/srv/irclogs.ubuntu.com/2009/03/04/#ubuntu-server.txt

=== kansan___ is now known as kansan
tbielawa	Greetings	01:28
uvirtbot`	New bug: #337534 in mysql-dfsg-5.0 (main) "install fail my video player" [Undecided,New] https://launchpad.net/bugs/337534	01:35
tbielawa	Can anyone point me at a definitive list showing the details between configuration of a linux-image-virtual kerbel and a generic kernel?	01:35
tbielawa	Research so far suggests the -virtual flavor is mostly slimmed down in terms of devices compiled in	01:36
tbielawa	:)	01:36
JanC	tbielawa: exactly	01:38
JanC	tbielawa: VMs don't need a lot of devices	01:39
tbielawa	JanC, thanks for the confirmation. I just started to dig around package sources. you saved me some time :-)	01:39
JanC	there might be some other changes, but in general, it's optimized for running in VMs	01:40
tbielawa	Can you speak on the delta between -server and -virtual?	01:41
maxb	tbielawa: the relevant bit of the source: http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=tree;f=debian/sub-flavours;h=f40a10bee9057abd5604a3fa8da6d7d918f1956f;hb=HEAD	01:41
tbielawa	Thanks maxb	01:42
tbielawa	In my work place we've set up enough infrastructure to finally roll out on a much bigger scale with the virtualization	01:44
tbielawa	So last steps before that gets going fully is performance tuning and tweaking	01:44
tbielawa	I'd appreciate any helpful resources for that topic.	01:45
^law^	hello anyone can help me to make my db2 autostart in my ubuntu server?	02:59
JanC	^law^: eh, DB2 has no init script?	03:00
uvirtbot`	JanC: Error: "law^:" is not a valid command.	03:00
JanC	shut up uvirtbot` :P	03:00
^law^	when i want to connect to my db2 db for each times i start my server i must invoke "db2start"	03:01
^law^	i want to make it autostart. have any idea?	03:02
^law^	anybody?	03:03
JanC	like I said, you proably need an init script	03:06
JanC	or if you have one, you need to mak sure it's started	03:06
^law^	hmm is it possible to add some in inittab?	03:06
^law^	hmm is it possible to add something in inittab?	03:07
JanC	normally, init scripts go into /etc/init.d/* and they are symlinked from the directories that indicate what script to start or stop for a certain runlevel	03:08
JanC	do you know how sysvinit works?	03:09
JanC	(in the future upstart should do this, but for now you need the sysvinit machinery)	03:09
^law^	hmm	03:12
JanC	I guess you didn't install DB2 from an Ubuntu-specific package...	03:12
^law^	my ubuntu is intreoid	03:13
^law^	intrepid	03:13
^law^	n it seems there is no db2 packge forit	03:13
^law^	so i install manually	03:13
^law^	formerly i can autostart my aolserver by adding a line in inittab	03:14
^law^	i found the line in the internet	03:15
^law^	but now cn't find for db2	03:15
JanC	hm, there were DB2 packages for Ubuntu in the past	03:16
JanC	maybe you can steal something out of these	03:17
^law^	but now i already succeed install it	03:17
^law^	n now i just wanna make it autostart	03:17
^law^	JanC, for making one autostart we can do it by editing inittab or adding initscript in /etc/init.d rite?	03:18
JanC	^law^: I suggest writing an init script	03:20
uvirtbot`	JanC: Error: "law^:" is not a valid command.	03:20
^law^	wat is the diffrent by adding initscript n editing inittab?	03:20
JanC	that way you can at least shut it down properly too	03:20
^law^	but now i can do db2start to start the dbmanager n db2stop to stop it	03:21
^law^	it just won'y autostart	03:21
JanC	you want it to "autostop" too...	03:22
^law^	no	03:22
^law^	i'm wondering wat line must i add into my initttab	03:23
JanC	well, if you don't care about possible dataloss, fine for me... ;)	03:23
^law^	wat u mean by dataloss?	03:27
JanC	if you don't stop DB2 properly before a shutdown or reboot...	03:28
^law^	hmmm	03:29
^law^	when shutdown/reboot must stop db2?	03:29
^law^	i never do tat?	03:30
twb	^law^: Ubuntu has no inittab.	03:32
uvirtbot`	twb: Error: "law^:" is not a valid command.	03:32
twb	^law^: PS: please pick a less silly nick in future.	03:32
uvirtbot`	twb: Error: "law^:" is not a valid command.	03:32
JanC	twb: if you create one, it's used	03:32
^law^	a?	03:32
^law^	my ubuntu server have inittab	03:32
twb	JanC: what package is responsible for that? upstart-sysvinit-compat ?	03:32
^law^	i just fresh installed it 2 days ago	03:33
JanC	yeah, see /etc/event.d/rc-default	03:33
twb	JanC: thank you, I did not know that.	03:33
JanC	if it has, ^law^, it's because you created it	03:33
JanC	it's not there by default	03:34
twb	JanC: unless he's running something ridiculously old, like 6.04	03:34
JanC	maybe	03:34
^law^	no	03:34
twb	But I suspect more likely is that he's done a third-party sharball install or something for db2, which has "helpfully" created it because "shucks, ALL systems are SysV dontcherknow"	03:34
^law^	i didn't create it	03:34
^law^	no	03:34
^law^	i install db2 manually	03:35
^law^	without any 3party	03:35
twb	^law^: that's what I'm saying.	03:35
uvirtbot`	twb: Error: "law^:" is not a valid command.	03:35
* JanC kicks uvirtbot` :P		03:35
twb	JanC: its not uvirtbot`'s fault that people choose stupid nicks	03:35
twb	Excuse me, I'm a grumpy old man and I'm not used to "polite" channels like #ubuntu*	03:36
