[01:28] <tbielawa> Greetings
[01:35] <uvirtbot`> New bug: #337534 in mysql-dfsg-5.0 (main) "install fail my video player" [Undecided,New] https://launchpad.net/bugs/337534
[01:35] <tbielawa> Can anyone point me at a definitive list showing the details between configuration of a linux-image-virtual kerbel and a generic kernel?
[01:36] <tbielawa> Research so far suggests the -virtual flavor is mostly slimmed down in terms of devices compiled in
[01:36] <tbielawa> :)
[01:38] <JanC> tbielawa: exactly
[01:39] <JanC> tbielawa: VMs don't need a lot of devices
[01:39] <tbielawa> JanC, thanks for the confirmation. I just started to dig around package sources. you saved me some time :-)
[01:40] <JanC> there might be some other changes, but in general, it's optimized for running in VMs
[01:41] <tbielawa> Can you speak on the delta between -server and -virtual?
[01:41] <maxb> tbielawa: the relevant bit of the source: http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=tree;f=debian/sub-flavours;h=f40a10bee9057abd5604a3fa8da6d7d918f1956f;hb=HEAD
[01:42] <tbielawa> Thanks maxb
[01:44] <tbielawa> In my work place we've set up enough infrastructure to finally roll out on a much bigger scale with the virtualization
[01:44] <tbielawa> So last steps before that gets going fully is performance tuning and tweaking
[01:45] <tbielawa> I'd appreciate any helpful resources for that topic.
[02:59] <^law^> hello anyone can help me to make my db2 autostart in my ubuntu server?
[03:00] <JanC> ^law^: eh, DB2 has no init script?
[03:00] <uvirtbot`> JanC: Error: "law^:" is not a valid command.
[03:00] <JanC> shut up uvirtbot`  :P
[03:01] <^law^> when i want to connect to my db2 db for each times i start my server i must invoke "db2start"
[03:02] <^law^> i want to make it autostart. have any idea?
[03:03] <^law^> anybody?
[03:06] <JanC> like I said, you proably need an init script
[03:06] <JanC> or if you have one, you need to mak sure it's started
[03:06] <^law^> hmm is  it possible to add some in inittab?
[03:07] <^law^> hmm is  it possible to add something in inittab?
[03:08] <JanC> normally, init scripts go into /etc/init.d/* and they are symlinked from the directories that indicate what script to start or stop for a certain runlevel
[03:09] <JanC> do you know how sysvinit works?
[03:09] <JanC> (in the future upstart should do this, but for now you need the sysvinit machinery)
[03:12] <^law^> hmm
[03:12] <JanC> I guess you didn't install DB2 from an Ubuntu-specific package...
[03:13] <^law^> my ubuntu is intreoid
[03:13] <^law^> intrepid
[03:13] <^law^> n it seems there is no db2 packge forit
[03:13] <^law^> so i install manually
[03:14] <^law^> formerly i can autostart my aolserver by adding a line in inittab
[03:15] <^law^> i found the line in the internet
[03:15] <^law^> but now cn't find for db2
[03:16] <JanC> hm, there were DB2 packages for Ubuntu in the past
[03:17] <JanC> maybe you can steal something out of these
[03:17] <^law^> but now i already succeed install it
[03:17] <^law^> n now i just wanna make it autostart
[03:18] <^law^> JanC, for making one autostart we can do it by editing inittab or adding initscript in /etc/init.d rite?
[03:20] <JanC> ^law^: I suggest writing an init script
[03:20] <uvirtbot`> JanC: Error: "law^:" is not a valid command.
[03:20] <^law^> wat is the diffrent by adding initscript n editing inittab?
[03:20] <JanC> that way you can at least shut it down properly too
[03:21] <^law^> but now i can do db2start to start the dbmanager n db2stop to stop it
[03:21] <^law^> it just won'y autostart
[03:22] <JanC> you want it to "autostop" too...
[03:22] <^law^> no
[03:23] <^law^> i'm wondering wat line must i add into my initttab
[03:23] <JanC> well, if you don't care about possible dataloss, fine for me...  ;)
[03:27] <^law^> wat u mean by dataloss?
[03:28] <JanC> if you don't stop DB2 properly before a shutdown or reboot...
[03:29] <^law^> hmmm
[03:29] <^law^> when shutdown/reboot must stop db2?
[03:30] <^law^> i never do tat?
[03:32] <twb> ^law^: Ubuntu has no inittab.
[03:32] <uvirtbot`> twb: Error: "law^:" is not a valid command.
[03:32] <twb> ^law^: PS: please pick a less silly nick in future.
[03:32] <uvirtbot`> twb: Error: "law^:" is not a valid command.
[03:32] <JanC> twb: if you create one, it's used
[03:32] <^law^> a?
[03:32] <^law^> my ubuntu server have inittab
[03:32] <twb> JanC: what package is responsible for that?  upstart-sysvinit-compat ?
[03:33] <^law^> i just fresh installed it 2 days ago
[03:33] <JanC> yeah, see  /etc/event.d/rc-default
[03:33] <twb> JanC: thank you, I did not know that.
[03:33] <JanC> if it has, ^law^, it's because you created it
[03:34] <JanC> it's not there by default
[03:34] <twb> JanC: unless he's running something ridiculously old, like 6.04
[03:34] <JanC> maybe
[03:34] <^law^> no
[03:34] <twb> But I suspect more likely is that he's done a third-party sharball install or something for db2, which has "helpfully" created it because "shucks, ALL systems are SysV dontcherknow"
[03:34] <^law^> i didn't create it
[03:34] <^law^> no
[03:35] <^law^> i install db2 manually
[03:35] <^law^> without any 3party
[03:35] <twb> ^law^: that's what I'm saying.
[03:35] <uvirtbot`> twb: Error: "law^:" is not a valid command.
