[00:11] <Dedi> anyone has a good postfix reject_rbl_client config for recipient/helo/sender restriction?
[03:22] <luckyone> I have set up a samba share on my ubuntu server. My windows pc can connect to it just fine. However, my ubuntu desktop can't seem to connect/mount it
[03:36] <fujin> hiya, anyone here familiar with reprepro?
[05:01] <pschulz01> Greetings..
[05:02] <vk5foss> allo
[06:04] <pschulz01> Is there a 'pdf' for the 'Ubuntu Server Guide anywhere?
[06:05] <nxvl> i think it is
[06:05] <nxvl> somewhere
[06:05] <nxvl> not sure where
[06:15] <azteech> pschulz01 - try this link dl2.foss-id.web.id/dokumen/ubuntu/serverguide.pdf
[06:16] <azteech> or this link ... http://www.linuxinet.com/free-linux-ebooks/download-free-pdf-ebooks-ubuntu-server-guide.html
[06:28] <pschulz01> azteech: Ta.
[06:28] <pschulz01> azteech: The first link seems a leetle slow.
[06:29] <azteech> all the pdf's i have tried are slow ... but then again, i am on dial ...
[06:30] <azteech> if you want to find another one ... google for it and use pdf+ubuntu server guide ....
[06:30] <pschulz01> azteech: Second link was quick.. done..
[06:30] <azteech> k
[06:30] <pschulz01> azteech: Looks a little dated as well.
[06:30] <pschulz01> Copyright 2006
[06:31] <azteech> well the ubuntu server doc site only shows the 5.10 and 6.10 versions ... of the doc ... so the pdf's might be as well ...
[06:31] <azteech> the 8.04 version I found a little while ago is still in draft form ..
[06:32] <azteech> and as such, probably not a pdf out there for it ..
[06:33] <pschulz01> Ta. Looks like it should submit some updates :-)
[06:33] <azteech> agreed ... and am sure they will when draft doc is done ..
[06:50] <Ontolog> Is there an ImageMagick page that doesn't rely on X?
[08:02] <jgiorgi> i am planning on install ubuntu server on my desktop for testing purposes, i understand that for security no GUI is installed by default, i agree that is a great idea for security on most servers but is there a way (easy way) to install a gui and it be all set up like it was default so i dont have to get another computer
[08:02] <jgiorgi> i was guessing sudo apt-get install gnome
[08:03] <vk5foss> thats an #ubunttu question (the answer is to run tasksel and chose the desktop task)
[08:03] <vk5foss> * #ubuntu
[08:04] <jgiorgi> lol sorry
[08:04] <_ruben> or just use some virtualization product
[08:08] <kraut> moin
[09:28] <ghaleb> hello all, I have installed pptp VPN server, but my clients suffer from a very slow connections, is that necessary for VPN server to be a gatway ?
[13:44] <Koryo> Can anyone in here help me setup BIRD please? i have downloaded and installed it through KPackage Manager, but i am unsure of how to proceed from here.
[14:02] <Adakos> hey folks. IM putting together a server, does anyone have a list of compatible motherboards, or recommendations on a relatively cheap (entry level) motherboard?
[15:24] <jcastro> kirkland: update-motd is great, it'd make an excellent little blog post subject
[15:28] <gsalah> hello all, I really have a big problem, I posted many times, I have a very slow pptp vpn connection and don't know why, any leading points?
[15:36] <zul> Koon: ping
[15:36] <Koon> zul: pong
[15:37] <zul> Koon: does this look sane to you: http://pastebin.com/d38ca8862
[15:37] <zul> its for the openvpn/network manager fix
[15:39]  * Koon looks
[15:41] <Koon> zul: i don't know that much rc7, but that looks sane, yes
[15:41] <zul> coolio
[15:42] <zul> thanks
[15:42] <Koon> (haven't tested it so ymmv) :)
[15:43] <zul> Koon: I already have
[15:43] <Koon> ok cool ;)
[15:47] <gsalah__> hello all, I really have a big problem, I posted many times, I have a very slow pptp vpn connection and don't know why, any leading points?
