no, both are on a different router, different IP ranges, and I can connect from LAN using either the public or the local IP address.. | 20:08 |
K-Mile | but the setup is shaky, since I had some trouble with conflicting DNS settings provided.. they are both on DHCP, that might not be an optimal solution.. | 20:09 |
K-Mile | the reason I want the two interfaces is that I want to expose Apache and SSH to the world, but they rely on LDAP authentication to a local server in the LAN | 20:11 |
bamed | VMWare creates a couple of virtual NIC's; make sure those subnets don't conflict with anything, I've seen the vmnet interface cause routing problems in such cases | 20:12 |
K-Mile | thanks.. just found out that my VMware died on me... expired beta it seems | 20:13 |
K-Mile | why do they timebomb that thing?! | 20:13 |
K-Mile | will check those vmnet interfaces though | 20:14 |
K-Mile | the vmware server has 2 default gateways.. | 20:16 |
_ruben | they timebomb it so ppl wont end up using beta stuff for ages when better (more) final versions are out | 20:16 |
K-Mile | yeah, figured that out.. I remember how hard it was getting this thing running, so I feel reluctant to go through that again :/ | 20:17 |
K-Mile | could be me though... | 20:17 |
_ruben | vmware server 2 is easier to setup than vmware server 1 actually | 20:18 |
_ruben | since ubuntu 7.10 and 8.04 are actually supported for 2 and not for 1 | 20:18 |
egoleo | how can i upgrade from 6.04 to 8.04 | 20:19 |
egoleo | server | 20:19 |
Deeps | 6.04? o_O | 20:19 |
egoleo | 6 | 20:20 |
egoleo | server | 20:20 |
Deeps | oh, dapper | 20:20 |
egoleo | yeah | 20:20 |
egoleo | is that possible | 20:20 |
_ruben | first hit of google: http://www.ubuntu.com/getubuntu/upgrading | 20:20 |
egoleo | is the server | 20:20 |
egoleo | ok | 20:20 |
K-Mile | _ruben: is there a package for VMware, or is it just a install from src from VMware? | 20:23 |
K-Mile | binary from VMware I mean | 20:24 |
bamed | binary vrom VMware is the only way I know to, and it won't run without some tweaking to your system, but there's some good info in the wiki | 20:27 |
bamed | s/vrom/from | 20:27 |
egoleo | hey guys anyone running exim mail server? | 20:27 |
egoleo | i am receiving all sort of junk mails and also getting my IP been blocked all the time | 20:28 |
egoleo | any help on that | 20:28 |
K-Mile | bamed: thanks.. will take a while before I can get to those networking issues ;) | 20:28 |
K-Mile | vmnets are in different subnets btw | 20:28 |
bamed | if you're wanting data from the WAN to be passed to the LAN then make sure net.ipv4.ip_forward = 0 | 20:29 |
bamed | I mean = 1 | 20:29 |
K-Mile | bamed: no, I don't want to route from WAN to LAN.. I just want to expose some services over WAN | 20:32 |
K-Mile | I could try just to enable the WAN interface on the guest OS | 20:34 |
K-Mile | but I need apache to authenticate with LDAP in the LAN.. | 20:34 |
uvirtbot | New bug: #254053 in samba (main) "[intrepid] winbind /etc/init.d/winbind error during upgrade" [Undecided,New] https://launchpad.net/bugs/254053 | 20:36 |
_ruben | K-Mile: the binary package provided by vmare for server 2 (rc1) installs just fine on ubuntu 8.04 | 20:43 |
K-Mile | Hmm.. I've got Feisty AFAIK | 20:43 |
_ruben | for 7.04 and 7.10 there's an ubuntu package for server 1 in the partner repo | 20:43 |
_ruben | havent tried server on feisty myself | 20:44 |
_ruben | but it is support by vmware iirc | 20:44 |
K-Mile | yeah, I know, but I already run server 2, so I can't really downgrade | 20:44 |
K-Mile | will try the binary package | 20:44 |
K-Mile | from VMware | 20:45 |
K-Mile | could the fact that I have 2 default gateways on the host interfere with WAN access to the guest OS? | 20:45 |
_ruben | it ougta be pretty painless .. except for you having install a package or two from the ubuntu repos (like a compiler and some libs) | 20:46 |
_ruben | 2 default gateways is asking for troubles, unless configured 'perfectly' | 20:46 |
K-Mile | they probably aren't ;-) | 20:46 |
_ruben | gotta go for now .. might be back in a bit | 20:46 |
K-Mile | will set the wan interface to static | 20:46 |
K-Mile | k, thanks so far! | 20:46 |
=== freaky[t] is now known as fReAkY[t] | ||
=== fReAkY[t] is now known as freaky[t] | ||
Deeps | haha | 21:02 |
Deeps | comparing debian testing with ubuntu hardy | 21:02 |
Deeps | apt-get --help | 21:02 |