JanC	twb: it could check nicks before sending error messages ;)	03:37
twb	JanC: while we're at it, let's fix IRC	03:37
Hellsheep	Hey, i have a thread posted in the forums i was wondering if someone can look at please.	04:26
Hellsheep	http://ubuntuforums.org/showthread.php?p=6833609#post6833609	04:26
Hellsheep	Is anyone here able to help with a networking issue?	04:36
twb	Hellsheep: can you give a one-sentence description of the problem, so I can decide whether I can be bothered dealing with a web forum?	04:47
Hellsheep	Connecting my network like this: Phone Line>Modem>Server>Router/switch>windows PC's so basically i want to know how to set something like that up, and configure the server to process the internet and route it out	04:48
Hellsheep	i can explain more if you like	04:50
twb	Sorry, I'm not interested.	05:01
Hellsheep	No problem	05:04
=== CaTeYe is now known as cateye
=== cateye is now known as CaTeYe
kraut	moin	08:37
piti	Hi	08:48
piti	I have a strange behavior: I'm not able to set on php core option "allow_url_fopen" to on. The conf file is already setted to on, but the configuration doesn't seem to reload	08:49
piti	I use lighttpd so the conf file is /etc/php5/cgi/php.ini, and tried to reload with /etc/init.d/lighttpd restart	08:51
piti	and it's on a gutsy box	08:51
cemc	piti: other conf options do work ?	08:56
piti	hum good advice: it seems not to	08:59
piti	does it use an other conf file than the one I'm on ?	09:00
cemc	piti: maybe you want to take a look in /etc/php5/cli/php.ini ?	09:00
cemc	depends on how you're using php from lighttpd I think	09:00
piti	I use fastcgi	09:01
piti	but it hasn't changed anything with /etc/php5/cli/php.ini too	09:01
cemc	hm, strange	09:06
cemc	not working for me either	09:07
piti	hum, on a hardy box, I don't have any trouble	09:09
Blank`laptop	oh, lighttpd can only use the cgi php?	09:09
Blank`laptop	i've never used anything on linux other than apache2 so i've never fiddled with it	09:10
Blank`laptop	i manage to massively screw my intrepid installation up when i accidentally started chown'ing everything to www-data	09:11
Blank`laptop	exim is still stuffing up, but i'm not sure how to fix it... perhaps a apt-get purge exim4?	09:12
_ruben	reinstall? :)	09:15
Blank`laptop	a reinstall?!	09:15
Blank`laptop	entire server?	09:15
_ruben	for the average server its faster to reinstall than trying to get all perms back in order	09:15
piti	Blank`laptop: chown everything to www-data is a bad start	09:16
Blank`laptop	yeah that was accidental	09:16
Blank`laptop	i was meaning to type ./ as the folder to chown	09:16
Blank`laptop	however i forgot the dot...	09:16
cemc	oops ;)	09:16
Blank`laptop	i managed to break the operation	09:16
Blank`laptop	however i had no idea how far it got	09:16
Blank`laptop	so i started chowning most folders to root	09:16
Blank`laptop	then got issues with mysql and exim...	09:17
piti	I guess it's easier to reinstall instead of retrieving original owner of each file	09:17
Blank`laptop	i was trying to compare things to another installation of server i had on a spare drive	09:17
Blank`laptop	brb	09:18
piti	cemc: so you don't have any clue ?	09:23
eolo999	hi, i bought a new machine to experiment with kvm and i'm was worrying if 8.10 is the right choice. The machine should offer some prduction services too so i am tempted to stay with 8.04. The new kvm technologies developed in Intrepid justify going on a not LTS release?	09:26
cemc	piti: no clue yet, it's not working for me either, but it did work at some point, so I have to check	09:26
ttx	eolo999: if the main purpose of the machine is testing kvm, I'd go for the latest. This is an area that sees quick improvements.	09:27
ttx	fwiw, "experiment with kvm" and "offer production services" on the same machine doesn't really sound right.	09:28
eolo999	ttx: thx, i know still a ihave to create a stable service while investigating kvm... it's not my choice...	09:31
eolo999	ttx: can i backport new vm tools to 804?	09:32
ttx	eolo999: I'd say the intrepid kvm is less likely to lock up your server, so it's probably a better choice to run intrepid	09:32
ttx	if you intend to upgrade that machine before intrepid support ends	09:33
hads	Hardy kvm doesn't do anything bad here.	09:33
eolo999	what do you mean with 'lock your server'?	09:33
hads	I have a Hardy box running five KVM guests with 260 days uptime	09:34
ttx	hads: yes, it's pretty solid. Though looking at KVM changelog, they keep on nailing new kvm crash issues, so running a later version shouldn't hurt	09:35
ttx	eolo999: I'd say it's more a matter of how long you want to keep this machine without upgrading it.	09:35
ttx	hardy LTS has longer support (obviously) than intrepid.	09:35
hads	Yeah, I'm sure there are situations that I don't run into which cause issues.	09:36
eolo999	thx guys i go for 810!	09:37
Doble	just out of interest hads - what guests are you running?	09:38
Blank`laptop	back	09:38
ttx	eolo999: have a great time with kvm ;)	09:38
hads	Doble: A mixture of Hardy and Intrepid	09:38
eolo999	ttx: ;)	09:39
Doble	what do they run ?	09:39
Doble	your guests	09:40
simplexio	i saw one intrestin kvm patch on lkml, no idea if its in mainiline kernel though. it allowed run something like 64 windows client on 16G ram, it shared identical memeory blocks between virtual clients	09:40
