[01:57] New bug: #252245 in samba (main) "unable to connect to windows network pc's" [Undecided,New] https://launchpad.net/bugs/252245 [02:13] Any mailing list admins using lurker? [02:14] New bug: #253937 in libnss-ldap (universe) "Local login fails without LDAP server" [Undecided,New] https://launchpad.net/bugs/253937 [04:01] so i recently installed a server box, and i'm looking to create a mysql table, but i don't know the login credentials to make the table. help? [04:02] should i use the user "mysql"? and if so, what password should i try? i already used "sudo passwd mysql" to set a password, but "mysql -u mysql -p" rejects the password i set. [04:04] AgentHeX: try username of "root" [04:04] what pw? [04:04] Access denied for user 'root'@'localhost' (using password: NO) [04:05] sudo mysql does the same thing [04:05] AgentHeX: try the one you set during installation [04:05] didn't set one [04:05] been using sudo for any root-level permissions [04:05] AgentHeX: it didn't ask you? [04:05] don't think so [04:05] try dpkg-reconfigure mysql-server [04:06] err, sudo dpkg-reconfigure mysql-server :) [04:06] yeah... realized that. [04:06] what did that do exactly? [04:06] thought it might prompt you for a password [04:06] nope [04:07] AgentHeX: which release are you running? [04:07] 8.04 [04:07] just ran aptitude and updated everything [04:07] it's basically a fresh install [04:07] AgentHeX: one sec [04:07] i'm trying to put phpBB3 on it for a forum server. [04:09] i know i can sudo passwd to set the pw for root, but i don't really want to [04:09] AgentHeX: the mysql 'root' user is different from the system root user [04:10] hmmm [04:10] then i wonder why it's not letting me do anything without a pw. [04:10] AgentHeX: try sudo dpkg-reconfigure mysql-server-5.0 [04:10] AgentHeX: should prompt you to set a passwored [04:10] sweet. [04:11] props, sir... your assistance is much appreciated. [04:11] AgentHeX: heh, np [04:11] /skips along and installs phpBB3 [04:11] so... what username should i use with the new pw? [04:11] mysql? [04:12] AgentHeX: root [04:12] hmmm [04:12] not working :( [04:12] AgentHeX: what command are you using? [04:12] strange. [04:12] it works now that i set the pw to "test" [04:13] was using a more complex pw. maybe i mis-typed it twice :-/ [04:13] AgentHeX: heh, that's possible :) [04:13] guess so. got it now. thanks [04:14] AgentHeX: welcome [04:15] ScottK: there's something of an issue with the init script in dkim-filter-2.6.0.dfsg-1ubuntu1 [04:15] ScottK: just fyi, :) [04:19] sommer: There is? [04:21] ScottK: looks like some diff output was mistakenly placed in the file... in the start function [04:21] Urgh. Is it there is 2.6.1? [04:22] not sure I pulled 2.6.0 in an intrepid vm, is that not the latest? [04:23] Now I wonder if I uploaded 2.6.1 [04:23] * ScottK looks [04:23] Looks like I didn't upload it yet. [04:23] I'll look. [04:24] ScottK: cool, just thought I'd give you a heads up [04:24] Sure enough. Thanks. [04:25] np [04:25] Right. 2.6.0 is all there is. I"m getting my amavisd-new and dkim-milter versions confused. [04:29] sommer: I'll upload a fix in a few minutes. [04:29] ScottK: cool, I've started working on the dkim stuff... still double checking what's currently there [04:30] Appreciate that. Did you see I"ve got verification enabled in amavisd-new? [04:30] nope, must have missed that [04:30] which file? [04:31] ScottK: oh right the defaults file... cool [04:32] We've got SPF pretty well covered too, so I think for email auth technologies we're in pretty good shape. [04:33] sommer: Fix uploaded. Thanks again. [04:34] ScottK: welcome [04:46] ScottK: another small issue... the debian/etc/conf.d/40-policy_banks in amavisd-new has a bug in the header comments: http://paste.ubuntu.com/34275/ [04:56] ScottK: did you saw the courier merges? [04:57] ScottK: at the end the latest version of courier-authlib was needed as build-depend for courier [04:57] ScottK: so i merged both of them [05:18] nxvl: I saw the bugs. I haven't had a chance to look at them yet. Thanks. [05:20] :D [05:20] ok [06:03] hola [06:38] New bug: #254813 in samba (main) "package winbind 2:3.2.0-4ubuntu2 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/254813 [06:50] kirkland: odd, the ecryptfs-utils upload didn't go through -- maybe the orig was missing? anyway, I fixed the changelog and re-uploaded. [08:40] New bug: #254881 in samba (main) "[security = domain] 100% cpu after a