/srv/irclogs.ubuntu.com/2008/10/27/#ubuntu-server.txt

TANATHOSwhere are you from00:00
TANATHOS?00:00
djdarkmanTANATHOS: Romania, why?00:00
TANATHOSca si eu is roman00:01
TANATHOSda locuiesc in Anglia de o buna bucata de timp00:01
TANATHOS:)00:01
TANATHOSma gandeam eu ca esti roman00:01
TANATHOSauzi00:01
djdarkmansi fain acolo? :)00:02
* djdarkman goes to make a coffe as hard as h3ll00:03
=== macd__ is now known as macd
ScottKkirkland: You around?01:00
kirklandScottK: hi01:00
ScottKkirkland: I've got a question for you.  Let me get the paste.01:00
kirklandk01:01
ScottK<Randomskk> hey everyone, I'm installing kubuntu 8.10 RC via the alt disk, setup partitioning manually with encrypted lvm, when it gets to "configuring apt sources" it then asks me to insert media ("please insert disk labeled: kubuntu 8.10 _Intrepid Ibex_...")01:01
ScottK <Randomskk> the disk is already in and it's been installing from it up to that point01:01
ScottK[20:58] <Hobbsee> is that supposed to work?01:01
ScottKkirkland: ^^?01:01
kirklandScottK: hmm, i've never installed kubuntu from the alternate installer01:03
ScottKIt should be the same as Ubuntu in terms of such capabilities01:04
kirklandScottK: yeah, i'd think so01:04
kirklandScottK: does this only happen with encrypted lvm?01:04
ScottKkirkland: Would you be willing to go talk to the reporter?  He's in #ubuntu+1 right now.01:04
ScottKkirkland: I'm just the middle man looking for an expert.01:04
kirklandScottK: watching a movie with the wife... i can spend a few minutes but not all night01:05
kirklandScottK: Rondomskk is the reported?01:06
ScottKkirkland: Understand.  I'd appreciate it if you'd at least talk to the guy and help him file a good bug if nothing else.01:06
ScottKYes.01:06
ScottKkirkland: Thanks.01:07
kirklandnp01:07
Wobertwhat would ^@ mean in a faillog ?02:48
Dedihow many do your firefox 3 needs resMEM? i have 209M displaying NO website oO04:59
Dedifc sry05:01
krautmoin07:58
Logi_Khoohi, i have some prob installing e-box08:27
Logi_Khoofollowed the wiki, but still am not moving on08:27
sorenLogi_Khoo: Try in #eBox.08:45
Logi_Khoothanks soren08:46
nobsehi08:55
uvirtbotNew bug: #286063 in openldap (main) "slapd package cannot be installed" [Undecided,New] https://launchpad.net/bugs/28606309:03
sorenCan't be installed? I don't like the sound of that..09:08
yann2soren > how stable would you rate the kvm in your ppa? does the worst case scenario include "total VM breakdown, in a non recoverable state"?09:10
yann2I've got some mission critical windows vms to create, facing a big dilemma :)09:10
sorenyann2: The on in the ubuntu-virt ppa?09:11
yann2https://launchpad.net/~soren/+archive  kvm72 here09:11
yann2so there is a ubuntu-virt ppa... :s09:12
sorenyann2: Yeah, that's the one you want. I don't recommend my personal one on anything even resembling production systems. I reserver the right to put completely random crack in there.09:12
sorenI'm much more well-behaved with the ubuntu-virt one :)09:13
yann2both versions have the same name? are they still different?09:13
sorenyann2: Let me check.09:14
sorenyann2: I believe so, yes. I think uploading it to my personal repo was a blunder.09:14
yann2soren > #ubuntu-virt :P09:16
mathiazdendrobates: have you seen bug 289470?09:33
uvirtbotLaunchpad bug 289470 in open-iscsi "open-iscsi user-space does not match kernel module version" [Undecided,New] https://launchpad.net/bugs/28947009:33
dendrobatesmathiaz: no09:35
mathiazdendrobates: seems that open-iscsi is borked in intrepid09:35
dendrobatesmathiaz: damn09:36
dendrobatesmathiaz: yep and just at the last minute.09:36
mathiazdendrobates: according to pete there have been a lot of changes in the intrepid kernel wrt to iscsi09:48
mathiazdendrobates: the user space part hasn't been updated since last may09:48