hads	Doble: mail/web/etc. nothing too exciting	09:41
Doble	alright, cheers, i have to head off now - seeya	09:41
piti	cemc: you think I should fill a bug about it, or am I doing something wrong ?	09:45
cemc	probably you're doing something wrong ;) I am sure it does work, I tested some clamav stuff and it worked then, not sure what's happening now, but right now I'm in the middle of something, will look at it later	09:47
piti	ok, no problem	09:47
Hellsheep	Hey	09:50
Hellsheep	Is anyone available to help me with a networking issue	09:51
blue-frog	shoot	09:52
piti	hum, I tried launching the cgi from cli, and it seems to take care of my conf. maybe that's about old php threads which hadn't reload configuration	10:07
piti	ok, I manually killed every php-cgi threads then reload, and it is ok now	10:11
cemc	piti: good to know	10:15
piti	cemc: so you think it's like a bug ?	10:23
_ruben	restarting lighttpd isntead of reloading it probably would've done the trick .. and i dont think its a bug, more a usability issue of sorts :)	10:24
piti	_ruben: I already restarted lighttpd, but this didn't worked	10:27
piti	on a hardy box, all went fine doing that	10:27
piti	(I even tried to stop thhe server, then start it after few seconds)	10:27
_ruben	hmm .. if restarting lighttpd leaves rogue php-cgi processes behind, that i'd qualify as a bug	10:30
oly	hum, can some one direct me to the file to modify ldaps apparmour profile, not used app armour before but its stopping me creating a second database	10:34
_ruben	/etc/apparmor.d/path.to.file	10:36
_ruben	to control the 'rules' for /path/to/file	10:36
oly	cool, got it cheers	10:37
Hellsheep	blue-frog, thanks for the offer. :) I forgot about IRC, ended up asking my brother instead.	10:39
oly	hum, got another question regarding slapd if any one knows, when starting it, slapd ignores my slapd.conf file unless i pass it the -f parameter with a path	10:47
oly	anyone know what may be causing this ?	10:47
mih	hello ! to everyone ! I have an Intrepid with cups,samba,kerberos. I want to make from it - print server, release station, all authentication by kerberos, on Active Directory. All is ok except the xp station that doesn't authenticate to the CUPS server !	10:47
oly	i get the feeling its something todo with /etc/ldap/slapd.d folders	10:48
mih	I see the printers on the cups server but after installing the drivers I get access denied and none of the print jobs I send from the xp get to the cups...	10:48
uvirtbot`	New bug: #337037 in samba (main) "MS Office reports "Access Denied" when saving to samba share" [Undecided,New] https://launchpad.net/bugs/337037	11:05
piti	when does uvirtbot` decides to tell there's a new bug ?	11:12
_ruben	when its a bug thats assigned to the server team iirc	11:13
piti	ah, ok	11:15
piti	thank you	11:15
Blank`laptop	hmm... i'm wondering if i've screwed up something else, look at what happens when i try to ping anything, even localhost	11:15
Blank`laptop	~$ ping localhost	11:15
Blank`laptop	ping: icmp open socket: Operation not permitted	11:15
Blank`laptop	however... just found out that if i sudo ping, it's fine... i'm almost 100% certain i've screwed something else up permissions wise	11:16
cemc	Blank`laptop: firewall ?	11:16
cemc	heh	11:16
Blank`laptop	chowning most things accidentally to www-data then chowning almost everything to root is a bad idea	11:16
Blank`laptop	>.<	11:16
cemc	reinstall :)	11:17
cemc	for how long have you been trying to revive it now? :) a couple of hours maybe?	11:18
cemc	you would've reinstalled it and configured it by now	11:18
Blank`laptop	cemc: about a month or two	11:42
=== Kamping_Kaiser is now known as VK5FOSS
=== VK5FOSS is now known as Kamping_Kaiser
ubuntnoob	if i have a file/print server, should i have it behind a router? or should i configure it to be the router itself?	13:18
ubuntnoob	!if i have a file/print server, should i have it behind a router? or should i configure it to be the router itself?	13:28
ubottu	Error: I am only a bot, please don't think I'm intelligent :)	13:28
mario_	Hi, how can use Logical Volume with jeos?	13:36
_ruben	dont recall jeos having any issues with lvm	13:37
_ruben	then again, i havent used jeos that much	13:37
mario_	I want to assign a logical volume to a guest, i have to add it in the xml configuration file of libvirt?	13:39
_ruben	oh .. i thought you meant lvm within jeos	13:40
_ruben	never used libvirt	13:40
yadu	Hi,i'm a student at CET, India.	14:29
thewrath	hey all	14:29
thewrath	anyone here?	14:29
yadu	We, are planning to set up a mirror for Ubuntu in our college.	14:29
yadu	It would be very nice if someone could help	14:30
thewrath	kool	14:31
sommer	yadu: do you have a specific issue?	14:31
thewrath	so people can download it i presume there yadu ?	14:31
thewrath	where is the apache2.conf file located in 8.04 lts	14:35
thewrath	i completely forget	14:35
sommer	thewrath: /etc/apache2	14:36
thewrath	ty	14:36
thewrath	thought so but i must of had a misspelling	14:36
sommer	thewrath: tab complete is your friend	14:37
thewrath	yeap lol	14:37
thewrath	its not hard to set up a self signed ssl for ur web correct?	14:37
sommer	thewrath: nope not hard	14:37