[03:35]  * JanC kicks uvirtbot`  :P
[03:35] <twb> JanC: its not uvirtbot`'s fault that people choose stupid nicks
[03:36] <twb> Excuse me, I'm a grumpy old man and I'm not used to "polite" channels like #ubuntu*
[03:37] <JanC> twb: it could check nicks before sending error messages  ;)
[03:37] <twb> JanC: while we're at it, let's fix IRC
[04:26] <Hellsheep> Hey, i have a thread posted in the forums i was wondering if someone can look at please.
[04:26] <Hellsheep> http://ubuntuforums.org/showthread.php?p=6833609#post6833609
[04:36] <Hellsheep> Is anyone here able to help with a networking issue?
[04:47] <twb> Hellsheep: can you give a one-sentence description of the problem, so I can decide whether I can be bothered dealing with a web forum?
[04:48] <Hellsheep> Connecting my network like this: Phone Line>Modem>Server>Router/switch>windows PC's so basically i want to know how to set something like that up, and configure the server to process the internet and route it out
[04:50] <Hellsheep> i can explain more if you like
[05:01] <twb> Sorry, I'm not interested.
[05:04] <Hellsheep> No problem
[08:37] <kraut> moin
[08:48] <piti> Hi
[08:49] <piti> I have a strange behavior: I'm not able to set on php core option "allow_url_fopen" to on. The conf file is already setted to on, but the configuration doesn't seem to reload
[08:51] <piti> I use lighttpd so the conf file is /etc/php5/cgi/php.ini, and tried to reload with /etc/init.d/lighttpd restart
[08:51] <piti> and it's on a gutsy box
[08:56] <cemc> piti: other conf options do work ?
[08:59] <piti> hum good advice: it seems not to
[09:00] <piti> does it use an other conf file than the one I'm on ?
[09:00] <cemc> piti: maybe you want to take a look in /etc/php5/cli/php.ini ?
[09:00] <cemc> depends on how you're using php from lighttpd I think
[09:01] <piti> I use fastcgi
[09:01] <piti> but it hasn't changed anything with /etc/php5/cli/php.ini too
[09:06] <cemc> hm, strange
[09:07] <cemc> not working for me either
[09:09] <piti> hum, on a hardy box, I don't have any trouble
[09:09] <Blank`laptop> oh, lighttpd can only use the cgi php?
[09:10] <Blank`laptop> i've never used anything on linux other than apache2 so i've never fiddled with it
[09:11] <Blank`laptop> i manage to massively screw my intrepid installation up when i accidentally started chown'ing everything to www-data
[09:12] <Blank`laptop> exim is still stuffing up, but i'm not sure how to fix it... perhaps a apt-get purge exim4?
[09:15] <_ruben> reinstall? :)
[09:15] <Blank`laptop> a reinstall?!
[09:15] <Blank`laptop> entire server?
[09:15] <_ruben> for the average server its faster to reinstall than trying to get all perms back in order
[09:16] <piti> Blank`laptop: chown everything to www-data is a bad start
[09:16] <Blank`laptop> yeah that was accidental
[09:16] <Blank`laptop> i was meaning to type ./ as the folder to chown
[09:16] <Blank`laptop> however i forgot the dot...
[09:16] <cemc> oops ;)
[09:16] <Blank`laptop> i managed to break the operation
[09:16] <Blank`laptop> however i had no idea how far it got
[09:16] <Blank`laptop> so i started chowning most folders to root
[09:17] <Blank`laptop> then got issues with mysql and exim...
[09:17] <piti> I guess it's easier to reinstall instead of retrieving original owner of each file
[09:17] <Blank`laptop> i was trying to compare things to another installation of server i had on a spare drive
[09:18] <Blank`laptop> brb
[09:23] <piti> cemc: so you don't have any clue ?
[09:26] <eolo999> hi, i bought a new machine to experiment with kvm and i'm was worrying if 8.10 is the right choice. The machine should offer some prduction services too so i am tempted to stay with 8.04. The new kvm technologies developed in Intrepid justify going on a not LTS release?
[09:26] <cemc> piti: no clue yet, it's not working for me either, but it did work at some point, so I have to check
[09:27] <ttx> eolo999: if the main purpose of the machine is testing kvm, I'd go for the latest. This is an area that sees quick improvements.
[09:28] <ttx> fwiw, "experiment with kvm" and "offer production services" on the same machine doesn't really sound right.
[09:31] <eolo999> ttx: thx, i know still a ihave to create a stable service while investigating kvm... it's not my choice...
[09:32] <eolo999> ttx: can i backport new vm tools to 804?
[09:32] <ttx> eolo999: I'd say the intrepid kvm is less likely to lock up your server, so it's probably a better choice to run intrepid
[09:33] <ttx> if you intend to upgrade that machine before intrepid support ends
[09:33] <hads> Hardy kvm doesn't do anything bad here.
[09:33] <eolo999> what do you mean with 'lock your server'?
[09:34] <hads> I have a Hardy box running five KVM guests with 260 days uptime
[09:35] <ttx> hads: yes, it's pretty solid. Though looking at KVM changelog, they keep on nailing new kvm crash issues, so running a later version shouldn't hurt
[09:35] <ttx> eolo999: I'd say it's more a matter of how long you want to keep this machine without upgrading it.
[09:35] <ttx> hardy LTS has longer support (obviously) than intrepid.
[09:36] <hads> Yeah, I'm sure there are situations that I don't run into which cause issues.
[09:37] <eolo999> thx guys i go for 810!
[09:38] <Doble> just out of interest hads - what guests are you running?
[09:38] <Blank`laptop> back
[09:38] <ttx> eolo999: have a great time with kvm ;)
[09:38] <hads> Doble: A mixture of Hardy and Intrepid
[09:39] <eolo999> ttx: ;)
[09:39] <Doble> what do they run ?
[09:40] <Doble> your guests
[09:40] <simplexio> i saw one intrestin kvm patch on lkml, no idea if its in mainiline kernel though. it allowed run something like 64 windows client on 16G ram, it shared identical memeory blocks between virtual clients
[09:41] <hads> Doble: mail/web/etc. nothing too exciting
[09:41] <Doble> alright, cheers, i have to head off now - seeya
[09:45] <piti> cemc: you think I should fill a bug about it, or am I doing something wrong ?
