/srv/irclogs.ubuntu.com/2009/06/16/#ubuntu-server.txt

owhThis might turn into a question that's too big for IRC, but I'm unsure where to start. I need to provide SSO for a small business. They're going to be using Google Apps as their email/calendar and the workstations are running Windows. Currently it's all peer to peer, but I need to centrally manage their installations. There's a Ubuntu 8.04 File/Print server...00:02
owhI want the implementation to be Ubuntu based. I'd like them to have roaming profiles and I'd like it all to be centrally manageable. I like Google's UI for managing users and it seems to make sense to re-use that.00:03
owhAm I reaching for the moon?00:03
=== erichammond1 is now known as erichammond
=== erichammond1 is now known as erichammond
icarus_squaredwhat kernel does 9.04 SE come with?00:44
uvirtbotNew bug: #387572 in bacula (universe) "package bacula-director-mysql 2.4.2-1ubuntu6 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/38757200:55
=== cheleo is now known as ycy__
=== ycy__ is now known as cheleo
uvirtbotNew bug: #387576 in libnss-ldap (universe) "Cannot use LDAP accounts on armel build; has incorrect symlink or /lib/nss_ldap.so incorrectly supplied" [Undecided,New] https://launchpad.net/bugs/38757601:16
=== asac_ is now known as asac
fbc-mxIs there an easy way of running a command recursively on every directory under the one I'm in?01:32
fbc-mxOps I meant "IN every directory"01:33
owhfbc-mx: Use the find command. What are you trying to do?01:36
qman__owh, It's certainly doable, but it'll take a lot of work. There's also not a lot in the way of documentation for creating complete solutions like that. You're going to need Samba in the very least, and probably openldap or kerberos02:59
qman__I'm all for open source, but there's something to be said for the simplicity of setting up Active Directory. Getting a working Linux domain controller is pretty difficult.03:03
twbIt kinda helps AD that Microsoft wrote the standards that you're talking about.03:04
qman__That too, though it does help us that they used Kerberos03:04
twbThey use Microsoft Kerberos.03:04
twbIt's extended in some way that I forget the details of, though they did publish an RFC documenting it03:05
sommertwb: yep, and I believe that mit kerberos 1.7 will have much of their custom stuff03:05
qman__Samba 4 should make things a lot easier when it finally comes out03:06
owhI *really* don't want to install a Windows server in this network, just so I have an AD. I might as well format the HDD on the Linux server and give them an all Windows solution.03:13
owhNext, I'll remove Thunderbird, Firefox and OO.org and throw them right back into the stone-age :)03:14
owhImagine for a moment that I didn't say SSO with Google, does that change the picture any? How do real networks without Windows to central authentication?03:15
owhUh, that should read: "How do real networks without Windows do central authentication?"03:15
sommerowh: I use openldap03:17
sommerowh: but to take advantage of Google's SSO facilities, I imagine you'll need to write some type of pam plugin to talk to google over the net03:18
sommerowh: are you talking about using a web based application for machine authentication?03:18
owhNo.03:18
owhI want them to talk to the samba server which is currently a peer, but will become a domain controller.03:19
owhs/talk/authenticate/03:19
owhI'd like the samba server to get credentials from somewhere else.03:19
sommerowh: ah, that's not that hard then... you'll need to configure samba as a domain controller, and the easiest thing is configure samba to get users from ldap03:20
sommerowh: there's information in the serverguide for setting samba up with ldap, and as a DC03:20
sommerowh: I am also migrating to goole apps, and the SSO stuff is on the todo list03:20
owhYeah, I'm aware of the docs for that. What I haven't figured out is how their local person can manage accounts using that.03:20
sommerat this time there isn't a great single solution for that... but there are gui tools to manage an LDAP directory, phpldapadmin, lat, etc03:21