reboot of the PDC" [Undecided,New] https://launchpad.net/bugs/254881 [09:07] hello, I have installed pptp vpn server. but clients suffer from very slow service, my company has 2mb DSL connection [09:20] if i want RAID... and i have two 330GB PATA drives on hardy... and a mobo (asus p5ne-sli) that supports RAID. (1) is it better to let hardware/software handle raid? (2) what type of raid should i use? (3) is raid easy/hard to setup? (4) any guides are recommended? [09:20] hardy (desktop edition) [09:21] <_ruben> ask in #ubuntu? since its not ubuntu server related? [09:21] i was told in #bash to ask here [09:22] but sounds good _ruben ; ill go there [09:23] Hi. I wonder if there are well known problems in Upgrade from 6.06 LTS to 8.04 LTS? [10:48] Hi. I'm setting up a mailserver (postfix + dovecot), postfix seems to be well configurated (as I manage to send mails with authentication from a mail client), but I have some trouble with dovecot, to retrieve mails. [10:51] I setted dovecot to use Maildir, but the maildir remains empty. I don't know what/where making investigations to find the trouble I'm experiencing. [13:25] morning all [13:25] sommer: 'morning' [14:13] hi all, a question about bind9 [14:13] nobody knows if exists a tool that show me (graphically) my named configuration? [14:15] webmin? [14:18] uhm.. maybe.. nothing more specific? [14:19] I was looking for something like rapache for apache [14:25] hmm, where would locale variables (like LANG) be set by default? [14:26] nm, failure to google first before asking silly questions [14:28] ebox? [15:20] micheluntu: I've been told that some people find the gbindadmin package useful. I never installed it though, so YMMB [15:20] YMMV, even [15:24] siretart: thanks, apt-getting.. [16:00] If this gets any more exciting, their gonna have to tow me outta the booth! [16:00] join /ubuntu-meeting [16:00] oops [16:14] I have build a Ubuntu kernel for a Cobalt Raq server box. It has only ttyS0 as output, so no tty's/no video but that's ok for testing. The kernel is booting in a second stage fired-up by a embedded kernel. This all goes nice. But it look's like this new kernel is less verbose at startup. [16:15] it show only booting kernel... Ubuntu intrepid (development branch) deblnxsrv15 ttyS0 deblnxsrv15 login: [16:19] what do I've got to do to get it more verbose? [16:20] remove quiet from the grub command line [16:21] But this linux server it does not boot with grub! [16:21] try #ubuntu-kernel then [16:22] thanks for your support [16:48] If you create and start a virtual machine with virtlib, can you view that virtual machines console remotely over vnc? [17:29] hi, I set up an ipsec tunnel between two vpn-gateways pinging into the networks seems to work, but I misconfigured some Nat rules. [17:29] whatever IP within the remote network i ping, I get the answers from the vpn gateway.... [17:29] I can even ping non existing machines in this network ;-) === [mbm]_ is now known as [mbm] [17:35] mindspin: which is the vpn gateway replaying? the local or the remote? [17:35] the remote [17:35] the tunnel is up, [17:35] but I misconfigured my nat rules [17:38] mindspin: the remote is natting all the packet. maybe you have to specify only the public interface in iptables rule [17:39] That could be right, but to be honest, I created my rules with fwbuilder, and have no idea to realize this in fwbuilder [17:41] I could add some handmade rules in the script... but hesitate for not wanting to mess the up the connection on the remote site (now), because the folks there are still working ;-) [17:42] all traffic from the internal networks are natted to the public ip address [17:42] now I have to setup a rule, that does not nat traffic from net a to net b [17:43] mindspin: ok, or not nat on tunnel iface - for example tun0 [17:43] there is no iface tun0 in openswan [17:44] it would be much easier if there were one ;-) [17:44] mindspin: so don't you have 3 interfaces : private,public and the tunnel one.? [17:44] maybe adding routes could be a solution [17:44] I have two... [17:45] private and public [17:45] tunnel goes over public [17:45] connection is between the two public addresses (ppp0) [17:47] I have to leave now, will be back in an hour or two..... [17:48] mindspin: there is example in openswan wiki docs [17:49] mindspin: http://wiki.openswan.org/index.php/Openswan/Configure search "Do not MASQ or NAT packets to be tunneled" [17:49] I will