[09:47] <cemc> probably you're doing something wrong ;) I am sure it does work, I tested some clamav stuff and it worked then, not sure what's happening now, but right now I'm in the middle of something, will look at it later
[09:47] <piti> ok, no problem
[09:50] <Hellsheep> Hey
[09:51] <Hellsheep> Is anyone available to help me with a networking issue
[09:52] <blue-frog> shoot
[10:07] <piti> hum, I tried launching the cgi from cli, and it seems to take care of my conf. maybe that's about old php threads which hadn't reload configuration
[10:11] <piti> ok, I manually killed every php-cgi threads then reload, and it is ok now
[10:15] <cemc> piti: good to know
[10:23] <piti> cemc: so you think it's like a bug ?
[10:24] <_ruben> restarting lighttpd isntead of reloading it probably would've done the trick .. and i dont think its a bug, more a usability issue of sorts :)
[10:27] <piti> _ruben: I already restarted lighttpd, but this didn't worked
[10:27] <piti> on a hardy box, all went fine doing that
[10:27] <piti> (I even tried to stop thhe server, then start it after few seconds)
[10:30] <_ruben> hmm .. if restarting lighttpd leaves rogue php-cgi processes behind, that i'd qualify as a bug
[10:34] <oly> hum, can some one direct me to the file to modify ldaps apparmour profile, not used app armour before but its stopping me creating a second database
[10:36] <_ruben> /etc/apparmor.d/path.to.file
[10:36] <_ruben> to control the 'rules' for /path/to/file
[10:37] <oly> cool, got it cheers
[10:39] <Hellsheep> blue-frog, thanks for the offer. :) I forgot about IRC, ended up asking my brother instead.
[10:47] <oly> hum, got another question regarding slapd if any one knows, when starting it, slapd ignores my slapd.conf file unless i pass it the -f parameter with a path
[10:47] <oly> anyone know what may be causing this ?
[10:47] <mih> hello ! to everyone ! I have an Intrepid with cups,samba,kerberos. I want to make from it - print server, release station, all authentication by kerberos, on Active Directory. All is ok except the xp station that doesn't authenticate to the CUPS server !
[10:48] <oly> i get the feeling its something todo with /etc/ldap/slapd.d folders
[10:48] <mih> I see the printers on the cups server but after installing the drivers I get access denied and none of the print jobs I send from the xp get to the cups...
[11:05] <uvirtbot`> New bug: #337037 in samba (main) "MS Office reports "Access Denied" when saving to samba share" [Undecided,New] https://launchpad.net/bugs/337037
[11:12] <piti> when does uvirtbot` decides to tell there's a new bug ?
[11:13] <_ruben> when its a bug thats  assigned to the server team iirc
[11:15] <piti> ah, ok
[11:15] <piti> thank you
[11:15] <Blank`laptop> hmm... i'm wondering if i've screwed up something else, look at what happens when i try to ping anything, even localhost
[11:15] <Blank`laptop> ~$ ping localhost
[11:15] <Blank`laptop> ping: icmp open socket: Operation not permitted
[11:16] <Blank`laptop> however... just found out that if i sudo ping, it's fine... i'm almost 100% certain i've screwed something else up permissions wise
[11:16] <cemc> Blank`laptop: firewall ?
[11:16] <cemc> heh
[11:16] <Blank`laptop> chowning most things accidentally to www-data then chowning almost everything to root is a bad idea
[11:16] <Blank`laptop> >.<
[11:17] <cemc> reinstall :)
[11:18] <cemc> for how long have you been trying to revive it now? :) a couple of hours maybe?
[11:18] <cemc> you would've reinstalled it and configured it by now
[11:42] <Blank`laptop> cemc: about a month or two
[13:18] <ubuntnoob> if i have a file/print server, should i have it behind a router? or should i configure it to be the router itself?
[13:28] <ubuntnoob> !if i have a file/print server, should i have it behind a router? or should i configure it to be the router itself?
[13:36] <mario_> Hi, how can use Logical Volume with jeos?
[13:37] <_ruben> dont recall jeos having any issues with lvm
[13:37] <_ruben> then again, i havent used jeos that much
[13:39] <mario_> I want to assign a logical volume to a guest, i have to add it in the xml configuration file of libvirt?
[13:40] <_ruben> oh .. i thought you meant lvm within jeos
[13:40] <_ruben> never used libvirt
[14:29] <yadu> Hi,i'm a student at CET, India.
[14:29] <thewrath> hey all
[14:29] <thewrath> anyone here?
[14:29] <yadu> We, are planning to set up a mirror for Ubuntu in our college.
[14:30] <yadu> It would be very nice if someone could help
[14:31] <thewrath> kool
[14:31] <sommer> yadu: do you have a specific issue?
[14:31] <thewrath> so people can download it i presume there yadu ?
[14:35] <thewrath> where is the apache2.conf file located in 8.04 lts
[14:35] <thewrath> i completely forget
[14:36] <sommer> thewrath: /etc/apache2
[14:36] <thewrath> ty
[14:36] <thewrath> thought so but i must of had a misspelling
[14:37] <sommer> thewrath: tab complete is your friend
[14:37] <thewrath> yeap lol
[14:37] <thewrath> its not hard to set up a self signed ssl for ur web correct?
[14:37] <sommer> thewrath: nope not hard
[14:37] <sommer> !serverguide
[14:38] <thewrath> ty
[14:38] <sommer> thewrath: there's a section on certificates in the serverguide that has instructions
[14:39] <thewrath> i did it on my old laptop that had issues so i am trying ot duplicat everything
[14:39] <thewrath> hi domas
[14:40] <thewrath> Permission ddenied: make_sock: could not bind to address 0.0.0.0:80 no listening sockets avaiable, shuttind down unable to open logs
[14:40] <thewrath> apache failed to do force-reload
[14:40] <thewrath> why
[14:40] <domas> hi!