sommeralso from the command line smbldaptools will tweak user settings03:22
owhI've lookes at most if not all of those, but they all expose the innards of LDAP, which is highly obnoxious to a simple user.03:22
owhs/lookes/looked/03:22
sommeragreed, but AFAIK there isn't a simple gui tool to do everything you'd like03:23
sommererr without exposing LDAP anyway :003:23
owhI'm happy to assist in an integrated Google SSO solution. From what I've read thus far, it's really there to provide local authentication to a remote Google Application. Not quite what I need.03:23
owhI really don't want to have to provide all manner of sync tools and password change things - yuk.03:24
sommerthere was a lot of discussion at the last UDS for a central directory solution, and the plan is to use the adduser scripts for LDAP management03:24
owhThat's probably going to help making it possible to manage the users through the existing Ubuntu User GUI Admin Tool03:25
sommerit should :-)03:25
owhSo, I'm a decade too early then :)03:25
owhOk, so, how does a large - say SUN - installation do this?03:26
owhI mean, I cannot believe we're the first to tread this ground.03:26
sommerI imagine there own admin tools03:26
owhSo is everyone else just cobbling together all little bits and pieces with their own little scripts?03:27
ajmitchall the pieces are there - the bits to tie them together & manage them aren't03:27
sommerthat's the consensus I've come up with... from being around multiple admins03:27
ajmitchand it's those management tools & ways of setting things up that take a significant amount of time03:27
owhYup03:28
sommerright you pretty much expose no LDAP innards, or all of them03:28
sommerand if you don't expose them you're locked into a certain tree configuration... which may or may not be a bad thing03:28
owhSo how does AD deal with that? I cannot imagine the MCSE's I know doing any thinking of their own.03:29
owhPoint - click - hunt - click - hunt - whoops - click - fixed.03:29
owhOr is that unfair?03:30
ajmitchbecause a lot of things on the client & server are preconfigured in the case of AD03:30
sommerAD locks you into their directory layout03:30
ajmitchs/a lot/nearly everything/03:30
sommerit's really hard to add attributes in AD for example03:30
sommerwell once you do the pretty GUI admin tools won't know about your changes03:31
owhI read/skimmed the LP blueprint on some of this. I didn't really understand the concerns raised about example.com vs example, etc.03:32
* owh is hunting for the URL03:32
ajmitchflexibility is both the best & worst thing about what we have03:32
owhNever a truer word has been spoken.03:33
owhThe URL: https://blueprints.launchpad.net/ubuntu/+spec/ldap-defaultdit-usergrp-mgmt03:33
owhThere is nothing wrong with making a choice. Ubuntu is a good example of that, u-s, ditto.03:33
* ajmitch spent a little bit of time looking at this in the past03:33
ajmitchbut not enough to suggest an easy way out :)03:34
owhWell, one comment in that page was to use the ubuntu-server survey to determine a starting point. SOHO was indicated by I'm guessing nijaba.03:35
ajmitchyep, that's the sort of target market I'd like to look at03:36
ajmitchsince NZ is full of small businesses03:36
owhIt's a good starting point. You can argue that a big organisation is a collection of SOHO's anyway.03:36
* owh didn't know you were in NZ.03:37
ajmitchyep, in Dunedin enjoying the snow today03:37
ajmitchyou'll be coming to LCA next year I hope?03:37
owhDetails?03:37
ajmitchlate january in wellington03:38
owhSounds like an interesting idea.03:38
ajmitchhttp://www.lca2010.org.nz/03:38
owhHmm, a very interesting idea indeed!03:38
ajmitchI'm just talking to one of the organisers now in our LoCo channel who wants people to talk about the sort of things you're asking03:39
owhChannel?03:39
ajmitchirc channel, the usual #ubuntu-nz03:39
ajmitchbut we'll need someone able to talk on such things03:40
owhWell some of the time, if not most of the time, the problem is not writing the code. The problem is defining the problem.03:40
owhDesign, Design, Design.03:40
owhAnd some coding on the side :)03:41