sommer	!serverguide	14:37
ubottu	The Ubuntu server guide may be found at http://help.ubuntu.com/8.04/serverguide/C/	14:38
thewrath	ty	14:38
sommer	thewrath: there's a section on certificates in the serverguide that has instructions	14:38
thewrath	i did it on my old laptop that had issues so i am trying ot duplicat everything	14:39
=== picturesque is now known as domas
thewrath	hi domas	14:39
thewrath	Permission ddenied: make_sock: could not bind to address 0.0.0.0:80 no listening sockets avaiable, shuttind down unable to open logs	14:40
thewrath	apache failed to do force-reload	14:40
thewrath	why	14:40
domas	hi!	14:40
thewrath	all i did was added this after the only <directory stuff>	14:41
thewrath	UserDir public_html	14:42
thewrath	UserDir disabled root	14:42
thewrath	<Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Options Indexes SymLinksIfOwnerMatch IncludesNoExec	14:42
sommer	thewrath: did you use sudo ?	14:42
thewrath	duh	14:42
thewrath	id idnt	14:42
thewrath	as you can see how tired i am atm	14:42
thewrath	sommer: genius and a life saver	14:42
sommer	thewrath: heh, I give you permission to take a nap	14:42
thewrath	lol	14:42
incorrect	I am trying to allow a user to sudo to another user without a password	14:42
thewrath	hmm	14:43
thewrath	not sure if you are able to do that	14:43
incorrect	thewrath, is that directed at me?	14:43
thewrath	sommer: guide have how to install services for irc server?	14:43
thewrath	yes i always thought to sudo you needed a password	14:43
incorrect	NOPASSWD works	14:43
sommer	thewrath: not yet, but it's on my list for karmic	14:43
incorrect	just i can't change the user	14:43
thewrath	karmic?	14:44
sommer	incorrect: you might try giving sudo access to su	14:44
sommer	thewrath: the next ubuntu release	14:44
thewrath	9.04?	14:44
thewrath	i didnt think that was called karmic	14:44
sommer	thewrath: 9.10	14:44
incorrect	sommer, can you tell me how to run su over ssh?	14:44
thewrath	where can i find a good tutorial how to install services	14:44
thewrath	sommer: all right awesome	14:44
incorrect	su complains that it needs a terminal	14:44
sommer	incorrect: well you'd ssh first then su to the other user... not sure if you can limit which user with su though	14:45
yann2	ttx > around?	14:45
ttx	yann2: yes	14:45
incorrect	i want to ssh host su - user -c script	14:45
yann2	I got issues with java on ubuntu hardy, I got pointed to you :) i suspect a memleak	14:46
yann2	I thought maybe you could help?	14:46
yann2	(related to: http://bugzilla.zimbra.com/show_bug.cgi?id=34040 )	14:46
sommer	incorrect: ah, ummmm I've done something similar, but what I did was ssh sudo -u user /usr/local/bin/script	14:46
ttx	yann2: Probably not, but tell me more :)	14:46
uvirtbot`	bugzilla.zimbra.com bug 34040 in Other - Server "Zimbra java consumes all memory on Ubuntu 8.0.4 64bit" [Blocker,New]	14:46
incorrect	sommer, can you do it with nopassword?	14:47
yann2	ttx > there is a bug on zimbra's bugzilla, that is ubuntu specific	14:47
ttx	looking	14:47
sommer	incorrect: if you configure sudo to execute the script with NOPASSWD	14:47
sommer	incorrect: and setup ssh keys	14:47
yann2	beyond the fact that the bug is affecting me and is scary, I am a bit afraid that it may put some shadow over future support for ubuntu	14:47
incorrect	sommer, strange keeps asking me for a password	14:47
thewrath	any suggestions for installing irc server services	14:47
thewrath	nickserv, etc	14:47
sommer	incorrect: which part the ssh to the host, the sudo, or a command in the script itself?	14:48
yann2	looks like that in the end http://monitoring.thehumanjourney.net/munin/server/zimbra.server-memory.html	14:48
incorrect	well i set user ALL=(ALL) NOPASSWD thinking this would let them sudo -i user2	14:49
sommer	incorrect: do you want them to have an interactive shell? or just execute a script then exit?	14:49
ttx	yann2: looks like a Sun JVM bug in the 1.5 version shipped in hardy	14:49
* ttx looks more		14:50
incorrect	sommer, either	14:50
yann2	ttx > is what I think too :)	14:50
ttx	yann2: would it run with sun-java6 or openjdk-6 instead ?	14:51
=== mike is now known as thewrathjr
yann2	oh wait wait I think I pointed this to you too early	14:52
yann2	I think they bundle their own java (ever heard of zimbra?)	14:52
yann2	sorry about that... got no idea why the bug then :(	14:53
ttx	well they must bundle a buggy JVM version	14:53
joe-mac	has anybody here ever noticed apt-proxy spitting out 404s when it's low on memory?	14:53
sommer	incorrect: you might try ssh user@host sudo -u user script	14:54
ttx	ttx: doesn't seem completely ubuntu-specific, see "We have seen this behavior on SLES for a number of 5.0 versions." comment	14:54
ttx	yann2: ^	14:54
yann2	uh, missed that one.	14:54
thewrath	does anyone have experienc with setting up irc server?	14:54
=== mike is now known as Guest72362
yann2	right this is partly good news :)	14:54
* incorrect goes and bangs his head against the wall		14:55
yann2	thx for your help ttx , sorry I should have remembered that java was bundled	14:55
incorrect	sommer, i am stupid	14:55
ttx	yann2: np	14:55
thewrath	ttx: any knowledge of irc?	14:55
sommer	incorrect: did it work?	14:55
incorrect	sommer, i had it right apart from a typo	14:55