[14:41] <thewrath> all i did was added this after the only <directory stuff>
[14:42] <thewrath> UserDir public_html
[14:42] <thewrath> UserDir disabled root
[14:42] <thewrath> <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Options Indexes SymLinksIfOwnerMatch IncludesNoExec
[14:42] <sommer> thewrath: did you use sudo ?
[14:42] <thewrath> duh
[14:42] <thewrath> id idnt
[14:42] <thewrath> as you can see how tired i am atm
[14:42] <thewrath> sommer: genius and a life saver
[14:42] <sommer> thewrath: heh, I give you permission to take a nap
[14:42] <thewrath> lol
[14:42] <incorrect> I am trying to allow a user to sudo to another user without a password
[14:43] <thewrath> hmm
[14:43] <thewrath> not sure if you are able to do that
[14:43] <incorrect> thewrath, is that directed at me?
[14:43] <thewrath> sommer: guide have how to install services for irc server?
[14:43] <thewrath> yes i always thought to sudo you needed a password
[14:43] <incorrect> NOPASSWD works
[14:43] <sommer> thewrath: not yet, but it's on my list for karmic
[14:43] <incorrect> just i can't change the user
[14:44] <thewrath> karmic?
[14:44] <sommer> incorrect: you might try giving sudo access to su
[14:44] <sommer> thewrath: the next ubuntu release
[14:44] <thewrath> 9.04?
[14:44] <thewrath> i didnt think that was called karmic
[14:44] <sommer> thewrath: 9.10
[14:44] <incorrect> sommer, can you tell me how to run su over ssh?
[14:44] <thewrath> where can i find a good tutorial how to install services
[14:44] <thewrath> sommer: all right awesome
[14:44] <incorrect> su complains that it needs a terminal
[14:45] <sommer> incorrect: well you'd ssh first then su to the other user... not sure if you can limit which user with su though
[14:45] <yann2> ttx > around?
[14:45] <ttx> yann2: yes
[14:45] <incorrect> i want to ssh host su - user -c script
[14:46] <yann2> I got issues with java on ubuntu hardy, I got pointed to you :) i suspect a memleak
[14:46] <yann2> I thought maybe you could help?
[14:46] <yann2> (related to: http://bugzilla.zimbra.com/show_bug.cgi?id=34040 )
[14:46] <sommer> incorrect: ah, ummmm I've done something similar, but what I did was ssh sudo -u user /usr/local/bin/script
[14:46] <ttx> yann2: Probably not, but tell me more :)
[14:46] <uvirtbot`> bugzilla.zimbra.com bug 34040 in Other - Server "Zimbra java consumes all memory on Ubuntu 8.0.4 64bit" [Blocker,New]
[14:47] <incorrect> sommer, can you do it with nopassword?
[14:47] <yann2> ttx > there is a bug on zimbra's bugzilla, that is ubuntu specific
[14:47] <ttx> looking
[14:47] <sommer> incorrect: if you configure sudo to execute the script with NOPASSWD
[14:47] <sommer> incorrect: and setup ssh keys
[14:47] <yann2> beyond the fact that the bug is affecting me and is scary, I am a bit afraid that it may put some shadow over future support for ubuntu
[14:47] <incorrect> sommer, strange keeps asking me for a password
[14:47] <thewrath> any suggestions for installing irc server services
[14:47] <thewrath> nickserv, etc
[14:48] <sommer> incorrect: which part the ssh to the host, the sudo, or a command in the script itself?
[14:48] <yann2> looks like that in the end  http://monitoring.thehumanjourney.net/munin/server/zimbra.server-memory.html
[14:49] <incorrect> well i set user ALL=(ALL) NOPASSWD  thinking this would let them sudo -i user2
[14:49] <sommer> incorrect: do you want them to have an interactive shell?  or just execute a script then exit?
[14:49] <ttx> yann2: looks like a Sun JVM bug in the 1.5 version shipped in hardy
[14:50]  * ttx looks more
[14:50] <incorrect> sommer, either
[14:50] <yann2> ttx > is what I think too :)
[14:51] <ttx> yann2: would it run with sun-java6 or openjdk-6 instead ?
[14:52] <yann2> oh wait wait I think I pointed this to  you too early
[14:52] <yann2> I think they bundle their own java (ever heard of zimbra?)
[14:53] <yann2> sorry about that... got no idea why the bug then :(
[14:53] <ttx> well they must bundle a buggy JVM version
[14:53] <joe-mac> has anybody here ever noticed apt-proxy spitting out 404s when it's low on memory?
[14:54] <sommer> incorrect: you might try ssh user@host sudo -u user script
[14:54] <ttx> ttx: doesn't seem completely ubuntu-specific, see "We have seen this behavior on SLES for a number of 5.0 versions." comment
[14:54] <ttx> yann2: ^
[14:54] <yann2> uh, missed that one.
[14:54] <thewrath> does anyone have experienc with setting up irc server?
[14:54] <yann2> right this is partly good news :)
[14:55]  * incorrect goes and bangs his head against the wall
[14:55] <yann2> thx for your help ttx , sorry I should have remembered that java was bundled
[14:55] <incorrect> sommer, i am stupid
[14:55] <ttx> yann2: np
[14:55] <thewrath> ttx: any knowledge of irc?
[14:55] <sommer> incorrect: did it work?
[14:55] <incorrect> sommer, i had it right apart from a typo
[14:55] <sommer> incorrect: heh, it happens
[14:56] <ttx> thewrath: yes, as in "I'm currently using it".
[14:56] <thewrath> well i mean setting upa  irc server
[14:56] <thewrath> i think i found some stuff for the scripts
[14:56] <thewrath> but i want to install the services
[14:57] <ttx> thewrath: then, no: no knowledge of setting up any irc server.
[15:00] <thewrath> does anyone?
[15:08] <thewrathjr> okay i think i got this working fine now can someone say something
[15:09] <thewrath> okay now try
[15:18] <thewrath> what is command to remove some things that the sudo-get remove didnt
[15:18] <thewrath> like when you install something but it has to haev other things installed
[15:18] <maxb> Perhaps you are thinking of "apt-get autoremove" ?
