/srv/irclogs.ubuntu.com/2009/02/10/#ubuntu-server.txt

dou213hi, is here an expert in vsftpd present?00:15
OsAChe went to proftpd :-)00:17
OsACsry, joke :-)00:18
OsACjust ask :-)00:18
dou213np, i was just googeling what proftpd is :)00:18
OsAChehe00:18
dou213i am behind my router, trying to connect with FileZilla within the lan on an ubuntu server box, when i connect unencrypted, so non-secure, it works just fine, when i do it with SSL it gives me an error: Connection timed out!00:18
dou213so basically, the problem is i can't get it to work with SSL00:19
OsACdou213: which servertype ou chose in filezilla?00:20
dou213OsAC, FTP over SSL (explicit encryption) ... anything else but 'FTP' won't work00:21
OsACI would sugest you setup sshd and than use sftp00:22
dou213OsAC, sry wrong info: it works also (until operation times out) with FTP over TLS00:23
dou213i already use ssh00:23
dou213OsAC, do u have a good guide or tutorial for setting up sftp? a guide which u actually know about that it's good00:26
twbSFTP is a nicer protocol than FTP over anything, if only because FTP implicitly requires bidirectional routing (i.e. chokes on NAT).00:26
twbSFTP is set up automatically by installing the OpenSSH server: aptitude install openssh-server.00:27
twbYou can then configure sshd_config to remove full shell access, so that only SFTP is left.00:27
dou213twb, interesting thing you're saying, ftp chockes on NAT? well, i'm behind a router00:27
dou213could that be the problem?00:28
twbdou213: it works on *some* clients; they have to implement either the EPORT or PASVE (IIRC) extension.  I remember that this is not the case for Firefox.00:29
twbNote that SFTP is not just FTP over SSH; it's actually a quite different (and better) protocol.00:29
twbhttp://en.wikipedia.org/wiki/FTP#FTP_and_NAT_devices00:30
OsACftp is legacy protocol ...so you are better using something else for transfering files00:30
OsACif u need only to dwnl files http is better choice00:31
ScottKDepends on the privacy requirements.00:31
OsAChttps :-p00:31
dou213i need something like a ftp-server which allows me to upload and download files (securely) from outside my lan00:32
twbScottK: and other requirements, of course.  Maybe you need write access and DAV is sucky.00:32
dou213should i try it with WebDAV?00:32
ScottKYeah00:32
twbdou213: SFTP is the best choice for that by far, IMO.00:32
ScottKsftp is totally wonderful.00:33
dou213maybe a tutorial which i can use about sftp?00:33
dou213i went for vsftpd because it is the only one on the ubuntu server guide page00:34
OsACif u have sshd installed , eg you can ssh to your box00:34
twbdou213: no configuration is necessary for SFTP.00:35
OsACgo to filezilla add new conn00:35
twbdou213: except if you want to lock it down more.00:35
OsACenter server hostname, ssh port and choose sftp00:35
OsACand it will work00:36
OsACyou have it working allready .-)00:36
OsACno need for vsftpd00:36
OsACtry it :-)00:36
dou213w8 i-ll try it this way00:36
dou213Response:Fatal: unable to initialise SFTP: could not connect00:38
dou213i'm using SSH already with pub/private keys authentification (secure)... maybe that's why it won't work00:39
OsACyes00:39
OsACyou need user/pass00:39
dou213but ain't this a major security risk?00:40
dou213because i'm open for brute force attacks00:40
dou213and twb, what did u mean with lock it down more?00:41
OsACyes, dont allow root to be able to use ssh (use sudo) and move ssh port away from 22 to something like 1500000:41
twbdou213: as in, disable password-based access, and disable access to anyone that isn't your user, and disable access except from a whitelist of source IPs.00:41
twbdou213: for example, on one of my systems, you can only log into it if you are logging in as twb, from 203.7.155.19, and you have to have both my passphrase and my ssh key.00:42
twbdou213: since you are interested in SFTP, you would also want to disable SSH (shell) access, so that only SFTP remains.00:42
dou213twb, but i need shell access over SSH very much... i'm doing all the work remotely on the server00:43
twbdou213: OK, so leave that on00:43
twbdou213: my point is you turn off all the bits you *don't* need, so that brute-force crackers can't use them.00:44
OsACthe best thing is just to move sshd to another port, avoiding automated hacking tools00:45
dou213twb, you say disable password based access, OsAC says i must have that in order to use SFTP :S kinda confused over here00:45
dou213OsAC, already done that :D00:45
twbdou213: SFTP does not require password-based authentication.00:45
OsACtwb is right00:45
dou213[01:39] <OsAC> you need user/pass00:46
dou213what do u mean then OsAC, sry i must have misunderstood u00:46
OsAClisten what twb  has to say :-)00:46
twbOsAC: I would not be comfortable with simply changing the port; I would also take the other measures I mentioned.00:46
OsACtwb: ofc00:47
twbOf course, I would also generally use port 443 because this is the least likely to be blocked by stupid corporate firewalls.00:47
dou213ok guys, so now that u know my situation, how can i make it work?00:47
dou213twb, i'm listening, what to do?00:49
twbdou213: about what, specifically?00:50
dou213the security measures you specified earlier were all been taken care of :)00:50
dou213twb, how can i make sftp work?00:50
twbWhat isn't working now?00:51
dou213do i got to change some settings in /etc/ssh/sshd_Config ?00:51
dou213nope, told u: error: Response:Fatal: unable to initialise SFTP: could not connect00:51
twbdou213: what gives that error?00:52
dou213dunno the cause, it says so when i try to connect in FileZilla00:52
OsACdrop filezilla and use http://winscp.net/eng/index.php00:52
OsACandyou are done00:52
twbdou213: you are on a Windows machine?00:53
dou213twb, yes00:53
OsAC:-)00:53
twbdou213: please get a copy of pscp.exe from putty's website.00:53
twbdou213: while you're there, get putty.exe, too.00:54
dou213i have them both already00:54
dou213i also use them00:54
OsACohh00:54
dou213told u i was doing all the work remotely on the server00:54
dou213with putty and winscp00:54
=== OsAC is now known as OsAC|AFK
twbOh, oops.  I was confusing pscp and psftp.00:55
twbGet psftp.exe and run it with the server's name as the argument.00:56
dou213so as i got it: FileZilla won't work for me because i can't specify a private key to use right? which is possible in WinSCP so it works00:56
twbI'm not interested in helping you get filezilla working.00:56
twbIf you have already established that the problem is in filezilla, then we are done; you can take up the problem with filezilla's team.00:57
dou213i was just asking so that i get it why it won't work with the one while it works with the other00:59
dou213ok it works with psftp.exe01:00
PhillomathHello, I'm looking for some help with a BIND9 problem03:02
PhillomathWhen I run named-checkzone I get the error that my db file has no current owner03:03
=== KterinK is now known as dou213
Faust-Cthats a new error04:13
PhillomathIts ok I've resolved it now, got some help in #dns04:56
suigenerishello,06:59
ivoksucf is very cool stuff :)08:17
suigeneriswhat is ucf?08:17
ivoksupdate configuration file08:18
ivokshttp://packages.debian.org/sid/ucf08:18
ivoksit's for development of .deb packages08:19
suigenerisi didn't think installing webmail would be so easy08:20
ivoksroundcube?08:20
suigenerisyes08:20
ivokshow about configuring whole mail stack?08:20
suigenerisi've been struggling with horde forever08:21
ivoks:)08:21
ivoksin my perfect world, this should be even easier:08:21
suigeneris<ivoks> how about configuring whole mail stack? <--- what do you mean?08:21
ivokssudo apt-get install ubuntu-mail-server08:21
ivokspop, imap, mta...08:21
ivokshow did you configure imap and pop?08:21
suigenerissudo apt-get install postfix dovecot08:22
ivoksyeah, but you had to configure it :)08:22
suigenerisnot postfix08:22
suigenerisonly rbl stuff08:22
ivokstrue08:23
ivoksso, you don't have SSL and you don't use dovecot's LDA08:23
ivoksnot SSL, SASL08:23
suigenerisnope08:23
suigenerisi have tls, but i have a problem with it08:23
suigenerisi get offered the wrong certificate08:23
ivoksit's not wrong08:24
