/srv/irclogs.ubuntu.com/2008/08/25/#ubuntu-server.txt

Dedianyone has a good postfix reject_rbl_client config for recipient/helo/sender restriction?00:11
=== PrivateVoid is now known as PV_Away
luckyoneI have set up a samba share on my ubuntu server. My windows pc can connect to it just fine. However, my ubuntu desktop can't seem to connect/mount it03:22
fujinhiya, anyone here familiar with reprepro?03:36
pschulz01Greetings..05:01
vk5fossallo05:02
pschulz01Is there a 'pdf' for the 'Ubuntu Server Guide anywhere?06:04
nxvli think it is06:05
nxvlsomewhere06:05
nxvlnot sure where06:05
azteechpschulz01 - try this link dl2.foss-id.web.id/dokumen/ubuntu/serverguide.pdf06:15
azteechor this link ... http://www.linuxinet.com/free-linux-ebooks/download-free-pdf-ebooks-ubuntu-server-guide.html06:16
pschulz01azteech: Ta.06:28
pschulz01azteech: The first link seems a leetle slow.06:28
azteechall the pdf's i have tried are slow ... but then again, i am on dial ...06:29
azteechif you want to find another one ... google for it and use pdf+ubuntu server guide ....06:30
pschulz01azteech: Second link was quick.. done..06:30
azteechk06:30
pschulz01azteech: Looks a little dated as well.06:30
pschulz01Copyright 200606:30
azteechwell the ubuntu server doc site only shows the 5.10 and 6.10 versions ... of the doc ... so the pdf's might be as well ...06:31
azteechthe 8.04 version I found a little while ago is still in draft form ..06:31
azteechand as such, probably not a pdf out there for it ..06:32
pschulz01Ta. Looks like it should submit some updates :-)06:33
azteechagreed ... and am sure they will when draft doc is done ..06:33
OntologIs there an ImageMagick page that doesn't rely on X?06:50
jgiorgii am planning on install ubuntu server on my desktop for testing purposes, i understand that for security no GUI is installed by default, i agree that is a great idea for security on most servers but is there a way (easy way) to install a gui and it be all set up like it was default so i dont have to get another computer08:02
jgiorgii was guessing sudo apt-get install gnome08:02
vk5fossthats an #ubunttu question (the answer is to run tasksel and chose the desktop task)08:03
vk5foss* #ubuntu08:03
jgiorgilol sorry08:04
_rubenor just use some virtualization product08:04
krautmoin08:08
=== freaky[t] is now known as fReAkY[t]
ghalebhello all, I have installed pptp VPN server, but my clients suffer from a very slow connections, is that necessary for VPN server to be a gatway ?09:28
=== freaky[t] is now known as fReAkY[t]
uvirtbotNew bug: #261066 in mysql-dfsg-5.0 (main) "mysql-server  5.0.67-0ubuntu1 not starts" [Undecided,New] https://launchpad.net/bugs/26106610:31
=== fReAkY[t] is now known as freaky[t]
=== andreas__ is now known as ahasenack
KoryoCan anyone in here help me setup BIRD please? i have downloaded and installed it through KPackage Manager, but i am unsure of how to proceed from here.13:44
Adakoshey folks. IM putting together a server, does anyone have a list of compatible motherboards, or recommendations on a relatively cheap (entry level) motherboard?14:02
uvirtbotNew bug: #260291 in openvpn (universe) "Network Manager 0.7, openvpn, VPN Connection Failed" [High,Confirmed] https://launchpad.net/bugs/26029115:01
jcastrokirkland: update-motd is great, it'd make an excellent little blog post subject15:24
gsalahhello all, I really have a big problem, I posted many times, I have a very slow pptp vpn connection and don't know why, any leading points?15:28
zulKoon: ping15:36
Koonzul: pong15:36
zulKoon: does this look sane to you: http://pastebin.com/d38ca886215:37
zulits for the openvpn/network manager fix15:37
* Koon looks15:39
Koonzul: i don't know that much rc7, but that looks sane, yes15:41
zulcoolio15:41
zulthanks15:42
Koon(haven't tested it so ymmv) :)15:42
zulKoon: I already have15:43
Koonok cool ;)15:43
gsalah__hello all, I really have a big problem, I posted many times, I have a very slow pptp vpn connection and don't know why, any leading points?15:47
=== gsalah__ is now known as gsalah
PupenoHello.17:22
PupenoAnyone running a mail server with imap and server-side filtering?17:23
uvirtbotNew bug: #261198 in apache2 (main) "Add UFW profile integration with apache2" [Undecided,Confirmed] https://launchpad.net/bugs/26119818:05
sorenPupeno: Yes.18:19
ChrisGilmorehey, I've installed Ubuntu Server through parallels on my mac successfully, but how would I access the localhost through my mac when it is on the Ubuntu server?18:45