sommer	incorrect: heh, it happens	14:55
ttx	thewrath: yes, as in "I'm currently using it".	14:56
thewrath	well i mean setting upa irc server	14:56
thewrath	i think i found some stuff for the scripts	14:56
thewrath	but i want to install the services	14:56
ttx	thewrath: then, no: no knowledge of setting up any irc server.	14:57
thewrath	does anyone?	15:00
thewrathjr	okay i think i got this working fine now can someone say something	15:08
thewrath	okay now try	15:09
thewrath	what is command to remove some things that the sudo-get remove didnt	15:18
thewrath	like when you install something but it has to haev other things installed	15:18
maxb	Perhaps you are thinking of "apt-get autoremove" ?	15:18
thewrath	yes	15:19
thewrath	pefect	15:19
thewrath	thank you	15:19
thewrath	hmm	15:25
andol	cjwatson: I must say I appreciated reading your bug rant on bug triage. To me it was definitely educational. Not sure how much I have "sined" so far, but I will very much try not to do so in the future.	15:30
cjwatson	andol: thanks :-)	15:59
giovani	someone has claimed the $1000 djbdns prize!!	16:44
domas	sbeattie: so strange to see whole bug description to be revamped	16:46
domas	giovani: haha,how?	16:47
giovani	domas: http://article.gmane.org/gmane.network.djbdns/13864	16:47
sbeattie	domas: prepping for an SRU.	16:51
sbeattie	domas: any chance you could test one of the kernels I pushed into my ppa and give feedback?	16:52
domas	sbeattie: I tried them on a VM, it seemed to work, though I didn't try in live environment	16:57
sbeattie	domas: but you didn't see the leak you were seeing before, right?	16:58
domas	nope	16:58
domas	you have my testcase though :)	16:58
sbeattie	cool, can you add a comment to that effect?	16:58
sbeattie	yep, thanks for synthesizing it down to that, very much appreciated.	16:59
kirkland	didrocks: http://blog.dustinkirkland.com/2009/03/ubuntu-encrypted-home-with-2-factor.html	20:18
didrocks	kirkland: thanks a lot :)	20:21
kirkland	didrocks: thanks for the nudge :-)	20:21
axisys	on a nvidia raid devicemapper how can I tell the raid1 disks are sync after putting a new disk? looking for a /proc/mdstats time file	20:41
=== photon_ is now known as photon
ubuntnoob	hello!	21:09
ivoks	gr... why did dell put ubuntu on worst hardware... ever	21:35
giovani	?	21:35
ivoks	after two weeks a key droped from keyboard	21:36
ivoks	two months after purchase - disk died	21:36
ivoks	on the same dell vostro a860	21:36
JanC	if you want good hardware, why do you buy from Dell? ;)	21:39
HAN67431	hello all	21:40
HAN67431	need help with dovecot and postfix saslauth	21:40
ivoks	JanC: they have good servers, so i tought.... :)	21:41
ivoks	HAN67431: just ask	21:41
HAN67431	k	21:41
HAN67431	i followed the server guide for postfix and saslauth with dovecot	21:41
HAN67431	everything work fine	21:42
HAN67431	outlook 2007 can authenticate using smtp auth and thunderbird but windows mail (vista) makes no attempt to authenticate, i have tried 2 diffrent pc's	21:43
HAN67431	and from the mail.log it only tries to send the mail	21:43
HAN67431	other client first authenicates then send the mail	21:43
HAN67431	windows makes not attempt	21:43
ivoks	then vista mail is broken	21:43
HAN67431	i have a another server (centos with cyrus sasl) and with windows mail it work 100%	21:44
giovani	get a packet trace	21:44
ivoks	maybe you configured wrong auth mechanism on client?	21:44
giovani	then we can see what's actually going on rather than guessing in the wind	21:44
HAN67431	well, i only select "my outgoing server requires authenication" with the username password...	21:45
ivoks	and did you configure postifx to accept plain text authentication?	21:46
HAN67431	and windows mail work fine with my other server	21:46
HAN67431	yes	21:46
giovani	once again	21:46
giovani	a packet capture would remove all of the guesswork	21:46
ivoks	broken_sasl_auth_clients = yes	21:46
ivoks	?	21:46
HAN67431	yes	21:46
HAN67431	broken_sasl_auth_clients	21:46
HAN67431	yip	21:46
ivoks	giovani: there's not much you can see in crypted traffic :)	21:47
giovani	ivoks: who said it's encrypted?	21:47
giovani	I didn't hear him mention encryption	21:47
ivoks	right, you have a point there...	21:47
ivoks	it should be crypted, anyway	21:48
ivoks	HAN67431: smtpd_tls_auth_only	21:48
giovani	indeed it should -- however, for the purposes of troubleshooting, it would be helpful to remove that, so as to reduce the number of variables	21:48
giovani	ivoks: he has to set up TLS first ... but ok	21:48
ivoks	HAN67431: is that set?	21:48
incorrect	my servers have 32gb of ram, i don't feel like turning over 48gb of disk over for swap,	21:48
ivoks	HAN67431: if not, set it to no	21:48
giovani	incorrect: then don't?	21:48
HAN67431	i have TLS Support	21:48
ivoks	JanC: smtpd_tls_auth_only = no	21:49
ivoks	doh :)	21:49
incorrect	is there any reason why I should not just run with 2gb of swap, just in case i spill over a bit?	21:49
ivoks	JanC: sorry :)	21:49
HAN67431	tls_only is set to no	21:49
HAN67431	want to see my main.cf config?	21:49
ivoks	HAN67431: not really :)	21:49
HAN67431	lol	21:49
giovani	incorrect: not that I know of -- the guidelines are just that, guidelines -- and most of them are antiquated anyway -- you have to do what's best for your environment	21:49