ivoksit's generic08:24
ivoksyou have to create your own08:24
suigenerisi created one for 5 years, what i get offered is for 1 year08:24
ivoksdovecot and postfix, by default, offer 'snakeoil' certificate08:25
suigenerisand it keeps asking and keeps asking08:25
ivoksso, you have to configure both services to use your certificate08:25
suigenerisdo you follow postfix-users ML?08:25
ivoksno08:25
suigenerisivoks, i love you :)08:29
suigenerisyou got me the right direction08:29
suigenerisi thought postfix offered the certificate08:29
suigenerisi tweaked dovecot and i get offered the right certificate now08:30
suigenerisyay!08:30
ivoksgreat08:30
suigenerisheh!08:32
suigenerisnow, how can i create & use one ssl certificate for roundcube?08:32
suigenerisi think i have to make dovecot listen on 993, right?08:33
suigenerisdo i?08:33
suigenerisoh, my server already listens on 99308:34
krautmoin08:48
suigenerisgood morning08:49
Zloggerhi guys, stupid apache question, but if i add a virtual host for domain.com... do i need to add another for www.domain.com or is this taken care of via dns?08:50
ivokssuigeneris: you need to setup apache to use ssl08:51
ivoksZlogger: you need to do both08:52
ivoksZlogger: set up DNS and configure apache08:52
ivoksZlogger: in apache, you need to add 'ServerAlias domain.com' to www.domain.com vhost08:52
ivoksZlogger: but if DNS doesn't point domain.com to your apache server, there's nothing you can do08:53
Zloggerivoks, can i do something like a wild card?08:53
ivoksZlogger: i'm not sure, i've never tried that08:54
Zloggerivoks: i.e.  servername *.domain.com08:54
Zloggerah ok coolio.  i have a user who's using webmin08:54
ivoksdoh :(08:54
ivokswebmin08:54
Zloggerwould be nice if he didnt have to add twice :)08:54
ivokswe hate webmin on this channel08:58
ivoks!webmin08:58
ubottuwebmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.08:58
Zloggeri hate webmin as well08:59
Zloggerthanks for the heads up on ebox!!08:59
Zloggerwill def check it out.08:59
ivoks!ebox08:59
ubottuebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox08:59
Zloggerivoks: do you use ebox?  thoughts on it?09:01
ivoksKoon: good morning09:01
ivoksZlogger: one of my clients use it, yes09:01
Koonivoks: hey09:01
ivoksZlogger: it's great, easy to use and quite simple09:01
ivoksZlogger: my client manages smb shares and user accounts with it09:02
Zloggerit looks a lot cleaner than webmin09:03
suigenerisi once used ebox, but it overwrote my smb.cnf so i got rid of it09:05
Zloggersuigeneris: what do you mean?  like it installed a blank conf over what u had?  or did u try to make a change and lose everything?09:06
suigenerisi live happily with webmin09:06
suigenerisZlogger, i don't remember exactly what it did, but i remember losing my shares09:07
ivoksthose things take full control of your configuration files09:08
ivoksyou can customize ebox's templates, if you don't like defaults09:09
Zloggersuigeneris: sux man.09:09
suigenerisivoks, do i have to create another certificate for apache?09:19
ivoksdepends on common name you used for mail certificate09:19
ivoksif the common name is the same as MTA, then no09:20
ivoksin another words09:20
ivoksif your mail server is mail.domain.com, and you created certificate with common name mail.domain.com09:20
ivoksif you have webmail on mail.domain.com, then no, you don't need additional certificate09:20
ivoksbut if your pop/imap is mail.domain.com, and your webmail is www.domain.com/webmail, then you need additional certificate09:21
suigeneristhat means i need, because my mx is mail.domain.com and my webmail is on webmail.domain.com09:25
suigenerisright?09:25
ivoksright09:26
sergevnhi, is anyone running hardy server with spamassasin and amavis, i getting the error that bayes synced databases every 3 hours with the cronuser11:25
sergevnvery annoying :), can place a dirty hack but that's not nice11:25
sergevnanyone else having this problem?11:26
ivokswhat's the error?11:26
sergevnbayes: synced databases from journal in 0 seconds: 646 unique entries (1023 total entries)11:27
ivoksthat's not an error11:27
ivoksand that's not default in 8.0411:27
ivokscheck your cron scripts11:27
ivoksredirect stdout to /dev/null11:27
sergevni didnt change the cronscript, it start emailing since the last update i guess11:28
ivoksgo to /etc/cron.d/11:28
ivoksyou get that via email?11:28
sergevnyes11:29
sergevnfrom the cron daemon11:29
ivoksso, subject of email should have more info11:29
sergevnCron <amavis@silvio> test -e /usr/sbin/amavisd-new-cronjob && /usr/sbin/amavisd-new-cronjob sa-sync11:30
ivoksgrep -sr 'amavisd-new-cronjob' /etc/cron*11:30
sergevnhttp://pastebin.ubuntu.com/116411/11:31
ivoksso, you see where the problem is11:31
ivoksi have those scripts and they don't return anything to me11:32
sergevnhow can i see what the problem is?11:33
sergevnwithout editting the scripts, i didnt change anything :)11:33
ivoksthose scripts are ok11:33
sergevnok11:33
ivoksls -dl /bin/sh?11:33
ivokshave you customized spamassassin configs?11:36
sergevnnope defaults11:40
sergevnserge@silvio:~$ ls -ld /bin/sh11:40
sergevnlrwxrwxrwx 1 root root 4 2008-04-16 10:28 /bin/sh -> dash11:40
ivokssergevn: log into that server, become root11:46
ivokssergevn: do su - amavis11:46
ivokssergevn: and then run /usr/bin/sa-learn --sync11:47
ivoksdoes that generate any output?11:47
=== OsAC|AFK is now known as OsAC
dayo2http://paste.ubuntu.com/116431/    <---- is 'hostname' a valid option in dhcpd.conf?12:15
suigenerisman 5 dhcpd.conf says it is12:33
UndertakerX2I get the error "apt-get install build-essential." but the "build-essential" package is installed and up to date. How can i fix this?12:41
_rubenthere's nothing to fix12:42
UndertakerX2err sory errors is "error: C++ compiler cannot create executables"12:42
sorenUndertakerX2: Remove the '.' at the end?12:45
UndertakerX2what . there is no . in the eroor "error: C++ compiler cannot create executables"12:46
sorenYou said: "apt-get install build-essential."12:47
sorenAlso, you probably need to install g++12:48
sorensudo apt-get install g++12:48
UndertakerX2then i corected myself after _ruben replied12:48
UndertakerX2already installed12:48
sorenAlthough, that should be included in build-essential.12:48
sorenDunno. Look at the config.log12:48
UndertakerX2that was the only problem i found12:49
UndertakerX2http://pastebin.ubuntu.com/116439/ but maybe i missed something?12:50
UndertakerX2how do i change the sim link for g++?12:54
=== _AshTray- is now known as AshTray-
fw1i have a file server and i've set up samba for sharing home dirs to windows boxes,  nfs for linux and what can i do to make it easy for mac guys?13:25
Kamping_Kaisertell them to use nfs or samba?13:26
ivoksyou'll have to set up 'unsecure' nfs for mac13:26
fw1how does gnome build the 'network' list of servers13:26
ivoksso it's better for them to use samba13:26
ivoksor, there's netatalk for old afp protocol13:27
fw1what protocol builds up the 'Network' file browser13:30
ivokswrong place for that question13:31
ivokstry #ubuntu13:31
ivoksi'd say it's smb13:31
fw1its not smb as there is 'Windows NEtwork'13:33
fw1all the macs are appearing there13:33
ivoksmacs have samba too13:35
ivoksit shows computers from same workgroup13:35
ivoksif you select windows network, it shows all workgroups13:35
ivoksapple suggests using smb as default network protocol13:36
ivoksnfs is also supported13:36
ivoksafp is considered old, but imho, still is the best file sharing protocol for macs13:37
fw1its doing something more13:37
fw1as its picked up an sftp server13:37
ivoksare you sure that sftp server doesn't have smb?13:37
RichardPhi, operationally how different is 8.04 LTS and 8.10?  am i going to continually run into issues installing PHP 4, MySQL 5 etc on .04?  I like the sound of the LTS release, but if its more hassle to support locally....13:37
ivoksphp4?13:37
ivokswhy would you use php4?13:38
RichardPivoks: legacy code13:38
fw1RichardP, if you want to for production go with 8.0413:38
fw1i don't think php4 is in 8.0413:38
ivokswell, i'd still go with 8.0413:38
RichardPfw1: i would be surprised if it isnt13:38
Deeps!info php4 hardy13:38
