[00:35] Chipzz: i runed dch -i and it asked me what to use [00:36] Chipzz: that's why it's so awesomw [00:53] zul: ping [00:56] nxvl: yeah but still, dpkg -P nano is way easier, shorter, and more permanent (and has more effect on other things beside just dch) [00:56] but, whatever works for you :) [00:57] Chipzz: actually no, what kirkland has do is a script that manages dpkg --reconfigure [00:58] Chipzz: so it's the same [00:59] nxvl: yo [02:50] New bug: #257153 in openldap2.3 (main) ""TLS: peer cert untrusted or revoked (0x82)" error in Hardy's version of ldap-utils" [Undecided,New] https://launchpad.net/bugs/257153 [03:09] when i plug my ubuntu server my network gets problematic, gets connection time out, i tried changing the lan card but no avail. it is working before === RoAkSoAx_ is now known as RoAkSoAx [04:04] Hello, when I run ( # named -g -p 53 ) it fails with "loading configuration: empty label" .. I want to set up a local domain '.lan' and serve it for my dev server. Are there some conf files that I can pastebin that would be helpful for troubleshooting? [04:04] Karamon: named-checkconf /path/to/named.conf [04:06] jmedina: Would it return something if something didn't check out? I run that and I don't even get a empty line, just another system prompt. [04:06] mmm [04:06] (bash prompt, whatevah) [04:06] Karamon: could you pastebin your named.conf? [04:07] Sure [04:08] http://pastebin.com/de816730 the lines with ---s aren't really in the files, just to denote which file it is [04:11] Karamon: im not sure if you need a second tld inyour zone definition [04:11] not .lan [04:11] something like dev.lan [04:12] How would I access "http://foo.lan" from a computer in the network? [04:12] Or is that not allowed? [04:14] And wouldn't the conf checker return an error? [04:14] mm you mean foo as the host part? [04:14] or foo as the domain [04:15] foo would be anything I defined in my db.local file [04:15] test.lan, iloveubuntu.lan, bindsucks.lan [04:15] :P [04:16] Im not sure, I always worked with fqdn [04:16] never tried that [04:18] Well doing dev.lan did get named running then throw a whole bunch of errors about all the .lan domains I set up :P [04:18] Karamon: have you tried zone "lan" [04:18] Karamon: you don't want to have the . prefix on .lan, it should work with just 'lan' [04:19] Ahh [04:20] Like magic [04:20] One little period (just like semicolons in programming) [04:20] Thanks! [04:22] Hi room. I am running ubuntu server *.04 on my desktop, and when I try to access it via ssh, I get a connection refused message. What would cause this? [04:22] Hypnus9: Did you install the ssh server? [04:22] Where are bind9 log files kept? [04:23] Yep. I have accessed it before from Windows vista, and from debian, but strangely enough, I can't access it when I am using Ubuntu desktop on my laptop [04:24] I'm not sure where the bind9 files are kept. [04:24] Karamon: they are sent to your syslog [04:26] where is the syslog kept? [04:26] Hypnus9: /var/log/syslog [04:31] I am getting "Could not reliably determine server's [FQDN]" how do I make apache see my FQDN? Should I post /var/hosts for troubleshooting? [04:35] add the host to //etc/hosts [04:38] I'm sorry, thats what I meant >.< I do have a /etc/hosts file and have ( I think ) populated it correctly -- http://pastebin.com/d4f4b2a3a [04:41] afaik, drake.lan is not an fqdn [04:43] Isn't it a FQDN if I set it up in bind? sorry that I'm a newb [04:44] not necesary [04:45] how is your /etc/resolv.conf [04:45] ? === RoAkSoAx_ is now known as RoAkSoAx === veovis is now known as xiaopi [06:39] whenever i plug my server to the network my network becomes unstable, changed lancard and i put it in private and public network. it affects both [06:39] I'd suggest trying to capture some data using tcpdump and see if it's doing anything unusual. [06:44] other than that any other? [06:44] seem all is fine [08:14] moin [08:20] is there a way to block an ip from my server? [08:36] J_5: Sure. [08:36] J_5: Check the ufw man page. [08:44] hi, does any one know