mathiazdendrobates: most of the kernel updates have been made in July - that would explain why things are breaking :/09:49
dendrobatesmathiaz: it worked a lot more recently than July.09:50
mathiazdendrobates: the last change in iscsi was made in september then09:50
mathiazdendrobates: in the kernel09:50
=== mdz_ is now known as mdz
mathiazdendrobates: after some basic testing on iscsi I don't think we have a release critical bug 28947010:29
uvirtbotLaunchpad bug 289470 in open-iscsi "open-iscsi user-space does not match kernel module version" [Critical,Triaged] https://launchpad.net/bugs/28947010:29
mathiazdendrobates: iscsi is working - I was able to create an iscsi target, mount it in a client and create files on it10:30
dendrobatesmathiaz: so is the bug report invalid?10:30
mathiazdendrobates: no - it's valid10:30
mathiazdendrobates: display all active sessions and connections10:30
mathiazdendrobates: ^^ that doesn't work10:31
mathiazdendrobates: but open-iscsi is working.10:31
mathiazdendrobates: in the sense that we can mount an iscsi block device and files can be created.10:31
dendrobatesmathiaz: ok, sounds like an sru candidate after release.10:31
mathiazdendrobates: agreed.10:32
mathiazdendrobates: I've dropped the importance to high and targeted intrepid-updates.10:37
=== lipsinV1 is now known as lipsin
sorenre bug 28606311:16
uvirtbotLaunchpad bug 286063 in openldap "slapd package cannot be installed" [Medium,Incomplete] https://launchpad.net/bugs/28606311:16
sorenmathiaz: ^11:16
sorenI'm not sure I grok your last comment. /bin/sh is meant to point to dash.11:17
mathiazsoren: right - the error message only happens if /bin/sh point to bash11:18
sorenThe bug seems valid enough to me. Looking at slapd.config, it does indeed try to declare a variable local in the global scope => nonsense.11:18
mathiazsoren: correct. That's a bug.11:18
mathiazsoren: However it doesn't fail if /bin/sh is dash11:18
Deepswhy point to /bin/sh at all? why not update scripts to point to directly to /bin/dash?11:18
sorenDeeps: why on earth would we do that?11:19
Deepsinstead of relying on symlinks that could easily be changed based on the admin's preference11:19
Deepsi for one prefer /bin/sh to point to bash, rather than dash, for a number of scripts i have on various systems all point to /bin/sh which in turn points to bash11:19
mathiazsoren: I agree that this is a bug in the config script. The question is whether this release critical11:19
Deepsi doubt i'm alone in that11:19
Deepstell me why i'm wrong? :D11:20
sorenDeeps: You're doing it wrong.11:20
mathiazsoren: the question is whether this is release critical or can be adressed in the a SRU.11:20
sorenDeeps: If your script depends on a specific implementation of the bourne shell, you shouldn't use #!/bin/sh11:20
Deepsgood point11:21
Deepsi'll get my hat11:21
sorenmathiaz: You're right that it only happens with bash. Definitely an SRU thing, then.11:22
sorenmathiaz: Strange. I don't think I know of other quirks where bash is more picky than dash :)11:22
philsfis there a howto on how to use ecryptfs with gnome-keyring instead of pam? this would be useful for a mount "on demand" I'd like to implement for my laptop (hardy)11:29
philsfkirkland: ping? ^^11:30
sorenphilsf: He won't be around until a few hours from now, probably.11:35
philsfsoren: k, thanks11:36
philsfI'll try in the afternoon (which in my locale will be in about 5h)11:37
carbon_monoxideHello all!12:47
TANATHOShi12:47
carbon_monoxideI'm not an advance Linux server administrator. I have configure my iptables "Filter" with : sudo iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 22 -j ACCEPT12:49
carbon_monoxideafter i applied this configuration. it took me very long time to have SSH logon12:50
TANATHOS!question | carbon_monoxide12:51