Deeps | debian: autoremove - Remove automatically all unused packages | 21:02 |
Deeps | ubuntu: autoremove - Remove all automatic unused packages | 21:02 |
Deeps | brilliant | 21:02 |
ogra | Deeps, and the fun stuff is that its the same maintainer :) | 21:05 |
Deeps | lmao | 21:05 |
ogra | hardy was frozen way before lenny though ... that explains why the fix is in debian testing, unstable and intrepid | 21:08 |
Deeps | safe | 21:09 |
K-Mile | that | 21:10 |
K-Mile | that's weird.. the second time my server freezes while working on the network settinga | 21:10 |
K-Mile | a=s | 21:10 |
K-Mile | got one ssh session still going, two died on me, as well as the local terminal | 21:11 |
K-Mile | and calling ifconfig also screwed my last session :( | 21:13 |
K-Mile | I expected the SSH session to go when I reset my networking, not the entire system EXCEPT the SSH session.. | 21:14 |
_ruben | ssh usualy survives a network restart, unless an ip change is involved | 21:19 |
K-Mile | yeah, but two out of three died, as well as the box itself... | 21:19 |
K-Mile | num-lock does not even respond.. cant switch to different terminal with alt-Fx | 21:20 |
K-Mile | I really don;t like hard-resetting the box two times in a row... | 21:21 |
_ruben | strange | 21:24 |
K-Mile | yeah.. | 21:24 |
K-Mile | its an almost new dell poweredge.. so far no issues.. except today when I unplugged a network cable, same thing happened | 21:25 |
_ruben | hmm .. scary | 21:28 |
K-Mile | yeah | 21:29 |
K-Mile | does respond to SysReq combinations.. | 21:29 |
K-Mile | rebooted.. | 21:29 |
K-Mile | http://xkcd.com/349/ | 21:34 |
K-Mile | What started out as an attempt to expose Apache over WAN, got me reinstalling VMware and now checking my systems memory and filesystem because of system freezes.. | 21:34 |
K-Mile | one of those nights.. ;-) | 21:34 |
hocmin | Does ubuntu support installs on a headless server? If so, are there any guides? | 22:25 |
hocmin | No one knows? | 22:31 |
kirkland | hocmin: sure | 22:33 |
K-Mile | what are you going to use your server for? | 22:33 |
kirkland | hocmin: can you elaborate? | 22:33 |
hocmin | kirkland: bought a ibm eserver. I'd like to install ubuntu server on it | 22:33 |
hocmin | kirkland: what other information do you need? | 22:34 |
f11f12 | does anyone use anjuta? | 22:34 |
kirkland | hocmin: and you don't have a monitor hooked up to it? | 22:34 |
hocmin | K-Mile: simple web server, file server, maybe e-mail if I'm feeling adventurous | 22:34 |
hocmin | kirkland: right, no monitor | 22:35 |
K-Mile | well, almost everything can be done using SSH, only during installation you'd need to hook up peripherals | 22:36 |
hads | Traditionally you'd just find a monitor to hook up while you are installing. | 22:36 |
hocmin | K-Mile, so then ubuntu does not support a headless install | 22:36 |
hocmin | ok | 22:36 |
K-Mile | I'm not sure if you can install it without | 22:36 |
K-Mile | live CD | 22:36 |
K-Mile | 's don't have a root password set | 22:37 |
hocmin | actually, I need to find some sort of c2t/vga adapter, but ok | 22:37 |
K-Mile | so that makes external access a bit tricky | 22:37 |
hocmin | thanks for the info | 22:37 |
f11f12 | hocmin: is the serial port an option? | 22:37 |
K-Mile | maybe use a KVM switch? | 22:37 |
hocmin | f11f12: there is a serial port. What can I do with that? | 22:37 |
hocmin | (9 pin if it matters) | 22:37 |
f11f12 | hocmin: pass this kernel option (in grub): console=ttyS1,9600 console=tty0 | 22:37 |
hocmin | f11f12: how do I pass kernel option on a headless box? | 22:38 |
K-Mile | you could create a live cd with the correct settings | 22:38 |
K-Mile | and boot it up and install from there | 22:38 |
f11f12 | hocmin: better this one: console=ttyS0,9600 | 22:38 |
f11f12 | hocmin: you will have to make a special CD for it or boot once with a keyboard/screen | 22:39 |
hocmin | ok, never done this before, but I can look for a guide. I'm assuming this is pretty easy thing? | 22:42 |
f11f12 | hocmin: if you remove the graphics adapter form the machine, it might not boot, depending on your bios, a VGA Card is maybe mandatoty (you get beep codes) | 22:42 |
hocmin | I don't think I got a beep code when I booted it | 22:43 |
f11f12 | hocmin: http://tldp.org/HOWTO/Remote-Serial-Console-HOWTO/index.html | 22:43 |
hocmin | it's possible I bought a server that's lacking parts to run, but I think that's a little unlikely | 22:43 |