about samba? [08:46] i installed ubuntu server for file share, but i need to make separate accounts for dif user, i dont want user see what other user store ther via samba. can some one helpme with a link or somthing, thanks [08:50] i have tried a lot of configuration add new users but i cant get it work good or is there another way of sahre files in ubuntu server/ [08:54] r u in a meeting or something? [09:41] anyone got hold of an eee box? (not the eeepc laptop) [09:41] would make a nice little low power home server [10:21] thefish: agreed. though i just built a more powerful mATX box for about the same money [10:31] edmoore: mind giving some details? I want a low power nas box for around that price (£200) [10:33] thefish: cool, I am uk too so I can talk to your in english [10:33] huzzah! [10:33] dabs.co.uk - i got an intel e2200 [10:33] 2gb ram [10:33] gigbyte g31 s2l mobo [10:34] a 250gb seagate barracude hdd [10:34] cool [10:34] an antec nsk1380 case (really like it) [10:34] any idea of power consumption? [10:34] and a pci wifi card [10:34] no, though not much. The case comes with a high efficiency 350W psu [10:35] which I don't think it at all taxed [10:35] I also splashed out on a zalman cooler, though there's only just room for it [10:36] k [10:36] I probably wouldn't bother with it if I had my time again [10:36] and runs ubuntu server, but you could probably have guessed that given where we are :) [10:37] mm nice case [10:38] I actually spent a little more on my box - I got a second idential hdd for software raid1, and 4gb of ram, but that's because it'll be running sims [10:38] yeah - space is a bit tight inside but quite manageable [10:38] and the psu comes with a 120mm fan which is a joy - totally silent [10:38] cool [10:38] running sims? [10:38] physics/engineering simulations [10:39] ah ok [10:39] chews up 100% of one core and about 2.2GB of ram for days at a time [10:39] ye spose they run for a while [10:39] the other core and the rest of the ram is for the serving bit - files, websites, etc [10:39] ill only want mine for really easy stuff [10:39] nas [10:39] so my system came to £297 [10:39] k [10:40] but if you loose the extra ram and hdd and other bits I bought (wireless pci, zalman fan) you'd probably be under £200 [10:40] and you'd have a lot more grunt than the eeebox [10:41] mobo has built in graphics, though I've not installed any flavour of X [10:42] if you do go for a non-stock cpu cooler, check it has a 4-pin connector - the mobo has the newer 4-pin pwm speed control connectors, rather than the older 3-pin type which my zalman came with. I beleive the stock cooler is 4-pin, but don't quote me on that [10:42] ah k [10:43] ye for me though, low power has more weight than max grunt :) [10:43] they are compatible, but if you plug a 3 pin into a 4-pin mobo connector, it just runs at 100% all the time, which is a pain if you're in the same room as it [10:43] tasks: nas, screen/irssi, maybe a bt every now and then. [10:43] true - what's the psu on the eeebox do you know? [10:43] no not sure [10:44] certainly the atom will be more ecomonical to run than a core 2 duo [10:44] all i can find is marketing type stuff [10:44] http://www.nexus13.com/productcart/pc/viewPrd.asp?idproduct=1376&idcategory=0#details [10:44] ye defs, at the moment i have a core2duo that i can WOL if i need it [10:44] it really is a tiny thing isn't it [10:45] and a wrt that does the basics [10:45] ye totally, and im thinking that thing tucked away in a corner somewhere just doing its thing [10:45] might even be able to claim back the windows tax [10:45] yeah that put me off [10:46] I saw the eeebox on trusted reviews and though 'oooh yes please' but thn the more I looked into it the more I realised a DIY would be better for me, and a week later I bought my box, which I have now had for a week [10:46] cool [10:47] ah actually theres a linux and a windows version [10:47] same price [10:47] 65W power adaptor [10:47] on the eee ^ [10:55] thefish: case closed then, I reckon :) [10:56] seems like it, thanks