fw1RichardP, its not13:39
ubottuPackage php4 does not exist in hardy13:39
RichardPthen im screwed13:39
Deepsyou can always install and maintain php4 from source yourself13:39
ivokseven php5 is old :)13:39
RichardPDeeps: i wanted to avoid that13:39
kinnazanyone has seen thing like that, lsi 1030 hard drives just wont show up13:40
kinnazi have two x345 ibm server13:40
kinnazone installed everytokey13:40
kinnazeverything okey13:40
kinnazbut with second server cant find drives13:40
kinnazany suggestions _13:40
kinnaz?13:40
ivokshave you initialized drives in raid controller?13:41
kinnazivoks, its resyncing array at the moment13:41
kinnazthou there was live system running on it before13:41
kinnazi tried to install ubuntu on it13:41
kinnazthou redhat13:42
kinnazall driver disks i have found are aswell for redhat/suse13:42
ivoksyou have lsi raid controller?13:42
kinnazyes lsi 103013:42
kinnazboth boxes to13:43
kinnazthat what makes it strange13:43
kinnazthats13:43
ivoks8.04?13:44
kinnazyes13:44
ivoksany errors in logs?13:45
kinnazhmmmz will check13:46
=== jjesse__ is now known as jjesse
sergevnivoks: sorry was afk, lemme check13:53
sergevnivoks: it gives the same output as in the email :)13:55
ivokssergevn: that means your spamassassin is configured for verbose output13:55
ivokscheck /etc/spamassassin/*13:57
ivoksi'm sure you changed something there13:57
sergevnin local.cf everything is outcommented13:57
=== KterinK is now known as dou213
ivokscould you paste that line again?13:59
sergevnwhat line?13:59
ivoksthe output13:59
sergevnsec14:00
sergevn$ /usr/bin/sa-learn --sync14:00
sergevnbayes: synced databases from journal in 0 seconds: 117 unique entries (117 total entries)14:00
ivokshttps://bugs.edge.launchpad.net/ubuntu/+source/amavisd-new/+bug/16518414:01
uvirtbotLaunchpad bug 165184 in amavisd-new "amavisd-new + spamassassin: cronjob spams root user" [Medium,Triaged]14:01
sergevnyeah found that one, but the date is 200714:02
kinnazreally strange booted up ubuntu again to check the logs for errors and what happens it found my hdd14:03
kinnazonly option is that my array was broken or smt14:03
ivokssergevn: so what? last activiy is 4 days ago14:03
ivokskinnaz: it probably wasn't initalized14:04
kinnazivoks,  thou i didnot change anything in raid configuration util14:04
kinnazjust booted up debian14:04
kinnazthen it hanged or smt14:04
kinnazand then booted up ubuntu cd14:04
kinnazthou it was resyncing my array14:04
kinnazall the that time14:04
sergevnivoks: ok :) well i thought that if it was reported in 2007, and having problems since an update it would not matter :)14:04
kinnazivoks,  tnx for help anyways14:04
=== KterinK is now known as dou213
=== espacious_ is now known as espacious
sergevnivoks: thanks for the help ivoks, going to try those hacks later tonight14:18
Ko_deZHi. Is there a netboot installer for ubuntu server? The only one I can find is this: http://archive.ubuntu.com/ubuntu/dists/hardy-updates/main/installer-i386/current/images/netboot/14:19
Ko_deZand that seems to be a regular ubuntu installation.14:20
Ko_deZThe CD drive on my very old Dell only reads the inner parts of a CD, so I need a small iso :-p14:20
kinnazKo_deZ, i would suggest you to go pxe boot14:25
Ko_deZkinnaz: Thanks for the tip. Will have a look at it.14:29
Jeeves__Why do my servers crash when I try to get an iscsi-device attached?14:37
Jeeves__(Hardy)14:37
_rubenouch14:37
_rubenwasnt there a bug in open-iscsi some time ago .. or are you using iscsi hba's?14:38
Jeeves__I'm trying to mount iscsi-devices exported by Sun storage (open storage, solaris)14:39
_rubenserver fully up to date? (wrt to the open-iscsi bug)14:40
Jeeves__I just dist-upgraded :)14:40
Jeeves__It's pxe-booting as we speak :)14:41
Jeeves__So that will be a complete reinstall14:41
_rubenhavent tried ubuntu as initiator, only as target .. using esxi's software initiators at the other end of the "wire"14:42
henkjan_Jeeves__: did you try to mount an iscsi volume from your netapps?14:42
Jeeves__exported by Sun storage (open storage, solaris)14:43
Jeeves__I wasn't even mounting yet14:43
Jeeves__just discovering and attaching14:43
_rubenbah .. why is squid's logging so damn nasty .. its pretty much undoable to write filter regexps for the useless stuff14:45
ScuniziI just installed server with the LAMP, Samba & FTP options.  Testing FTP results in no connection. Any idea which FTP package was installed and where the conf file is?15:03
Deepsdpkg -l |grep ftp15:04
Deepsat a guess, vsftpd, and the configuration should be in /etc/vsftpd/15:04
Scunizigood idea15:04
ScuniziDeeps: nope not fsftpd15:04
ScuniziDeeps: it's using ftp/lftp.. ftp is the client and lftp is the server15:05
Deepstask-sel --list-tasks, find the task name for the ftp server15:05
Deepsthen tasksel --show-packages <ftpserver task>15:05
Deepslftp is a client, not a server15:05
ivoksScunizi: how did you install FTP server?15:05
Scunizioh.. hard to tell on the readout of the grep command15:06
Scuniziivoks: as part of the standard install of the server edition.. there's a point that asks what additional services you want.. I ticked Lamp, samba and ftp15:06
ivoksbut dpkg -l | grep vsftpd results with nothing15:07
ivokseither you didn't select it or you've hit a bug15:07
ivokswhich ubuntu version is that?15:07
Deepscant be hardy, no ftp-server task in hardy15:08
Deepsat least, according to tasksel, anyway15:08
ivoksi don't think we have ftp task at all15:08
Scuniziivoks: it rusults in ii ftp  (next line) The FTP client (next line) ii lftp15:08
ivoksScunizi: notice: dpkg -l | grep vsftpd15:08
ivoksvsftpd15:08
ivoksnot ftp15:08
Scunizik15:08
ivoksScunizi: what ubuntu version is that?15:09
Scunizilooked in ~ for the .vsftpd.conf file but there wasn't one.. grep returns nothing .. version is 8.1015:09
ivoksvsftpd is system service15:10
ivoksit doesn't have users configuration15:10
ivoksyou just didn't install ftp service15:11
ScuniziI haven't yet manually..15:11
ivoksright, there's no FTP task in ubuntu-server15:12
ivokshttp://images.howtoforge.com/images/perfect_server_ubuntu8.10/24.png15:12
ivoksso, you installed something else...15:12
ivokstasksel --list-tasks | egrep ^i15:13
Scuniziivoks: yep.. the pic jogged my memory .. it was ssh .. should have remembered that since I'm on the server box via ssh now.15:13
ivoksthis will tell you what you have installed15:13
ivoksthere you go...15:13
ivokswe suggest vsftpd as FTP service15:13
ivoksonce you install it, configuration file is /etc/vsftpd.conf15:14
Scuniziivoks: yes.. I have vsftpd on another machine and works well. I have issues though, setting it up so Joomla functions..It's been driving me nuts for several days15:16
ivoksvsftpd has nothing to do with joomla15:16
Scuniziivoks: it does on the back end when you need to change templates or upload pic etc..15:17
Scuniziivoks: not just vsftpd but ftp in general..15:17
Deepsdou213: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/308952 may relevant to you15:17
uvirtbotLaunchpad bug 308952 in vsftpd "FireFTP(Mozilla) cannot LIST files" [Undecided,Incomplete]15:17
Scuniziinteresting15:18
Scuniziso maybe proftpd?15:20
kinnazhmmmz anyone worked around with drbd ?15:21
kinnazshould i make the filesystems to partitions i want to sync before sync ?15:21
_rubenkinnaz: not too sure about your wording, but the sync can be initiated either before or after the partitions are in use (data wont be destroyed)15:22
_ruben*if* done correctly15:22
_rubenbut no, i dont have any experience with drbd, just did some limited research15:22
kinnaz_ruben,  i have no data just two partitions without filesystems, was wondering what type of filesystem i should create to there15:22
_rubenwhatever filesystem you want to use15:23
kinnazah okey tnx :)15:23
Scunizinot FAT15:23
_rubenthere's tons of howtos out there on how to setup up dbrb properly15:23
_rubendrbd15:23
kinnazyeah i was following the guide at drbd website15:24
kinnazjust it mentioned lvm and stuff like that15:24
kinnazcouldnot figure out can i use ext15:24
ivoksScunizi: that's a bug in client, not server15:24
