[00:03] how do I change the timezone of ubuntu in CLI without a prompt? "dpkg-configure tzdata UTC" still prompts me for 'chose a timezone' [00:04] /etc/timezone contains your currently selected timezone [00:04] however, i don now know if changing that file will suffice [00:04] *do not know [00:07] oh_noes: who says you can without a prompt? [00:07] there may not be a ready-made way [00:09] Thats my question, is there? :) [00:09] the official method is dpkg-reconfigure tzdata as you already know [00:10] whether you can duplicate its function with your own non-prompt script, I don't know [00:10] I don't know if all it does is change the symlink at /etc/timezone [00:10] if it does -- clearly you can do that yourself [00:11] check the source package of tzdata. it should contain all the information you need to determine what the reconfigure does to the system. [00:29] I'm trying to compile mod_auth_gss_krb5 using apxs, but I always get "[1]+ Stopped ......" when I try to run it. Even if I run simple "apxs --help" - I also get "[2]+ Stopped" (number is always incrementing). Does anyone know why this might be happening? [00:30] oh_noes: I looked at the tzdata package [00:30] there are two files it edits [00:30] /etc/localtime [00:30] and /etc/timezone (a symlink to /usr/share/zoneinfo/AREA/ZONE) [00:30] so change those two, and you're fine [00:33] morning [00:38] giovani: here's the result of the backup if you're interested: file size: 1608621716 bytes size on disk: 465M 123522416640 bytes (124 GB) copied, 5757.09 s, 21.5 MB/s [00:38] User time (seconds): 66.29 [00:38] System time (seconds): 437.47 [00:38] Percent of CPU this job got: 8% [00:38] Elapsed (wall clock) time (h:mm:ss or m:ss): 1:35:57 [00:38] hmm, that's a pretty long time [00:38] I guess the disk is just so big [00:39] you can always just do a file-based backup [00:39] yeah i was thinking this: if the disk breaks or i need to change it for another reason, this won't work will it [00:39] yes it will [00:40] this image will work for any 120GB disk [00:40] it will replicate your disk exactly, down to the partitiion info, the MBR, everything [00:40] not all 120gb disks are the same size and in fact i don't think i can find another 120gb disk anywhere nowadays [00:41] giovani: thanks!!! [00:41] SockPants: you can resize the paritions if you want, to fit other size disks [00:42] hm, i could probably at least change it to only backup the partition, not the disk [00:42] but yeah, this isn't as portable as a file backup -- however, a file backup requires that the system be fully reinstalled, and then you manually have to place back files [00:42] which gets messy if the backup is from an older version of the OS, etc [00:42] what are the odds of messing up an mbr [00:42] messing up the MBR by doing what? [00:42] hm, don't know yet :P [00:42] ah, you mean, in the real world [00:42] it's been done before :) [00:46] hm [00:46] i was having trouble with my nfs server so i gave up and switched to smb [00:49] Anyone here know when jpds might be around? [00:50] Why does NTP restart after my /etc/rc.local is run? [00:50] oh_noes: It has to do with network interfaces becoming available. It's a minefield :) [00:51] The problem is it's echoing 'Starting NTP server ntpd' right in the middle of my rc.local echoing stuff [00:51] Likely it's asynchronous. [00:51] * owh hasn't looked at it for some time, but recalls with a shudder the interdependencies. [00:51] is there a workaround? Im guessing the problem is because the service startup is asynchronize and each service only waits for it's dependancies [00:52] Why is it a problem? [00:52] It's not like you're going to look at the startup logs every 10 minutes is it? [00:53] good point, but it's a mini problem because we're using ubuntu server for our appliance and on new startup new customers typiucally want a pretty display [00:53] far from a real problem [00:54] oh_noes: Give them a splash :) [00:54] What they don't know won't hurt them :) -- kidding [00:54] yep thats what I was thinking [00:55] Really, for the amount of effort, I suppose you could add a linefeed somewhere, and a splash will slow down the boot. [00:55] whats the term for the splash screen? [00:55] whats a command i can use to split a big file into chunks [00:55] SockPants: That would be "split" [00:55] not the grub splash, but the actual rcS.d splash and login [00:55] ahah ok thanks :) [00:55] oh_noes: Dunno [00:57] * owh pokes Nafallo === bittin___ is now known as bittin` [01:09] ? [01:09] meh [01:17] how do i put each line of something's output in an array [01:27] Is motd.tail sourced, or echo'd? ie. can I put some bash style variables in it? [01:34] oh_noes: It's just concatenated, there's no shell involved. [01:35] [ -f /etc/motd.tail ] && cat /etc/motd.tail >> /var/run/motd [01:37] I hated that change [01:39] how do i put output into a variable in bash? [01:40] twb: Why? It means you don't have a file in /etc changing on every single kernel update anymore. [01:40] twb: For those of us that like to version-control /etc, that's a bonus. [01:40] infinity: I hated it because they added it after etch froze [01:41] The actual functionality itself, I'm apathetic about. [01:41] SockPants: FOO=$(command) [01:41] aah, thanks [01:41] Having said that, you could just .ignore the file, as you do with resolv.conf on a dhclient-using server. [01:42] I don't have dhclient-using servers. :P [01:43] Even ones that use dhcp too auto-install get a static IP (the same one) configured in the final build. [01:44] I'd rather configure the network on one end, than both ends. [01:44] That way I don't need to keep the config "in sync". [01:44] Well, I don't configure the auto-install machines, they do it themselves. [01:44] Of course the DHCP server is configured to assign the same IP to the server always, by MAC. [01:44] how do i add 2 variable ie a=$(echo 2) b=$(echo 3) c = a+b [01:44] infinity: you mean with cfengine or puppet or similar? [01:44] SockPants: try #bash. [01:45] SockPants: a=1 b=2; echo $(($a + $b)), to answer that specific question. [01:45] twb: Our custom preseed with a whacky late-command, but yeah. [01:45] infinity: ah, so only initial config [01:46] twb: Yeah, but they're designed to be torn down and brought back pretty quickly. [01:46] I have a deep-seated fear of having to maintain machines I deploy [01:46] infinity: VMs? [01:46] twb: No, regular hosts (though some also configure VMs on the fly when they're built) [02:11] if i'm going to rsync backup into a file what filesystem should i make it [02:14] SockPants: I don't understand the question. [02:14] * ScottK gives kirkland a high five . [02:15] ScottK: thanks ;-) i could use one today :-/ [02:15] ScottK: blog post, i assume? [02:15] Yesh [02:15] Yes even [02:16] ScottK: ;-) thanks [02:17] i plan to make a sparse file, and make an fs on it and mount it, rsync files to it.... what filesystem should i use? [02:20] SockPants: any filesystem that supports sparse files. Almost all of them do; vfat would be the only one I'd expect not to. [02:21] SockPants: as a general rule, I recommend ext3 for Linux systems unless you can actually demonstrates that is more performant for your specific use case. [02:28] kirkland: yes, nice job on the blog post [02:31] kirkland: you used "toe the line" right! [02:31] You're like the first person I've met that got it right [02:32] jcastro: ? how do you get it wrong? [02:32] isaacsm: thanks [02:32] I always see people say "tow the line" [02:32] jcastro: :-) that's something totally different :-) [02:32] jcastro: i guess [02:32] :-D [02:32] so basically for about 5 minutes you gave me hope in the collective intelligence of the internet [02:34] jcastro: heh [02:34] jcastro: "toe the line" is the only phrase i know of that makes sense [02:34] kirkland: well, for all intensive purposes ... [02:34] jcastro: haha [02:34] would sudo rsync -azvv / /mnt/backup [02:35] backup everything to /mnt/backup? [02:35] jcastro: revved up like a duece, another rumour in the night! [02:35] SockPants: yes, including /mnt/backup... [02:36] isaacsm: how do i prevent that [02:36] isaacsm: how do i make it backup only local files, there will be a few smb shares mounted etc [02:38] --exclude /mnt/backup/ should work [02:40] SockPants: depending on your setup -x (don't corss filesystem boundaries) may be useful [02:42] ah ok so i can --exclude /mnt/ to make sure no shares get backuped anyway and then -x will make it read only stuff on /dev/sda1 just in case [02:54] SockPants: yes, that would work as long everything your