ubottucarbon_monoxide: Please don't ask to ask a question, ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely answer. :-)12:51
carbon_monoxideTANATHOS: understood12:51
TANATHOSso, what's the question12:51
carbon_monoxidei want to know any reason would cause SSH logon taking longer when i configure the default policy of iptables INPUT to "DROP"12:53
sorencarbon_monoxide: Is that all you've done? No default policy set or anything?12:53
sorencarbon_monoxide: Because reverse dns lookups are failing.12:53
_rubenor any dns lookups for that matter12:53
Deepsdefault policy drop without any inbound state rules would do that12:54
carbon_monoxideHi soren. yes, i have only configure the default policy to DROP for INPUT12:54
TANATHOScarbon_monoxide: if that is all that you have done, then your server only accepts connection to port 2212:54
sorencarbon_monoxide: Right. That will make dns queries fail.12:54
TANATHOScarbon_monoxide: what are you trying  to do ?12:55
carbon_monoxideTANOTHOS: i'm trying to make my machine shadowed12:56
carbon_monoxideTANOTHOS: cloak, I meant12:57
Deeps-I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT12:57
Deepsiirc12:57
TANATHOScarbon_monoxide: please use Tab autocomplete as I have highlight enabled when someone says my name12:57
TANATHOSand that is not my name12:57
Deepslol hey tanothos :)12:57
TANATHOShey12:58
Deepssounds like he's wanting a stateful firewall, with particular inbound services allowed12:58
carbon_monoxideTANATHOS: sorry =[ i'm new and rare to IRC. sorry for my manner12:59
TANATHOSno problem12:59
TANATHOScarbon_monoxide: you wanna cloack your machine ? as in only few ports opened?13:00
carbon_monoxideactually i'm using xchat in windows Vista cause OpenSUSE 11 doesn't support my wireless adapter and i'm too lazy to deal with ndiswrapper13:00
TANATHOSsorry?13:00
carbon_monoxideTANATHOS: yes, it will only serve several services13:01
TANATHOScarbon_monoxide: you are making me dizzy13:01
TANATHOS:)))13:01
carbon_monoxidehow to use tab autocomplete?13:01
Deepscarbon_monoxide: type the first few letters and press tab13:01
TANATHOScarbon_monoxide: then install your services and open those ports13:01
Deepscarbon_monoxide: and if you look up at the iptables rule i provided, it should resolve your slow ssh login issue13:01
TANATHOSbut I still didn;t get your question13:01
TANATHOSoh that one13:02
carbon_monoxideTANATHOS: yea i know my bad english and poor communication skills13:02
TANATHOS!iptables13:02
ubottuUbuntu, like any other linux distribution, has firewall capabilities built-in. The firewall is managed using the 'iptables' command (see https://help.ubuntu.com/community/IptablesHowTo), or GUI applications such as Firestarter (Gnome) or Guarddog (KDE).13:02
Deepscarbon_monoxide: the problem being that you're not allowing any inbound access except on port 22, DNS queries use arbitrary ports, and unless you allow for inbound traffic on connections you've made already (i.e. by checking the state on the connection), the result of the DNS query cant get through13:02
carbon_monoxideDeeps. thanks! that is same as the shell!13:03
TANATHOScarbon_monoxide: where are you from?13:03
carbon_monoxideTANATHOS: china, hong kong13:04
Deepscarbon_monoxide: what part of hong kong?13:04
Deepscarbon_monoxide: my family live in midlevels13:04
Deepscarbon_monoxide: about 5 mins from admiralty, near the city centre13:05
carbon_monoxideDeeps: hong kong is not big =] Kowloon, Mongkok13:05
Deepsnice13:05
sorencarbon_monoxide: Are you running Hardy or later?13:05
Deepsthere's a great cheung fun place in mong kok my uncle took me to, near the mobile phone mall13:05
carbon_monoxidesoren: i'm running 8.0413:05
sorencarbon_monoxide: You should look at ufw. It does all you want.13:06
Deepsneed to go back soon!13:06
carbon_monoxideDeeps: Mong Kok is a mess =D13:06