ivoksScunizi: notice 'Hello, i reverted back to FileZilla_3.0.7.1_i586-linux-gnu.tar.bz2 and it is working fine now'15:25
DeepsScunizi: that bug has no relation to you, it was for dou213 (notice the line prefixed with dou213:)15:25
_rubenwhen using drbd i'd use lvm logical volumes to replicate, makes things a tad easier .. i hardly ever use "raw" partitions these days, apart from /boot15:26
ScuniziDeeps, ivoks thanks.. I was just picking up on that.  with joomla it's just a setup issue. there's lots of how to's but nothing a-z definitive.  Once I figure it out I'll have to write one15:27
DeepsScunizi: you'll probably find that whatever issue you have with vzftpd+joomla, will occur with any other ftpd15:29
ScuniziDeeps: I'm sure..15:29
DeepsScunizi: anyway, good luck configuring joomla :)15:29
ScuniziDeeps: thanks. on public shared servers it hasn't been an issue at least with the isp's I use. on the home server it's been a little different :/15:30
jcastrosoren: where you the one looking at cobbler a cycle or two ago?15:33
sorenjcastro: Yes.15:34
jcastrofyi, 1.3 seems to support debian/ubuntu directly: https://fedorahosted.org/cobbler/wiki/SupportForOtherDistros15:34
sorenjcastro: Oh, someone else did my job. Fantastic!15:34
jcastroI wonder if someone has messed with it yet15:35
dou213thx Deeps, i'll give it a check15:51
a_okwhat is the most common cause of max cpu utilization by udevd?16:00
nijabaserver team meeting in #ubuntu-meeting now16:01
mathiaz!screen16:08
ubottuscreen is a terminal multiplexer. See http://www.kuro5hin.org/story/2004/3/9/16838/14935 and http://en.wikipedia.org/wiki/GNU_Screen16:08
erzlauteAnyone have success installing Ubuntu server with hardware raid on an HP Proliant dl160 g5--or is software raid the only solution?16:40
orudiehi. what is the best way to set up an FTP server ?16:43
Faust-Corudie: sftp (imo)16:46
Faust-Cwhich would be a recomended file system to store email on a SAN?16:47
orudieimo ?16:47
Faust-Ci usually use xfs16:47
Faust-Corudie: in my opinion16:47
orudieright, but how would i make useres login to the same directory16:48
orudiethe FTP users16:48
Faust-Corudie: hmm, i read a how to once...16:48
Faust-Cill have to look for it16:48
orudieheheh ok16:48
mathiazivoks: is there a wiki page to track the postfix/dovecot integration?16:51
ivoksno16:52
ivoksi was working on this today16:52
ivokstrying to get it in before FF16:52
mathiazivoks: I'm just trying to remember what are the goals16:52
ivoksgoal is to provide full postfix-dovecot integration16:52
ivoksincluding, not related to that, maildir support16:53
ivoksand other optimizations16:53
mathiazivoks: right - that means: maildir by default in /home/$USER/Maildir/, postfix using dovecot sasl, postfix using dovecot lda16:53
ivoksi don't see why i can't use ucf to take over package16:53
ivoksit even has examples in man page how to do that16:53
ivoksmathiaz: right16:54
ivokss/package/config16:54
erzlauteorudie: take a look at <http://www.cyberciti.biz/tips/rhel-centos-linux-install-configure-rssh-shell.html>. at the bottom of the page, you'll find a method for 'jailing' users in their own directories16:55
mathiazivoks: since we've decided to provide a tight integration between  dovecot and postfix I think that dropping a different configuration file and update the init script to look for it is the easiest solution16:56
ivokshow about making dovecot.conf a link to dovecot-original.conf in dovecot-common, and then in dovecot-ubuntu, making it a link to dovecot-ubuntu.conf?16:57
=== cjwatson_ is now known as cjwatson
orudieerzlaute, right, but if i want multiple users to access the same directory for FTP16:57
=== Abracadabra is now known as [Abracadabra_Lon
ivoksthat way we don't have to change init script16:57
=== [Abracadabra_Lon is now known as [Abra_London]
ivoksor use alternatives or something16:58
erzlauteoh, right--sorry--i should've read more closely. not sure how that would be done securely...maybe a better solution will come up17:01
ivoksanyway, dovecot needs serious update17:03
ivoksnew version17:03
mathiazAdri2000: what's your proposal?17:04
mathiazivoks: yeah - it seems that experimental has an up-to-date package.17:04
ivoksmathiaz: current is .11, irrc17:05
ivoksiirc too17:05
mathiazivoks: well - I don't know if symlinking would be accepted17:05
ivokscjwatson: ping :)17:06
Adri2000wanted to ask about what samba version do we want in jaunty. 3.3 is out but it may not be a good idea as it's really recent. the latest release of the 3.2 branch is 3.2.8 whereas jaunty only has 3.2.6. does anyone object to updating samba to 3.2.8?17:06
ivokslet's ask before we spend another day for nothing :D17:06
Adri2000jaunty has 3.2.5 even17:06
mathiazAdri2000: right - there is a discussion about that on the samba maintainer list in debian17:07
cjwatsonivoks: yes17:07
cjwatson?17:07
ivokscjwatson: i have a question17:07
cjwatsonjust reading scrollback17:07
ivokscjwatson: would creating symlinks (dovecot.conf -> dovecot-[ubuntu|original].conf) be bad?17:07
* andol isn't sure about 3.3, but would definatly not mind seeing 3.2.8 in Jaunty.17:07
cjwatsonwhy is a symlink necessary? why not just run dovecot with some different argument to use a different configuration file?17:07
cjwatsonthat would be perfectly reasonable and far less complex17:07
ivokscjwatson: cause then will have to change init script17:08
cjwatsonso what?17:08
mathiazivoks: I thinks that's reasonable17:08
ivoksok then17:08
cjwatsonhonestly, messing about with configuration files and symlinks is going to get you tons of bugs down the road17:08
cjwatsonkeep it simple17:08
mathiazivoks: some of the init scripts have specific logic to handle ltsp17:08
ivoksif [ -f /etc/dovecot/dovecot-ubuntu.conf ]; then NAME=dovecot-ubuntu17:08
Adri2000mathiaz: http://lists.alioth.debian.org/pipermail/pkg-samba-maint/2009-February/thread.html which one?17:09
mathiazAdri2000: http://lists.alioth.debian.org/pipermail/pkg-samba-maint/2009-February/006337.html17:09
ivoksor, better CONF=blablabla, instead NAME17:10
ivokscjwatson: thank you!17:10
AndyGraybeali realize that a fresh install of Ubuntu doesn't have UFW turned on, but is there a type of firewall that's already on?  i think my port 9103 (bacula) should be trying to accept data.. but i'm getting a connection refused.  is there something blocking it?17:10
AndyGraybealshould i just turn on ufw and ask it to open 9103?17:10
ivoksmathiaz: but, i already see tons of bugs 'i've changed this and this in dovecot.conf, and nothing works' :)17:10
Faust-CAndyGraybeal: what do logs on that server say17:11
andolAndyGraybeal: Shouldn't be any rules active by default. You can always check by running "sudo iptables -L"17:11
mathiazivoks: right - we could drop a comment in dovecot.conf about that17:12
mathiazivoks: or change the way configuration files are used17:12
AndyGraybealFaust-C: what log do you have in mind, in particular?  (i'm fairly new to this and i understand that /var/log/syslog is important... i do see a /var/log/bacula/log but it doesn't look like much is in it.17:12
mathiazivoks: hm - nevermind17:13
mathiazivoks: it would too complicated17:13
ivoksright17:13
mathiazivoks: let's just modify the init script to use dovecot-postfix.conf if it's there17:13
ivoksok17:13
ivoksand i'll add warning in dovecot.conf17:13
mathiazivoks: and add a comment to dovecot.conf to point to dovecot-postfix.conf if it's there17:13
ivoksbig warrning :)17:13
Faust-CAndyGraybeal: like andol said firewall isnt on by default17:13
Faust-Cbut there is also /var/log/messages17:14
mathiazAndyGraybeal: you should check if bacula is listening on port 910317:14
mathiazAndyGraybeal: and is accepting connection from the outside - it may be configured to only listen on localhost17:14
ivoksmathiaz: i've forgot to mention one thing at meeting17:15
AndyGraybealthank Faust-C and andol  -- andol i tried the 'sudo iptables -L' and i don't really understand what it says- - but this is a fresh install, and i haven't touched iptables or ufw yet.  i'm trying to get bacula working (first thing) before i enable anything else.17:15
cjwatsonivoks: no problem, hope that's all doable, sorry for sticking my oar in late17:15