for telling me about the dev box though [10:56] reckon goals are slightly different [10:56] i would like to replace the "hog" with a box like that though [10:58] thefish: cool, well I may well look at the eeebox when it's time to get a NAT [10:59] stick openBSD on it and bob's your uncle. [11:00] i was reckoning jeos [11:00] just cos its what i know [11:00] why bsd? [11:00] * edmoore goolgles [11:00] jeos is a way cool stripped down ubuntu server ;) [11:01] oh cool, looks neat [11:01] I want to try openBSD just because it looks cool and everyone keeps hammering on about how secure it is. I like the idea of it on a set and forget gateway machine [11:01] ALIX boards are good for that sort of thing. [11:04] ye the bsd firewall looks really cool, seems to have built-in failover stuff [11:04] hads: I'd not come across them, thanks for the recommendation. They I have some old bits lying around - 12GB hdd and a celeron and a gig or ram. that should be plenty for a nat, I hope [11:14] Excuse me, I'm trying to get a program that I installed manually to autostart at boot-time. What is the clean, correct way to do so? [11:24] busfahrer: Either create an init script for it (see /etc/init.d/skeleton for an example) and add that to the the run levels you want to run it at, or you could just add a command to someone's crontab and set it to run "@reboot" [11:58] hello, when I flush my iptables ( sudo iptables -F ) the firewall blocks everything [12:03] check your iptable default policy [12:03] its probably set to "DENY" [12:04] or DROP rather [12:08] Quick one, what's the meta package to perform the same actions as if I had chose LAMP from the installer? [13:30] Koon: good morning, I noticed that likewise-open and samba use secrets.db files in different locations... just wondering if there are any plans to combine them? [13:32] sommer: I confess I'm a little lost on samba/likewise-open combinations. I was hoping some enlightenment from jerry about this [13:35] Koon: that's cool, I was just working on documenting Samba and AD integration, and there's a pdf from likewise that instructs to symlink /var/lib/samba/secrets.db to /etc/samba/secrets.db [13:35] Koon: I don't mind documenting that, but is just didsn't seem to follow the "debian" way of doing things... not that big a deal though [13:36] which one uses the file in /etc ? Likewise-open, I suppose [13:36] yep likewise [13:36] hm. That should be fixed (even if not a regression) [13:37] you cannot really consider it a "configuration file" [13:37] Koon: okay, I just noticed it on the version in your PPA... I tested leaving a domain, and didn't have any problems, just fyi [13:38] soomer: cool. A new code drop is supposed to happen soon, dendrobates might be handling it though (I leave for vacation tomorrow morning) [13:39] I'll make sure he knows about that secrets.db thing [13:39] cool, thanks man [13:40] it is pretty slick to configure samba with likewise-open, just need to get the kerberos and mount.cifs working :) [14:05] hi [14:05] (8.04.1) can i setup lvm+raid during installation? [14:05] the installer asks me for lvm, but i don't see any raid options [14:08] moldy: you can try out these instructions: http://doc.ubuntu.com/~mdke/test/serverguide/C/advanced-installation.html [14:08] moldy: that's the draft version of the serverguide so if you notice any problems, please let me know :) [14:09] moldy: being development they're geared toward intrepid, but the overall process is the same for hardy... just no boot degraded options [14:11] sommer: thank you [14:12] moldy: np [14:14] infinity: ping when you are around can you look at the php5 ftbfs Im totally stumped [14:14] sommer: hm. i configured sw raid. then i selected the sw raid device for "use as physival volume for lvm" [14:14] but how can i format/configure that device now? [14:15] moldy: I'm not sure of the exact process of combining software raid with lvm (mostly used them seperately), but you'll probably need to create a partition on the volume group [14:16] moldy: have you created a volume