incorrect	giovani, thanks for that, I was in that frame of mind too	21:50
giovani	I haven't used more than 25-50% swap in nearly 10 years :)	21:50
HAN67431	well this is that i test enviroment	21:50
HAN67431	i have been using centos	21:50
HAN67431	testing out ubuntu	21:50
ivoks	incorrect: guideliness: if server_has_ram =< 2GB; then SWAP = server_has_ram * 2; else: SWAP = 2GB	21:50
giovani	HAN67431: I've told you what would make troubleshooting easy	21:50
ivoks	HAN67431: ok, then put your main.cf somewhere	21:51
giovani	incorrect: afaik, in 2.6, swap files are just as fast as swap partitions -- would give you more flexibility -- http://lkml.org/lkml/2005/7/7/326	21:52
HAN67431	http://pastebin.com/m26fceb49	21:52
incorrect	giovani, the idea is I am never going to touch swap	21:52
incorrect	if i do something has gone wrong	21:53
incorrect	but i don't want the system to die	21:53
giovani	incorrect: swap will be used sometimes, even if you don't run out of ram	21:53
HAN67431	its really weird that only windows mail saslauth wont work...	21:53
giovani	so, having none would not be great -- but 2GB is probably plenty	21:53
incorrect	giovani, you can set swappiness to 0	21:53
giovani	HAN67431: not really ... microsoft breaks stuff all the time	21:53
giovani	incorrect: yes, you can	21:53
HAN67431	lol	21:53
ivoks	and apple too	21:53
incorrect	giovani, 2gb was what i was thinking	21:53
giovani	incorrect: I'd go with that then -- report back if there are any issues -- I'll be curious if there are	21:54
ivoks	apple mail will at some point just refuse to connect to server	21:54
ivoks	and spit that 'server is broken'	21:54
giovani	smtpd_banner = $myhostname ESMT	21:54
giovani	I think you accidentally lost a "P" there	21:54
ivoks	without even establishing tcp connection	21:54
HAN67431	lol yes	21:54
incorrect	giovani, i will have 200 odd machines this year, so its got to be right	21:54
giovani	incorrect: you have 200 machines with 32GB of ram?	21:55
giovani	smtp_use_tls = yes	21:55
incorrect	giovani, i have 90 with 8 right now, 25 with 32, and 5 with 16 but 6tb per box	21:55
giovani	you've also duplicated this line	21:55
incorrect	ill be buying another 60 next month	21:56
ivoks	giovani: um...not?	21:56
giovani	incorrect: gotcha -- well, if you have a network that large, you should know that you should have non-production machines to do stress-testing on before deploying anything	21:56
ivoks	#	21:56
ivoks	smtpd_use_tls = yes	21:56
ivoks	#	21:56
ivoks	smtp_use_tls = yes	21:56
giovani	oh sorry	21:56
giovani	my mistake	21:56
HAN67431	?	21:56
incorrect	giovani, sort of, but nothing of the larger machines	21:56
giovani	HAN67431: nothing, ignore it	21:56
HAN67431	i am using tls	21:56
giovani	so you've told us	21:57
incorrect	I really should publish my openldap packaged 2.5.15, and bdb 4.7, I have n-way replication working	21:58
jmedina	incorrect: how is your n-way setup?	21:59
incorrect	jmedina, works pretty well	22:00
HAN67431	something tells me that it is a config issue with dovecot because why would cyrus saslauth work?	22:00
giovani	HAN67431: doubtful	22:00
HAN67431	on my centos box	22:00
jmedina	incorrect: have you been monitoring your contextCSN?	22:00
giovani	because your config is probably slightly different	22:00
giovani	HAN67431: why is it that I've asked like 10 times for a packet capture ...	22:01
jmedina	I have seee a lot of inconsitencies with earlier versions	22:01
incorrect	jmedina, i backported bdb4.7 and built new packages for 2.5.15 where the contextCSN problem was fixed	22:01
=== photon is now known as graviphoton
=== graviphoton is now known as photon
jmedina	incorrect: do you have hardy packages? :D	22:01
HAN67431	i am on it	22:01
incorrect	jmedina, i do	22:01
incorrect	jmedina, its for hardy	22:01
incorrect	i need to setup reprepo	22:02
giovani	HAN67431: it's just a quick tcpdump server-side	22:02
jmedina	incorrect: I can test them, I only use openldap on hardy	22:02
jmedina	incorrect: are you using any load balancer?	22:02
incorrect	jmedina, don't need to, i have loads of servers around the place, so i have all the local ones to each data centre/network setup	22:03
ivoks	HAN67431: dovecot sasl doesn't support MD5 and others	22:03
ivoks	HAN67431: it supports only 'login'	22:03
ivoks	HAN67431: cause you can't decrypt user password from shadow	22:04
=== st37 is now known as appletree
incorrect	jmedina, i am using haproxy to load balance my data centre's that works pretty well	22:04
incorrect	next i've got to get bonding configured during my pxe install	22:06
HAN67431	i am not using secure password authentication on the server	22:06
jmedina	incorrect: so you point your apps to a local replica?	22:07
incorrect	jmedina, yes, if you list them, they fail over	22:07
jmedina	incorrect: lets write a wiki about thease I can help testing	22:07
incorrect	there is already plenty on it	22:07
jmedina	but not the ubuntu way :D	22:08
incorrect	I should fix the errors on the official guide	22:08
jmedina	I have used simple syncrepl using two servers in apps configs, with only one master	22:09
jmedina	how is the setup in the clients? lets say a proxy squid	22:09
HAN67431	http://pastebin.com/m69fb136e	22:09