backing up is on the same filesystem; where is the file your rsyncing to stored? [02:54] Can anything in ubuntu tell me my RAM DIMM configuration? [02:54] lswh might. [02:54] Or dmidecode [02:55] Kamping_Kaiser: that would be lshw, wouldn't it? [02:56] er, yeah [02:56] isaacsm, thanks for noticing that [02:56] np [02:56] oh_noes: you'll want to run that with sudo [02:56] --exclude=PATTERN exclude files matching PATTERN [02:57] can i have multiple patterns separated with a comma or how does that work? [02:57] like --exclude=/mnt/*,/home/big_file [02:57] awesome thx [03:00] SockPants: No, specify a --exclude for each [03:02] SockPants: you may want to check out the FILTER RULES section of the rsync man page; there are a lot of options there [03:05] You should not backup a filesystem that's in use. Create an LVM snapshot, mount it read-only, then backup *that*. [03:05] This should at least guard you against the .pst problem if you have a Samba server. [03:06] Obviously anything like a database will need a separate dump. [03:09] twb: LVM snapshots can really kill performance; I can't actually use them on any of my servers. [03:10] isaacsm: even ones that only exist for a few hours overnight, while you make the backup? [03:10] (You're obviously not meant to keep snapshots around for days, because they are copy-on-write.) [03:11] twb: the copy-on-write mechanism kills it [03:11] twb: doesn't matter the length of time, its enough that I get nasty phone calls [03:11] Bummer [03:12] indeed [03:12] I guess they're flooding their I/O bus already. [03:22] i don't have lvm2 installed [03:24] hi guys. I just got a new 1.5TB SATA drive for my server, and I'm wondering how I would get mount it via ssh? never had to do this before with CLI [03:27] you mean sshfs? [03:28] !tell reid about sshfs [03:28] reid, please see my private message [03:29] oh [03:29] I see [03:29] one sec [03:30] nah, that is for a drive that isn't physically in the server I believe [03:30] this drive will be physically installed in the server, I have just never had to mount a drive without some type of GUI [03:30] so I am not sure how to mount it properly [03:30] anybody here have experience with NUT? [03:31] I vaguely remember things like /etc/fstab, and mount command =P [03:34] Kamping_Kaiser: I think he means "I am connecting to the server via ssh and I want to mount a drive that I've just added to an internal bay" [03:35] twb, aaah. i see. [03:35] reid: do you want to mount the drive temporarily, or forever? [03:35] A more complete description of jkfresh's issue, copied from #kubuntu : [03:35] you need to find out what the device name is (/dev/sda something), you need to partition it, make a filesystem on it so you can put files there, add a line to fstab to make it mount at boot, and the mount it anyway (so you don't have to reboot) [03:35] can anybody tell me how to power my server down the moment power goes out? I already have nut installed, and it is communicating successfuly with my UPS. The system has not powered down gracefully when I remove the mains power [03:37] genii: all I can suggest is to check the nut logfiles. [03:38] I don't see any logs in /var/log [03:38] There should be SOME logs in there [03:38] If it's empty, you have bigger problems. [03:38] gtg, bbl [03:39] well, I mean that there are no nut related logs. I keep seeing connections and disconnections from localhost with upsd. I don't know if this is normal behavior or not [03:39] jkfresh: sorry, I don't know. [03:39] it's all good :) I think that setting nut up to do what you want is a black art [03:40] I'll drink to that [03:41] makes me want to buy an APC [03:43] What do troop transports have to do with computing? [03:45] ?? troop transports? [03:46] hehehe [03:46] twb, to transport your server-room najas around [03:48] "never underestimate the bandwidth potential of a six wheeler hurtling across open terrain with a cargo area full of DAT tapes"? [03:48] I wish I had ninjas to rip my vinyl records for me [03:49] 6 wheeler? [03:50] Kamping_Kaiser: Must a third of an 18 wheeler [03:51] genii, aah, i see [03:57] I was going to say "half track", but I don't know if they're still actively used. [03:59] * isaacsm wonders if there are half-tracks in the hole at work...probably [04:00] http://en.wikipedia.org/wiki/V%C3%A9hicule_de_l%27Avant_Blind%C3%A9, for example, appears to be a six-wheeler. [04:01] twb: that takes backup and recovery to a new level--armored tape transport [04:01] Then we only need a second "A" to get an AT-AT [04:02] install a magazine so it becomes an Automatic Tape Armoured Transport? [04:28] hmm [04:28] how can i make the server run a command as another user at startup [04:28] i tried sudo -u ... [04:28] which works when i'm ssh'ing as root [04:29] but not as a startup script [04:29] and also, it doesn't actually run the program as the user, because it seems ~ is still /root/ [04:29] SockPants: make an /etc/cron.d/ entry [04:29] Use @reboot instead of * * * * *. [04:29] rc.local may also be appropriate [04:30] twb: i put a reference to /etc/startupscript in /etc/init.d/rc.local [04:30] genii: good idea, though note that it doesn't run in single-user mode [04:30] wouldn't rc.local still has the issue with privs? [04:30] isaacsm: No, it runs as root [04:30] SockPants: ~ will be root if you use sudo -u fred. [04:30] SockPants: you need to use -H, or better, su. [04:30] yeah, how do i make it run as if i were logged in [04:31] If root is executing it, there's really no point to sudo. [04:31] i tried to do su ; command but it doesnt seem to work [04:31] genii: right, i though SockPants wanted to run NOT as root [04:31] SockPants: that's because the syntax for su is different. [04:31] isaacsm: Thats what su is for.... [04:31] hmm, oh let me check [04:31] Here's something I have in my /etc/rc.local [04:31] isaacsm: [04:31] env -i su twb -c xinit >/var/log/xinit.log 2>&1 & [04:32] (sorry, wrong cut buffer.) [04:32] Alternately to make a proper script and add it with update-rc.d [04:32] genii: hear, hear [04:32] metainit ftw [04:33] how come you have -c option after the login name [04:33] yes, i prefer the startup script option myself [04:33] su [options] [LOGIN] [04:33] SockPants: -c is "do command" [04:33] genii: he means that the manpage doesn't make it clear that the options can come AFTER the username [04:34] Ah, yes. [04:34] Note that the env -i unsets things like $HOME entirely [04:35] So it won't be HOME=/root [04:35] twb: if $HOME isn't set, won't it default to / ? [04:36] can i put multiple commands after -c and put them in {} ? [04:43] isaacsm: if HOME isn't set, then any application that asks where $HOME is, will crash [04:43] isaacsm: unless it explicitly handles the case where getenv() fails [04:43] wait, command > file.txt captures stdout right, how do i get stderr as well? [04:43] Well, or return a null [04:43] SockPants: -c takes a string. That string is passed to sh -c [04:44] SockPants: so IOW it's a shell script in a string [04:44] twb: so for a bunch of commands i put it in ""? [04:44] You could, for example, say su twb -c "ls; pwd; firefox" [04:44] ok [04:45] SockPants: what are you actually trying to run at boot? [04:45] SockPants: because there's usually a better way than what you're going about [04:47] a few different thinks [04:47] *things [04:47] um [04:47] rssdler [04:47] ntop (as root though) [04:47] rtorrent in screen [04:47] what's wrong with this (just trying stuff): [04:47] sudo su jeroen -l -s bash -c "ls -al > /tmp/ls.txt" [04:47] it doesn't work [04:49] ok, it works when i leave off -s bash [04:52] SockPants: Sounds like your trying to automatically recreate your console sessions at startup; my thought would be to add them to your screenrc and just start screen [04:53] well for now maybe but there might be other things later that don't have to run in screen, but that's an idea [04:53] * SockPants goes to read screen manpage more [05:00] isaacsm: I agree [05:02] in the past i've also run things like ntop in place of a getty, but that can be problematic sometimes [05:21] how do you set the (bios) time? [05:22] hwclock? [05:26] thanks [05:32] * genii sips his coffee and thinks about tick servers [06:44] hello [06:44] is there a commandline WLM client that has a web interface, like ebuddy.com has? [06:46] SockPants: WLM? [06:47] windows live messenger [06:48] also, how can i make grep return more lines than just the line it finds [06:49] you mean like the lines immediately before and after the hits? [06:49] Received disconnect: 2: server_input_channel_req: unknown channel -1 [06:50] yeah, i thought i did it before and now i forgot how [06:50] and dmesg shows eCryptfs parseoption error, [06:51] .. and first error comes when trying to ssh into box first time in morning [06:51] SockPants: -C $number [06:52] SockPants: that gives you $number lines of context; you can also use -A (after) or -B (before) [06:52] ah great, thanks [06:57] SockPants: that would depend on what protocol Windows Live Messenger uses. [06:57] Suppose that it's, say, XMPP (Jabber). You would then google for "linux web client XMPP" or something [06:58] libpurple seems to be the primary IM library, so you could also see if any web apps are using that. [06:59] well, libpurple does have a CLI client (finch), and that should support Windows Messenger (which is its own protocol, btw) [06:59] no idea about a web interface, though [07:00] hmm [07:01] not too long ago MS added the capability to log into the same account at multiple machines, that's pretty much a must if i'd use it [07:02] don't think theres anything as of yet [07:02] SockPants: don't expect us to know much about Windows, generally [07:05] hardly windows... but k [07:05] how do i get rid of this: [07:05] rtorrent: Could not lock session directory: "/home/jeroen/rtorrent_session/", held by "ubuntu:+4697". [07:05] there is no such process [07:05] if there was, i killed it [07:10] Is /etc/rc.local called after all initt scripts are executed and after they return? [07:10] Im doing some echos to console just before login, and im finding it's "Reloading openBSD secure shell" and " * Starting NTP server" write in the middle of my echo's [07:14] SockPants: that's a question for the rtorrent people, but probably that dir contains a lockfile [07:14] oh_noes: yes, unless you are in runlevel 0, 1 or 6. [07:15] oh_noes: ah, that's because those things happen when ifup -a (dhcp) finishes doing its job, which happens in the background. [07:15] oh_noes: IME the Ubuntu if-up.d scripts are... a little overenthusiastic about restarting systems [07:16] twb: arr, cool thanks for confirming that. I think in my example, ifup is returning even without an IP address, and because it's its DHCP it takes a few extra seconds to timeout [07:17] meaning it happens to dump ssh and ntp restarting coincidentally right inthe middle of my echo's [07:17] twb: can you tell me what script is fired on an ifup? Maybe if I can silence the output that would be enough for me [07:18] oh_noes: run-parts /etc/if-up.d [07:18] I'm assuming ssh and ntpd start in rc3.d *anyway*, and are just being refired due to an ifup [07:20] twb: thats interesting, /etc/network/if-up.d/ntpdate has invoke-rc.d --quiet inside it. [07:20] I wonder why it's outtutting stuff to console on if-up [08:29] owh: Morning. [08:29] Hi jpds [08:29] Hope my email didn't cause you any heartache :-| [08:48] hi both [08:49] Good day Kamping_Kaiser. [08:50] owh, :) hows things in the hellish sandpit of the west? ;) [08:50] Haven't looked outside all day, lemmie look. [08:50] hehe [08:51] Kamping_Kaiser: It's sunny, dry, no squawking kiddies around and no hammer drills or earthmoving equipment. Some birds are in evidence and some hoons are carooming off the street, other than that, situation normal. [08:53] mmm, spring. [08:53] owh, sounds quite plesant. [08:53] Autumn you mean :) [08:53] Kamping_Kaiser: The sirens have just started up - peaceful for some :) [08:54] owh, hehe [08:54] speaking of sunny - its going down here, so i might unload the car. back in 5 [08:57] Hey Kamping_Kaiser. [08:59] jpds, :) evening. hows your packing? ;) [08:59] These south australians, very unreliable :) [08:59] Kamping_Kaiser: heh ;-) [09:00] owh, oi. i'm not taking that from you! [09:00] Come and get me across the Nullabor :) [09:00] Trying to figure out how to fix bug #360980 right now. [09:00] Launchpad bug 360980 in system-tools-backends "[jaunty] users-admin allows creation of "admin" account" [Critical,Confirmed] https://launchpad.net/bugs/360980 === Nicke_ is now known as Nicke [09:01] jpds: Well that's kind of a special bug. [09:01] owh, careful what you wish for - i've got no tafe for 2 weeks, and i've got a working car [09:01] jpds: What process is actually creating the actual account/group? [09:02] jpds, problem being it allows creation of a system group? (i havent looked at the actual report obviously) [09:02] owh: Some C code in the program. [09:02] Kamping_Kaiser: Now all you need is fuel, food, a map and a drivers license :) [09:02] jpds: Isn't that in turn calling some system call? [09:02] No. [09:03] owh, got (some) fuel, can pick up pizza as i drive through adelaide, bugger the map - i'll follow the road ;D, and got licence [09:03] jpds: It's directly changing the /etc/group file? [09:03] s/got li/got a li [09:03] Kamping_Kaiser: Make sure that you turn right when you get to Port Augusta. [09:03] Kamping_Kaiser: Yes, and creating a 'admin' user, causes the pervious group to disappear. [09:03] * owh hatches a plan to send Kamping_Kaiser to Darwin. [09:04] jpds: So it's directly changing the file? [09:04] jpds, automatically? thats very broken [09:05] owh, darwin? well, i've not been there yet, so wouldnt be a total disaster [09:05] owh: Probably yeah. [09:05] Kamping_Kaiser: Nice part of the world. [09:05] jpds: I'm downloading the source to have a gander. [09:05] owh, bit tropical for me (at least, thats my excuse) [09:06] Kamping_Kaiser: Nah, just take your time, drink lots of water and enjoy the scenery. [09:06] owh, well, i'm up for it [09:06] Kamping_Kaiser: Not much internet along the way though, how will you cope without IRC? [09:07] owh, have to make do with ham radio [09:09] jpds: Still trying to get my head around this. It makes no sense to me that a piece of code would overwrite an existing group. Does it do it with other existing groups as well? [09:09] owh: Probably, I haven't checked. [09:10] * owh isn't running jaunty anywhere so testing is not so simple. [09:11] owh, testing if it happens on other releases is valid testing ;) [09:11] * owh offers Kamping_Kaiser's machine off as a sacrificial lamb. [09:12] * Kamping_Kaiser slaps owh 's priest [09:13] Can anyone help me with my samba ACL woes? I have an explanation of the problem on experts exchange: http://www.experts-exchange.com/OS/Linux/Administration/Q_24320174.html [09:17] I'm only trying to do a VERY simple file server set up and it can't be this difficult to get some simple permissions working, so I must be doing something wrong .. [09:18] your using acls, your no longer dealing with 'simple permissions' :) [09:18] well I guess, but i couldn't work out how to get unix permissions to do what I want [09:20] I want to have one file share which windows XP users can map as a network drive, then I want to divide that share into two or three subdirectories and have some staff be able to access some directories but not others [09:20] so like "Staff" and "Finance" and "Private" ... and jenny and bob need to have access to staff and finance, but not private, but jim who is the manager needs to access everything [09:20] dont think i can do that with unix permissions ? [09:21] put them in groups. [09:21] put bob and jenny in 'finance' group, and 'jim' in 'managers' [09:22] set private's owner to 'managers' [09:22] and staff/finance directories to 'finance' group [09:24] okay, give me a few minutes to try that [09:24] should I disable ACL's on my filesystem again before I do this ? [09:25] you have a layer of samba on top, so i dont know how that affects what your doing. I'm just telling you how unix groups would do it : [09:25] :) [09:25] hmm okay, thanks, i will try [09:35] hi all... I have followed the server guide for setting up bind9 on Hardy server, so that it acts as a caching name server. So it works fine when queriying from the local machine itself, but not from other machines in the network. Any ideas? [09:36] Kamping_Kaiser: I am trying to delete a file ... I am a member of the group "everyone" and the group "everyone" is the owner of the directory, and the file itself, and the group has RWX access, but when I try to delete the file I get permission denied. [09:37] beniwtv: have you set the other computers to use your server as DNS? [09:37] Doble, how was the file created, and how was the delition done? [09:38] Doble, also, #samba exists, probably more helpful then me ;) [09:38] Doble: Nope, I'm just testing it right now with dig. The thing is I need to authorize other networks to query it. [09:39] Kaiser: i cant remember how I made the file, but I'm trying to