mathiazivoks: I wouldn't call the package ubuntu-mail-server17:15
mathiazivoks: dovecot-postfix seems the best choice IMO17:15
ivoksmathiaz: should we enable managesieve by default or not? none of ubuntu clients support it17:15
ivoksmathiaz: right, i won't call it ubuntu-*17:16
AndyGraybealmathiaz: ahh interesting, i did an 'nmap -p1-65535' (or something like that) to see what would turn up on my host, and it only showed port 22 (ssh obviously) was open.17:16
mathiazivoks: the managesieve patch is included17:16
AndyGraybealmathiaz: where do i look to see if bacula isn't accepting connections from the outside?17:16
ivoksmathiaz: still, managesieve is just great stuff, supported by kmail and thunderbird plugin17:16
mathiazivoks: what do you mean by enabling it?17:16
Adri2000mathiaz: ok, but that doesn't say what we decide for ubuntu jaunty17:16
mathiazivoks: I agree.17:16
ivoksmathiaz: managesieve listens on port 200017:16
andolAndyGraybeal: what does "sudo netstat -tlp" tell you? It should give you information about which services listens on which ports.17:17
ivoksmathiaz: so, it's an additional port, but none of our clients (except kmail) can use it17:17
Faust-CAndyGraybeal: netstat -lnp17:17
ivoksout ob the box17:17
ivoksevolution even doesn't want to work on it17:17
mathiazivoks: that's ok17:17
ivoksok17:17
ivoksso, on by default? :)17:17
mathiazivoks: a new port can be opened.17:17
ivoksi know17:17
mathiazivoks: we'd have to make sure that sieve scripts are stored correctly and processed by the lda17:18
ivoksright, there's an open bug about that17:18
mathiazAdri2000: true - but it gives us clues about what debian is doing17:18
ivoksany users can overwrite others sieve scripts :D17:18
mathiazAdri2000: and we're working closely with debian on the samba packages17:18
mathiazivoks: oh! that should be fixed before enabling managesieve by default then17:19
ivoksof course17:19
mathiazivoks: as we're close to FF may be we should defer managesieve by default for the next release17:19
ivokswell, we have to update dovecot anyway17:20
ivoksonce we do that, we've closed that bug17:20
Adri2000mathiaz: I know, and I already asked slangasek about that. he said 3.3 is probably not a good idea but a more recent version of 3.2 should work. so does anyone in the server team disagrees?17:20
mathiazivoks: let's focus on updating dovecot and integrate with postfix (sasl, maildir and lda)17:21
mathiazAdri2000: I think trying to get the latest 3.2 would be a good thing17:21
Adri2000ok17:22
mathiazAdri2000: however we'd have to package the latest release since debian won't push it to unstable before our FF17:23
Adri2000why wouldn't they? Steve told me it was possible17:24
mathiazAdri2000: true - what matters here is a timeframe17:24
mathiazAdri2000: we need to get 3.2.8 (IIRC) before Thursday, next week17:25
AndyGraybealandol and Faust-C okay, i've done both netstat commands, 'netstat -tlp' shows me that 'bacula-dir' and 'bacula-sd' are doing something (i can't see what.  'netstat -lnp' shows me that 127.0.0.1:9101 and 127.0.0.1:9103 (the bacula ports)  are LISTENing;  can you help me with what this may mean?17:25
mathiazAdri2000: and I don't think that debian will package 3.2.8 for unstable within a week17:25
andolAndyGraybeal: If you'd like to interpret the result you can always paste it onto http://paste.ubuntu.com/17:26
uvirtbotNew bug: #327703 in dnsmasq (universe) "DHCP Request Cycle can get caught in infinite loop" [Undecided,New] https://launchpad.net/bugs/32770317:26
AndyGraybealrad thanks andol17:26
Adri2000mathiaz: see the end of http://irclogs.ubuntu.com/2009/02/08/%23ubuntu-devel.txt and the beginning of the next day17:26
AndyGraybeali'm going to go through my bacula .conf files to see if i can make heads or tails to see if i'm only accepting from localhost or something like mathiaz said.17:27
AndyGraybealcause i pretty much swear i haven't to uched any firewall stuff17:28
mathiazAdri2000: ok - well we'll see then17:29
mathiazAdri2000: if 3.2.8 hits unstable before FF we can merge it17:29
Adri2000ok, I'll follow this closely, to make sure we either have it via merging from debian or via packaging it ourselves17:31
teddy_why did we choose IT/computers? I should have chosen the blue pill....17:32
AndyGraybeallol teddy17:32
ivokslamont: is there a way (like postconf) to write something in master.cf?17:54
ivokslamont: if i would like to integrate amavis with postfix, right from amavis package, for example17:55
ivoksafaik, there's no such thing17:55
AndyGraybealokay, bacula doesn't want to connect to either 'buddleia:9103' (buddleia is the host name) or 'localhost:9103' i don't know what to do ... (i understand in the bacula director conf file i'm not supposed to use 'localhost' in the 'storage' section, i just did it for testing purposes.17:56
AndyGraybealso bconsole connects fine to the director, but the director isn't connecting fine with the storage daemon17:56
ivoksAndyGraybeal: i could help, just give me a minute to sort some thing first17:57
AndyGraybealivoks, thank you so much.  i guess i'm still in the holding hand stages with this -- i've been working with linux off and on for almost 10.. probably more..  years.. and i still don't understand it17:59
krauti've got a grypted root volume from which i boot, is it possible to type in the passphrase via tty0 and ttyS0?17:59
ivokskraut: why not?18:00
ivoksAndyGraybeal: ok, let's see18:00
krautand how?18:00
krauta created ttyS0 in event.d, the getty starts after that18:00
ivokskraut: you need to tell grub to use terminal18:01
krautit does, but i'm not able to type in the passphrase18:02
ivokskraut: you see the output?18:02
krauti can move through the menu of grub, but after i boot the kernel, it stops18:02
ivokskraut: that's not it, do you see kernel loading in terminal?18:02
ivokskraut: that's *after* grub is loaded18:02
krautno18:03
ivokskraut: http://ivoks.blogspot.com/2008/09/full-control-over-server.html18:03
ivokskraut: check out grub section18:03
krautserial --unit=0 --speed=960018:03
krautterminal --timeout=10 serial console18:03
krautthat are the first lines of menu.lst18:03
AndyGraybealivoks, what do you want me to share with you?18:03
ivokskraut: quiet serial console=ttyS1,57600n8 (in my case)18:03
krautaha!18:03
krautyeees, that's it18:03
krautgah! ;)18:03
ivoksAndyGraybeal: just a second18:03
AndyGraybealivoks, also looks like i lost my mouse.. so i can't cut and paste (i'll bring in a mouse on friday18:03
ivoksAndyGraybeal: so, in bconsole18:04
ivoksAndyGraybeal: when you do status, it waits where?18:04
AndyGraybeali've never done status before... i have 1,director, 2 storage, 3 client 4 all18:05
AndyGraybealjust go ahead and hit 2?18:05
ivoks418:05
ivoksall18:05
AndyGraybealk18:05
ivoksdid it stop somewhere?18:06
ivoksor did everything go without problems?18:06
AndyGraybealyea, 'failed to connect to Storage daemon File' also failed to connect to Client18:06
AndyGraybealbut it connected to the first one, the director18:06
ivoksok, let's take care of storage first18:06
ivokswhich ubuntu version is that?18:06
AndyGraybeal8.1018:06
AndyGraybealserver amd18:06
ivoksnise18:06
ivoksnice18:06
ivoksok, open bacula-sd.conf18:07
AndyGraybealk18:07
ivokscheck the Storage section18:07
ivoksis there SDAddress?18:07
AndyGraybealyea, it's 192.168.2.104 ... originally it was 127.0.0.1 .. i changed it for 'testing' purposes because id idn't know what was going on -- i don't mind changing it back to 127.0.0.118:07
krautivoks: now i'm only able to type in the passphrase via ttyS018:07
ivoksAndyGraybeal: just delete it :)18:08
AndyGraybealdelte.. okay18:08
AndyGraybealhow abotu # instead of delete?18:08
Faust-Cw/ iscsi how do you have it auto mount devices after iscsi works18:08
ivokskraut: that's why you can have multiple grub entries, where you can define for each how to handle that problem18:08
ivoksAndyGraybeal: or comment it out, yes18:08
krautivoks: isn't there any soloutions? :/18:08
krautand per default there is only standard and rescue18:09
krautperhaps i need to violate rescue for that18:09