HAN67431	tcpdump	22:09
incorrect	I have pretty much all my systems slaving off ldap now	22:10
jmedina	and how is managed fail over?	22:11
jmedina	that is my doubts	22:11
incorrect	jmedina, try setting multiple uri's in your ldap.conf	22:11
jmedina	ok	22:12
incorrect	i have it a bit like my /etc/resolv.conf	22:12
incorrect	a master and then if that isn't there it fails over	22:12
incorrect	you could use a load balancer	22:12
incorrect	haproxy would work nicely for it	22:12
HAN67431	pop3 work 100% with windows mail its just smtp-auth that it wont do,	22:13
HAN67431	like i said tried it on two pc with windows mail same thing	22:13
HAN67431	outlook 2003/2007 no issues	22:14
HAN67431	using debug_auth in dovecot.conf	22:15
ivoks	HAN67431: http://www.vistax64.com/vista-mail/88396-smtp-auth-windows-mail.html	22:15
ivoks	HAN67431: you are not alone	22:15
HAN67431	outlook auths but windows mail makes not attempt to auth	22:15
HAN67431	yes i did have a look at that but why does it work with cyrus-saslauth	22:16
HAN67431	i have no issues	22:16
Zerqent	HAN67431: .. smtp-auth and dovecot.. are you trying to use an imap/pop3 server for smtp?	22:16
ivoks	Zerqent: dovecot can export authentication to postfix	22:17
Zerqent	ivoks: aha, didn't know that =)	22:17
HAN67431	no dovecot has its own sasl mechimisn	22:17
ivoks	HAN67431: users are in sql, ldap?	22:18
ivoks	on in passwd?	22:18
HAN67431	no normal system users	22:18
HAN67431	passwd	22:18
HAN67431	this is the guide i followed step by step	22:19
HAN67431	https://help.ubuntu.com/8.10/serverguide/C/postfix.html	22:19
ivoks	HAN67431: did you check 'Lon on using Secure Password Authentication'?	22:21
HAN67431	yes	22:21
ivoks	why?	22:21
ivoks	uncheck it	22:21
HAN67431	tried it	22:21
ivoks	it must be off	22:21
HAN67431	it is	22:21
jmedina	incorrect: are you uploading the packages?	22:22
HAN67431	anyway in the log file it show no attempt to authenticate	22:22
HAN67431	where with outlook it show sasl authenication=plain ....etc	22:22
incorrect	jmedina, not sure where a good location would be	22:22
ivoks	HAN67431: i don't know... i'll have to test that on my own; but i don't have vista	22:24
jmedina	incorrect: lauchpad?	22:24
incorrect	jmedina, not used it	22:24
HAN67431	log file windows mail	22:25
HAN67431	http://pastebin.com/m686cad65	22:25
jmedina	incorrect: maybe in a PPA	22:25
jmedina	that is the place afaik	22:25
HAN67431	outlook 2007	22:26
HAN67431	http://pastebin.com/m7bbb2461	22:26
incorrect	jmedina, ill make you a tar.bz2	22:27
HAN67431	anyway if someone have vista please test it with windows mail and ubuntu with this guide	22:27
jmedina	incorrect: thanks	22:27
ivoks	HAN67431: you are missing couple of lines in first one	22:27
HAN67431	if someone sees something can i they drop me a email jancarel.putter@gmail.com	22:27
jmedina	ivoks: it looks like copy paste doesnt work	22:27
jmedina	in the wikis :D	22:27
giovani	HAN67431: where's the packet capture?	22:28
ivoks	jmedina: :)	22:28
jmedina	HAN67431: why not debuging smtpd in postfix (master.cf)	22:28
HAN67431	http://pastebin.com/m69fb136e	22:28
HAN67431	the first one is windows mail	22:28
giovani	uh	22:28
giovani	but that doesn't show us the actual contents	22:28
HAN67431	second one is outlook 2007	22:28
giovani	heh	22:28
giovani	that's just the summary view	22:28
ivoks	HAN67431: and you are missing couple of lines on it	22:28
giovani	what good is that?	22:29
HAN67431	?	22:29
giovani	sigh	22:29
ivoks	HAN67431: log doesn't start with 'NOQUEUE'	22:29
giovani	we need a PCAP	22:29
giovani	so we can see what the client is trying to do, if anything	22:29
giovani	to authenticate	22:29
ivoks	HAN67431: it starts with clien=unknown...	22:29
ivoks	client	22:29
giovani	tcpdump -i ethX -s0 -w file.pcap	22:29
incorrect	jmedina, there is a little bug with the packaging of bdb utils, you have to chmod the executables into running,, I was lazy when i backported it	22:30
incorrect	jmedina, also i've only built 64bit debs, you should be able to compile 32bit ones if you need	22:31
jmedina	incorrect: which executables? db4-restore and like that?	22:31
incorrect	jmedina, yes	22:32
HAN67431	where can i send the file to or upload it>	22:32
incorrect	jmedina, chmod 755 is easy enough	22:32
jmedina	incorrect: there is a launchpad service for upload	22:32
giovani	HAN67431: I don't know -- you tell me -- a web server ... somewhere	22:32
jmedina	ivoks: you know where can incorrect upload some packages for testing?	22:32
ivoks	jmedina: ppa?	22:32
ivoks	or they are already binaries?	22:33
jmedina	ivoks: I dont know how do it with ppa, binaries	22:33
incorrect	jmedina, ill drop them on my server,	22:33
jmedina	damn, when I was tring to learn how to contribute con server team this crisis bring me a lot of work, more time out of office	22:34
ivoks	i'm not sure there's anything for binaries :/	22:34
ivoks	anyway... 23:35; time to leave	22:34
giovani	HAN67431: you made sure SSL/TLS was off when you did the packet capture right? because that's the only way we can read it	22:34
HAN67431	yes	22:35
HAN67431	but i vim the file cant read anything but i disabled SSL/TLS on the client	22:36
HAN67431	the file is in pcap format	22:36
giovani	vim? it's a pcap, it's a binary	22:36
HAN67431	o	22:36