[15:19] <thewrath> yes
[15:19] <thewrath> pefect
[15:19] <thewrath> thank you
[15:25] <thewrath> hmm
[15:30] <andol> cjwatson: I must say I appreciated reading your bug rant on bug triage. To me it was definitely educational. Not sure how much I have "sined" so far, but I will very much try not to do so in the future.
[15:59] <cjwatson> andol: thanks :-)
[16:44] <giovani> someone has claimed the $1000 djbdns prize!!
[16:46] <domas> sbeattie: so strange to see whole bug description to be revamped
[16:47] <domas> giovani: haha,how?
[16:47] <giovani> domas: http://article.gmane.org/gmane.network.djbdns/13864
[16:51] <sbeattie> domas: prepping for an SRU.
[16:52] <sbeattie> domas: any chance you could test one of the kernels I pushed into my ppa and give feedback?
[16:57] <domas> sbeattie: I tried them on a VM, it seemed to work, though I didn't try in live environment
[16:58] <sbeattie> domas: but you didn't see the leak you were seeing before, right?
[16:58] <domas> nope
[16:58] <domas> you have my testcase though :)
[16:58] <sbeattie> cool, can you add a comment to that effect?
[16:59] <sbeattie> yep, thanks for synthesizing it down to that, very much appreciated.
[20:18] <kirkland> didrocks: http://blog.dustinkirkland.com/2009/03/ubuntu-encrypted-home-with-2-factor.html
[20:21] <didrocks> kirkland: thanks a lot :)
[20:21] <kirkland> didrocks: thanks for the nudge :-)
[20:41] <axisys> on a nvidia raid devicemapper how can I tell the raid1 disks are sync after putting a new disk? looking for a /proc/mdstats time file
[21:09] <ubuntnoob> hello!
[21:35] <ivoks> gr... why did dell put ubuntu on worst hardware... ever
[21:35] <giovani> ?
[21:36] <ivoks> after two weeks a key droped from keyboard
[21:36] <ivoks> two months after purchase - disk died
[21:36] <ivoks> on the same dell vostro a860
[21:39] <JanC> if you want good hardware, why do you buy from Dell?  ;)
[21:40] <HAN67431> hello all
[21:40] <HAN67431> need help with dovecot and postfix saslauth
[21:41] <ivoks> JanC: they have good servers, so i tought.... :)
[21:41] <ivoks> HAN67431: just ask
[21:41] <HAN67431> k
[21:41] <HAN67431> i followed the server guide for postfix and saslauth with dovecot
[21:42] <HAN67431> everything work fine
[21:43] <HAN67431> outlook 2007 can authenticate using smtp auth and thunderbird but windows mail (vista) makes no attempt to authenticate, i have tried 2 diffrent pc's
[21:43] <HAN67431> and from the mail.log it only tries to send the mail
[21:43] <HAN67431> other client first authenicates then send the mail
[21:43] <HAN67431> windows makes not attempt
[21:43] <ivoks> then vista mail is broken
[21:44] <HAN67431> i have a another server (centos with cyrus sasl) and with windows mail it work 100%
[21:44] <giovani> get a packet trace
[21:44] <ivoks> maybe you configured wrong auth mechanism on client?
[21:44] <giovani> then we can see what's actually going on rather than guessing in the wind
[21:45] <HAN67431> well, i only select "my outgoing server requires authenication" with the username password...
[21:46] <ivoks> and did you configure postifx to accept plain text authentication?
[21:46] <HAN67431> and windows mail work fine with my other server
[21:46] <HAN67431> yes
[21:46] <giovani> once again
[21:46] <giovani>  a packet capture would remove all of the guesswork
[21:46] <ivoks> broken_sasl_auth_clients = yes
[21:46] <ivoks> ?
[21:46] <HAN67431> yes
[21:46] <HAN67431> broken_sasl_auth_clients
[21:46] <HAN67431> yip
[21:47] <ivoks> giovani: there's not much you can see in crypted traffic :)
[21:47] <giovani> ivoks: who said it's encrypted?
[21:47] <giovani> I didn't hear him mention encryption
[21:47] <ivoks> right, you have a point there...
[21:48] <ivoks> it should be crypted, anyway
[21:48] <ivoks> HAN67431: smtpd_tls_auth_only
[21:48] <giovani> indeed it should -- however, for the purposes of troubleshooting, it would be helpful to remove that, so as to reduce the number of variables
[21:48] <giovani> ivoks: he has to set up TLS first ... but ok
[21:48] <ivoks> HAN67431: is that set?
[21:48] <incorrect> my servers have 32gb of ram,  i don't feel like turning over 48gb of disk over for swap,
[21:48] <ivoks> HAN67431: if not, set it to no
[21:48] <giovani> incorrect: then don't?
[21:48] <HAN67431> i have TLS Support
[21:49] <ivoks> JanC: smtpd_tls_auth_only = no
[21:49] <ivoks> doh :)
[21:49] <incorrect> is there any reason why I should not just run with 2gb of swap, just in case i spill over a bit?
[21:49] <ivoks> JanC: sorry :)
[21:49] <HAN67431> tls_only is set to no
[21:49] <HAN67431> want to see my main.cf config?
[21:49] <ivoks> HAN67431: not really :)
[21:49] <HAN67431> lol
[21:49] <giovani> incorrect: not that I know of -- the guidelines are just that, guidelines -- and most of them are antiquated anyway -- you have to do what's best for your environment
[21:50] <incorrect> giovani, thanks for that, I was in that frame of mind too
[21:50] <giovani> I haven't used more than 25-50% swap in nearly 10 years :)
[21:50] <HAN67431> well this is that i test enviroment
[21:50] <HAN67431> i have been using centos
[21:50] <HAN67431> testing out ubuntu
[21:50] <ivoks> incorrect: guideliness: if server_has_ram =< 2GB; then SWAP = server_has_ram * 2; else: SWAP = 2GB
[21:50] <giovani> HAN67431: I've told you what would make troubleshooting easy
[21:51] <ivoks> HAN67431: ok, then put your main.cf somewhere
[21:52] <giovani> incorrect: afaik, in 2.6, swap files are just as fast as swap partitions -- would give you more flexibility -- http://lkml.org/lkml/2005/7/7/326
[21:52] <HAN67431> http://pastebin.com/m26fceb49
[21:52] <incorrect> giovani, the idea is I am never going to touch swap
[21:53] <incorrect> if i do something has gone wrong
[21:53] <incorrect> but i don't want the system to die
[21:53] <giovani> incorrect: swap will be used sometimes, even if you don't run out of ram
[21:53] <HAN67431> its really weird that only windows mail saslauth wont work...