delete it using rm ... I also can't create any new files in the directory, despite having rwx [09:40] in console ? try sudo rm [09:40] if even that dosent work, its probably in use [09:40] fuser file shows who uses it, i f i recall right [09:41] simplexio: sudo will work, but I should be able to delete the file, as I am the member of the group 'everyone' and 'everyone' is the owner of the folder, and the file, and the group has rwx [09:41] fuser returns nothing :) [09:41] beniwtv: sorry I dont quite understand, you've configured bind, and you want to use it as a cache, but you haven't pointed the other computers on your network at the bind server? you need to do that or the other PCS won't know where to look for DNS [09:41] Doble: groups confirms that you are in that group [09:42] simplexio: interesting ... groups doesn't show me as a member of 'everyone' ... however if I do "sudo adduser jdoble everyone" .. I get "The user `jdoble' is already a member of `everyone'" [09:43] Doble: logout/login,, and it fixes it in that terminal. [09:43] Doble: I know that :) But I'm querying it with the dig command, and returns responses when on the local machine. But from other machines I get client #49386: query (cache) '/A/IN' denied in the server logs [09:44] Doble: or su - , updates those too, im not sure if there is another way to upgrade groups [09:44] simplexio, Doble running 'login' from your prompt wil too [09:44] beniwtv: I see ... have you checked that you have enabled the network in your bind conf? and that apparmor isn't blocking the server? [09:45] simplexio: kaiser: ahh it is working now ... I wasn't aware that groups did not update immediately [09:45] Doble: Apparmor isn't blocking - I checked that. How can I check I have networking in bind? [09:46] telnet dns [09:46] might be s/dns/named actually [09:49] beniwtv: sorry, I was confused with another conf file :) if you have bind configured it should be listening and 'just work' when you perform a dig, do you have reverse lookup set up for your subnet ? [09:49] Kamping_Kaiser: Yep that works, and netstat tells me it's bound on all NIC's of the server. It just wont' answer, and I think I need to authorize the networks to query it [09:50] Kamping_Kaiser: I think that is what the log message acutally means [09:51] beniwtv: sounds like you are right but i can't remember any config setting to enable/authorize a network [09:51] I dont use bind, so cant help there. seems like a pile of overkill for my network :) [09:52] Kamping_Kaiser: So, you driving yet, or just bragging? [09:52] Doble: It 'just works' from localhost, yes. But not from other machines, and I don't know why it would need to have reverse lookup if I query just google :) [09:52] [09:53] beniwtv: I agree, I'm just stabbing in the dark ... sorry mate [09:53] Kamping_Kaiser: Yeah, for a home network it's probably overkill. But we need it so that our users which are connecting to the Interner get a DNS :) [09:53] s/Interner/Internet [09:53] owh, not visiting you tonight i'm afraid, got a gNewSense release to do ;0 [09:54] Fine, fine, I'll deal with the disappointment :) [09:58] owh, have a drink to console yourself, or download our new release when its up;) [09:58] A new release, you mean break my production machine again :) [09:59] hehe [10:01] can anyone tell me why i get the error "Failed to add entry for user bill." when I log in as bill ? [10:02] where is the error? [10:02] sorry, i closed chat [10:02] hi guys, I'm running ubuntu hardy server, and I'm struggling to understand why my vm isn't updating to intrepid [10:02] are there any commands I'm missing here?> [10:02] https://gist.github.com/a40f7676cc63c80e10ae [10:03] Doble, where is the error? [10:03] later all... [10:03] owh, later mate [10:03] Kaiser: First line of the login ... so "login as: bill" "bill@192.168.2.10's password:" "Failed to add entry for user bill." [10:03] I've just run the basic "aptitude update, aptitude install update-manager-core, do-release-upgrade' steps [10:03] Kaiser: I think its related to samba [10:05] Doble: Have you added samba for PAM auth? [10:05] afk. dinner [10:06] beniwtv: I'm not sure ... is that where samba syncs its users with ubuntu's users? If so - yes, because it is included by default when you install ubuntu 8.10 and choose "file server" which is what I did. [10:08] Doble: yep, it syncs users there. Maybe the logs give you some more info. Like auth.log and daemon.log [10:10] beniwtv: there doesnt seem to be any info in those two files ... just saying that 'bill' logged in [10:14] Doble: Anything in syslog (maybe Apparmor?) [10:31] hi folks [10:32] this mornin unattended-upgrades upgraded my packages [10:32] as always this works great [10:32] but it also updated mysql-server [10:32] the server was only stopped during the upgrade process [10:32] (3 times) [10:32] and never started [10:33] is that desired behaviour or do i need to change some configuration to get it automatically started [10:36] were you able to start it manually? anything suspicous in the log? [10:36] Actium, yes i was [10:36] and nothing suspicious in the log [10:36] i am using hardy heron [10:38] does the upgrade log state a reason, why the server hasnt been restarted? [10:42] Hi guys, I'm writing the "ubuntu server" course for canonical. I want to include a brief comparison of RHN/Satellite/SpaceWalk with Landscape. What are the key feature differences I should mention? [10:44] cbeebie: I can't help with your question, but maybe you can help with one of mine! I want to pursue some linux training, but I don't know where to start, are there any 'industry standard' certifications like an equivilant of a Microsoft Certified System Engineer? [10:45] Doble - currently Canonical offer the Ubuntu Certified Professional (UCP) based on LPI level 1 plus an Ubuntu specific exam (LPI199) [10:47] cbeebie: thanks, what is LPI level 1 ? [10:47] Linux Professional Institute [10:47] Actium, do you want me to post the log to some pastebin? [10:48] worth a shot [10:48] cbeebie: thanks, I'll check it out [10:49] Doble, a good place to start might be http://www.ubuntu.com/training/ [10:51] cheers [10:51] :( no training in australia [10:52] I can come and deliver some if you want ... ;-) [10:53] Doble, no one lives in australia, what are you talking about :p [10:53] lol [10:53] Doble, have to say i wasnt hugely impressed by my look at lpi , but perhaps i'll go do it one day. [10:53] ;) [10:55] LPI has brought updated exam objectives online quite recently, you might want to take another look [10:56] www.lpi.org [10:56] cbeebie, ah really? *visits* [10:59] lpi don't offer anything in my reigon either lol [11:30] hey guys [11:30] im trying to upgrade from intrepid to jaunty for some reaason when i issue the do-release-upgrade to upgrade to the beta nothing happens its saying no new release found [11:31] !upgrade [11:31] For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/getubuntu/upgrading [11:32] i followed the instructions that were on that how to but for some reason its not working [11:32] Actium, here you go http://pastebin.com/m4a1553fc [11:33] that is indeed weird [11:34] Actium: you have any idea why i cant upgrade from intrepid version of server to jaunty [11:34] which error are you getting, eagles0513875. i did just that 3 days ago. [11:35] when i run the do-release upgrade command it keeps telling me no new release found [11:35] i made sure that the upgrade manager core is installed [11:35] eagles0513875, you gotta use "do-release-upgrade -d". [11:35] as well as made sure the file that you have to edit has priority =normal which it does [11:35] Actium: ahh then site is wrong [11:36] the -d is mandatory since jaunty is still flagged as in development (which it is). [11:36] but it's working flawlessly on my machine. [11:36] ahhh i learned something new [11:36] Actium: im kinda weary of doing this upgrade like tihs [11:36] kubuntu has issues when doing it [11:36] your left with old stuff on kde like the old network manager and package manager [11:36] i made a complete backup of my box, before i launched the upgrade. [11:37] this is on an old laptop [11:37] im on me new laptop [11:37] ended up using my usb boot pen drive to install it [11:37] which is a nice feature :) [11:38] indeed, installing the netbook remix of ubuntu with my pendrive took like 5 minutes on an aspire one. [11:38] that only works with netbooks with screens up to 10 inches [11:38] this is an hp tablet which has a 12.1 inch screen [11:38] one thing i love about kubuntu and all this distro is how