group? [14:16] sommer: ah, i think i got it now [14:16] created a vg and an lv now [14:16] ya, that's it, then once you have an lv you can create a partition, then it's pretty much the same as a normal install [14:17] err... I think :) [14:20] hmmm, i cannot create more than one partition in the lv [14:21] ah, this is normal? [14:21] I only have one per lv, guess I've never tried creating multiple [14:22] if you had multiple partitions per lv, then how could you expand the lv? I don't think the system would know which partition to expand [14:23] makes sense [14:23] i wasn't sure anymore... i created multiple lv now [14:24] actually it's pretty straightforward [14:24] ;) [14:24] heh, there starts to be a lot of terms to learn when you get into raid + lvm + partitions, and what not [14:24] ya [14:37] What happened to JeOS? [14:37] Can't find it [14:45] hm, is it normal that ubuntu 8.04.1 server uses lilo in stead of grub? [15:05] hi all! Im having troubles with both cronjob and ssh. [15:05] first, lets try to solve ssh... it simple cannot identify my keys. [15:06] *simply [15:07] trakinas: what error do you get? [15:09] thefish: from putty that it rejected my key [15:09] simply that [15:09] what error message? [15:10] just it: Server rejected our key [15:10] nothing more. [15:10] ok, it could be permissions on the server side [15:10] you have put the public key into ~/.ssh/authorized_keys on the server? [15:10] yep. [15:11] what are the permissions on ~/.ssh and ~/.ssh/authorized_keys [15:11] should be 700 on .ssh and 600 on authorized_keys iirc [15:12] public is -rw-r--r-- [15:12] ? [15:13] the public key [15:13] sorry! [15:13] ok never mind the public key mate, please answer the question [15:13] these dirs are on the server [15:13] it is on the server side. [15:13] yep [15:13] right [15:13] and these are the properties for the key. [15:13] * Deeps holds thefish's hand [15:13] -rw-r--r-- [15:13] Deeps: =( [15:13] Deeps: :) [15:14] what are the permissions on ~/.ssh and ~/.ssh/authorized_keys [15:14] trakinas: what are the permissions on ~/.ssh and ~/.ssh/authorized_keys [15:14] for the main prize [15:15] the authorized_keys are -rw------- [15:15] and that is 600, afaik [15:15] good, thats what we want [15:15] ok, have you checked in /var/log/auth.log for errors? [15:16] you can turn up logging in /etc/ssh/sshd_config with the LogLevel directive if needed [15:16] Hmm, the meeting doesn't seem to be scheduled in #ubuntu-meeting, does that indicate that it's not happening? [15:17] thefish: no error message with my user. [15:17] what is annoying me is that some users can use the key, and mine cant. [15:17] ok trakinas, have you modified the sshd_config file at all? [15:17] thefish: only when installed it. [15:18] you modified it, or just installed it? [15:18] meeting in a hour isnt it [15:18] thefish: made only some changes on the port. [15:18] ok fair enough [15:18] thefish: in spite that, it is using both pass and keys. [15:18] is putty using this port? [15:18] xyep [15:18] you *only* changed port? [15:18] zul, That's what I thought, well, 60-18=42 minutes :) [15:19] i can login with password [15:19] thefish: yep. [15:19] quite sure. checked the conf already. [15:19] owh: hourish ;) [15:19] ok cool [15:20] zul, next you'll be saying that 16 bit is like 32 bit :) [15:20] trakinas: so you used puttygen to make the keys, then copied the public over to authorized_keys? [15:20] owh: heh [15:20] thefish: yes. didnt work. tried using keygen on the server side and importing to putty. [15:20] did not work either. [15:21] ok trakinas, on the server: sudo tail -f /var/log/auth.log [15:21] that is now watching auth.log for any changes (and we should see at least *something* from putt) [15:22] then while thats runing, try to log in from putty, and see if any logs are made [15:22] nothing... seriously... [15:23] I will try from the begin. Let me remove all my keys and try it again [15:23] ok, lets turn it up [15:23] ok good plan [15:23] user keys, not server keys. [15:23] keys are keys [15:23] mostly [15:23] so you will make the key with puttygen then copy across the public key? [15:24] thefish: to be honest, Im kind lost. [15:24] trakinas: ok no worries, i happen to have a windows machine here, and 10 mins to spare :) [15:24] so lets open puttygen [15:25] thefish: should I copy the public key from /etc/ssh to my .ssh/ or simply generate my key? [15:25] no [15:25] trakinas: you are on a windows machine, trying to ssh to a linux machine? [15:25] okay! so i was on the right track, at least. [15:25] thefish: using keys. password are okay. [15:25] thefish: win to linux. correct [15:25] ok cool [15:26] are you comfortable on how public/private keys work? [15:27] thefish: kind of. lets say that this server wasnt my responsability but it became from a day to another. [15:27] thefish: so i had to study really quickly all these things. [15:28] trakinas: ok, i would read up a bit about public keys. [15:28] im more of pythin programming on linux then with network. [15:28] never heard of pythin [15:28] is it good? [15:28] thefish: heck yes! is a fork of python! =P [15:28] :P [15:29] ok cool, so pubkeys [15:29] with this type of auth, we use keys. the keys have 2 parts: a public key and a private key [15:29] thefish: Im cool with that. go on. [15:29] now say we want to exchange data [15:30] i will need your public key [15:30] i will then use your public key to encrypt the data [15:30] after this, only your private key can unlock it [15:30] right. [15:30] there is a lot more to it than that, but we use this for auth [15:31] so now i need to leave my public key on the server, and keep the private key very safe [15:31] okay. [15:32] i will then ask the server to log in, and provide info that only the holder of the private key can have [15:32] the server verifies this with thepublic key [15:33] so, your windows computer will have the private key, in putty or pagent i think [15:33] yep. [15:33] and the public key from puttygen, will go into /home/{your-serverside-user-name}/.ssh/authorized_keys [15:34] so far, so good. [15:34] a public key may look something like: ssh-rsa [15:34] AAAAB3NzaC1yc2EAAAABIwAAAgEA7/qSuP8VvUysxPp6ojwnML1v4w8rQ+9xY4npsFQkYA0kOZoGhfbrVf9tBxH6DyDLaa9pE/xd+vSP4IR+dL8mwM98w6uKne7Pdl7hBe5a/DM5EHS4cqOxa+t0CijsNR0i/tY177IqDrzJJxzBKXJm2V8ndXI8350job7+RwnphA+frvfcowSGxnT6eJ+i8N9fWlqUDv2CljOni4+Ti6ELXYjAb/NLGBv3nB16cvnhZgz17q9okegB0uuzgPLfRK7nLV2Rdxe0C7ArurP5IHz4IZ9OGlcMaqUKU+0mB1H7xrRPs6YXC8lWp3TYJKkN35Bm3y6V/3h62t8o2BpFVGOL3VezCO/ySeBjv6ur1GPySiG4OzGM7xQjvk6typZbTC30pOKOoFVfYKYuMfwLNI+yelMmoue6VKWN5/ [15:34] 7NOBGrdELSjVO4gt6vv4f2OMA9RhFvfXJcgwiBDIren4VXhw2CeDVq4ESWsBY4pYHryqWlCqS4CEiaO7/NfKGDlB5WTvAoKaYIPi8ofTYriSUj0S1tOM8dNAzrDqUnJzFVTubYua6dyzp+Z/GqqJkA5ND0sxrdLKwm7x9u+8Unn7KeZzSU3ODpxhsNRo8GUdvgn4tK3aBnqcTHQcwbeshuJhEXv7hMSHCMxxALYqvUKjy0NRt6D7uCTPncGNadW9selWOrgmk= [15:34] sorry for flood! that looked like a 1 liner from here... [15:34] one sec! boss is calling [15:35] Hey guys, I have a firewall script: http://rafb.net/p/52ujkq51.html and relevant entries in syslog.conf restarted syslog and in my firewall script i log ssh connections, so i made an ssh connection to my server and nothing appeared in /var/log/firewall. I took the iptables script down, added one line to test logging which was: iptables -A INPUT -j LOG and then i hit 'dmesg' or tail /var/log/firewall and my logs are [15:35] pounded with iptables traffic, so why does it not log with my current example what am I doing wrong ? [15:39] thefish: Im alright with that. [15:39] thefish: key generated, saved, uploaded to the server, chmoded to 600. [15:40] thefish: the is also a ssh2 dir, should I upload it into there? [15:40] trakinas: what distro is the server? [15:41] thefish: not sure if it is 7.10 or 7.10 upgraded to 8.smth [15:41] one sec [15:42] kernel version helps [15:42] ? [15:42] ok thats fine, no worries [15:42] you have only the 2 computers? [15:42] or is there any command to check the distro version: [15:42] trakinas: its not needed, but a useful one is `lsb-release -a` [15:42] thefish: no. a bunch of them. loggin