[21:53] <giovani> so, having none would not be great -- but 2GB is probably plenty
[21:53] <incorrect> giovani, you can set swappiness to 0
[21:53] <giovani> HAN67431: not really ... microsoft breaks stuff all the time
[21:53] <giovani> incorrect: yes, you can
[21:53] <HAN67431> lol
[21:53] <ivoks> and apple too
[21:53] <incorrect> giovani, 2gb was what i was thinking
[21:54] <giovani> incorrect: I'd go with that then -- report back if there are any issues -- I'll be curious if there are
[21:54] <ivoks> apple mail will at some point just refuse to connect to server
[21:54] <ivoks> and spit that 'server is broken'
[21:54] <giovani> smtpd_banner = $myhostname ESMT
[21:54] <giovani> I think you accidentally lost a "P" there
[21:54] <ivoks> without even establishing tcp connection
[21:54] <HAN67431> lol yes
[21:54] <incorrect> giovani, i will have 200 odd machines this year, so its got to be right
[21:55] <giovani> incorrect: you have 200 machines with 32GB of ram?
[21:55] <giovani> smtp_use_tls = yes
[21:55] <incorrect> giovani, i have 90 with 8 right now, 25 with 32, and 5 with 16 but 6tb per box
[21:55] <giovani> you've also duplicated this line
[21:56] <incorrect> ill be buying another 60 next month
[21:56] <ivoks> giovani: um...not?
[21:56] <giovani> incorrect: gotcha -- well, if you have a network that large, you should know that you should have non-production machines to do stress-testing on before deploying anything
[21:56] <ivoks> #
[21:56] <ivoks> smtpd_use_tls = yes
[21:56] <ivoks> #
[21:56] <ivoks> smtp_use_tls = yes
[21:56] <giovani> oh sorry
[21:56] <giovani> my mistake
[21:56] <HAN67431> ?
[21:56] <incorrect> giovani, sort of, but nothing of the larger machines
[21:56] <giovani> HAN67431: nothing, ignore it
[21:56] <HAN67431> i am using tls
[21:57] <giovani> so you've told us
[21:58] <incorrect> I really should publish my openldap packaged 2.5.15, and bdb 4.7,  I have n-way replication working
[21:59] <jmedina> incorrect: how is your n-way setup?
[22:00] <incorrect> jmedina, works pretty well
[22:00] <HAN67431> something tells me that it is a config issue with dovecot because why would cyrus saslauth work?
[22:00] <giovani> HAN67431: doubtful
[22:00] <HAN67431> on my centos box
[22:00] <jmedina> incorrect: have you been monitoring your contextCSN?
[22:00] <giovani> because your config is probably slightly different
[22:01] <giovani> HAN67431: why is it that I've asked like 10 times for a packet capture ...
[22:01] <jmedina> I have seee a lot of inconsitencies with earlier versions
[22:01] <incorrect> jmedina, i backported bdb4.7 and built new packages for 2.5.15 where the contextCSN problem was fixed
[22:01] <jmedina> incorrect: do you have hardy packages? :D
[22:01] <HAN67431> i am on it
[22:01] <incorrect> jmedina, i do
[22:01] <incorrect> jmedina, its for hardy
[22:02] <incorrect> i need to setup reprepo
[22:02] <giovani> HAN67431: it's just a quick tcpdump server-side
[22:02] <jmedina> incorrect: I can test them, I only use openldap on hardy
[22:02] <jmedina> incorrect: are you using any load balancer?
[22:03] <incorrect> jmedina, don't need to, i have loads of servers around the place, so i have all the local ones to each data centre/network setup
[22:03] <ivoks> HAN67431: dovecot sasl doesn't support MD5 and others
[22:03] <ivoks> HAN67431: it supports only 'login'
[22:04] <ivoks> HAN67431: cause you can't decrypt user password from shadow
[22:04] <incorrect> jmedina, i am using haproxy to load balance my data centre's that works pretty well
[22:06] <incorrect> next i've got to get bonding configured during my pxe install
[22:06] <HAN67431> i am not using secure password authentication on the server
[22:07] <jmedina> incorrect: so you point your apps to a local replica?
[22:07] <incorrect> jmedina, yes, if you list them, they fail over
[22:07] <jmedina> incorrect: lets write a wiki about thease I can help testing
[22:07] <incorrect> there is already plenty on it
[22:08] <jmedina> but not the ubuntu way :D
[22:08] <incorrect> I should fix the errors on the official guide
[22:09] <jmedina> I have used simple syncrepl using two servers in apps configs, with only one master
[22:09] <jmedina> how is the setup in the clients? lets say a proxy squid
[22:09] <HAN67431> http://pastebin.com/m69fb136e
[22:09] <HAN67431> tcpdump
[22:10] <incorrect> I have pretty much all my systems slaving off ldap now
[22:11] <jmedina> and how is managed fail over?