much stuff works outa the box [11:39] for me on this tablet just about everything minux wacom tablet stuff [11:39] hey all... any ideas what I have to put in /etc/hosts so that postfix can resolve a domain to an internal IP? I've tried but postfix ignores that. [11:40] beniwtv: look at your nsswitch.conf to check the order [11:40] beniwtv: you'll need an FQDN [11:40] milestone: no errors, nothing suspicious, but it won't restart the server. it's probably a bug in the upgrade script, or whatever. if the mysqld starts after a reboot of your computer - check that - i'd just let it be. [11:41] eagles0513875, we're in the wrong channel to talk about laptops/netbooks/tablet pcs ... ;) [11:41] ikonia: It is hosts: files dns, and yes, of course I put a complete domain... it was just an example acutally [11:41] beniwtv: can you ping it [11:41] sry Actium [11:41] ikonia: yep [11:41] beniwtv: thats odd, but postfix ignores it [11:42] ikonia: I also can telnet just fine [11:42] beniwtv: what is the hosting in the postfix main file ? [11:43] ikonia: Hosting? [11:44] sorry - host [11:44] what host is in the postfix main file [11:45] ikonia: "myhostname = radius02" Do you mean this? [11:45] Actium [11:45] beniwtv: is that inthe postfix onfig [11:45] ups sorry [11:45] Actium, a bug in an upgrade skript on a production server aint that funny you know [11:46] ikonia: Yep.... I just need to send monitoring e.mails to a server, but that server resolves in DNS as an external address on the same network, and my pix wont' let that happen. So I need to put the internal IP somewhere... maybe specifying a relay? [12:18] I'm reading one of the samba docs and it lists a command - "chmod -R ug+rwxs,o-r+x /data" can anyone tell me what the "s" from "rwxs" does? [12:44] sorry, milestone, just came back from lunch. of course it aint funny, but there's nothing i can do to determine what really caused that failure to restart. if you feel obliged to investigate, do so and if you find out, it's a bug in the update script, report it to the devs. that's how a major branch of oss improvent works, after all. [12:47] Doble: It sets the setuid/setgid bit. [12:48] Actium, :) [12:48] Actium, I know. I am doing work on the apache turbine project [12:49] Actium, so is there a way to further investigate an upgrade problem without a package that needs upgrading? If yes, tell me more, and i will be more than happy to further investigate [12:50] downgrade and then upgrade again. [12:50] the previously installed package should still reside in you cache directory. [12:51] and the postinstall script of the new package should provide you with very valuable information. [12:51] on a productionsite. it will take me some time. probably sometime this or next week [12:52] in that case i'd rather let it be. messing around with a production box is not exactly what i fancy doing. ;) [12:54] i'm just glad my semi-production server "survived" the upgrade to jaunty without any major casualties, the other day. [12:54] ;) === zoopster1 is now known as zoopster [12:55] but i think i know the answer already [12:55] thinking about it [12:55] "never change a running system"? [12:55] IIRC the postinstall script calls invoke-rc.d [12:56] since this a drbd cluster system with mysqld being controlled by heartbeat [12:56] the server is not started just stopped [12:57] invoke-rc.d will check if there are symlinks from the current RC directories to the init skript and call it only if they are there [12:59] so [12:59] what have i won? [13:00] honestly: dunno [13:00] Actium, i am 100% that that is the problem [13:00] then maybe it's worth a bug-report. [13:01] that won't do because it is not a bug when not in a cluster [13:02] well, then its a bug that only takes effect when it's a cluster, but its a bug anyway. (imho) [14:02] hi [14:02] what is the meaning of cpu load in the form n.nn, m.mm, p.pp .. ? === bloggerfag is now known as bogeyd6 [14:03] http://en.wikipedia.org/wiki/Load_(computing) [14:04] http://digg.com/d1ok8m === bittin` is now known as bittin^` [14:25] kirkland: I don't know if you noticed, but I came up with a backtrace for that kvm segfault we discussed yesterday. [14:26] soren: no, i missed it.... [14:26] soren: what do you have? [14:26] https://bugs.edge.launchpad.net/ubuntu/+source/kvm/+bug/359447 [14:26] Launchpad bug 359447 in kvm "kvm segfaults" [High,Triaged] [14:29] soren: oh, yeah, i haven't even made it through my bug list yet today [14:29] soren: still sorting through irc pings, then mail [14:29] kirkland: Alright, no worries. [14:30] soren: so the ide block device, huh [14:31] kirkland: Perhaps. [14:31] kirkland: That's where it's triggered, at least. [14:32] kirkland: I suppose I could switch to virtio and see if it helps any. [14:33] kirkland: Heck, I'll give it a shot. It can't get much worse than it is right n ow. [14:34] soren: still a block device, just using virtio, though? [14:35] * soren is not sure he understands the question. [14:36] soren: you're not dd'ing the block device to a file first [14:36] wrong channel guys :) [14:36] soren: which is what I was going to suggest [14:36] yann2: we're all over the place [14:36] kirkland: It... /is/ a file. [14:37] ? [14:37] soren: then i misunderstood your point [14:37] soren: i thought you said previously that the target disk was a block device [14:38] It's a file-backed, raw-formatted, virtio-connected virtual block device. [14:41] soren: okay, thanks [14:54] * Faust-C wonders about creating a mail server and configuring TLS [15:04] you might wanna try out dovecot-postfix (http://packages.ubuntu.com/jaunty/dovecot-postfix). unfortunately has only become available in jaunty. [15:12] Hey! [15:14] does ubuntu-server have directory capabilites? [15:17] LyonJT, can you be a little more specific with your question / [15:17] ldap? [15:20] yes, sorry im from a windows enviroment thats why, for example on windows server you have active directory for groups users group policys etc do you have this in ubuntu server? [15:22] LyonJT: you can actually setup samba to be a domain controller [15:23] is theree a ubuntu equilvent? [15:23] well, at least as a NT-domain controller. [15:26] LyonJT: any distro you can youse samba as a domain controller [15:27] Actium, ty [15:28] eagles0513875, samba3 as a DC isnt the solution by any means [15:28] LyonJT, you can use items like samba to auth TO AD or use items like fedora-directory server to sync between AD and FDS (LDAP) [15:28] you're welcome [15:30] Greetings and salutations! [15:30] I've compiled my own kernel module, and would like advise on loading it on boot. [15:30] Fenix|work: just depmod and modprobe it [15:31] ikonia, and stick it in /etc/modules? [15:31] felipe_, yes [15:31] err Fenix|work * [15:31] well in the correct sub dir of /lib/mdules/$kernel etc [15:33] ikonia, I compiled the module... then created an appropriate directory structure under /lib/modules/$kernel-ver/kernel/fs/ [15:33] the dir name is the same as the module name [15:33] Fenix|work: perfect [15:33] Fenix|work: what is the module out of interest ? [15:33] qnx4fs module [15:33] ooh you've not wrote it, just built it [15:33] provides read/write support for qnx4 file systems. [15:33] yup [15:34] depmod -a [15:34] ? [15:34] bang on [15:34] modprobe [15:35] super [15:36] then on it's own line in /etc/modules and a reboot to make sure it works? [15:36] Fenix|work: but in theory if something needs qnx4 it should auto load it [15:36] I have a qnx4 partition that I want to mount on boot [15:37] should be fine [15:40] there it is. It works. [15:40] thanks ikonia [15:43] oh... ikonia while I'm here... could you give me some advice on rsync? [15:44] I have an rsync daemon running on another box for / [15:44] but I want to exclude a directory and a couple of files. [15:44] and I have no clue how to do that [15:45] under which user is ist running? [15:45] root [15:45] that's gonna be difficult. [15:45] Actium, can you explain please? [15:46] Faust-C: Is fedora directory server the equilavant to ad? [15:46] in case rsyncd does not have any built-in directory-/file-exemption features, it's impossible. [15:46] LyonJT, no, nothing is "equal" to AD [15:46] Lool well in the same precepals [15:46] princepals* [15:47] well its LDAP but "simpler" [15:47] Actium, that's fine, but what about the rsync client pulling from the daemon? Can I add excludes there? [15:47] you can sync FDS to AD [15:47] okay [15:47] which is awsome but im still working out bugs w/ ubuntu [15:47] i use it w/ centos [15:47] LyonJT: Hmm? [15:47] you could set the