through password works great. [15:42] with the quotes? [15:42] ok so its just key login that we need to fix ye? [15:43] yep [15:43] those are backtics, and no [15:43] thefish: thanks! did not know the name. "english are not me first language" [15:43] i guessed that trakinas ;) [15:43] :] [15:44] trakinas: please do "grep AuthorizedKeysFile /etc/ssh/sshd_config" [15:44] on the server [15:44] it should return just one line [15:44] AuthorizedKeysFile %h/.ssh/authorized_keys [15:45] not commented. [15:45] ok cool, so this is the file that need to have the public key in it [15:46] anyone ? [15:47] thefish: i can paste bin it in somewhere. [15:47] yes please trakinas [15:51] How do you remove a public key from ~/.ssh/known_hosts?? It used to be that the host name was in the file, but no longer [15:52] ssh-keygen -R hostname [15:52] mok0: with vi - :set nu [15:52] sommer: nice one, didnt know that, i always went to the file and searched for the line number :) [15:52] sommer: Cool, I didn't know that :) [15:52] :-) [15:52] thefish: Ditto :) [15:53] or just : thefish: how do I know the line number? [15:53] mok0: It says so in the error :) [15:53] mok0: the error [15:53] pff fast typists [15:53] ah [15:54] heh you're right [15:55] You all know about ssh-copy-id while we're at it too? [15:57] owh: ye that saved me much caffeine :) [15:57] ssh-add was like a religious experience [15:57] or however you spell that [15:58] owh: nope, but it's cool! [15:58] hows this for cool, discovered today: you can use "screen" to share a tty [15:59] and have many viewers or participants [15:59] Yup [15:59] damn thats nice [15:59] i had to show a guy in another town how to do a specific ubu server setup [15:59] just screened it [15:59] And you can use it to log what you were up to, so you can log into a server maintained by someone else and fix their server while they make sure that you're not fsking with it :) [16:00] ye [16:00] theres some cool clipboard stuff as well, not played there yet though [16:02] owh: know any cool tricks for updating many servers at once? [16:02] apt-lots-of-them update... [16:02] fedora now has the super cool spacewalk [16:03] and i know theres landscape, but its pretty pricey [16:03] Dunno, but I'm in a meeting in #u-m [16:03] thefish: look at dsh [16:03] (That's the ubuntu-server meeting BTW) [16:04] mok0: cool, will do [16:04] thefish: another gem from Junichi-san [16:05] cool [16:05] <[diablo]> thefish, mish [16:05] mok0: i guess you mean Dancers' shell, not "Deliberate Self-Harm" ;P [16:05] heh [16:06] [diablo]: ello [16:06] <[diablo]> thefish, that u mate? [16:06] pity people like [diablo] are allowed on this channel, it spoils it for the decent folks [16:06] <[diablo]> ok, it's you [16:06] where do i report that [diablo] is trying to cyber me? [16:07] <[diablo]> JAJA [16:09] mok0: cool, but i really would like something like landscape, that says what updates are available for each server, and shows any errors etc that may happen [16:10] thefish: landscape is not too expensive [16:10] check out http://www.redhat.com/spacewalk/ [16:10] mok0: $150/year/node is too expensive here [16:11] thefish: oh, I didn't know it was per-node [16:11] ye [16:11] for an "important" server, i wouldnt go without it [16:11] thefish: well, then I stand corrected [16:11] but most here are easily replaceable etc [16:12] mok0: http://brainstorm.ubuntu.com/idea/6338/ [16:13] thefish: interesting reading... [16:13] ye totally [16:13] thefish: I rely on cfengine to do most distributed maintenance [16:14] thefish: you could set it to do apt-get dist-upgrade if you wanted to [16:14] mm, looks interesting [16:15] will it report back and say server X needs this update, and server Y failed on update Z? [16:15] thefish: personally, I like to watch ;-) [16:15] hehe [16:15] rhn is really cool like that as well [16:15] thefish: no it is completely standalone [16:15] ok [16:16] thefish: you mean the redhat cluster utils? [16:17] na rhn, for keeping the servers updated [16:17] same as landscape pretty much [16:18]