carbon_monoxidesoren: thanks! i'm googling it13:07
Deepscarbon_monoxide: true13:07
Deeps!ufw | carbon_monoxide13:07
ubottuSorry, I don't know anything about ufw13:07
Deepsno me digas13:07
Deepsshocking13:07
carbon_monoxidelol13:08
carbon_monoxidefirst time that i hear it says "Sorry, I don't know anything about sth"13:08
TANATHOSufw?13:09
TANATHOS!iptables | carbon_monoxide13:09
ubottucarbon_monoxide: Ubuntu, like any other linux distribution, has firewall capabilities built-in. The firewall is managed using the 'iptables' command (see https://help.ubuntu.com/community/IptablesHowTo), or GUI applications such as Firestarter (Gnome) or Guarddog (KDE).13:09
TANATHOSI think this is what you wanted to do13:10
carbon_monoxidethanks, TANATHOS!13:10
carbon_monoxideireading it13:10
carbon_monoxidei'm reading it carefully *wink*13:10
sorenNo.13:12
sorencarbon_monoxide: ufw is what you want. Really.13:12
TANATHOSsoren what is ufw?13:13
Deepsuncomplicated firewall13:13
TANATHOS:)))13:13
sorenhttps://wiki.ubuntu.com/UbuntuFirewall13:13
Deepsubuntu's nicer front end to iptables13:13
carbon_monoxidebut what i'm confusing now is that, dropping all inc connection except those from port 22 will cause DNS query failure. but i can still get my SSH login successfully. it just takes me longer to wait for the password prompt\13:13
Deepsyep, because the ssh server is trying to do a dns lookup on your ip, and until the request completes or times out, it doesn't proceed to prompt you for your password13:14
Deepsthe time you're waiting is the time it takes for the dns lookup to time out13:14
carbon_monoxideDeeps: i see!13:15
sorenI'm quite sure ufw defaults to allowing established and related connections, and hence would not have this problem.13:16
carbon_monoxidesudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #this line seems like solving my problem13:18
carbon_monoxidebut ufw is a better choice13:19
jdstrand_when one does 'sudo ufw enable' it blocks all incoming connections, and allows all outgoing, with connection tracking, so that a standalone computer can connect and use most any service available on a server13:21
jdstrand_so, for example, one can do outgoing DNS queries, http, irc, etc13:21
jdstrand_to allow incoming connections, simply do 'sudo ufw allow <port>'13:22
jdstrand_sudo 'man ufw' for more details on its usage13:22
jdstrand_s/sudo/see/13:24
carbon_monoxidethanks jdstrand_13:30
sandstromWith a password of 14 random characters, I shouldn't have to worry about brute-force attacks on my SSH server, right?13:37
carbon_monoxidethanks for the help from all of you! i gotta leave. will be hanging around here later. see you all!13:45
sandstromjdstrand: I've spent alot of time trying to get ufw to allow outgoing hostname lookups, without succeeding. You seem very skilled, would you mind taking a look at this? http://pastie.org/30134813:45
uvirtbotNew bug: #289856 in openvpn (universe) "openvpn 2.1~rc11 tls_read_plaintext error" [Undecided,New] https://launchpad.net/bugs/28985613:51
jdstrandsandstrom: it appears that your /etc/ufw/*.rules files are not standard14:01
jdstrandsandstrom: you are missing all the connection tracking rules and icmp14:02
kirklandphilsf: there's no such howto that I know of14:02
jdstrandsandstrom: I suggest you: sudo dpkg --purge --force-depends ufw ; sudo apt-get install ufw14:03
jdstrandsandstrom: then add your rules back in. oh, you should 'sudo ufw disable' prior to running the above command14:04
sandstromokey14:04
sandstromwill do14:04
sandstromI get an error the first time I run ufw enable, linke this: root@k226741:/etc/ufw# ufw enable14:04
sandstromERROR: problem running init script14:04
sandstrommight be related to the absence of my etc/ufw/*.rules14:05
jdstrandsandstrom: uh, if you deleted /etc/ufw/*.rules, that would be problematic, yes14:05