ivokskraut: i didn't think about them and now i'm helping AndyGraybeal, and i can't help everybody at the same time :D18:09
AndyGraybealivoks == god18:09
ivoksno, i'm not18:09
krautpff ;)18:10
AndyGraybealit works! holy crap18:10
ivoksAndyGraybeal: it does? nice18:10
ivoksAndyGraybeal: open bacula-dir.conf18:11
ivoksAndyGraybeal: find 'Storage' section18:11
AndyGraybealok18:12
ivoksAndyGraybeal: check Address18:12
AndyGraybealaddress = buddleia (my server name)18:13
ivoksAddress in Storage section of bacula-dir.conf and SDAddress in bacula-sd.conf must be the same18:13
Faust-Chmm18:13
ivoksbuddleia needs to resolve to 192.168.2.10418:13
AndyGraybeali thought i just uncommented SDAddress out in bacula-sd.conf18:13
ivoksi'm just telling where the problem was18:14
AndyGraybealaaah understood18:14
ivoksnow, bacula-sd listens on all IP addresses18:14
ivoksbut you might want to squize that a bit18:14
AndyGraybeal*understood.18:14
ivoksif director and storage are on the same server18:14
ivoksit would be reasonable to hade localhost for Storage Address and SDAddress18:14
ivokss/hade/have18:15
AndyGraybealbuddleia doesn't really resolvge i don't think.. i just made the name up18:15
AndyGraybealhow do i know if it resolves?18:15
ivokshehe18:15
AndyGraybealah so your saying i could just use localhost then and all is okay?18:15
ivoksAndyGraybeal: yes18:15
ivokson both18:15
AndyGraybealrock on thank you18:15
ivoksfor Storage18:15
ivoksnot for everything18:15
lamontivoks: there's a tool that scottk gave me that's in postfix.  outside of that (which we can modify...), there isn't a postfix-provided api18:15
AndyGraybealivoks, for storage and director, correct?18:16
ivoksAndyGraybeal: correct18:16
ivoksnotice that we haven't talked about Director at all :D18:16
ivokslamont: ok18:16
ivokslamont: i'll check it out18:16
AndyGraybealivoks, nods, is there a reason .. should i not touch my director conf?18:17
ivoksAndyGraybeal: no, i'm just saying... bacula is very complex piece of software18:17
ivoksAndyGraybeal: Storage section in bacula-dir.conf describes how to contact storage daemon18:17
ivoksAndyGraybeal: you could have director on one machine, storage on another, clients all over the world and console on your ipod18:18
ivoksAndyGraybeal: bacula makes that possible, but cause of that, for newcomers it's PITA to set up :D18:18
ivoksAndyGraybeal: in 8.10, everything should be set up out of the box, so i don't really understand why you changed configs :D18:19
AndyGraybealthanks alot ivoks. so far director and storage are on the same place, no ipod with  linuxes yet for me.18:19
AndyGraybealivoks, it didn't work, i didn't change the configs!18:20
ivoksit did18:20
ivoksremeber the SDAddress? :)18:20
kinnazbacula is nice :)18:21
ivoksvery nice :)18:22
nxvlsommer: is the ebox fix in a ppa or somewhere i can get the .deb?18:23
zulnxvl: dont tell me you use ebox to run your system18:23
nxvlno18:23
nxvla friend of mine is having troubles18:23
nxvl:D18:23
nxvlhe updates from hardy to intrepid18:23
nxvlupdated*18:23
nxvlhttp://forum.eboxplatform.com/index.php?topic=980.new;topicseen#new18:24
zulnxvl: riiiight...:)18:24
ivoksif it isn't reported on launchpad, it doesnt't exist :D18:25
nxvlheh18:25
ivokswhen is FF?18:27
ivoksi would like to squeeze support for DELL servers into ipmitool :)18:27
AndyGraybealokay, ivoks, thanks for the hand holding.  appreciated.18:28
ivoksAndyGraybeal: everything works now?18:28
AndyGraybeali'm pretty sure i can go from here.18:28
ivoksif you have problems with client, check FDAddress18:28
AndyGraybealstatus turns out fine thoug, still need to play with the client, but i think i'll be fine with that18:28
ivoksin client's bacula-fd.conf and Address in Client section of bacula-dir.conf18:29
AndyGraybealgotcha, awesome th anks for say ing that.18:29
ivoksnp18:30
ivoksand, if you find some bugs, report them on lp18:30
ivoksi'm trying to keep bacula in shape in ubuntu18:30
ivoksbut there's one bug across all ubuntu version >8.04, which i'll deal with next week :D18:30
sommernxvl: I think interpid-proposed18:32
sommernxvl: other than that I don't think so... the version in my ppa is old18:32
nxvlmm18:32
nxvli don't find it on -proposed18:33
nxvli will apply your patch and upload to my ppa18:33
AndyGraybealivoks: all checks out good now.18:33
sommernxvl: err wherever mathiaz uploaded it18:33
ivoksAndyGraybeal: i know, that bug isn't related to you, since you've managed to install bacula :)18:33
sommernxvl: if you want to run the latest the ebox-ppa has packages that work for intrepid18:33
nxvlreally?18:33
AndyGraybealAndyGraybeal: i wasn't talking about the bug :P  but just about the last test i ran with the Client alsol.18:34
ivoksok18:34
sommernxvl: it's not the version that shipped with intrepid, but it will run on intrepid.. if that makes sense18:34
nxvlright18:35
nxvlhe just wants it to run18:35
sommernxvl: https://launchpad.net/~ebox-unstable/+archive/ppa18:35
sommerin case you didn't have it :018:35
nxvli was looking at https://edge.launchpad.net/~ebox/+archive/ppa18:36
sommerah, probably the same thing18:36
nxvlyeah one is stable and the other developent i think18:37
AndyGraybealivoks, can you help me with btape?  i'm doing this: "sudo -u bacula btape -c bacula-sd.conf Quantum" it gives me a prompt with no errors, i type 'test' and nothing happens.18:43
ivokssudo -u bacula "btape -c bacula-sd.conf Qantum" ?18:44
AndyGraybealwell the quotes were around the whole thing.. just to distinguish it from the rest of my typing18:44
ivoksbut, that's wrong18:44
ivokssudo -u bacula "btape -c bacula-sd.conf Qantum"18:44
ivoksotherwise, -c will be considered as sudo switch18:45
AndyGraybealinteresting18:45
AndyGraybeali swore btape worked y esterday18:46
ivoksnow it doesn't?18:46
AndyGraybeallooks like it... so evil18:47
AndyGraybeali co uldn't get bacula to work, but btape did the 'test' just fine yesterday18:47
ivoksdid you enclose btape in "" now?18:49
ivoksas i told you?18:49
AndyGraybealyea, i did.. and it says: sudo: btape -c bacula-sd.conf /dev/nst0: command not found18:50
AndyGraybeali'm in /etc/bacula (just in case your wondering)18:51
ivoksyou didn't then18:51
ivokssudo is executing bacula-sd18:52
AndyGraybealwell earlier it atleast worked, when i enclose it in quotes, it doesn't work18:52
ivoksbecome root18:52
ivokssudo -i18:52
AndyGraybealk18:52
ivoksthen move to bacula user: su - bacula18:52
ivoksthen run, as bacula user, btape -c bacula-sd.conf18:53
AndyGraybealthat gets me into bconsole, and i run 'test' and no diec from there.18:54
AndyGraybeal*dice18:54
AndyGraybealany thoughts?18:54
AndyGraybeali ran 'test' just fine yesterday18:54
ivoksare you sure you are bacula user?18:54
ScottKivoks: Note that the scripts lamont added to postfix for adding policy servers or smtpd proxies are very basic.  They do the limited thing they were meant to do, but could certainly do with improvement.18:54
ivokswhoami18:54
ivoksScottK: if they can add amavis, that's all i'm looking for :)18:54
ScottKivoks: I was cribbing from the amavisd-new docs when I wrote it.18:55
ScottK;-)18:55
ivoks:)18:55
AndyGraybealivoks: i did "su - bacula" like you said, and it appears that i didn't become the bacula user18:55
ivoksright, bacula has /bin/false shell by default18:55
ivokschange it tu bash18:55
ivoksto18:55
AndyGraybealok18:55
AndyGraybealivoks, okay now i'm 'bacula' i ran btape, and test just sits there.  yesterday it made the tape dance a little18:58
ivoksmathiaz: i think i have dovecot sorted out18:58
ivoksmathiaz: care for a debdiff?18:59
mathiazivoks: sure18:59
mathiazivoks: I can have a look at it18:59
pteaguewhy does mtop try to install itself using root@localhost with no password? shouldn't it try to install itself using the debian-sys-maint user?19:00
pteagueor as man mtop states... make a mysqltop user with all privileges set to N except Process_priv ...19:01
ivoksmathiaz: http://www.init.hr/dev/jaunty/dovecot-postfix.debdiff19:05
ivokspteague: report it as a bug19:05
AndyGraybealaah it says "ensure that bacula is not running" when i use btape.... maybe this will change the circumstances when i turn off bacula.19:05