[17:22] <Pupeno> Hello.
[17:23] <Pupeno> Anyone running a mail server with imap and server-side filtering?
[18:19] <soren> Pupeno: Yes.
[18:45] <ChrisGilmore> hey, I've installed Ubuntu Server through parallels on my mac successfully, but how would I access the localhost through my mac when it is on the Ubuntu server?
[19:07] <LMJ> is anyone tried mod_authnz_external with Apache 2.2 ?
[19:07] <LMJ> Got a 500 error
[19:26] <themoleste> i'm not sure if i should ask here, or main chan
[19:27] <themoleste> i'm having some issues making a minimalist desktop for a mpc
[19:27] <themoleste> htpc
[19:28] <themoleste> the software I'm using is xbmc and I set up a dual boot between ubuntu server and ubuntu desktop for testing
[19:28] <themoleste> on desktop, the program works fine, on server it is very slow and xorg uses 100% cpu
[19:31] <themoleste> so, i'm missing something on server, that is not included with apt-get install xorg
[19:31] <themoleste> also, i'm trying to avoid a window manager, so while installing gdm might fix it, I would rather not
[19:40] <themoleste> if anyone is here, i found out the difference... on the desktop glxinfo says it is using direct rendering... on server it is indirect
[19:52] <sommer> jdstrand: I updated the ufw sections this weekend, wasn't 100% sure I understood the --add-new option for the application integration
[20:00] <jdstrand> sommer: you are not the only person to have said that, so I clearly need to be more, well, clear
[20:00] <jdstrand> sommer: if you don't mind entertaining me-- how do you understand it?
[20:01] <jdstrand> (it may help me to clarify it if I know how people are currently interpreting it)
[20:01] <sommer> jdstrand: if you add a port rule to an application profile it won't be enabled until you specifically enable it, unless you set the option to default
[20:02] <sommer> jdstrand: or at least that's close to my interpretation :)
[20:02] <jdstrand> sommer: yes, if I understand your phrasing correctly :)
[20:03] <jdstrand> sommer: adding a profile in /etc/ufw/applications.d simply makes the profile available to use when adding rules
[20:03] <jdstrand> sommer: eg 'ufw allow Apache'
[20:03] <leonel> ScottK: https://bugs.edge.launchpad.net/ubuntu/+source/clamav/+bug/261249
[20:03] <jdstrand> sommer: the 'app update' command allows a maintainer or admin to change the profile, and then update all referenced rules with one command
[20:04] <jdstrand> sommer: eg, user does 'ufw allow WebApp', which simply opens port 8080
[20:04] <jdstrand> sommer: admin then changes the profile to have '8080,8081'
[20:05] <jdstrand> sommer: a user can then run 'ufw app update WebApp' and now both 8080 and 8081 are open
[20:05] <sommer> jdstrand: ah, that makes sense, and if they've set --add-new to default they don't need to do the "app update" part?
[20:06] <jdstrand> sommer: a package maintainer can take advantage of this for long-term maintainablity
[20:06] <jdstrand> sommer: exactly
[20:06] <jdstrand> sommer: 'update --add-new' does all that 'update' does, and it will add a new rule to the firewall depending on how DEFAULT_APPLICATION_POLICY is set
[20:07] <jdstrand> (which is skip by default)
[20:07] <sommer> jdstrand: okay makes sense now, I'll double check what I wrote... probably needs clarified, heh
[20:07] <jdstrand> sommer: when the DEFAULT_APPLICATION_POLICY is skip, 'app update' and 'app update --ade-new' are equivalent
[20:08] <sommer> jdstrand: gotcha
[20:08] <jdstrand> sommer: the nice thing about this is for example samba
[20:08] <jdstrand> sommer: it might have a profile that is 137,138/udp|139,445/tcp
[20:08] <jdstrand> sommer: if a user did:
[20:09] <jdstrand> ufw allow to any app Samba from 192.168.0.0/16
[20:09] <jdstrand> ufw allow to any app Samba from 10.0.0.3
[20:09] <jdstrand> then if change the profile, you only have to run 1 command, as opposed to (at least) 8
[20:10] <jdstrand> (4 ports * 2 rules)
[20:11] <sommer> cool, so are any profiles currently shipping?  I believe I saw a bug for apache...