sandstromno, I didn't14:06
sandstromabsence was the wrong word. I ment the absence of my ufw/*.rules in my ip-tables14:06
sandstromI get this when I ran your recommended command above: FATAL: Could not load /lib/modules/2.6.18-028stab053.17/modules.dep:14:07
sandstromNo such file or directory14:07
sandstromip6tables v1.3.8: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)14:07
sandstromPerhaps ip6tables or your kernel needs to be upgraded.14:07
jdstrandsandstrom: so your kernel does not support ipv6?14:08
sandstrommight be. Unfortunately this production server is running on a VPS, so I don't have control over the kernel14:09
jdstrandsandstrom: what version of ufw are you using? ufw --version14:09
sandstrom'ufw 0.16.2.314:09
jdstrandsandstrom: ok, there is an open bug with the way some people disable ipv6, but we can work around it14:11
sandstromgreat!14:12
sandstromI really appreciate your help14:12
jdstrandsandstrom: rather than removing ufw, let's just copy the original rules files in place:14:12
jdstrandsudo cp -a /usr/share/ufw/*.rules /etc/ufw14:12
sandstromdone14:13
jdstrandsandstrom: sudo /etc/init.d/ufw stop14:15
sandstromdone14:15
jdstrandplease paste 'sudo iptables -L -n'14:15
sandstromhttp://pastie.org/30137914:16
jdstrandsandstrom: ok good. now do 'sudo ufw enable'14:17
sandstromroot@k226741:/etc/ufw# ufw enable; ERROR: problem running init script14:17
jdstrandright14:17
sandstromI think this is where the problem starts.14:17
jdstrandnow paste: sudo iptables -L -n14:17
sandstromhttp://pastie.org/30138014:18
jdstrandsandstrom: do you have time to help me debug this, and therefore develop a patch for ufw?14:19
sandstromThinking of this it might be that the state module isn't activated in my iptables, and thats why it hangs.14:19
sandstromsure14:19
jdstrandgood-- I don't have access to one of these VPS machines, and it will be very helpful14:20
sandstromthats allright.14:20
jdstrandsandstrom: can you paste the output of 'lsmod'14:20
sandstromperhaps we should move to a private conversation14:20
jdstrandsandstrom: if you'd prefer14:20
sandstromfor others, so we don't fill up the channel14:21
sandstrompeople living nearby the channel could drown14:21
ScottKsandstrom: Alternatively there isn't a lot else going on and someone else will likely learn something.14:21
sandstromroot@k226741:/etc/ufw# lsmod14:21
sandstromModule                  Size  Used by14:21
sandstromScottK: okey14:22
sandstromjdstrand: http://pastie.org/30138514:25
=== lipsin_ is now known as lipsin
jdstrandsandstrom: (for the irc logs) we determined that your kernel is a) monolithic and b) does not support netfilter connection tracking15:13
jdstrandufw depends on connection tracking in the kernel, so it will not work for you. You will have to create stateless rules due to your kernel15:14
ScottKIs that a kernel we ship or did he roll his own?15:15
jdstrandsandstrom: you have been very helpful, and I can have ufw detect for this and bail out with a helpful error message15:15
jdstrandsandstrom: thanks a lot!15:15
jdstrandScottK: no-- it is with a hosting provider15:15
ScottKAh.15:15
jdstrandsandstrom: fyi-- filed bug #28990615:37
uvirtbotLaunchpad bug 289906 in ufw "ufw fails when connection tracking is not available" [Medium,Triaged] https://launchpad.net/bugs/28990615:37
sorenjdstrand: What's the kernel version there?15:41
jdstrand2.6.1815:41
jdstrandsoren: it's non-Ubuntu15:42
sorenjdstrand: Right, got it.15:42
sorenjdstrand: Didn't nf_conntrack appear after 2.6.18?15:47
sorenLike 2.6.20-ish?15:48
jdstrandI don't know off-hand15:48
sorenI have a machine running 2.6.17. It doesn't have nf_conntrack either, but it does have connection tracking.15:53
jdstrandsoren: I can probably be smarter about it, but the command that fails is:15:54