ivoksScottK lamont ^^ i'm also interested in your opinion19:06
AndyGraybealivoks: turning off the storage daemon, made the world of difference when running btape :)19:07
ivoksAndyGraybeal: that's how it works19:07
AndyGraybeal<- slowly learning19:08
ivokslol, ignore the changelog :D19:08
ScottKivoks: Right.  Still needs the script called for the master.cf changes.19:10
ivoksScottK: yes, but that's another step, to integrate amavis19:11
ivoksScottK: for postfix+dovecot, this is all that's needed19:11
ScottKOK.19:11
ScottKRight.19:11
ivoksScottK: i would also like to move roundcube to main for jaunty+1 or +219:11
ScottKSorry.  Brain slow today.19:11
ScottKYou'd want to add a similar binary to the amavis package for that.19:11
ivoksand include it's sieve patch, so that we have full mail stack19:11
ivoksfor what?19:12
ivoksfor amavis, only config dropped in amavis's conf.d and two lines in master.cf is enough19:13
ivoksthat could be done in postinst of this binary (dovecot-postfix)19:13
ScottKDoesn't amavis have to control that?19:14
ivoksfiles in conf.d?19:14
mathiazivoks: why do you need to replace dovecot, dovecot-common in dovecot-postfix?19:14
mathiazivoks: AFAICT there isn't any file that is shared between the packages.19:14
ivoksmathiaz: ah, good catch, that's from old idea19:14
ScottKivoks: Yes.  Isn't this the same conffile problem that stopped the tasksel approach?19:15
ivoksmathiaz: that's leftover from ucf stuff19:15
ivoksScottK: tasksel problem was that we couldn't edit files19:15
ivoksthere's noting stoping us in dropping files in conf.d19:15
ivoksthat's the idea of conf.d19:16
ivokslike /etc/apache2/conf.d19:16
mathiazivoks: what is managesieve-vritual-users-fix19:16
mathiazivoks: used for?19:16
mathiazivoks: is it a security fix?19:16
ivoksmathiaz: fix for https://bugs.edge.launchpad.net/ubuntu/+source/dovecot/+bug/30729119:16
uvirtbotLaunchpad bug 307291 in dovecot "Security hole in ManageSieve: Virtual users can edit scripts of other virtual users" [Undecided,New]19:16
ivoksmathiaz: yes19:16
ivoksmathiaz: patch is provided by http://dovecot.org/list/dovecot/2008-November/035259.html19:17
mathiazivoks: ok.19:17
mathiazivoks: you've also enabled ssl for postfix19:17
ivoksyes19:17
mathiazivoks: why use /etc/ssl/certs/ssl-mail.pem19:17
mathiazivoks: ?19:18
ivoksand disabled weak19:18
ivoksssl19:18
mathiazivoks: rather than snakeoil directly?19:18
ivokswell, ssl-certs create their own certificate19:18
ivoksmathiaz: i would prefere if users would put their own certicates as ssl-mail, instead of changing configs19:18
ivoksif they change config they'll get unneeded diff19:18
ivoksof configs19:19
ivoksso, ssl-mail is a link on snakeoil19:19
ivoksso user can just relink it or remove it and put it's own19:19
mathiazivoks: users could update snakeoil directly?19:19
ivoksmathiaz: i know, but in 99% they'll want to change the name :)19:19
mathiazivoks: or you want to support different certificates on the same system?19:19
ivoksthat could also be a usecase19:20
mathiazivoks: I wonder if Maildir/ is a good location for the user mailbox19:21
ivoksif we prefere users to change config, that's no problem19:21
ivoksmathiaz: that's unwriten default setup19:21
mathiazivoks: what is the default home_mailbox in postfix?19:22
ivoksmathiaz: lots of howtos use ~/Maildir19:22
ivoksmathiaz: default is none, which is then mbox in /var/mail/19:22
ScottKivoks: Good point.19:22
ScottK(re conf.d)19:22
ivoksmathiaz: i'm thinking of removing dovecot's related stuff from postfix, on dovecot-postfix removal (in postrm)19:23
ivoksmathiaz: so that postfix continues to operate once package is removed19:24
mathiazivoks: right - I was thinking the same19:24
mathiazivoks: smtpd_tls_auth_only = yes19:24
ivoksyes?19:24
mathiazivoks: does this mean we won't support some smtp clients?19:24
ivoksno19:24
ivoksthis means no SASL if it isn't crypted19:25
ScottKWhich is what you want.19:25
ivokswe don't want plain text passwords over wire19:25
ivoksmathiaz: if client doesn't support TLS (i can't think of any), then it won't be able to use SASL19:26
ivoksbut it'll be able to use server as a relay host if it is in the same network19:26
ScottKivoks: Older Outlook/Outlook Express need SMTPS.19:26
ivoksScottK: really?19:26
ScottKYes.19:26
ivoksthen we'll enable smtps too19:26
ivokssomehow :D19:27
ScottKI think Outlook 2007 was the first to do TLS.19:27
ivoksthat can't be true19:27
ScottKMaybe 2003.19:27
ScottKI don't recall for sure.19:27
ScottKI know a lot of people still use Office 2000/XP.19:27
ivoksi'll check that out19:28
ScottKI think the last thing we want is "Sorry, you need to update your MS Office to use ours system."19:29
ivokswe'll enable smtps19:29
ScottKOK19:29
mathiazivoks: in dovecot-postfix.conf: disable_plaintext_auth = yes19:30
ivoksi think outlook supports TLS for a long time19:30
mathiazivoks: are we loosing some clients?19:30
ivoksit's just that you have to manualy change port19:30
=== BBHoss_ is now known as BBHoss
mathiazivoks: ie some POP/IMAP client won't be able to connect?19:31
ivoksmathiaz: that's the same thing as postfix before19:31
ivoksmathiaz: if you want to authenticate, use imaps or pop3s19:31
ivoksmathiaz: no plain text passwords over wire19:31
mathiazivoks: ok19:31
mathiazivoks: mail_max_userip_connections = 519:31
ivoksyes19:31
mathiazivoks: that's too low IMO19:31
mathiazivoks: thunderbird is known to open multiple connections at the same time19:32
ivokswell...19:32
ivokswe could raise it to 10?19:32
mathiazivoks: IIRC it opens an imap for each folder :/19:32
ivoksif that's true, then it's broken19:32
mathiazivoks: I'd go with the default upstream value19:33
ivoksiirc, 10 for pop, 3 for imap :D19:33
mathiazivoks: oh you're right19:33
ivoks10 for imap19:33
ivoks3 for pop19:33
mathiazivoks: login_greeting_capability = yes19:33
mathiazivoks: are we breaking existing clients?19:34
ivoksno19:34
mathiazivoks: or is it just an optimization issue?19:34
ivoksit's optimization for those that support it19:34
mathiazivoks: imap_client_workarounds = outlook-idle delay-newmail19:34
mathiazivoks: ^^ we support more clients OOTB19:34
mathiazivoks: ?19:34
ivoksyes19:34
ivoksthose are bugs in OE19:35
ivoksand this is workaround19:35
mathiazivoks: same thing for: pop3_client_workarounds = outlook-no-nuls oe-ns-eoh19:35
mathiazivoks: ?19:35
ivoksyes19:35
mathiazivoks: postmaster_address = postmaster@localhost19:35
ivoksright19:35
mathiazivoks: is there a way to get the domain from the debconf db?19:36
ivoksfor lda, postmaster_address needs to be set19:36
ivoksi haven't looked for it19:36
mathiazivoks: or take the domain name?19:36
mathiazivoks: how does postfix handle that?19:36
ivokswe could do that19:36
ivokspostfix adds localhost as designated address19:36
ivoksso, this should be sane as default, but we could add something19:36
ivokspostfix asks for user input on this one19:36
mathiazivoks: ok - I'd suggest to mimic what postfix LDA does by default19:37
ivoksbut always adds localhost19:37
ivoksimho, @localhost is best option19:37
mathiazivoks: quota_full_tempfail = yes19:37
ivoksbut, i could look into scripting that into something...19:37
ivoksright19:38
mathiazivoks: re @localhost, I don't what would be the best option19:38
ivoksinstead of bouncing email, give sender human report19:38
ivokspeople always resend their mail on errors19:38
mathiazivoks: if @localhost is standard practice we should keep it that way19:38
mathiazivoks: ScottK or lamont would probably know better on that subject19:38
ivoksmathiaz: postfix deliver to $mydomain, but...19:38
ivoksmathiaz: with $mydomain, it always accepts mail for localhost19:39
ivoksmathiaz: otoh, taking domain name from /etc/mailname19:39
ivoksmathiaz: in some cases results with problems19:39
ivokswhen people misconfigure it's mta19:39
ivokstheir19:39
mathiazivoks: ok - I don't know. But I'd do the same way as the default postfix LDA handles the postmaster_address19:40
ivoksthat's 'postmaster' :)19:40
mathiazivoks: regarding the quota, the default postfix LDA doesn't handle that19:40
ivokswithout the domain :)19:40
ivoksmathiaz: it does, kind of19:40
mathiazivoks: ok - so why not setup the dovecot LDA to do the same?19:41