[22:11] <jmedina> that is my doubts
[22:11] <incorrect> jmedina, try setting multiple uri's in your ldap.conf
[22:12] <jmedina> ok
[22:12] <incorrect> i have it a bit like my /etc/resolv.conf
[22:12] <incorrect> a master and then if that isn't there it fails over
[22:12] <incorrect> you could use a load balancer
[22:12] <incorrect> haproxy would work nicely for it
[22:13] <HAN67431> pop3 work 100% with windows mail its just smtp-auth that it wont do,
[22:13] <HAN67431> like i said tried it on two pc with windows mail same thing
[22:14] <HAN67431> outlook 2003/2007 no issues
[22:15] <HAN67431> using debug_auth in dovecot.conf
[22:15] <ivoks> HAN67431: http://www.vistax64.com/vista-mail/88396-smtp-auth-windows-mail.html
[22:15] <ivoks> HAN67431: you are not alone
[22:15] <HAN67431> outlook auths but windows mail makes not attempt to auth
[22:16] <HAN67431> yes i did have a look at that but why does it work with cyrus-saslauth
[22:16] <HAN67431> i have no issues
[22:16] <Zerqent> HAN67431: .. smtp-auth and dovecot.. are you trying to use an imap/pop3 server for smtp?
[22:17] <ivoks> Zerqent: dovecot can export authentication to postfix
[22:17] <Zerqent> ivoks: aha, didn't know that =)
[22:17] <HAN67431> no dovecot has its own sasl mechimisn
[22:18] <ivoks> HAN67431: users are in sql, ldap?
[22:18] <ivoks> on in passwd?
[22:18] <HAN67431> no normal system users
[22:18] <HAN67431> passwd
[22:19] <HAN67431> this is the guide i followed step by step
[22:19] <HAN67431> https://help.ubuntu.com/8.10/serverguide/C/postfix.html
[22:21] <ivoks> HAN67431: did you check 'Lon on using Secure Password Authentication'?
[22:21] <HAN67431> yes
[22:21] <ivoks> why?
[22:21] <ivoks> uncheck it
[22:21] <HAN67431> tried it
[22:21] <ivoks> it must be off
[22:21] <HAN67431> it is
[22:22] <jmedina> incorrect: are you uploading the packages?
[22:22] <HAN67431> anyway in the log file it show no attempt to authenticate
[22:22] <HAN67431> where with outlook it show sasl authenication=plain ....etc
[22:22] <incorrect> jmedina, not sure where a good location would be
[22:24] <ivoks> HAN67431: i don't know... i'll have to test that on my own; but i don't have vista
[22:24] <jmedina> incorrect: lauchpad?
[22:24] <incorrect> jmedina, not used it
[22:25] <HAN67431> log file windows mail
[22:25] <HAN67431> http://pastebin.com/m686cad65
[22:25] <jmedina> incorrect: maybe in a PPA
[22:25] <jmedina> that is the place afaik
[22:26] <HAN67431> outlook 2007
[22:26] <HAN67431> http://pastebin.com/m7bbb2461
[22:27] <incorrect> jmedina, ill make you a tar.bz2
[22:27] <HAN67431> anyway if someone have vista please test it with windows mail and ubuntu with this guide
[22:27] <jmedina> incorrect: thanks
[22:27] <ivoks> HAN67431: you are missing couple of lines in first one
[22:27] <HAN67431> if someone sees something can i they drop me a email jancarel.putter@gmail.com
[22:27] <jmedina> ivoks: it looks like copy paste doesnt work
[22:27] <jmedina>  in the wikis :D
[22:28] <giovani> HAN67431: where's the packet capture?
[22:28] <ivoks> jmedina: :)
[22:28] <jmedina> HAN67431: why not debuging smtpd in postfix (master.cf)
[22:28] <HAN67431> http://pastebin.com/m69fb136e
[22:28] <HAN67431> the first one is windows mail
[22:28] <giovani> uh
[22:28] <giovani> but that doesn't show us the actual contents
[22:28] <HAN67431> second one is outlook 2007
[22:28] <giovani> heh
[22:28] <giovani> that's just the summary view
[22:28] <ivoks> HAN67431: and you are missing couple of lines on it
[22:29] <giovani> what good is that?
[22:29] <HAN67431> ?
[22:29] <giovani> sigh
[22:29] <ivoks> HAN67431: log doesn't start with 'NOQUEUE'
[22:29] <giovani> we need a PCAP
[22:29] <giovani> so we can see what the client is trying to do, if anything
[22:29] <giovani> to authenticate
[22:29] <ivoks> HAN67431: it starts with clien=unknown...
[22:29] <ivoks> client
[22:29] <giovani> tcpdump -i ethX -s0 -w file.pcap
[22:30] <incorrect> jmedina, there is a little bug with the packaging of bdb utils, you have to chmod the executables into running,, I was lazy when i backported it
[22:31] <incorrect> jmedina, also i've only built 64bit debs, you should be able to compile 32bit ones if you need
[22:31] <jmedina> incorrect: which executables? db4-restore and like that?
[22:32] <incorrect> jmedina, yes
[22:32] <HAN67431> where can i send the file to or upload it>
[22:32] <incorrect> jmedina, chmod 755 is easy enough
[22:32] <jmedina> incorrect: there is a launchpad service for upload
[22:32] <giovani> HAN67431: I don't know -- you tell me -- a web server ... somewhere
[22:32] <jmedina> ivoks: you know where can incorrect upload some packages for testing?
[22:32] <ivoks> jmedina: ppa?
[22:33] <ivoks> or they are already binaries?
[22:33] <jmedina> ivoks: I dont know how do it with ppa, binaries
[22:33] <incorrect> jmedina, ill drop them on my server,
[22:34] <jmedina> damn, when I was tring to learn how to contribute con server team this crisis bring me a lot of work, more time out of office
[22:34] <ivoks> i'm not sure there's anything for binaries :/
[22:34] <ivoks> anyway... 23:35; time to leave
[22:34] <giovani> HAN67431: you made sure SSL/TLS was off when you did the packet capture right? because that's the only way we can read it
[22:35] <HAN67431> yes
[22:36] <HAN67431> but i vim the file cant read anything but i disabled SSL/TLS on the client
[22:36] <HAN67431> the file is in pcap format
[22:36] <giovani> vim? it's a pcap, it's a binary
[22:36] <HAN67431> o
[22:36] <giovani> just post it somewhere
[22:37] <HAN67431> ok
[22:37] <giovani> then we'll see what type of auth the client is attempting, if any
[22:37] <HAN67431> but the contents or the fiel itself
[22:37] <giovani> that'll tell us if the server is misconfigured, or the client
[22:37] <giovani> the file itself
[22:37] <HAN67431> where?