unix permissions for those files in a way that root would not have read access, but usually root doesn't give a damn about permissions. so unix permissions won't do. [15:47] and what apt do i need install to get fedora directory server on ubuntu server? [15:47] LyonJT, sec lemme find link [15:47] thanks! [15:48] if possible, the excludes have to be set by the server. you can't just kindly ask your clients to specify a few parameters, can you? [15:48] LyonJT, http://directory.fedoraproject.org/, look around the site, theres a howto for ubuntu [15:48] Actium, I am the server and the client :) [15:48] Thank you Faust-C [15:49] LyonJT, yw, btw bookmark my site: virtualdisaster.net, once i figure out how to make AD and linux play nice ill post it [15:49] * Faust-C site is messed up atm but remember the link [15:49] I am using rsync as a near real-time backup of a system. I want to back up everything (qnx4 system), but want to ignore the /dev directory and a couple of .files in the root [15:50] Fenix|work, i say look into dar [15:50] then you should use the "--exclude=PATTERN"-parameter [15:50] then rsync the files over once its complete [15:50] thank you very much Faust-C [15:50] LyonJT, yw and good luck, you can do it, [15:50] Actium, exclude on the daemon when it starts, or on the client pulling from the daemon? [15:51] Fenix|work, dar.... [15:51] Hopefully! [15:51] if you want a accurate complete backup use the right tool for the right job [15:51] Faust-C, dar is not supported on QNX4 [15:51] client will suffice. any btw: you don't even need to use the daemon, in case you have a running ssh-server. [15:51] Fenix|work, youre mounting the filesystem arent you [15:51] rsync can easily stream itself over ssh [15:52] Actium, I haven't been able to successfully port over OpenSSH to QNX4 yet [15:52] ok [15:53] Faust-C, I have two QNX boxes... the one I want to sync is running QNX. The one I am syncing to is ubuntu-server with qnx4fs mounted partition. [15:53] Faust-C: Quick question is there a command to sleep a ubuntu server? [15:53] and does it support Wake on lan? [15:53] The hope is to sync the live box to the backup so if something were to happen to the live one, I can change boot order of the ubuntu server and boot a live copy of the backup with identical settings [15:54] LyonJT, WOL depends on hardware, and yes theres a sleep command for desktop, idk about for server (i doubt it) [15:55] Actium, the exclude-from file, what format is it? [15:56] idk? [15:56] i don't know [15:56] probably just a text file with patterns to exclude seperated by newlines. [15:56] Sorry that was to Faust-C [15:56] LyonJT, no lol thats what idk means, i dont know [15:56] LyonJT, that was the answer to your question [15:57] ohhh [15:57] sorry lol [15:57] i should know that! [16:01] thank you though [16:06] very simple question but whats the command to enable root [16:07] sudo passwd [16:10] thanks! [16:19] man i need to create a mail server but have to make sure its simple to administer [16:20] you done it before? [16:20] nope, cause what i want is kinda complex [16:20] Ohh fair enough [16:21] i want it to auth to AD/LDAP and have a simple administration interface [16:21] tricky! [16:21] are you going to code it yourself? [16:22] hopefully no [16:22] How do you share files? [16:22] is there a command [16:22] samba [16:22] smbclient [16:22] what if the client is os x [16:23] is there a afp equilvent [16:23] dw [16:23] i have found it [16:23] netatalk [16:23] but i would suggest using samba [16:23] netatalk? is that like samba? [16:23] apple said they are abandoning AFP [16:24] + they broke it in latest OSX [16:24] well, they brake samba and cups all the time, so that's not news :D [16:25] LyonJT: yes, it's like samba; file sharing [16:25] okay thank you [16:25] if you have latest osx [16:25] make sure to patch it :) [16:25] i have found a good guide : http://www.kremalicious.com/2008/06/ubuntu-as-mac-file-server-and-time-machine-volume/ [16:25] or disable restriction for cleartext passwords [16:26] how can you disable clear text passwords? or is a built in already [16:27] look at the google [16:27] this howto recommends building your own package [16:27] okay will do! [16:27] you can do that or enable clear text passwords in osx [16:27] okay! [16:28] don't do 'sudo DEB_BUILD_OPTIONS=ssl dpkg-buildpackage -rfakeroot' [16:28] leave out 'sudo [16:29] and don't do 'sudo gedit /etc/netatalk/afpd.conf' [16:29] is that because ill be in root already? [16:29] edit /etc/default/netatalk [16:29] not, you should never build packages as root [16:29] whys that [16:30] caus there might be rm -rf / in scripts [16:31] so leave them two out ye? [16:31] i was to use afp though [16:31] want* [16:31] have you ever used debian or ubuntu before? [16:32] Not really [16:32] Here and there [16:33] then follow the guide [16:33] but just leave out sudo in package building [16:33] Lol okay will do [16:33] shall i be root when i do it? [16:33] Hi all... I have a DNS now set-up, with forwarders commented out. However, it still resolves domains like google or so. Any ideas? [16:33] no [16:34] beniwtv: recursion no;? [16:35] ivoks: that was it! thanks (still a bind newbie) :) [16:35] beniwtv: allow-query-cache ? [16:39] ivoks: It works with recursion no; already, should I also use allow-query-cache? [16:42] beniwtv: you should allow query cache only to local net [16:42] beniwtv: have you set up acls? [16:50] ivoks: No acls as I need it t be able to be queried from everywhere... (it will be the second authorative for our domains) [16:58] Greetings and salutations (again) [16:59] Actium, you have a moment? [16:59] go ahead [16:59] Actium, is it possible to rsync '/' ? [16:59] :) [16:59] I'm getting the following when I try... receiving file list ... Offset underflow: file-length is negative [17:00] i'll try ... [17:00] any subdirectory in rsyncd works though [17:01] works for me. however i'm not using rsyncd, but rsync via ssh. [17:01] I think it isn't supported in my version [17:02] reading a little further... (sighs I know, should have sooner) it replies: rsync error: requested action not supported (code 4) at flist.c(846) [17:02] rsync --version [17:02] im running 3.0.5 [17:02] QNX rsyncd is 2.6.8 [17:03] can't seem to port a higher version [17:03] sounds ancient to me [17:04] 2006 :) [17:04] * Faust-C will use citadel and auth it against AD [17:05] is there a way to search a file? [17:05] grep it? [17:05] LyonJT, find . -name *name* [17:05] LyonJT, find . -name *name* >> search.txt [17:06] * Actium is stupid. he thought LyonJT wanted to search a file's contents. [17:08] so i can use find . -myfile.txt ? [17:09] no: find . -name myfile.txt [17:12] g2g [17:16] New bug: #361802 in samba (main) "net sam list groups causes a segmentation fault" [Undecided,New] https://launchpad.net/bugs/361802 [17:29] is there a way to remotely install a ubuntu server? === tuxlinux_ is now known as tuxlinux [17:35] kirkland: I just had a panic following Apr 15 17:30:34 perseus kernel: [254450.083631] kvm: 26161: cpu0 unhandled wrmsr: 0xc0010117 data 0 [17:40] LyonJT: yes [17:40] take care everybody [17:41] ivoks: bye [17:42] hi ivoks [17:46] mdz: panic in the guest or host? [17:46] kirkland: host [17:46] mdz: host crashed? locked up? [17:47] kirkland: I saw X mostly freeze, but the mouse was still responding. after various attempts to revive it, I tried alt+sysrq+k and was rewarded with a flashing caps lock [17:48] mdz: doing anything special at the time, in the guest? [17:49] kirkland: nope [17:49] kirkland: had just booted a DVD for testing, was sitting in the desktop [17:49] mdz: mouse still moving but display wedged is how X/intel GPU freezes seem to manifest in jaunty. [17:49] mdz: upstream had previously told me that those messages were benign, overzealous logging [17:49] mdz: i'll check with him again [17:49] mdz: can you try one thing .... [17:50] mdz: could you add clock=acpi_pm to your boot line? [17:50] mdz: https://launchpad.net/bugs/361754 [17:50] Launchpad bug 361754 in kvm "guest needs to boot with clock=acpi_pm" [Undecided,New] [17:50] mdz: dholbach reported something similar this morning [17:50] kirkland: it's possible that this was actually bug 359392 [17:50] Launchpad bug 359392 in xserver-xorg-video-intel "[i965] X freezes starting on April 3rd" [Critical,Triaged] https://launchpad.net/bugs/359392 [17:50] kirkland: but I suspected kvm because of that message [17:50] kirkland: I can, but I can't reproduce the bug [17:51] hmm [17:53] bug #243393 [17:53] Launchpad bug 243393 in kvm "dmesg