ivoksmathiaz: it returns not quite understandable message19:41
ScottKI think @localhost is a reasonable default19:41
ivoksmathiaz: i didn't try without domain, but i will19:41
mathiazivoks: auth_socket_path = /var/run/dovecot/auth-master19:42
mathiazivoks: ^^ why is this commented?19:42
mathiazivoks: shouldn't this be enabled for dovecot LDA?19:43
ivokshm...19:43
ivoksi'll check that out19:44
ivoksit should be enabled19:45
mathiazivoks: so under this setup all mail users are local users19:45
ivoksyes19:45
mathiazivoks: their email is stored in /home/user/Maildir/19:45
ivoksyes19:45
mathiazivoks: where are the sieve scripts stored?19:45
mathiazivoks: since managesieve is enabled by default, we should make sure it works correclty19:46
ivoks~/sieve19:46
mathiazivoks: ie: sieve scripts can be uploaded/managed19:46
ivoksbut we could move that into Maildir too19:46
mathiazivoks: *and* that the dovecot LDA process them correctly.19:46
mathiazivoks: I don't think that sieve scripts should be under Maildir19:47
mathiazivoks: or is it common/supported to upload sieve scripts via IMAP ?19:47
ivoksover sievemanage19:48
ivoksor ftp/sftp19:48
mathiazivoks: as for the security patch it's irrelevant to this setup (but should be included anyway)19:48
mathiazivoks: since it deals with virtual users (which is not the configuration here)19:48
ivoksthis is patch for dovecot in jaunty19:48
ivoksit's not related only to 'setup'19:49
mathiazivoks: right - it's relevant to dovecot, not dovecot-postfix19:49
ivoksi haven't tested this19:51
ivoksso there should be a new debdiff once i trougly test it19:51
ivokscheck this out:19:52
ivokshttp://blog.janus.cx/archives/237-dovecot-Fatal-postmaster_address-setting-not-given.html19:52
maw_when using apt-get, is it possible to download the details of changes in a package?19:54
ivoksargh...19:56
maw_aptitude shows the generic package description, but I am looking for the details of the fix19:56
maw_oh... "C" for changelog19:57
maw_weeee19:57
ivoksmailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot-postfix.conf19:57
ivoksthat should be right :)19:57
ivoksmathiaz: i've checked; having 'postmaster' as postmaster_address is fine19:59
ivoksmathiaz: postfix will add domain then19:59
ivoksor deliver to the alias20:00
mathiazivoks: great20:00
mathiazivoks: would it make sense to split all configuration in their own files?20:00
ivoksand it's running without problems without unix_socket_auth20:01
ivoksmathiaz: i don't understand?20:01
mathiazivoks: something like: dovecot-imap.conf, dovecot-pop.conf, dovecot-lda.conf, dovecot-auth.conf20:01
mathiazivoks: and then start relevant daemons with their own configuration files?20:01
ivokshm20:02
mathiazivoks: would that help in our setup?20:02
Scuniziis there a way to import or convert a vcard export from evolution's address book so I can import it into abook? thunderbird and abook don't import vcard files20:02
ivoksmathiaz: we would just have more configuration files to add -postfix too :)20:02
ivoksmathiaz: i wouldn't go there for jaunty20:03
ivoksmathiaz: but we could explore that for +120:03
pteaguethis doesn't seem to be good :( http://pastebin.com/m5505826220:04
ivokspteague: that application isn't supported by ubuntu-server20:05
mathiazivoks: ok20:05
ivoksmathiaz: so, just for the record, this debdiff doesn't work :)20:06
ivoksmathiaz: i'll provide a new one with some changes20:06
ivoksshould be up in next 24 hours20:06
Scunizinevermind .. found a site http://labs.brotherli.ch/vcfconvert/20:06
pteagueok, then what should i use to monitor apache? or which ubuntu supports it?20:07
mathiazivoks: awesome - thanks for taking up this task!20:07
ivoksmathiaz: i hope this time it will get accepted :D20:07
ivokspteague: well, it works for me on 8.0420:10
ivoksmaybe you have high traffic?20:10
pteaguejust installed a VM using intrepid... access.log is 51372 & error.log is 1109 ... not sure why that should cause a buffer overflow issue20:11
ivoksi haven't tested it on intrepid20:12
ivoksanyway, that's all from me for today20:14
ivokstake care20:14
lirxishi - have just upgraded my server from 7.10 to 8.10 - now nothing works - no server app will start on boot and apache2 wont even start correctly :/20:22
ScottKlirxis: Did you upgrade directly 7.10 or stepwise 7.10 -> 8.04 -> 8.10?20:23
ScottK... directly 7.10 to 8.10 ...20:23
lirxisyes 7.10 to 8.04 then 8.1020:23
lirxisto tell u the truth it worked pretty bad already in 8.04 so i thaught that maybe a upgrade to 8.10 would fix it but it just made it worse20:24
* ScottK looks around for someone who knows about Apache.20:24
* ScottK <-- mail server guy.20:25
lirxismy mailserver dont works pretty good either now :/20:25
lirxiswhen i got things to work in 8.04 i could not send any mails :/ its pretty bad here :P20:26
lirxisi get this when reconfig:20:27
lirxisWarning: found /etc/apparmor.d/force-complain/usr.sbin.mysqld, forcing complain mode20:27
orudiehi, i just installed munin master and munin node , what is the difference between the two, and how do i use them ?20:27
Adri2000orudie: you can install munin-node on multiple machines, and each node sends the data to one machine which has munin installed20:36
AndyGraybealwell, i'm running my first 'fill' onto my tapes; feels good.20:40
AndyGraybeallooks like my throughput is roughtly 9250KB/s20:40
orudiewhat is the best way to install webmin on 8.10 server ?20:46
hads!webmin20:46
ubottuwebmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.20:46
rdw200169orudie, you *can* do it from the webmin website, but, like ubottu says, it may cause problems :(20:47
orudiei just installed munin and munin-node, trying http://myip/munin  no data there21:06
viezerd!ebox21:14
ubottuebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox21:14
orudieviezerd, E: Couldn't find package .^ebox-.*.21:28
viezerdtry without that first point "." ;)21:37
viezerd@orudie21:37
orudieviezerd, http://pastebin.com/m6b9ff3f21:44
orudieviezerd, ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox21:48
orudieviezerd, ooops sorry21:48
orudieviezerd, WARNING: the eBox package released with Ubuntu 8.10 (Intrepid Ibex) is broken and cannot be installed. See bug #255368 for information and unsupported workarounds.21:49
uvirtbotLaunchpad bug 255368 in ebox "ebox: Depends: libapache-authcookie-perl but it is not installable " [Undecided,Fix committed] https://launchpad.net/bugs/25536821:49
viezerdhmmz, orudie ; drop that second point too --> sudo apt-get install ^ebox-.*21:49
viezerdthat did it for me21:50
viezerdeuh21:50
orudieviezerd, they say its broken for 8.10 which is what i have21:50
viezerdorudie: I am on 8.04 myselve21:53
=== Riddelll is now known as Riddell
kansanhow often would people reccomend taking snapshots (i.e. backups) of a file system with mysql on it?22:45
mathiazkansan: it depends on your backup policy. However you'd better use mysql tools to do a backup of your mysql server22:47
mathiazkansan: either mysqldump or mysqlhotcopy to make sure that you have a consistent backup of your mysql databases;22:47
geniiYes, dumping the db to some exterior storage on a regular basis is the safest22:48
kansani'm going to22:48
kansanwith amazon's EBS snapshots22:48
kansanbut i dont know at what frequency i should run them22:48
kansannightly i think for starters22:48
geniiIt depends on how much the data changes22:49
jmedinaI liked zrm backup22:50
jmedinakansan: well, how worth is your data?22:50
kansanhow much is it worth22:50
kansanits important22:50
kansanheh22:51
kansancould we lose a day?  ugh i donnao22:51
lirxisHi - upgraded my server from 7.10 to 8.10 today - but that resultet in some problems... First apache2 did not work but that is fixed now :) I can get access to the server through SSH but cant access the shell on the computer locally... And no server app is starting auto. on boot Any ideas how to fix this?23:57
=== osac7 is now known as OsAC
maw_in regards to local access, what errors do you see on console or in /var/log/messages or /var/log/auth?23:58
lirxiswait a sec23:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!