have a look... (although I believe I went through the whole docu...) [17:50] it is really simple ;-) [17:50] I tried to do exactly this... [17:50] gottago... bye [17:51] bye === bdmurray_ is now known as bdmurray === jjesse_ is now known as jjesse [18:36] i wish i knew which vm solution would do what i want [18:51] hey sommer [18:51] nijaba poked me about the new Kerberos section in the Server Guide [18:51] I would actually have feedback about it! [18:58] EtienneG: cool, fire away [19:01] sommer, hold on, brb [19:06] Hey guys, I have just got a virtual system, running ubuntu 8.04 base install. I first decided to setup iptables: http://rafb.net/p/O7sc4f15.html I installed the package, created a script, and issues iptables-restore < /etc/iptables.test.rules it then errors at line 42 but line 42 is the COMMIT line in the paste, I have no idea what is wrong, the script is fine, perhaps im missing some other application, i am lost ev [19:06] erything is explained in the paste, does anyone have any idea why it does not work ? [19:09] dusty__, I cannot see off-hand, but I would try to comment section of the script to see if it work better (ie, comment the log section, etc) [19:10] also, I would rather use policy instead of default ACCEPT rules (ie, -P OUTPUT ACCEPT) [19:10] but that is just me [19:10] sommer, there it is! [19:11] sommer, first, I think you should mention the time syncronisation issue somewhere [19:11] time sync issue? [19:11] don't think I came accross that, but sure that's a good ide [19:11] err idea [19:12] sommer, like, when time drift more than five minutes between participating host [19:12] EtienneG: ya, I think I remember reading something about that [19:12] sommer, IME, it is a FAQ, and one almost everybody get to figure out at least once :) [19:12] EtienneG: it causes trouble with the tgt? [19:13] EtienneG: and does setting up ntp solve the issue? [19:13] sommer, well, any authentication fail if time drift more a certain amount (five minute by default) [19:13] sommer, using NTP is usually the best way avoid that [19:13] indeed [19:13] hold on, let me do a quick search for some doc on that [19:13] EtienneG: cool, I'll mention it and link to the ntp section [19:14] sommer, anyway, I cannot find it right, I will come back to it [19:15] sommer, second, small mistake at "sudo sudo krb5_newrealm" (sudo twice) [19:15] sommer, third, I think the bit about setting up an admin user could use just a tiny bit of clarification [19:16] sommer, eg "Replace EXAMPLE.COM and steve/admin with your Realm and admin user." [19:16] sommer, this should specify that "steve" specifically need to replace with the username to grant admin cred to [19:17] EtienneG: that sounds reasonable [19:17] it is just nitpicking, but it could be confusing to someone who is not very familiar with the princ/service@REALM convention [19:18] sure, ya it's sometimes hard to know how much detail to go into :) [19:18] and that is about it, the rest is perfectly fine! [19:18] EtienneG: awesome, thanks for taking a look at it [19:18] well, the section about syncronizing two KDC database make me want to gouge my eyes with a spoon, but that is not your fault! [19:19] sommer, you are welcome [19:19] EtienneG: I was also thinking of added a Kerberos and LDAP section, since the secondary kdc is so cumbersome [19:19] sommer, thanks for taking the time to write the section int he first place, actually [19:19] sommer, good idea, I just wonder: what is the state of the LDAP backend actually? [19:20] I have not checked in a couple year, but back then, it was considered very much experiemental [19:20] EtienneG: from the website, it seems pretty straight forward... add the schema, then add the attributes to your ldap objects [19:20] EtienneG: of course the reality may be more complicated :) [19:21] EtienneG: I think if there's a way to auto" [19:21] sommer, that is very good if it is that straightforward [19:21] add the kerberos attributes, it'll be worth documenting [19:22] EtienneG: either way I'll probably take a look at it this week or next [19:24] EtienneG: another thing that I'd like to include, but it may not make it this release, is documenting configuring kerberos for other serices like apache or samba [19:24] EtienneG: do you use it for those services? [19:31] Anyone know about Zabbix (NMS)? [19:32] I keep getting this error "Call to undefined function pg_connect() in /usr/share/zabbix/include/db.inc.php" [19:32] but