[20:11] <sommer> jdstrand: something to use as an example anyway
[20:11] <jdstrand> sommer: a community member has approached me and said he'd work on apache and openssh initially
[20:12] <Pupeno> soren: What do you use for that?
[20:12] <jdstrand> sommer: I might also add that the average user will likely only need to use 'app list', 'app info <profile>' and then references the profiles in the rules
[20:13] <jdstrand> sommer: the 'app update' command is really to make sure there is some way a maintainer can update the profiles sanely
[20:14] <jdstrand> though, an admin may find it useful...
[20:15] <sommer> jdstrand: for new profiles is the procedure to file a bug against the application?
[20:15] <soren> Pupeno: Dovecot.
[20:15] <jdstrand> sommer: yes, you can see UbuntuFirewall for developing them, and ServerTeam/Roadmap for targeted applications
[20:15] <Pupeno> soren: and postfix I presume, right?
[20:16] <sommer> jdstrand: awesome, I'll update the guide this evening, thanks
[20:16] <soren> Pupeno: Postfix is somewhat involved, yes. IMAP and server side filtering is all dovecot, though.
[20:17] <jdstrand> sommer: thank you! :)
[20:17] <Pupeno> soren: I'm reading Dovecot page at the moment. How do you perform and/or set the server-side filtering?
[20:17] <ScottK> leonel: Thanks.
[20:18] <soren> Pupeno: I tell postfix to use Dovecot's LDA. Dovecot then reads a sieve script from my home directory.
[20:48] <didrocks> jdstrand: are you there?
[20:51] <jdstrand> didrocks: yes, hi!
[20:52] <didrocks> hi :)
[20:52] <didrocks> I think the first debdiff is ready
[20:52] <jdstrand> didrocks: for apache? I haven't looked at it yet, but saw it come in
[20:52] <didrocks> I just have one question before: is it delibaretly for ufw that we do not remove the rules after purging the package ?
[20:52] <didrocks> (I haven't uploaded it at the moment :))
[20:54] <jdstrand> didrocks: well, we remove the profile, but don't remove the rule if the user had DEFAULT_APPLICATION_POLICY set to something other than skip and a rule was automatically added
[20:54] <didrocks> yes, that's what I say
[20:54] <didrocks> /say/saw
[20:55] <didrocks> this one is located on /var/lib/ufw/user.rules apparently :)
[20:55] <jdstrand> didrocks: oh, I thought we were talking about application rules
[20:56] <didrocks> no no, firewall rules, sorry for the misleading term :)
[20:56] <jdstrand> didrocks: so /var/lib/ufw is not deleted on purge?
[20:57] <didrocks> yes, the rule corresponding to the removed profile is not removed (as described in https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages)
[20:57] <jdstrand> didrocks: I think we are talking about different things
[20:57] <didrocks> hum, I am speaking about rules visible through ufw status
[20:58] <jdstrand> didrocks: on apt-get remove --purge ufw, what are you expecting to happen, and what is happening?
[20:58] <Goosemoose> hi. does anyone have a good hardy preseed file. especially one that joins an AD domain?
[20:59] <didrocks> jdstrand: on --purge, the profile (so, the file in /etc/ufw/applications.d/... is removed), but the firewall rule (which is shown by "ufw status") is not purged
[20:59] <didrocks> and I don't find it logical (for me, both has to be removed)
[20:59] <jdstrand> didrocks: ok-- now I know what you are talking about
[21:00] <jdstrand> didrocks: 'apt-get remove --purge apache2.2-common' removes the profile, but does not update the running firewall
[21:00] <jdstrand> didrocks: that is intentional
[21:00] <didrocks> why?