LMJis anyone tried mod_authnz_external with Apache 2.2 ?19:07
LMJGot a 500 error19:07
themolestei'm not sure if i should ask here, or main chan19:26
themolestei'm having some issues making a minimalist desktop for a mpc19:27
themolestehtpc19:27
themolestethe software I'm using is xbmc and I set up a dual boot between ubuntu server and ubuntu desktop for testing19:28
themolesteon desktop, the program works fine, on server it is very slow and xorg uses 100% cpu19:28
themolesteso, i'm missing something on server, that is not included with apt-get install xorg19:31
themolestealso, i'm trying to avoid a window manager, so while installing gdm might fix it, I would rather not19:31
themolesteif anyone is here, i found out the difference... on the desktop glxinfo says it is using direct rendering... on server it is indirect19:40
sommerjdstrand: I updated the ufw sections this weekend, wasn't 100% sure I understood the --add-new option for the application integration19:52
jdstrandsommer: you are not the only person to have said that, so I clearly need to be more, well, clear20:00
jdstrandsommer: if you don't mind entertaining me-- how do you understand it?20:00
jdstrand(it may help me to clarify it if I know how people are currently interpreting it)20:01
sommerjdstrand: if you add a port rule to an application profile it won't be enabled until you specifically enable it, unless you set the option to default20:01
sommerjdstrand: or at least that's close to my interpretation :)20:02
jdstrandsommer: yes, if I understand your phrasing correctly :)20:02
jdstrandsommer: adding a profile in /etc/ufw/applications.d simply makes the profile available to use when adding rules20:03
jdstrandsommer: eg 'ufw allow Apache'20:03
leonelScottK: https://bugs.edge.launchpad.net/ubuntu/+source/clamav/+bug/26124920:03
uvirtbotLaunchpad bug 261249 in clamav "MIR report for CLAMAV" [Undecided,New]20:03
jdstrandsommer: the 'app update' command allows a maintainer or admin to change the profile, and then update all referenced rules with one command20:03
jdstrandsommer: eg, user does 'ufw allow WebApp', which simply opens port 808020:04
jdstrandsommer: admin then changes the profile to have '8080,8081'20:04
jdstrandsommer: a user can then run 'ufw app update WebApp' and now both 8080 and 8081 are open20:05
sommerjdstrand: ah, that makes sense, and if they've set --add-new to default they don't need to do the "app update" part?20:05
jdstrandsommer: a package maintainer can take advantage of this for long-term maintainablity20:06
jdstrandsommer: exactly20:06
jdstrandsommer: 'update --add-new' does all that 'update' does, and it will add a new rule to the firewall depending on how DEFAULT_APPLICATION_POLICY is set20:06
jdstrand(which is skip by default)20:07
sommerjdstrand: okay makes sense now, I'll double check what I wrote... probably needs clarified, heh20:07
jdstrandsommer: when the DEFAULT_APPLICATION_POLICY is skip, 'app update' and 'app update --ade-new' are equivalent20:07
sommerjdstrand: gotcha20:08
jdstrandsommer: the nice thing about this is for example samba20:08
jdstrandsommer: it might have a profile that is 137,138/udp|139,445/tcp20:08
jdstrandsommer: if a user did:20:08
jdstrandufw allow to any app Samba from 192.168.0.0/1620:09
jdstrandufw allow to any app Samba from 10.0.0.320:09
jdstrandthen if change the profile, you only have to run 1 command, as opposed to (at least) 820:09
jdstrand(4 ports * 2 rules)20:10
sommercool, so are any profiles currently shipping?  I believe I saw a bug for apache...20:11
sommerjdstrand: something to use as an example anyway20:11
jdstrandsommer: a community member has approached me and said he'd work on apache and openssh initially20:11
Pupenosoren: What do you use for that?20:12
jdstrandsommer: I might also add that the average user will likely only need to use 'app list', 'app info <profile>' and then references the profiles in the rules20:12
jdstrandsommer: the 'app update' command is really to make sure there is some way a maintainer can update the profiles sanely20:13
jdstrandthough, an admin may find it useful...20:14
sommerjdstrand: for new profiles is the procedure to file a bug against the application?20:15
sorenPupeno: Dovecot.20:15
jdstrandsommer: yes, you can see UbuntuFirewall for developing them, and ServerTeam/Roadmap for targeted applications20:15
Pupenosoren: and postfix I presume, right?20:15
sommerjdstrand: awesome, I'll update the guide this evening, thanks20:16