I checked the file and that seems to be correct also the DB exists on MYSQL Server [19:37] so did I miss anything interesting at the meeting? [19:42] <_ruben> pg_connect sounds like postgres .. not mysql [19:43] lukehasnoname: of course :D [19:45] Tropical Storm Edouard hit this morning so I didn't go to work [19:45] thus not waking up early at all [19:50] so EncryptedPrivateDirectory is coming along, Active work on the part of kirkland with booting a degraded raid, Soren is working hard on VMBuilder, and ScottK needs more help with MIRs [19:50] Yes. [19:50] At least on the last bit. [19:58] ScottK: Is there a page with more details on what you need done? Now that I found a hotspot in my house, I have some better internet, I might be able to contribute a minute amount [20:05] eh? === jjesse_ is now known as jjesse [20:09] lukehasnoname: Back now. [20:09] lukehasnoname: Did you see https://wiki.ubuntu.com/ClamavSpamassassinInMain already? [20:10] lukehasnoname: https://wiki.ubuntu.com/MainInclusionProcess describes the process. Step 1 is already done. [20:17] ScottK: It's out of my league, I believe. Sorry to have bothered you. I need to get a bit more familiar with (and actually participate in) basic packaging, bug reporting, etc. before I volunteer any more. :-/ [20:17] lukehasnoname: No problem. Thanks for looking. [20:25] I'll get more active in about 2-3 weeks when I'm back in college. Ubuntu 9.04 might see a lot more of my work :) Anyway, I'm going to eat lunch. Seeya. [21:03] whois dustin? [21:04] henkjan: I am a "Dustin" [21:05] sudo echo "BOOT_DEGRADED=true" > /etc/initramfs-tools/conf.d/mdadm [21:05] won't work [21:05] the sudo only works voor echo, but not for the output redirection [21:06] right, you need tee [21:06] echo "BOOT_DEGRADED=true" | sudo tee -a /etc/initramfs-tools/conf.d/mdadm [21:07] ogra: henkjan: thanks guys [21:11] kirkland: ah, quick fix [21:16] henkjan: sure, no problem. thanks for pointing it out [21:20] sommer, samba use Kerberos when participating in an AD, and there is not much to say beyond what need to be said about AD membership on the subject [21:21] sommer, as for Apache, I do not know, and I think it is somewhat unobvious [21:21] as the ticket have to be encoded in HTTP somehow, etc [21:21] but I never did such a thing, so I am not too sure [21:22] EtienneG: cool, I'll probably look into it more at some point, thanks [21:51] EtienneG: or anyone really, have you ever used the Kfw (http://web.mit.edu/kerberos/kfw-3.2/kfw-3.2.2.html) with Ubuntu and Samba? [21:52] sommer, no, never, sorry [21:52] EtienneG: that's cool... thats more of what I was thinking when I mentioned Samba ealier [21:52] maybe someone else around did? [21:54] EtienneG: I'm using a Samba pdc, and was thinking about kerberizing the windows login and the portal page, but that would entail configuring joomla for kerberos as well :-) [21:54] EtienneG: right now one of those "down the line" kind of ideas [21:55] sommer, ok, not sure how you would do that, but (eventually) Samba 4 will make your life easier in this regard [21:55] as Samba 4 will allow for native-mode AD master in Samba [21:55] EtienneG: yep, thats crossed my mind as well :) [21:55] right now, you Samba PDC authenticate user the old-fashioned way (not Kerberos) [21:56] EtienneG: right but you'd still need to integrate the website login somehow... that's really the kicker for me [21:56] you might be able to massage the stack into both authenticating to the Samba PDC and getting a TGT from your KDC, but that seems like an awful lots of work [21:56] the web stuff i am not sure about [21:57] as I said, I *think* there is some way to pass Kerberos ticket in HTTP, but I am really not too sure [21:57] I just vaguely remember stumbling upon soemthing in this vein [21:57] that's cool... just kind of throwing around ideas [21:59] sommer, yep, there it is, look for libapache2-mod-auth-kerb [22:00] ah thanks, I'll look into that :) [22:00] it need support from the browser, tough [22:00] not sure it is built-in Firefox by default [22:01] anyway, I have to run folks [22:01] * EtienneG waves [22:01] New bug: #255124 in apache2 (main) "apache's default logging format can be horribly inaccurate in terms of data transferred" [Undecided,New] https://launchpad.net/bugs/255124 === Jare_ is now known as Jare [23:17] soren: hey, do you have a few moments to talk about iscsi? === erichammond1 is now known as erichammond