[00:01] server 8.10 gives me an error while trying to use the createuser script to add a user to postgres, but I'm able to sudo su - postgres and connect via psql, any ideas? [00:01] the error is: createuser: could not connect to database postgres: could not connect to server: No such file or directory [00:01] Is the server running locally and accepting [00:01] connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.0"? [00:04] Do you sudo the createuser script? [00:04] Also sudo -i is better than sudo su for reasons that make sense, but I've forgotten. [00:20] ScottK: yes, I sudo the createuser script [00:21] No further suggestions then. [00:47] Does Ubuntu ever issue USNs for packages in universe? [00:52] hej there [00:52] good morning everyone [00:54] yo [00:54] I was wondering if someone could help me with setting up smtp-auth with dovecot / postifx [00:55] i have to admit i'm trying since several days [00:55] !serverguide [00:55] The Ubuntu server guide may be found at http://help.ubuntu.com/8.04/serverguide/C/ [00:55] there's a section on setting up smtpauth for postfix in the serverguide [00:55] did not work [00:56] svenwiesner: do you have a specific error? [00:56] relay access denied [00:57] I have dovecot / postfix [00:57] svenwiesner: you'll probably want to check the networks configured in postfix [00:57] svenwiesner: relay access error is different than smtpauth [00:57] is it? [00:58] usually [00:58] what IS smtp-auth then? [00:58] i thought it is used to send mails over another authentication method then mynetworks [00:59] smtp auth is a way for user's to authenticate to smtp, which by default doesn't have authentication, but relay rules can block messages even with a valid auth [00:59] permit_sasl_authenticated fixes that [01:00] smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination [01:00] that's what i have [01:00] no relay_whatsoever given [01:01] svenwiesner: are you using tls? [01:01] may mynetworks or mydestination be the problem? [01:02] I'd double check mynetworks [01:02] I tried to.. I have to admit I completely failed postfix. I wasn*t able to configure tls, nor ssl nor smtp-auth [01:02] pretty depressing [01:02] the serverguide instructions have worked for me [01:02] the problem may be that I have a virtual server running [01:03] which is not covered by the serverguides [01:03] mhm [01:03] svenwiesner: can you telnet to port 25 of the vm? [01:04] virtual server's would complicate things, but should still be the same basic steps [01:04] yes [01:04] which ubuntu version are you running? [01:05] 250-PIPELINING [01:05] 250-SIZE 10240000 [01:05] 250-VRFY [01:05] 250-ETRN [01:05] 250-STARTTLS [01:05] 250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN NTLM [01:05] 250-AUTH=LOGIN CRAM-MD5 DIGEST-MD5 PLAIN NTLM [01:05] 250-ENHANCEDSTATUSCODES [01:05] 250-8BITMIME [01:05] 250 DSN [01:05] 8.04 tls [01:05] should work with the serverguide instructions... can you pastebin the relay error? [01:08] ah i see. it says: reject_unauth_destination [01:09] the problem is, if I delete this entry it says: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit [01:09] mmm... what's your mynetworks look like? [01:10] mynetworks = 127.0.0.0/8 [01:10] svenwiesner: what happens if you add your outside nework ie 192.168.100.0/24 [01:13] same error [01:13] (relay access denied) [01:15] is the network you just added the same as the vm's host? is the vm on an internal network? [01:16] I meant vhost when saying virtual [01:16] sorry for this misunderstanding [01:18] svenwiesner: still with relay problem? [01:18] ja [01:18] i am trying for days now [01:19] arghl [01:19] ok [01:19] could you pastebin the output from "postconf -n" [01:19] right, one sec [01:19] that will dump the changed you did to main.cf [01:20] jmedina: good call [01:20] I haven't used vhosts, but my thought is you need to tweak smtpd_recipient_restrictions [01:21] ahm [01:21] what is pastebin [01:21] just paste the whole ocnfig here? [01:21] !pastebin [01:21] pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic) [01:21] http://paste.ubuntu.com/110103/plain/ [01:21] good feature [01:30] svenwiesner: well you have mixed configs [01:30] you are using TLS [01:30] neither one works [01:30] or are they supposed not to work at the same time? [01:31] I would disable TLS and start with plain smtp-auth [01:31] svenwiesner: how are you testing smtp auth? [01:32] i add a mailaccount in thunderbird and try to send mail to someone else [01:33] mailaccount configured on server. reveiving works, sending doesn't [01:33] svenwiesner: and did you enable the autentication options in thunderbird? [01:33] no, does not wirk [01:33] work [01:33] i can not even login if enabled [01:34] and what is the message you get from the server? [01:34] ls [01:34] using secure authentication or secure connection? [01:35] o_O [01:35] ok lets start from the begining [01:35] is your dovecot service running? [01:35] yes, as I said, the chost runs fine according to receiving messages [01:36] * the vhost [01:36] so, dovecot is running, postfix is running [01:36] and did you change the lines in dovecot.conf about socket listen? [01:37] plase show the output from: [01:37] ls -l /var/spool/postfix/private/auth-client [01:37] srw-rw---- 1 postfix postfix 0 2009-01-27 01:08 /var/spool/postfix/private/auth-client [01:39] my dovecot.conf, if helpful: http://paste.ubuntu.com/110106/plain/ [01:40] btw. thanks for your support [01:40] ok [01:40] dovecot looks fine [01:40] now in the howto says [01:40] sudo postconf -e 'smtpd_sasl_local_domain =' [01:40] but you have smtpd_sasl_local_domain = $myhostname [01:41] that means your smtp server only accept autentications for the users with that domain [01:41] if you are using more than one domain leav it empty [01:41] right! [01:41] let me check [01:43] smtpd_sasl_security_options = noanonymous [01:43] add that to your config [01:43] so you dont want anonimous access [01:45] did all that [01:45] doas not work .. shit [01:45] wait [01:45] :D [01:45] ok :) [01:46] change smtpd_use_tls = yes to no [01:46] then [01:46] run [01:46] postfix check [01:46] restart postfix [01:46] and show me the output of telnet localhost 25 [01:48] http://paste.ubuntu.com/110110/plain/ [01:54] i hope there's something there for you [01:58] ok [01:58] now try to send a mail from thunderbird [02:00] but be sure you enable autenticatio in the smtp server [02:05] ahm, which port is it? 143? "the mailserver sent an invorrect greeting * OK Dovecot ready [02:05] that is IMAP server [02:05] go to [02:06] Edit=>Account Settings [02:06] in the left panel at the end ther is "Outgoing Server (SMTP)" [02:06] yes, i am there... [02:07] username is checked and typed in [02:07] and use secure connection is checked as well [02:07] secure authentication, sorry [02:07] use [02:07] secure connection: none [02:07] TLS, if available [02:07] you just disabled TLD [02:07] which port should i choose? [02:07] but that will help when you enable again [02:07] 25 [02:09] oO [02:10] it says a lot of aout sasl2 errors [02:10] wait, i give you the file one moment [02:12] where? [02:13] http://paste.ubuntu.com/110112/plain/ [02:13] syslog [02:13] buhuuuu! i do not even want cyrus-sasl .. buhuhuu! [02:14] svenwiesner: the same in mail.log? [02:15] yes [02:15] ok I found the problem [02:15] :D [02:16] tell me :) [02:16] pleeeease? [02:16] I have to go [02:16] :D [02:16] ok [02:16] plase read this docto [02:16] https://help.ubuntu.com/8.04/serverguide/C/postfix.html [02:16] and go to "Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL): " in the SMTP Autentication section [02:17] you need to confgure [02:17] smtpd_sasl_type = dovecot [02:17] but I think you typed "smtp_sasl_type = dovecot" [02:17] without "d" [02:18] i typed: smtp_sasl_type = dovecot [02:18] please check your configs are exacltly the same as in the example [02:18] yeap [02:18] it is smtpd_sasl_type = dovecot [02:18] oh fuck [02:18] holly shit [02:19] Language [02:20] german [02:20] !ohmy [02:20] Please watch your language, attitude, and topic to help keep this channel friendly and helpful. Remember, there are kids here! [02:22] mhm [02:22] does not work [02:22] dommage [02:22] please pastebin again "postconf -n" [02:23] kk [02:23] svenwiesner: did