sorenPupeno: Postfix is somewhat involved, yes. IMAP and server side filtering is all dovecot, though.20:16
jdstrandsommer: thank you! :)20:17
Pupenosoren: I'm reading Dovecot page at the moment. How do you perform and/or set the server-side filtering?20:17
ScottKleonel: Thanks.20:17
sorenPupeno: I tell postfix to use Dovecot's LDA. Dovecot then reads a sieve script from my home directory.20:18
didrocksjdstrand: are you there?20:48
jdstranddidrocks: yes, hi!20:51
didrockshi :)20:52
didrocksI think the first debdiff is ready20:52
jdstranddidrocks: for apache? I haven't looked at it yet, but saw it come in20:52
didrocksI just have one question before: is it delibaretly for ufw that we do not remove the rules after purging the package ?20:52
didrocks(I haven't uploaded it at the moment :))20:52
jdstranddidrocks: well, we remove the profile, but don't remove the rule if the user had DEFAULT_APPLICATION_POLICY set to something other than skip and a rule was automatically added20:54
didrocksyes, that's what I say20:54
didrocks/say/saw20:54
didrocksthis one is located on /var/lib/ufw/user.rules apparently :)20:55
jdstranddidrocks: oh, I thought we were talking about application rules20:55
didrocksno no, firewall rules, sorry for the misleading term :)20:56
jdstranddidrocks: so /var/lib/ufw is not deleted on purge?20:56
didrocksyes, the rule corresponding to the removed profile is not removed (as described in https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages)20:57
jdstranddidrocks: I think we are talking about different things20:57
didrockshum, I am speaking about rules visible through ufw status20:57
jdstranddidrocks: on apt-get remove --purge ufw, what are you expecting to happen, and what is happening?20:58
Goosemoosehi. does anyone have a good hardy preseed file. especially one that joins an AD domain?20:58
didrocksjdstrand: on --purge, the profile (so, the file in /etc/ufw/applications.d/... is removed), but the firewall rule (which is shown by "ufw status") is not purged20:59
didrocksand I don't find it logical (for me, both has to be removed)20:59
jdstranddidrocks: ok-- now I know what you are talking about20:59
jdstranddidrocks: 'apt-get remove --purge apache2.2-common' removes the profile, but does not update the running firewall21:00
jdstranddidrocks: that is intentional21:00
didrockswhy?21:00
jdstranddidrocks: the stance I took is that if the administrator added rules referencing a profile, then the admin should update the firewall when that package is removed21:03
jdstranddidrocks: I was trying to avoid ufw making policy decisions on its own, which it could very easily do wrong21:03
didrocksyes, that's understandable21:04
jdstranddidrocks: it's also possible that a profile might not be package specific for some people/distributions21:05
didrocksthat makes sense. ok, that was my last question I think. I have ust uplodaded apache2 debdiff. It build well and I tried it on my intrepid VM (playing with ufw ;))21:06
jdstranddidrocks: eg, profiles could be distributed by someone in a 'ufw-profiles' package, that has things such as 'Web Server'.21:06
didrocksyes, some common profiles between packages21:06
didrocksjdstrand: thanks a lot :)21:07
jdstrandthen the install appache, do "ufw allow 'Web Server'", then remove the ufw-profiles package and apache is not longer accessible21:07
jdstrand(if we automatically removed the rules on profile removal)21:07
didrocksyes yes, I understand21:07
didrocksregarding terms21:07
didrocksrules is for firewall21:07
didrocksprofiles for application-port association21:08
didrocksis it correct?21:08
jdstranddidrocks: yes21:09
jdstranddidrocks: rules as in 'iptables rules'21:09
didrocksjdstrand: that's what I was assuming :)21:10
didrocksit's a really great tool as iptables configuration is very difficult the first timeā€¦ (then, it seems easier, but well ^^)21:11
jdstrandthanks! :)21:11
didrocksjdstrand: when you will have time (after your move, for instance ;)). Keep me in touch about this package and when it will be ok (maybe some changes has to be done), I will try to put some efforts on other packages21:12
didrocksit is very straightforward21:12
jdstranddidrocks: I sure will-- I will definitely look at it this week21:13
jdstranddidrocks: thanks again for your work!21:13
jdstrand:)21:13
didrocksjdstrand: you're welcome :)21:13
didrockshave a good evening (or day) :)21:14
jdstrandyou too21:14
didrocksthanks21:14