[21:03] <jdstrand> didrocks: the stance I took is that if the administrator added rules referencing a profile, then the admin should update the firewall when that package is removed
[21:03] <jdstrand> didrocks: I was trying to avoid ufw making policy decisions on its own, which it could very easily do wrong
[21:04] <didrocks> yes, that's understandable
[21:05] <jdstrand> didrocks: it's also possible that a profile might not be package specific for some people/distributions
[21:06] <didrocks> that makes sense. ok, that was my last question I think. I have ust uplodaded apache2 debdiff. It build well and I tried it on my intrepid VM (playing with ufw ;))
[21:06] <jdstrand> didrocks: eg, profiles could be distributed by someone in a 'ufw-profiles' package, that has things such as 'Web Server'.
[21:06] <didrocks> yes, some common profiles between packages
[21:07] <didrocks> jdstrand: thanks a lot :)
[21:07] <jdstrand> then the install appache, do "ufw allow 'Web Server'", then remove the ufw-profiles package and apache is not longer accessible
[21:07] <jdstrand> (if we automatically removed the rules on profile removal)
[21:07] <didrocks> yes yes, I understand
[21:07] <didrocks> regarding terms
[21:07] <didrocks> rules is for firewall
[21:08] <didrocks> profiles for application-port association
[21:08] <didrocks> is it correct?
[21:09] <jdstrand> didrocks: yes
[21:09] <jdstrand> didrocks: rules as in 'iptables rules'
[21:10] <didrocks> jdstrand: that's what I was assuming :)
[21:11] <didrocks> it's a really great tool as iptables configuration is very difficult the first time… (then, it seems easier, but well ^^)
[21:11] <jdstrand> thanks! :)
[21:12] <didrocks> jdstrand: when you will have time (after your move, for instance ;)). Keep me in touch about this package and when it will be ok (maybe some changes has to be done), I will try to put some efforts on other packages
[21:12] <didrocks> it is very straightforward
[21:13] <jdstrand> didrocks: I sure will-- I will definitely look at it this week
[21:13] <jdstrand> didrocks: thanks again for your work!
[21:13] <jdstrand> :)
[21:13] <didrocks> jdstrand: you're welcome :)
[21:14] <didrocks> have a good evening (or day) :)
[21:14] <jdstrand> you too
[21:14] <didrocks> thanks
[21:16] <kirkland> emgent: thanks ;-)
[21:16] <kirkland> sommer: thanks ;-)
[21:55] <didrocks> jdstrand: someone uploaded ubuntu1 during this time, I have to update my package :/
[21:55] <didrocks> kees is the guilty ^^
[21:56] <kees> didrocks: which package?
[21:56] <didrocks> apache2 :)
[21:57] <kees> oh, did we just collide?
[21:57] <kees> I _just_ uploaded an ubuntu1 version :(
[21:57] <didrocks> yes, but no problem, I will provide a new version :)
[21:57] <didrocks> (and hate you secretly :))
[21:57] <kees> okay, cool, sorry about that.  I didn't realize one was in the works.
[21:57] <kees> hehe
[21:59] <kees> mathiaz: hrm, slapd isn't installable for me under intrepid.  it yells about existing directories.
[22:02] <nxvl> kirkland: yay for superpowers! Congratulations!
[22:03] <mathiaz> kees: hm - which ones ?
[22:04] <PumpkinPie> is anyone using a lot of bandwidth ?
[22:04] <nxvl> PumpkinPie: what for?
[22:05] <kees> mathiaz: http://pastebin.osuosl.org/21869
[22:07] <mathiaz> kees: seems like an issue with the rootpassword - can you share the root password ?
[22:07] <mathiaz> kees: or look into /tmp/slapd_init.ldif.SAhzi17406 ?