hocmin | ok cool | 22:43 |
hocmin | I'll read up on that guide and try to connect to the server | 22:43 |
f11f12 | hocmin: did you detach the speaker too? ;-) | 22:44 |
hocmin | I haven't detached anything | 22:44 |
hocmin | I just bought the thing | 22:44 |
hads | Finding a monitor to use for an hour or so might be easier :) | 22:45 |
hocmin | it's not the monitor | 22:45 |
hocmin | it's getting an adapter for it | 22:45 |
hocmin | no vga port | 22:45 |
hads | No adapter at all? How odd. | 22:45 |
K-Mile | what kind of server is it? | 22:46 |
K-Mile | you just bought it? | 22:46 |
hocmin | ibm eserver 335 | 22:47 |
hocmin | it's got c2t | 22:47 |
hocmin | had to look that up | 22:47 |
hocmin | and it's got serial | 22:47 |
K-Mile | you'd need an IBM kvm switch for that | 22:47 |
f11f12 | hocmin: if it is a server w/o vga card, then it usually responds on the serial console, my siemens board does it. | 22:47 |
* hocmin dies a little inside | 22:48 | |
hocmin | f11f12, yeah that is sounding like my best option | 22:48 |
hocmin | f11f12, I'll read the guide on making my own live CD, how to work on serial, and then give it my best shot | 22:48 |
K-Mile | good luck with that ;-) | 22:48 |
hocmin | thanks | 22:50 |
K-Mile | ah crap, somebody shoot me... | 22:50 |
K-Mile | i downloaded the 32bit version of VMware | 22:50 |
K-Mile | and I'm behind a slow connection :( | 22:50 |
K-Mile | (and a 64bit box) | 22:50 |
f11f12 | hocmin: you do have a serial (null-modem) cable? :-) | 22:53 |
K-Mile | just a quick question while I download a new VMware... | 22:57 |
K-Mile | i have a server with a wan and lan connection | 22:57 |
duiu | IS there a way to make 'sudo shutdown -h now' to run when I hit the power button? | 22:58 |
K-Mile | i need the DNS lookup of the lan connection, but my preferred gateway is the wan | 22:58 |
K-Mile | is it a bad idea to mix those up too much? | 22:58 |
K-Mile | duiu: do you have ACPI | 23:01 |
duiu | Is that default, I know I don't have APIC? | 23:01 |
K-Mile | duiu: probably, if you have a modern pc | 23:02 |
K-Mile | duiu: you could try modifying /etc/acpi/powerbtn.sh | 23:02 |
K-Mile | duiu: if you have that one | 23:03 |
duiu | K-Mile: thanks | 23:03 |
duiu | K-Mile: It's not there | 23:04 |
duiu | no acpi folder | 23:05 |
K-Mile | duiu: do you have the /etc/acpi folder? | 23:05 |
duiu | no | 23:05 |
K-Mile | k | 23:05 |
K-Mile | and /proc/acpi | 23:06 |
K-Mile | ? | 23:06 |
duiu | /proc/acpi is there | 23:07 |
K-Mile | you could try installing acpi-support | 23:09 |
duiu | installing... | 23:11 |
K-Mile | see https://help.ubuntu.com/community/SuspendHowto#Event%20Processing | 23:12 |
duiu | K-Mile: that gave me the folder, thanx | 23:15 |
K-Mile | np | 23:16 |
duiu | K-Mile: That did it, thanx again! | 23:18 |
K-Mile | great! | 23:19 |
duiu | I'd help you, but I don't know much about DNS | 23:19 |
duiu | I mean, resolv.conf | 23:19 |
K-Mile | :-) | 23:19 |
K-Mile | yeah, been struggling with getting two interfaces, one LAN, one WAN, to work nicely on a host and VMware guest machine | 23:20 |
duiu | there might be a 'force hostname resolution' parameter | 23:20 |
duiu | you could try that | 23:20 |
kirkland | jdstrand: mathiaz: kees: zul: hey, ecryptfs-utils has been promoted to main and pitti asked me to added to a seed. i put it in the server-ship seed under filesystems. who can commit this for me? | 23:33 |
kirkland | https://code.launchpad.net/~kirkland/ubuntu-seeds/ubuntu.intrepid | 23:33 |
* kees leaves seeds to soren and mathiaz. there are subtlties I'm less aware of. | 23:34 | |
mathiaz | kirkland: is there any reason to put it on the cd ? | 23:39 |
kirkland | mathiaz: i have changes in the pipeline that will make 'adduser' depend on ecryptfs-utils | 23:39 |
kirkland | mathiaz: which means that ecryptfs-utils would be used in the installation | 23:40 |
mathiaz | kirkland: for intrepid timeframe ? | 23:40 |
kirkland | mathiaz: yes | 23:40 |
kirkland | mathiaz: those changes have been on ice until the MIR for ecryptfs-utils got approved | 23:40 |
mathiaz | kirkland: well - if it goes into adduser as a dependency it will pulled into main anyway | 23:41 |
kirkland | mathiaz: agreed, but in case that adduser change were controversial, i wanted to make sure it was in the server | 23:42 |
kirkland | jdstrand: you still around? | 23:57 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!