ajmitchof course03:41
* ScottK works on some complex projects where the cost is 50% design, 20 % code, 30% testing and they don't test nearly enough.03:44
owhOne of my colleagues is the testing manager for a bank - he agrees :)03:45
owhIn a previous life I was a multi-media developer, design was 85%.03:47
twbowh: it probably doesn't help that he's writing in COBOL on an AIX03:50
owhYou have no idea how funny that is twb. Lemmie tell you a little anonymised story.03:51
* twb cowers03:52
twb"I work for an investment bank.  I have dealt with code written by stock exchanges.  I have seen how the computer systems that store your money are run.  If I ever make a fortune, I will store it in gold bullion under my bed."  -- Matthew Crosby03:52
owhAn organisation bills $1million per day. It's a telco. Their billing software runs on a VAX cluster. VAXen are no longer made. They do not have infrastructure or resources to run an old system and a new system side-by-side to trial a new system. Their solution was to virtualise their hurd of VAXen.03:53
twbowh: ever seens the emulation layers necessary to run a Lisp Machine on AMD64 hardware?03:53
* owh shudders.03:54
owhThat's like emulating a PDP-11 on a 6502 running virtually.03:54
ajmitchon such things empires are built03:54
twblispm -> genera -> alpha -> powerpc (ivory) -> os x03:54
owhtwb: Where's the AMD64 in that?03:55
twbos x runs on AMD64 CPUs now03:55
owhDidn't know that.03:55
twbApple dropped PowerPC years ago03:55
owhI thought it was all Intel.03:55
twb(Note that 64-bit Intel CPUs are AMD64 architecture.)03:55
owhAh03:56
* owh is waiting for a shiny 17" MacBook to arrive.03:56
owhThis is so I can finally virtualise things again - bleh.03:57
* ScottK has been bitten by "Don't worry, we're emulating the old environment so the software won't even know the difference."03:58
owhDetails?03:58
owhThey don't have to be sordid :)03:58
owhSo, if integrated SSO is not ready for prime-time like discussion seems to indicate. What would be a smart way to start down the road so past investments don't end up being thrown out with the bathwater?04:00
ScottKIt didn't go well.04:03
owhWhat kind of issues were there?04:03
ScottKExcept of timing and I/O the emulation worked fine.04:03
owhYou mean internal clocks etc?04:04
ScottKYes04:04
ScottKIt was essentially hand built assembly language, so it mattered.04:04
owhWhen virtual time and real time don't match - fun.04:04
ScottKThat and timing mattered for some of the pieces it was integrated with.04:05
ScottKThe getting bitten part was that none of this was noticed until the project was in the integration testing phase.04:05
ScottKAt which point it was too late to go back ....04:06
owhI can just imagine trying to implement say a serial driver in an emulated environment.04:06
ScottKYou're imagining in the right direction.04:06
owhSo you couldn't sync clocks in any other way?04:06
ScottKThe old system was extremely deterministic.  The new one, not so much.04:07
ScottKImagine something engineered for a hard RT kernel and you swap in a regular one and expect it to be happy.04:07
owhphone04:08
owhThat was the weirdest phone call I've had in years. Anyway moving right along.04:12
owhYeah, I can see your fun.04:13
owhHow did you end up fixing it?04:13
ScottKFortunately I didn't have to.  I was involved in one of the projects that had to integrate with it.  We got promised it would be transparent.  We weren't at all suprised it wasn't.04:14
ScottKSo we screamed and beat the other project with a metaphorical stick until they bug fixed a design into existence.04:15
owhRiiight. That's code for: "Ah, we uhm stopped virtualising it?"04:16
ScottKNo, they actually made it sort of work.04:16
ScottKWell enough to pretend it was sort of OK until the real rehosted version was done.04:17
ScottKThen, of course, funding got cut so not all these bastardized ones got replaced .....04:17
ScottKSo the long term solution was lowered expectations.04:17
ScottKVery motivational story, yes?04:18
owhI'll say.04:18
owhThat seems to be the modus operandi these days.04:19