[22:07] <kees> mathiaz: er, there's no root password (running in a schroot)
[22:08] <kees> 105 lines in that tmp file... what am I looking for?
[22:08]  * kees starts over in his schroot
[22:08] <mathiaz> kees: olcRootPW
[22:08] <mathiaz> kees: no root password -> that's why
[22:10] <mathiaz> kees: there is probably a line similar to this: olcRootPW:
[22:11] <kees> mathiaz:
[22:11] <kees> olcRootDN: cn=admin,cn=config
[22:11] <kees> olcRootPW:
[22:11] <kees> # olcRootDN: cn=admin,dc=outflux,dc=net
[22:11] <kees> # olcRootPW:
[22:12] <kees> what should I do to work around this?
[22:13] <mathiaz> kees: can you set a root password ?
[22:13] <mathiaz> kees: or is it part of an automated install ?
[22:14] <kees> this is an automated install.
[22:14] <kees>         db_get slapd/internal/adminpw
[22:14] <kees>         adminpass=$(echo $RET | sed -e 's|/|\\/|g')
[22:14] <kees> that appears to be the place it's getting that password from?
[22:14] <mathiaz> kees: correct - slapd/internal/adminpw is the debconf template
[22:14] <kees> mathiaz: so this is a debconf prompting level problem?
[22:15] <mathiaz> kees: hm - which level are you running deconf ?
[22:15] <mathiaz> kees: the password is prompted at level high
[22:15] <kees> mathiaz: critical.  ;)
[22:16] <kees> mk-sbuild-lv uses:
[22:16] <kees> echo set debconf/frontend Noninteractive | debconf-communicate
[22:16] <kees> echo set debconf/priority critical | debconf-communicate
[22:16] <mathiaz> kees: right
[22:16] <mathiaz> kees: so you
[22:16] <mathiaz> kees: so you'd have to preseed the admin pw value
[22:16] <_jpierre> Guys I have setup DHCP, but my clients can't access the internet. Can anyone help
[22:16] <mathiaz> kees: that should work
[22:17] <kees> mathiaz: I think this is a bit of a bug, actually -- a randomized default should be chosen in the case that debconf can't prompt.
[22:19] <osmosis> Anyone know if this effects ubuntu?  http://blog.vipul.net/2008/08/24/redhat-perl-what-a-tragedy/
[22:19] <kees> mathiaz: and this needs a -p I think:   Creating initial slapd configuration... mkdir: cannot create directory `/etc/ldap/slapd.d/': File exists
[22:25] <kees> mathiaz: hrm, seems that test-openldap.py in the regression testing suite still fails on intrepid.  it's complaining about a missing pid file note.
[22:28] <jdstrand> osmosis: somone said in a comment that debian isn't affected (which is where we get our perl). I tried the sample code and have:
[22:28] <jdstrand> real	0m0.314s
[22:28] <jdstrand> user	0m0.136s
[22:28] <jdstrand> sys	0m0.004s
[22:28] <jdstrand> (so under a second and not affected)
[22:28] <mathiaz> kees: I'll have a look at it
[22:29] <kees> mathiaz: okay, thanks.
[22:58] <antdedyet> Anyone around that would know who may be aware of possible ubuntu mailing list chokes? For the past couple of months there has began to be some several day delay in receiving email from some of the addresses to my mailbox (ubuntu-devel is the most recently one and I don't encounter similiar issues with any other incoming email).
[22:59] <kees> zul: looks like mysql failed on amd64: http://launchpadlibrarian.net/17049756/buildlog_ubuntu-intrepid-amd64.mysql-dfsg-5.0_5.0.67-0ubuntu1_FAILEDTOBUILD.txt.gz
[23:00] <kees> antdedyet: check with folks in #canonical-sysadmin -- they manage the infrastructure machines
[23:03] <kees> zul: but I wasn't able to reproduce it on my amd64.
[23:03] <antdedyet> kees: alright. thanks!
[23:14] <PumpkinPie> baffle: ?