giovani	just post it somewhere	22:36
HAN67431	ok	22:37
giovani	then we'll see what type of auth the client is attempting, if any	22:37
HAN67431	but the contents or the fiel itself	22:37
giovani	that'll tell us if the server is misconfigured, or the client	22:37
giovani	the file itself	22:37
HAN67431	where?	22:37
giovani	the contents aer the same thing as the file -- it's a binary	22:37
ivoks	'night	22:37
giovani	you don't have a webserver?	22:37
HAN67431	mmmm...	22:38
HAN67431	no	22:39
giovani	hah	22:40
giovani	good luck then	22:40
HAN67431	http://196.212.34.107/file.pcap	22:42
incorrect	jmedina, you can get them at http://www.badape.net/ldap/	22:43
giovani	HAN67431: problem found	22:43
giovani	your client is not attempting to authenticate AT ALL	22:43
giovani	it simply connects and begins sending mail	22:43
jmedina	incorrect: where did you backported these p[acagkes?	22:43
giovani	and is getting relay denied	22:44
giovani	HAN67431: either you've misconfigured your client, or the client is broken	22:44
HAN67431	yes	22:44
incorrect	jmedina, they were built on my opertons	22:44
jmedina	incorrect: 114M?	22:44
giovani	HAN67431: this is not a server problem whatsoever	22:44
incorrect	jmedina, that is the source	22:44
giovani	your client makes no attempt to authenticate	22:44
HAN67431	i have permit sasl_authenicated	22:44
incorrect	and everything you need to rebuild	22:44
giovani	HAN67431: that's not the problem, please read what I just wrote	22:45
HAN67431	as i said it work with outlook 2007	22:45
HAN67431	cant be the client	22:45
giovani	it is the client	22:45
giovani	I can tell you without a doubt	22:45
HAN67431	two pc cant have the same issue	22:45
giovani	yes they can	22:45
giovani	if you'd like to argue with me ... go ahead ... I'm going to stop here	22:45
giovani	your pcap trace shows very clearly the client making no attempt to authenticate whatsoever	22:45
HAN67431	thank you...anyway for your help	22:45
HAN67431	yes	22:45
HAN67431	i know	22:46
giovani	your client is broken, or doesn't support PLAIN auth	22:46
giovani	since that's all you're offering it	22:46
HAN67431	but ok i hear what you say and its all good	22:47
giovani	it's not all good :)	22:47
jmedina	incorrect: could you please leave the files until tomorrow?	22:47
jmedina	I cant download them right now	22:47
HAN67431	but why does it work with cyrus-sasl	22:47
incorrect	jmedina, not a problem	22:47
jmedina	thanks	22:47
giovani	HAN67431: possibly because cyrus is offering something more than PLAIN auth -- it's possible windows mail doesn't support PLAIN auth	22:47
incorrect	jmedina, i might get organised and setup a repository	22:48
incorrect	i built one for my server farm	22:48
incorrect	its 11pm here	22:48
jmedina	incorrect: that will be good, but for backports I think the better way is usea a PPA	22:48
HAN67431	so dovecot can only do plain auth	22:48
giovani	HAN67431: no ... you've just not configured it to do anything else	22:48
jmedina	here 17	22:48
incorrect	jmedina, a ppa?	22:49
ScottK	jmedina: What's wrong with backports?	22:49
giovani	HAN67431: you need to edit /etc/dovecot/dovecot.conf	22:50
jmedina	ScottK, sorry, there is nothing wrong, it was my english	22:50
incorrect	i've been building my own packages for 10 odd years	22:50
giovani	and edit the part that says "mechanisms = plain" and add something else -- like cram-md6	22:50
giovani	md5*	22:50
giovani	"mechanisms = plain cram-md5"	22:50
giovani	like that	22:50
ScottK	Actually it's probably login you want.	22:50
giovani	I don't know that this will solve your problem -- but it's possible	22:50
jmedina	I have digest auth, /me preferes starttls	22:51
ScottK	Older MS clients don't support plain, they support login	22:51
giovani	ScottK: this is a new ms client	22:51
giovani	ScottK: Windows Mail	22:51
giovani	(visa equivalent of Outlook Express)	22:51
ScottK	Dunno about that one.	22:51
giovani	vista*	22:51
ScottK	Might still need login then.	22:51
giovani	HAN67431: add "login" for good measure then as well	22:52
ScottK	cram-md5 is a shared secret mechanism, so it would take additional setup.	22:53
giovani	i.e. "mechanisms = plain login cram-md5"	22:53
giovani	ScottK: shared secret? it's a challenge-response	22:53
giovani	based on the password and the challenge being md5ed	22:53
giovani	no additional setup -- most clients support it out of the box	22:54
HAN67431	lol thats the issue	22:56
giovani	what is? :)	22:56
HAN67431	windows mail uses login	22:56
HAN67431	lol	22:56
HAN67431	not plain	22:56
giovani	HAN67431: ok ... so less arguing next time about how it's the server	22:57
HAN67431	thank you very much	22:57
HAN67431	lol	22:57
giovani	packet captures save the day once again :)	22:57
giovani	people get too caught up in their high-level troubleshooting tools	22:57
HAN67431	i think you did	22:57
giovani	ScottK came through with the windows loving login-only knowledge, never knew that myself	22:58
HAN67431	thanks scottK	22:58
Hans67521	sorry i am still very noob when it comes to ubuntu/linux	23:11
Hans67521	but thank for helping me solving my problem....	23:12
giovani	you're welcome	23:12
ScottK	Hans67521: You're welcome.	23:14
=== rgreening_ is now known as rgreening

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!