you restart postfix after the change? [02:23] yes [02:23] the output is quite different though [02:23] thunderbird: "unable to authenticate to smtp server. the server doesn not support any compatible secure auth mechanism" [02:23] wait, i give you postconf [02:25] http://paste.ubuntu.com/110117/plain/ [02:25] so, restart postfix [02:25] try again from thunderbird [02:25] what about logs/ [02:28] http://paste.ubuntu.com/110120/plain/ [02:31] svenwiesner: and thunderbird? [02:32] "you can not login because you have anabled secure authentication and this server does not support it" [02:33] mm [02:33] ok [02:33] and thunderbir [02:34] is TLS disabled? [02:34] yes, only secure authentication is checked [02:35] I dont have that option here? [02:35] I have [02:35] Security and Authentication [02:35] Use name and password )checked) [02:35] and Use secure connection: "TLS, if available" [02:36] yes, ic tried both: never and TLS, if available [02:37] mm [02:37] close thunderbird and try again [02:37] :D [02:37] an watch your logs [02:37] tial -f /var/log/mail.log [02:37] tail [02:38] ok, interesting enough, tls now works [02:38] but only without secure auth [02:38] wait, i restart thunderbird [02:38] and give you tail [02:38] tls works? [02:38] but is disabled... [02:38] tls receiving works... sending doesn't [02:39] i enabled it for a sec to see if it works :) [02:39] ok forgeat about receiving [02:39] receiving is managed by dovecot [02:39] i see [02:41] mail.log gives no output when i try to connect via thunderbird and "secure authentication" checked [02:42] again, where is that "secure authtentication" option? [02:42] svenwiesner: in the :"Outgoing Server SMTP" [02:43] do you have more than one smtp server listed? [02:43] its a checkbox: "use secure authentication" in thunderbird [02:43] at accounts -> account -> server settings [02:43] where? [02:43] and outgoing server -> server [02:44] i suck [02:44] you don't [02:44] i have no idea [02:44] you have [02:44] i love you [02:44] it works [02:44] !ohmy [02:44] Please watch your language, attitude, and topic to help keep this channel friendly and helpful. Remember, there are kids here! [02:45] so what was the problem? [02:45] i am sorry.. here in my country it is 3:44 am and no kids around... this late time really nags on the attitude :) [02:45] I really dont care [02:46] I mean, how you speak [02:46] the problem was, that, in the end, I checked: "use secure authentication" because i thought, this has to be done when using smtp-auth [02:46] but we are in a public channel [02:47] so, ahh... what a relieve! now I can go on configuring tls [02:47] yes [02:47] yous enable tls [02:47] restart postfix [02:47] and try with TLS in thunderbird [02:47] * [gnubie] waves [02:48] <[gnubie]> wondering why there is no /etc/pam.d/system-auth on ubuntu-server-8.04.2 lts.. any idea? [02:48] [gnubie]: because that is redhat style [02:48] :D [02:49] [gnubie], do you need one? we have just common-auth [02:49] but system-auth uses more than auth options [02:49] <[gnubie]> jmedina: ah, i see.. ;) [02:49] [gnubie], may be the same thing, just in different terms, i dunno [02:49] [gnubie]: what are you trying to do with PAM? [02:50] <[gnubie]> rdw200169: checking common-auth [02:50] <[gnubie]> jmedina: i used to set the following: [02:51] <[gnubie]> minlen=8 ; lcredit=-1 ; ucredit=-1 ; dcredit=-1 ; ocredit=-1 [02:51] that are settings for cracklib [02:51] <[gnubie]> jmedina: yes [02:51] <[gnubie]> is there an ubuntu specific documentation on pam? [02:51] that must be in /etc/pam.d/common-password [02:52] there's documentation for ea. of the security plugins in the man pages [02:52] just add something like this ath the top of common-password [02:52] password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 [02:52] of course with your options [02:52] and install libpam-cracklib [02:53] you can see all the pam options as far as libraries is concerned by searching for libpam; i.e. apt-cache search libpam [02:54] <[gnubie]> jmedina: with the default ubuntu lts server, does it mean in order to have a similar config (minlen=8 ; lcredit=-1 ; ucredit=-1 ; dcredit=-1 ; ocredit=-1) i need to setup the libpam-cracklib? [02:54] [gnubie]: well, I guess you want to setup a password policy, right? [02:54] <[gnubie]> jmedina: yes [02:54] <[gnubie]> jmedina: more mandatory characters in creating a password [02:55] then you need to have a module that checks that in the password stage [02:56] you need to install libpam-cracklib [02:56] and then add that settins to common-password [02:56] for example [02:56] <[gnubie]> jmedina: ok, thanks.. ;) [02:56] <[gnubie]> go ahead please.. [02:57] password required pam_cracklib.so minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 [02:57] it goes before the pam_unix.so [02:57] also, if you use apparmor (ultra-crazy security) look into libpam-apparmor [02:59] <[gnubie]> i still don't know about apparmor [02:59] <[gnubie]> rdw200169: i may consider it later.. [03:00] [gnubie], you can also look into selinux === ScottK3 is now known as ScottK-desktop [03:02] <[gnubie]> rdw200169: yeah.. [03:02] <[gnubie]> thanks guys.. ;) [04:15] hi, I have a silly deb/apt question [04:15] we only answer srs questions, sorry [04:15] Let's call it a newbie question, then :) [04:16] oh, okay - go ahead [04:16] I installed a package (dekiwiki) which depends on libapache2-mod-php5, which depends on apache2-mpm-prefork [04:17] Unfortunately I run my webserver in apache2-mpm-worker and FastCGI, for performance reasons, so I had to force the package install of dekiwiki with no deps [04:17] Now, every time I run anything in apt it complains that I need to run "apt-get -f install" [04:17] Which then tries to remove my apache2-mpm-worker package and reinstall apache2-mpm-prefork and mod_php5 [04:17] Can I break that dependency? [04:18] well, if dekiwiki is what it sounds like (a webapp) I'd actually recommend against using apt to install it [04:18] I did, I used dpkg [04:18] dpkg == apt [04:18] cause apt-get wouldn't let me at all [04:18] same thing [04:18] hm [04:19] if it has a web based installer, that's what you should use [04:19] I love dpkg/apt, but it's not so good at installing webapps [04:19] it didn't. So, I'm familiar with rpm and I know there's a way to just get it to ignore dependencies and stop complaining [04:20] irvingpop: dekiwiki sounds like something that runs within Apache; is that not correct? [04:20] It's weird. It has a PHP frontend and a Mono/.Net backend [04:20] other than that, it's a really fantastic wiki [04:21] <[gnubie]> is the maintainer for the syslog-ng binary package in this channel? care to create a backport for the ubuntu-server 8.04.2 lts on the latest syslog-ng 3.0.1? [04:22] irvingpop: does the project have a debian/ubuntu repository? [04:23] yep, that's where I got it from. http://repo.mindtouch.com [04:23] I intend to complain to the Mindtouch folks. but I just want to get on with my life for now and get my server done :) [04:23] irvingpop: well, in that case, use aptitude; it tries harder than apt-get to find a workable solution to dependency issues [04:25] wow, aptitude is a lot smarter [04:26] yep; but that's also it's downfall; it can sometimes be smarter than you want it to be :) [04:27] I do see that [04:28] @irvingpop mindtouch is really responsive on twitter. ceo is @roebot. everytime i grumble about or praise deki, he responds [04:29] hmmm, it's offering me a lot more options, but still nothing workable. I may have to resort to more drastic measures unless I can get dpkg to start ignoring this dependency [04:30] Thanks, I appreciate that. [04:30] Seriously, people should just make Apache mpm-worker and FastCGI the default anyway [04:57] [gnubie], you may be able to find one in the Launchpad PPA's [04:58] [gnubie], nevermind, i looked and there's nothing there. [05:00] [gnubie], i don't know if you're gonna find what you're looking for; hardy has 2.0.9-1ubuntu1 and intrepid has 2.0.9-3ubuntu1; here's the very minor changelog: http://changelogs.ubuntu.com/changelogs/pool/universe/s/syslog-ng/syslog-ng_2.0.9-3ubuntu1/changelog [05:02] [gnubie], and i have no clue about jaunty: http://changelogs.ubuntu.com/changelogs/pool/universe/s/syslog-ng/syslog-ng_2.0.9-4.1/changelog [05:02] [gnubie], so 3.0.1 isn't even in intrepid, or jaunty (yet) [05:15] Wow that was alot of sign offs lol [05:52] <[gnubie]> rdw200169: sorry, i was out for a phone call.. [05:53] <[gnubie]> rdw200169: kindly check this out => http://www.balabit.com/downloads/files/syslog-ng/sources/3.0.1/ [05:55] [gnubie], what do you want me to suggest? [05:56] [gnubie], i've never used the package, i just know how to check for you whether or not something is available [05:56] [gnubie], but if its any consolation, installation from source shouldn't be a big deal [05:56] [gnubie], in order to make things simplest for you, download the source of the ubuntu version, the hardy version is fine. [05:57] [gnubie], i.e. apt-get source syslog-ng [05:57] [gnubie], that get's three files. the one you want is the 'diff' one. [05:58] [gnubie], in that tar file, you should find the debian folder. use the rules file in that debian folder to see how it is built for ubuntu; then you know what ubuntu uses as far as options for the compilation, etc... [05:59] [gnubie], also, sudo apt-get build-dep syslog-ng should get you all the stuff you need to compile it [06:00] [gnubie], then you just put 2 and 2 together for the 3.0.1 version; they shouldn't be *so* different that this doesn't work excellently for you. I don't know for sure though [06:01] <[gnubie]> rdw200169: thanks.. [06:02] [gnubie], make sense? [06:03] [gnubie], you *could* try to use that diff against the 3.0.1 source to make a true-blue .deb package, but i doubt it will work, b/c there is also some patching done. [06:03] <[gnubie]> rdw200169: yeah [06:04] [gnubie], you could try though and contribute to the next ubuntu version... then someone else won't wonder the same thing... [07:10] New bug: #321760 in mysql-dfsg-5.1 (universe) "mysqld wan't start after upgrade" [Undecided,New] https://launchpad.net/bugs/321760 [07:41] * delcoyote buenos dias [08:01] morning =) [08:03] quick question, how do I set apt to download the 64bit packages? I installed php5-common and it seems to have installed the 32-bit version instead :/ [08:04] server is ubuntu server 7.10 gutsy [08:04] thanks [08:08] oh wait it checks that automaticly on the kernel perhaps..? [08:14] Holmen: hey there =) [08:15] tewmten: It downloads packages matching the installed system. If it's downloading the i386 packages, it's because you installed the i386 version of Ubuntu rather than the amd64 version. [08:16] "dpkg --print-architecture" will tell you which version you've installed. [08:16] cool thanks [08:16] np [08:16] yep, I saw it when looking at uname.. [08:17] damn, been trying to figure this problem out for days and the answer was right in front of me =) [08:49] moin [08:56] anyone with experience with DRBD? I need to create an HA system with DRBD and the partition which i need to replicate contains data which i cannot move away from there... does drbd allows to sync this data without being lost? [09:10] New bug: #321787 in openldap (main) "slapindex fails to re-index properly" [Undecided,New] https://launchpad.net/bugs/321787 [10:21] can i edit the server documentation, i spotted a mistake [10:22] <_ruben> dont think you can, but you most likely can file a bug though [10:24] never filed a bug before, would that be on launchpad? [10:24] <_ruben> yes [10:27] i made some openldap 2.4.13 packages, replication works a lot better in it now, so they claim [10:27] i was just using the server document to validate the package i made [12:29] <__^^stefan^^___> hello [13:03] <__^^stefan^^___> did any of experience a fail of the grub install to MBR step in ubuntu server amd x64 ? [13:03] <__^^stefan^^___> as it drives me crazy === lamont` is now known as lamont [13:07] <__^^stefan^^___> no one ? even stranger for me [13:20] hi people, Xen vs. KDM - why Ubuntu went KDM way? Is there any indication that it will be better? [13:26] KVM, and because mainline kernel integrates KVM [13:31] I have some trouble with a RAID 1. It corrupt big files say 4GB. The size is correct but the checksum fails. This doesn't happen with small files (700MB) and fsck says the the filesystem is ok. Any