is flooded with warnings in kvm/mmu.c" [Low,Confirmed] https://launchpad.net/bugs/243393 [17:54] mdz: who is Bryan Wu? [17:54] mdz: https://bugs.edge.launchpad.net/ubuntu/+source/linux/+bug/325851 [17:54] Launchpad bug 325851 in linux "[133672.221112] kvm: 28400: cpu0 unhandled wrmsr: 0xc0010117 data 0 " [Medium,Triaged] [17:54] mdz: i notice that he's assigned that bug, i don't recognize the name [17:54] * kirkland steps out for a bite to eat, back shortly [17:55] nearly-last call for openweek sessions: https://wiki.ubuntu.com/UbuntuOpenWeek/Prep [17:55] soren: ^^^^ [17:55] mathiaz: ^^^ [17:55] kirkland: Bryan Wu is one of the newest members of the canonical kernel team [17:55] kirkland: he's based in Shanghai [17:56] kirkland: it did happen just as I was switching desktops, so that hints that it might be 359392 [18:15] Faust-C: what can be used as a domain controller [18:17] eagles0513875: you can use Samba as a NT style DC [18:19] jmedina: i know but Faust-C told me that i couldnt for some reason [18:19] eagles0513875: I use samba domain controllers since 5 years ago without problems [18:20] jcastro: updated - thanks [18:20] they are ldap based [18:20] jmedina: thanks for enlightening me [18:20] you can also add strong security to the recipe using kerberos [18:20] eagles0513875: I have a howto [18:20] sweet link me [18:20] it is in spahish but I think it has good examples [18:21] might set up a domain controller on me old laptop which im converting to iptable firewall and bind server [18:21] http://tuxjm.net/docs/cursos/Samba+OpenLDAP+PAM+NSS-4Ubuntu/html/ [18:21] jmedina: yo comprendo poquito espanol [18:21] lol [18:21] Im in the process of documenting ACLs [18:21] eagles0513875: good [18:21] kool [18:22] ill work on that later i need ot get bind setup i think lol [18:22] how can you enable ufw? [18:22] you dont need DNS [18:23] jmedina: i am running a router yes but i would like it to use it as a dns cache for sites i visit [18:23] but is a good idea if you are masquerading your lan, you can save bw using caching dns [18:23] thats what i am wanting to do [18:23] !info masquerading [18:23] Package masquerading does not exist in intrepid [18:23] !masquerading [18:23] Sorry, I don't know anything about masquerading [18:24] eagles0513875: I mean NAT [18:24] right now im using a router which is doing the nat [18:27] LyonJT: man ufw. basically: 'sudo ufw enable' [18:27] thanks jdstrand [18:40] does anyone have a guide to unix operating system.. example what etc, usr etc them folders are used for? [18:42] LyonJT: filesystem heirarchy is not going to be consistent between operating systems based on unix [18:42] LyonJT: read FHS (Filesystem Hierarchy Standard) http://pathname.com/fhs/ [18:42] thank you [18:43] No i understand that but i would like to understand the basic principles [18:43] yep the FHS guide is a good one -- but very broad [18:44] thanks [18:45] jmedina, so you use samba as a domain controller [18:45] a NT domain controller [18:45] which is worthless [18:45] worthless? [18:45] cause you cant mange systems as fine grained as you can w/ AD [18:45] why? [18:46] maybe cause ppl need more than authentication [18:46] well my implementation works I use poledit for system policies [18:46] it is harder but works [18:46] * Faust-C googles poledit [18:46] imo work smarter not harder [18:46] poledit is the old program for creating system policies in nt4 dc [18:46] oic [18:47] poledit.exe it is shipped with resource kit [18:47] eh ... id rather use a single AD server and FDS [18:48] FDS? [18:48] fedora directory server [18:48] its a LDAP server [18:48] well I dont need AD, and my customers cant afford for a AD licence and CALs [18:48] like Sun Directory [18:48] yes I know the old technology from FDS :D [18:49] you dont need a AD license [18:49] well I mean the windows license [18:49] you need one server license and then user cals which arent expensive [18:49] Faust-C: well probably for you arent expensive [18:49] or you can use FDS and pGINA [18:50] pgina is not maintained [18:50] jmedina, we're dirt poor atm but i wont waste money or time [18:51] and using a NT DC is still supported? [18:52] well it works with win98-vista clients [18:52] well good luck migrating to anything else [18:53] i plan to use FDS or some kind of LDAP server as the base and then AD [18:53] Faust-C: can you explain more about that solution? [18:54] jmedina, create a FDS server, then at least you can auth clients against that [18:54] if you happen to get funds for AD you can sync FDS w/ AD [18:54] or sync to any other standards compliant LDAP server [18:54] well I dont use FDS, I use OpenLDAP [18:54] such as eDir [18:55] samba with ldap backend [18:55] you can use FDS w/ samba, just as you can w/ any LDAP server [18:55] yeap I know, but I dont see any advantage at the moment [18:56] well consider this, if you get hit by a bus, whom will take over [18:56] Faust-C: do you know if samba4 will support FDS? [18:56] doesnt matter cause samba is standards compliant [18:56] meaning it will work w/ any standards compliant LDAP server [18:56] I know they added support for openldap as backend [18:57] I mean integrated, samba team has been working with openldap team for a complete integration [18:57] idk setting up FDS takes a few hours (like 2) compared to openldap [18:58] not to mention native consoles for MS and Linux [18:58] openldap team has been helping samba developers to solve some ldap implementations with AD schemas [18:59] I know nothing about FDS and samba4 integration [19:00] youre looking at this very backwards [19:01] focus on future proofing your infrastructure, not creating a home brewed solution that in reality is more expensive than a 3rd party solution [19:03] Im not sure about that right now, I need to test FDS and try to achieve all the features I do with openlda+samba [19:04] jmedina, it supports samba, most "standards" compliant LDAP servers do [19:05] plus it leaves the option to use AD if you ever need to [19:05] * Faust-C doesnt like using MS but it has its place [19:06] Faust-C: Im reading that samba4 has FDS support :D [19:06] sweet [19:06] im actually looking forward to samba4 [19:06] I need to catch up with FDS compatibility [19:06] --ldap-backend-type=fedora-ds [19:06] :D [19:07] jmedina, hell look at Sun Directory server (its based off FDS, well RHDS) [19:08] Faust-C: mm but Sun says Sun dir it uses old technolgy they are migrating to OpenDS [19:08] jmedina, o rly, didnt know that, [19:08] wow looks nice [19:09] https://www.opends.org/wiki/page/ProjectDefinition#section-ProjectDefinition-WhyNotOpenSourceTheCurrentSunJavaSystemDirectoryServer [19:09] jmedina, btw i only "nag" at you cause i want to see you succeed!! [19:10] jmedina, hmm its true about the FDS thing [19:10] the channel is full but yet i hardly see any docs on FDS [19:10] but i have ONE that is uber awsome [19:11] Faust-C: about what thing? [19:11] jmedina, that no one has much interest in FDS [19:11] sadly.... [19:12] All people I know says something like: "bahhh, old technology...." [19:12] people that at some time used netscape or sun directory, then migrated to openldap for performance and support reasons [19:13] that is one of the reasons HP migrated all theri enterprise directory from propietary to openldap [19:14] jmedina, the only thing i do not like about openldap [19:14] is the manual configuration, i dont mind a terminal (considering all my personal systems but one are linux) but man come on [19:14] and all the docs are overly technical [19:15] yeap, but that can be improved and we can help [19:16] of course [19:16] ive dedicated my site to creating "enterprise" documentation [19:16] to show that opensource can work in the enterprise [19:17] good [19:17] and what is our site? [19:17] *your [19:18] virtualdisaster.net, its not ready yet but in a few days it will be ready for use [19:18] bookmark it for future reference [19:18] thanks [19:18] * Faust-C makes note to finish it this week [19:18] no thank you, i think ill drop FDS lol [19:18] Faust-C: :D [19:19] and look at either pure openldap or this openDS [19:19] well I wont drop it until I do real comparisions and benchmarks [19:19] by the way yesterday was released openldap stable [19:20] well considering FDS isnt getting much life, and i want something simple [19:20] Faust-C: are you using any ldap implementation at the moment? [19:20] sadly no [19:21] but i need some kinda LDAP (i dont really care about AD cause I can make that work) [19:21] cause my new mail server, file server will auth to ldap [19:21] you