jdstrand# iptables -A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT15:54
jdstrandiptables: No chain/target/match by that name15:54
jdstrandand yes, ufw-before-input exists :)15:54
sorenjdstrand: What's the advantage of ctstate over state?15:55
jdstrand   conntrack15:56
jdstrand       This module, when combined with connection tracking, allows  access  to15:56
jdstrand       more  connection  tracking  information  than the "state" match.  (this15:56
jdstrand       module is present only if iptables was compiled under a kernel supportā€15:56
jdstrand       ing this feature)15:56
Deepsin bash conditionals, what's the difference between -L and -h?16:21
Deepsin the bash reference i'm looking at, both appear to serve the same function - True if file exists and is a symbolic link.16:22
Steve[cug]afternoon everyone17:59
Steve[cug]does anyone have a suggestion for a SAS HCA card to connect to a dell md3000?18:10
Steve[cug]the SAS 5/E card that they ship doesn't work with ubuntu18:10
trashguyi use LSI18:11
Steve[cug]trashguy: and that uses an infiniband cable?18:13
Steve[cug]I need to connect to a dell md300018:13
maswanSteve[cug]: lsi controllers come with all kinds of connectors18:14
maswanyou can probably find the right model though18:14
trashguyhttp://www.lsi.com/storage_home/products_home/internal_raid/megaraid_sas/index.html18:14
Steve[cug]hmmm18:14
Steve[cug]it IS an LSI18:14
Steve[cug] LSI Logic / Symbios Logic SAS1068 PCI-X Fusion-MPT SAS (rev 01)18:15
Steve[cug]i keep getting errors from the kernel however18:15
Steve[cug]Oct 27 12:19:57 nfs1 kernel: [  688.929491] end_request: I/O error, dev sdc, sector 018:15
maswanthen the problem likely isn't with kernel support18:16
Steve[cug]however the other machine (which is RHEL for testing) works fine18:17
mathiazjcastro: hey - could I take Tuesday 18:00 UTC slot to make a intro the Server team session next week?18:34
mathiazjcastro: I'm planning to change some of the parts I've used during the last presentation (changing the member presentation with a list of features that have been developed in intrepid)18:35
jcastromathiaz: sure, just move it to whatever empty slot you want18:39
mathiazjcastro: great18:42
toobaz1Hello.18:58
toobaz1I'm trying to use ldap for authentication, via libpam-ldap. I succesfully populated my database, and now if I give the command "id battiston" ("battiston" is the name of a user), I (finally) correctly get:18:58
toobaz1    uid=40626(battiston) gid=40626(battiston) groups=40626(battiston),10042(macchinisti)18:58
toobaz1but if I try "su battiston", I get:18:58
toobaz1    Unknown id: battiston18:58
toobaz1At which level do you think the problem can be?18:58
Weasel[DK]toobaz1, have a look at this... might give you the answer <> http://linuxadministration.us/2008/05/17/ubuntu-804-hardy-ldap-client/18:59
toobaz1Weasel[DK]: Mmh... I'm taking a look at it, thanks19:08
toobaz1In my syslog I found the following:19:35
toobaz1Oct 27 20:36:11 poisson slapd[6686]: SASL [conn=141] Failure: no secret in database19:36
toobaz1Oct 27 20:36:11 poisson slapd[6686]: conn=141 op=2 RESULT tag=97 err=49 text=SASL(-13): user not found: no secret in database19:36
toobaz1Oct 27 20:36:11 poisson slapd[6686]: conn=141 fd=17 closed (connection lost)19:36
toobaz1let me investigate some more19:36
=== sylvaing is now known as sylvaing_
=== sylvaing_ is now known as sylvaing
=== Pomiel is now known as DCPom
osmosishttp://dpaste.com/87148/   With linux software raid 10, how do I tell which drives are mirroring eachother?22:49
=== Rideh_ is now known as Rideh
hslhello23:57
hslI'm upgrading my server from 6.06 LTS to 8.04 LTS23:58
hslI'm doing a do-release-upgrade23:58
hslhttp://pastebin.com/d647938ed23:58
hslthat;s the error I get23:58
hslany clue how I can restart the upgrade process?23:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!