ideas? [13:34] <_ruben> palt: you sure it's due to the raid1? tried breaking the array and test it on a degraded array? [13:34] No, haven't tried that. But I guess it's the file system itself. If I can't find a solution I will first try to take backup and rebuild the filesystem. [13:37] But yeah, I will test it on a degraded array if that doesn't work :) [13:37] And run spinrite on the discs. [13:42] <_ruben> run memtest86+ as well .. could be faulty mem [13:46] Have run memtest and it passed :) [13:46] So it's not the memory :) [13:47] Deeps: ok, I understood it also as main reason. How KVM performs under regular server type load? [13:48] <_ruben> there's not really such a thing as "regular server type load" [13:48] PecisDarbs: efficiently if your cpu supports virtualisation extentions [13:48] Deeps: it supports [13:48] <_ruben> kvm without virt extensions doesnt even work afaik [13:48] I know [13:48] :) [13:48] it falls back to qemu i believe [13:49] <_ruben> yeah .. and qemu is dirt slow [13:49] yp [13:49] _ruben: I mean, is there any issues I should take into account. Xen fans have plastered KVM as unstable and unsecure :) [13:49] <_ruben> its emulation, not virtualization .. the difference between those depends on who you ask :p [13:49] <_ruben> PecisDarbs: im not the right person to ask really .. never tried kvm .. and never got xen to work .. :P [13:50] * _ruben is a vmware kinda guy [13:50] ahhh :) [13:51] <_ruben> but im not suprised that xen fans dont like kvm .. im rather certain its the same the other way around as well ;) [13:51] <_ruben> sure .. xen is around longer than kvm .. but that doesnt have to mean all that much either [13:52] <_ruben> the fact kvm is slated for mainline kernel inclusion could be a very decent argument in favor of kvm's qualities [14:03] i am running ubuntu 8.10 and would like to upgrade to the latest kvm from the sourceforge site. as the latest version has ubuntu related bug fixes. how can i do this with out breaking the kvm? [14:06] refnumzx: what related bug fixes? can you give launchpad bug numbers? :) [14:07] <_ruben> apt-get source kvm .. then use http://www.debian.org/doc/maint-guide/ch-update.en.html to roll your own updated package :) [14:08] they are not ubuntu bugs but details are on the kvm changelog page [14:10] refnumzx: I am just about to use kvm on intrepid, so I would like to know is there any issues :) [14:10] http://kvm.qumranet.com/kvmwiki/ChangeLog [14:10] thaaanks [14:12] issues. no i am about to start and development on the kvm front is fast anfurious. and it is important to be ale to keep up. [14:12] the other thing that makes me want to upgrade is the qcow2 fixes in the latest version this is as of jan 13 [14:14] i have never built a custom package before the apt-get source kvm does that get the source that ships with ubuntu? [14:14] compared to xen kvm is easier to maintain and better supported in ubuntu [14:15] ~~better supported? [14:16] if i have to build a custom package because its not being done. i dunno [14:17] patched, that is [14:19] looks like the last time this was updated was 24 sept [14:20] quite a bit behind [14:21] can I specify logical volumes as targets in vmbuilder? [14:21] refnumzx: agreed [14:22] refnumzx: when you do apt-get source, you get original sources plus debian patches [14:22] debian/ubuntu/s [14:26] not sure what you mean by targets but if installing a vm, you can put that anywhere [14:28] refnumzx: when doing kvm virtualization, you use standard kernel, right? [14:29] right [14:29] as long as its greater then 2.6.20 [14:32] refnumzx: using virt-install with seemingly proper syntax, it gives me libvirtError: virDomainCreateLinux() failed internal error Failed to add tap interface 'vnet%d' to bridge 'vnet0' : No such device [14:33] there is vnet0 interface [14:33] did you add it to /etc/network/interfaces? [14:34] refnumzx: no, but it seems to be already configured [14:34] inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 [14:35] as far as i know in order to support virtual interfaces you need to configure a bridge interface [14:35] is that also in the interfaces file? [14:35]