kirklandemgent: thanks ;-)21:16
kirklandsommer: thanks ;-)21:16
didrocksjdstrand: someone uploaded ubuntu1 during this time, I have to update my package :/21:55
didrockskees is the guilty ^^21:55
keesdidrocks: which package?21:56
didrocksapache2 :)21:56
keesoh, did we just collide?21:57
keesI _just_ uploaded an ubuntu1 version :(21:57
didrocksyes, but no problem, I will provide a new version :)21:57
didrocks(and hate you secretly :))21:57
keesokay, cool, sorry about that.  I didn't realize one was in the works.21:57
keeshehe21:57
keesmathiaz: hrm, slapd isn't installable for me under intrepid.  it yells about existing directories.21:59
nxvlkirkland: yay for superpowers! Congratulations!22:02
mathiazkees: hm - which ones ?22:03
PumpkinPieis anyone using a lot of bandwidth ?22:04
nxvlPumpkinPie: what for?22:04
keesmathiaz: http://pastebin.osuosl.org/2186922:05
mathiazkees: seems like an issue with the rootpassword - can you share the root password ?22:07
mathiazkees: or look into /tmp/slapd_init.ldif.SAhzi17406 ?22:07
keesmathiaz: er, there's no root password (running in a schroot)22:07
kees105 lines in that tmp file... what am I looking for?22:08
* kees starts over in his schroot22:08
mathiazkees: olcRootPW22:08
mathiazkees: no root password -> that's why22:08
mathiazkees: there is probably a line similar to this: olcRootPW:22:10
uvirtbotNew bug: #261274 in redhat-cluster-suite (main) "clustat(8) truncates columnar output when stdout is not a TTY" [Undecided,New] https://launchpad.net/bugs/26127422:10
=== nxvl_ is now known as nxvl
keesmathiaz:22:11
keesolcRootDN: cn=admin,cn=config22:11
keesolcRootPW:22:11
kees# olcRootDN: cn=admin,dc=outflux,dc=net22:11
kees# olcRootPW:22:11
keeswhat should I do to work around this?22:12
mathiazkees: can you set a root password ?22:13
mathiazkees: or is it part of an automated install ?22:13
keesthis is an automated install.22:14
kees        db_get slapd/internal/adminpw22:14
kees        adminpass=$(echo $RET | sed -e 's|/|\\/|g')22:14
keesthat appears to be the place it's getting that password from?22:14
mathiazkees: correct - slapd/internal/adminpw is the debconf template22:14
keesmathiaz: so this is a debconf prompting level problem?22:14
mathiazkees: hm - which level are you running deconf ?22:15
mathiazkees: the password is prompted at level high22:15
keesmathiaz: critical.  ;)22:15
keesmk-sbuild-lv uses:22:16
keesecho set debconf/frontend Noninteractive | debconf-communicate22:16
keesecho set debconf/priority critical | debconf-communicate22:16
mathiazkees: right22:16
mathiazkees: so you22:16
mathiazkees: so you'd have to preseed the admin pw value22:16
_jpierreGuys I have setup DHCP, but my clients can't access the internet. Can anyone help22:16
mathiazkees: that should work22:16
keesmathiaz: I think this is a bit of a bug, actually -- a randomized default should be chosen in the case that debconf can't prompt.22:17
osmosisAnyone know if this effects ubuntu?  http://blog.vipul.net/2008/08/24/redhat-perl-what-a-tragedy/22:19
keesmathiaz: and this needs a -p I think:   Creating initial slapd configuration... mkdir: cannot create directory `/etc/ldap/slapd.d/': File exists22:19
keesmathiaz: hrm, seems that test-openldap.py in the regression testing suite still fails on intrepid.  it's complaining about a missing pid file note.22:25
jdstrandosmosis: somone said in a comment that debian isn't affected (which is where we get our perl). I tried the sample code and have:22:28
jdstrandreal0m0.314s22:28
jdstranduser0m0.136s22:28
jdstrandsys0m0.004s22:28
jdstrand(so under a second and not affected)22:28
mathiazkees: I'll have a look at it22:28
keesmathiaz: okay, thanks.22:29
antdedyetAnyone around that would know who may be aware of possible ubuntu mailing list chokes? For the past couple of months there has began to be some several day delay in receiving email from some of the addresses to my mailbox (ubuntu-devel is the most recently one and I don't encounter similiar issues with any other incoming email).22:58
keeszul: looks like mysql failed on amd64: http://launchpadlibrarian.net/17049756/buildlog_ubuntu-intrepid-amd64.mysql-dfsg-5.0_5.0.67-0ubuntu1_FAILEDTOBUILD.txt.gz22:59
keesantdedyet: check with folks in #canonical-sysadmin -- they manage the infrastructure machines23:00
keeszul: but I wasn't able to reproduce it on my amd64.23:03
antdedyetkees: alright. thanks!23:03
PumpkinPiebaffle: ?23:14

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!