[22:37] <giovani> the contents aer the same thing as the file -- it's a binary
[22:37] <ivoks> 'night
[22:37] <giovani> you don't have a webserver?
[22:38] <HAN67431> mmmm...
[22:39] <HAN67431> no
[22:40] <giovani> hah
[22:40] <giovani> good luck then
[22:42] <HAN67431> http://196.212.34.107/file.pcap
[22:43] <incorrect> jmedina, you can get them at http://www.badape.net/ldap/
[22:43] <giovani> HAN67431: problem found
[22:43] <giovani> your client is not attempting to authenticate AT ALL
[22:43] <giovani> it simply connects and begins sending mail
[22:43] <jmedina> incorrect: where did you backported these p[acagkes?
[22:44] <giovani> and is getting relay denied
[22:44] <giovani> HAN67431: either you've misconfigured your client, or the client is broken
[22:44] <HAN67431> yes
[22:44] <incorrect> jmedina, they were built on my opertons
[22:44] <jmedina> incorrect: 114M?
[22:44] <giovani> HAN67431: this is not a server problem whatsoever
[22:44] <incorrect> jmedina, that is the source
[22:44] <giovani> your client makes no attempt to authenticate
[22:44] <HAN67431> i have permit sasl_authenicated
[22:44] <incorrect> and everything you need to rebuild
[22:45] <giovani> HAN67431: that's not the problem, please read what I just wrote
[22:45] <HAN67431> as i said it work with outlook 2007
[22:45] <HAN67431> cant be the client
[22:45] <giovani> it is the client
[22:45] <giovani> I can tell you without a doubt
[22:45] <HAN67431> two pc cant have the same issue
[22:45] <giovani> yes they can
[22:45] <giovani> if you'd like to argue with me ... go ahead ... I'm going to stop here
[22:45] <giovani> your pcap trace shows very clearly the client making no attempt to authenticate whatsoever
[22:45] <HAN67431> thank you...anyway for your help
[22:45] <HAN67431> yes
[22:46] <HAN67431> i know
[22:46] <giovani> your client is broken, or doesn't support PLAIN auth
[22:46] <giovani> since that's all you're offering it
[22:47] <HAN67431> but ok i hear what you say and its all good
[22:47] <giovani> it's not all good :)
[22:47] <jmedina> incorrect: could you please leave the files until tomorrow?
[22:47] <jmedina> I cant download them right now
[22:47] <HAN67431> but why does it work with cyrus-sasl
[22:47] <incorrect> jmedina, not a problem
[22:47] <jmedina> thanks
[22:47] <giovani> HAN67431: possibly because cyrus is offering something more than PLAIN auth -- it's possible windows mail doesn't support PLAIN auth
[22:48] <incorrect> jmedina, i might get organised and setup a repository
[22:48] <incorrect> i built one for my server farm
[22:48] <incorrect> its 11pm here
[22:48] <jmedina> incorrect: that will be good, but for backports I think the better way is usea a PPA
[22:48] <HAN67431> so dovecot can only do plain auth
[22:48] <giovani> HAN67431: no ... you've just not configured it to do anything else
[22:48] <jmedina> here 17
[22:49] <incorrect> jmedina, a ppa?
[22:49] <ScottK> jmedina: What's wrong with backports?
[22:50] <giovani> HAN67431: you need to edit /etc/dovecot/dovecot.conf
[22:50] <jmedina> ScottK, sorry, there is nothing wrong, it was my english
[22:50] <incorrect> i've been building my own packages for 10 odd years
[22:50] <giovani> and edit the part that says "mechanisms = plain" and add something else -- like cram-md6
[22:50] <giovani> md5*
[22:50] <giovani> "mechanisms = plain cram-md5"
[22:50] <giovani> like that
[22:50] <ScottK> Actually it's probably login you want.
[22:50] <giovani> I don't know that this will solve your problem -- but it's possible
[22:51] <jmedina> I have digest auth, /me preferes starttls
[22:51] <ScottK> Older MS clients don't support plain, they support login
[22:51] <giovani> ScottK: this is a new ms client
[22:51] <giovani> ScottK: Windows Mail
[22:51] <giovani> (visa equivalent of Outlook Express)
[22:51] <ScottK> Dunno about that one.
[22:51] <giovani> vista*
[22:51] <ScottK> Might still need login then.
[22:52] <giovani> HAN67431: add "login" for good measure then as well
[22:53] <ScottK> cram-md5 is a shared secret mechanism, so it would take additional setup.
[22:53] <giovani> i.e. "mechanisms = plain login cram-md5"
[22:53] <giovani> ScottK: shared secret? it's a challenge-response
[22:53] <giovani> based on the password and the challenge being md5ed
[22:54] <giovani> no additional setup -- most clients support it out of the box
[22:56] <HAN67431> lol thats the issue
[22:56] <giovani> what is? :)
[22:56] <HAN67431> windows mail uses login
[22:56] <HAN67431> lol
[22:56] <HAN67431> not plain
[22:57] <giovani> HAN67431: ok ... so less arguing next time about how it's the server
[22:57] <HAN67431> thank you very much
[22:57] <HAN67431> lol
[22:57] <giovani> packet captures save the day once again :)
[22:57] <giovani> people get too caught up in their high-level troubleshooting tools
[22:57] <HAN67431> i think you did
[22:58] <giovani> ScottK came through with the windows loving login-only knowledge, never knew that myself
[22:58] <HAN67431> thanks scottK
[23:11] <Hans67521> sorry i am still very noob when it comes to ubuntu/linux
[23:12] <Hans67521> but thank for helping me solving my problem....
[23:12] <giovani> you're welcome
[23:14] <ScottK> Hans67521: You're welcome.