can also sync AD with openldap [19:21] yeah [19:21] or even use openldap as a AD proxy :D [19:21] jmedina, would you have any good links for openldap? [19:21] well thats what i want to do [19:22] Faust-C: the book [19:22] really? [19:22] i tried to read it once and was like damn .... [19:22] wow, opends has a neat installer.... [19:23] Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services [19:23] http://www.packtpub.com/OpenLDAP-Developers-Server-Open-Source-Linux/book [19:23] sweet deal thanks [19:24] Faust-C: opends has a good integration with OpenSSO for single sign on for java apps [19:24] some goverment offices here are migrating to that because mosth of their enterprise apps are bult in java [19:25] Good evening my irc loving friends [19:25] thats what i want so bad SSO [19:26] hell i use joomla and it can auth to ldap which would be awsome for a intra website [19:26] yeap [19:27] matter of fact use it for clients [19:30] I use ldap for everything, samba, squid, apache, radius, ezpublish, mediawiki, mantis, jabber, linux logins (NSS+pam) [19:30] and openvpn [19:31] and of course for global address book [19:31] yeah [19:31] postfix, courier-imap (next dovecot) [19:31] jmedina, once my site is ready im gonna kidnap you and have you document all that [19:32] Faust-C: I have some documents about every solutions but in plain text files [19:32] Im moving to docbook [19:32] my site is tuxjm.net [19:58] Greetings [19:58] I have a couple of files I can't seem to delete [19:59] ls -Flai shows the following [19:59] mdz: ack on bryan wu, thanks for the pointer [19:59] 1528939 ?????????? ? ? ? ? ? vs100 [19:59] mdz: intel video? [19:59] mdz: i saw something similar this morning, when doing alt-tab, kernel panic, flashing caps-locked [20:00] when using rm -f I get rm: cannot remove `vs100': Input/output error [20:00] mdz: i recently switch from my nvidia thinkpad to my intel thinkpad, and just saw this issue for the first time [20:04] kirkland: it's happened to me twice today [20:04] mdz: compiz or no? [20:05] kirkland: compiz. the workaround is to turn it off === RoAk is now known as RoAkSoAx [20:20] hey guys [20:21] any recommends for faster copy sync then cp -auv or rsync -az [20:21] ? [20:21] i have 700GB [20:21] drives [20:21] that i need to sync them [20:22] gate_keeper_: dd ? [20:22] rsync is slow, coz is making file list [20:22] :/ [20:27] Gargoyle, probably it'll last forever to create 700GB image [20:27] :) [20:30] gate_keeper_, look into network raid maybe? [20:31] DRBD [20:34] maybe .. [20:35] gate_keeper_: How about a tar stream? [20:43] well .. the hard drives are connected on the server [20:43] :) [20:43] network raid will not work .. [20:44] all i need is update of the files [20:44] probably cp -u [20:44] is the best options [20:44] *option [20:44] however [21:25] New bug: #361961 in dovecot (main) "dovecot not configured to listen to any ports after intrepid->jaunty upgrade" [Undecided,New] https://launchpad.net/bugs/361961 [21:27] Ah. ^^^ new security feature. [21:27] safety first [21:36] pretty effective. [21:37] hey all I did something pretty stupid and disabled the admin account in the sudoers file, is there a way to reset this without a livecd? [21:38] foxbuntu: boot into single user mode [21:38] giovani, ah right [21:38] giovani, thanks! [21:38] i doubt that. no. maybe the rescue mode can help you. it should allow a passwordless root login - of course unless you have set a root password. [21:38] otherwise known as "recovery mode" in the ubuntu grub boot [21:38] Actium: you doubt what? [21:39] "is there a way to reset this without a livecd?" [21:39] yes, there is [21:39] I just said how [21:39] i doubted that until i came up with the recovery mode idea. [21:39] thats why i said "no" right in the following sentence. [21:40] uh ... ok [21:40] I just didn't see the need to repeat my advice and make it more confusing [21:40] just a little misunderstanding. happens. ;) [21:40] Actium: It is a passwordless root login to log into recovery mode. [21:41] yeah, that's the entire purpose of single user mode [21:41] afaik only when there's no root pw set. [21:41] nope [21:41] then im probably mistaken. [21:42] you are [21:44] now i know why. i faintly remembered having read sth about setting a password to protect the recovery mode from being abused. it was however not *nix-password, but a grub-passwd. [21:45] yes, that's completely urnelated [21:45] unrelated* [21:45] (to a root password) [21:46] i know. i just did not recall the correct thing. (damn alcohol, if you ask me). ;) [21:48] Honestly anyone with physical access owns the box. There's really no point unless you're worried about someone just walking by [21:49] ScottK: I'd contend that considerable effort can be made to prevent someone, even someone with physical access, from accessing data/records on the machine [21:49] can they unplug the power? Sure! does that equate to being able to read/modify the live machine's OS? no [21:49] giovani: Yes, but any of those methods that are likely to work for any length of time involve encryption. [21:50] indeed they do [21:50] and WDE is widely used [21:50] all of my remote, personal servers are fully encrypted [21:50] and they all have BIOS and GRUB passwords [21:54] mhh since when is amavisd under ubuntu so different in configfiles >? [21:58] MatBoy: What do you mean? [21:58] Different than what? === jussi01 is now known as android [22:01] ScottK: the 50-user files and so on [22:01] MatBoy: We get that from Debian. [22:02] It actually works pretty well. You change anything you want in 50-user and then if the maintainer makes changes in the other files you don't have to deal with manual config merges in the maintainer managed files. [22:02] Anything you put in the later 50-user file will over-ride whatever is in the earlier ones. [22:04] ScottK: ok... but my sql wblist does not seem to work when I set everything in the 50-user [22:05] I expect it's a function of your syntax, not what file it's in, but I don't use sql, so can't give specific advice. === dantalizing is now known as dantalizing_ === dantalizing_ is now known as dantalizing__ [22:06] ScottK: ok :) === dantalizing__ is now known as dantalizing [22:12] still a bummer that there are no good docs about ubuntu and DB drived amavisd [22:13] I'm sure sommer would love to have some input from you for the next edition of the Ubuntu Server Guide once you have it figured out. [22:19] woie [22:19] works [22:27] MatBoy: what was the problem? [22:30] jmedina: I used the postvis admin sql lines [22:30] they work OK [22:31] but now... I would like to insert some reference into the quarantine table so a quarantine mail also has a mailbox column [22:33] Im MatBoy good I didnt know about postvis admin [22:33] s/Im// [22:34] jmedina: but now [22:35] jmedina: you never did ? [22:36] MatBoy: what? amavis+mysql? [22:37] jmedina: postvis [22:37] nop, it is the first time I hear about postvis, looks good [22:38] jmedina: nice [22:38] jmedina: I build my own stuff atm [22:39] it looks good indeed [22:39] but there are alternatives [22:43] does someone know anything about a policy port for amavisd ? 9998 ? [22:46] Your Distro is Insecure: Ubuntu: http://www.linux-mag.com/id/7297/1/ [23:21] huh ? distro insecure ? [23:22] MatBoy: It's about 99% FUD. [23:33] ScottK: LOL === asac_ is now known as asac [23:34] ScottK: do you use /usr/sbin/amavisd-release [23:34] ? [23:36] MatBoy: I'm actually not currently using amavisd-new. The project that I was going to use it for ended. cemc and ivoks use it. I'd ask them. [23:40] ScottK: ok :) I switch to it from mailscanner which is kinda slow [23:41] Mailscanner and postfix is a bad combination. [23:43] ScottK: mailscanner was a frontend using... [23:43] uhm [23:44] postfix I thought indeed [23:45] Bad plan. [23:50] MatBoy: mailscanner is a abortion that does unspeakable things to postfix internals, and is pretty much guaranteed to break or break postfix anytime either is touched. [23:52] lamont: so I don'tuse it ;) [23:53] mhh, now that release socket [23:53] MatBoy: what about release socket? [23:54] jmedina: it should be running, amavis-release... but i't's not a service.. so I don't know how that socket or port could be in use [23:55] it should be running on port 9998, but I don't know how to start that service [23:56] mat afaik amavis-release is not a daemon, it is a program you should run whenever you want to relase a quarantined mail, the port is because amavis-relase conects to a amavisd policy bank [23:57] I believe that's correct.