ScottKOf course that was the last time they got away with 'Trust us ....'.04:19
=== s_markow_ is now known as s_markow
owhAuthentication is a funny thing. Seems not all people can get their hands around the difference between me authenticating them and them authenticating me.05:26
=== gaveen_ is now known as gaveen
th0mhi09:04
th0mi just install ubuntu server (8.10, and 9.04) as guest os under vmware esx4. "dd" is very slow (20MB/s). I have 200MB/s result under debian (same config, iscsi san storage). A,y idea what could be wrong with ubuntu server default install/kernel please ? (mtpbase maybe something?)09:07
_ruben"interesting" .. never done any real performance testing with linux guests on esx (ESXi 3.5 in my case) .. dd is far from useful as a benchmark, iometer is way better, then again, its linux client is kinda crappy as well09:08
Ethosif I change etc/sudoers what service do I need to restart for the changes to take effect?09:11
th0m_ruben, i can understand that dd is not the tool for benchmark , but i should have at least the same perf as a debian default install. I cant get what's wrong ...09:13
sorenEthos: No need to restart anything.09:27
Ethosthanks09:32
=== cjwatson_ is now known as cjwatson
owhth0m: Are you running vmware tools/open-vm-tools in both - on the same hardware?09:55
uvirtbotNew bug: #387728 in nut (universe) "package nut 2.4.1-2ubuntu4 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/38772809:56
uvirtbotNew bug: #244233 in mailman "Logrotate is noisy with: Re-opening all log files" [Undecided,Fix released] https://launchpad.net/bugs/24423311:21
uvirtbotNew bug: #387778 in bacula (universe) "Incorrect application entry for bacula-console-qt" [Undecided,New] https://launchpad.net/bugs/38777811:35
uvirtbotNew bug: #387813 in bind9 (main) "package bind9 1:9.5.1.dfsg.P2-1 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/38781312:11
=== daxroc1 is now known as daxroc
=== cjwatson_ is now known as cjwatson
uvirtbotNew bug: #387852 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/38785213:31
ewookhail ivoks13:38
ivokshi13:39
ewookyo :)13:40
ivoksttx: you remember the hadoop session?13:49
ivoksThe HDFS filesystem is a Java-based filesystem13:51
ttxivoks: yes13:51
ivokshm... sometimes, developers play interesting games :)13:51
ttxivoks: yes :)13:51
ivoksttx: so, were there any significant stuff regarding java dependecies?13:52
ttxivoks: there are a few issues, but nothing that cannot be worked-around13:53
ivoksaparently, there is source package13:53
ivoksso we could try to get it in ubuntu13:53
ttxivoks: I wanted to have a look at the debian packaging from Cloudera13:53
ivoksi might work on that, but i'll need your help with java stuff13:53
ivoksttx: that's the one i was thinking about13:54
ttxivoks: I can send you the email about deps I already sent to soren a few weeks ago13:54
ivoksthat would be good13:54
ttxivoks: my guess about the cloudera packages is that they packaged a binary directly... I would be very surprised if they did it following the rules13:54
ivoksttx: that's what they said, i didn't check it yest13:55
ivoksyet13:55
ttxivoks: mail sent13:56
ttxivoks: I'm available for help :)13:57
ivoksi've read it13:57
ivoksi hate non-FHS apps13:58
ttxivoks: Java applications are notoriously FHS-adverse. With a few notable exceptions13:58
ttxivoks: and Java upstream usually don't like when you try to install their software in a FHS-compliant way. They blame all issues on your symlink hacks.14:00
ivoksthis is a good argument for pro-mono advocates14:01
ivoks:)14:01
ttx(which makes sense, from their OS-neutral point of view)14:01
ttxheh, don't start me on that one ;)14:01
RobertFHello14:28
RobertF9.10 (alpha2) => frederic is not in the sudoers file.14:28
dnperforsRobertF: So? is he a member of the admin group?14:35
RobertFdnperfors: is it a bug?14:38
RobertFdnperfors: I create the user during the install14:38
Sam-I-Ami've heard about an issue where the user created during install doesnt always get sudo access like they should14:48
Sam-I-Amnot sure if its an official bug yet14:48
ivoksthere was one couple of releases ago14:51
ivoksiirc, selecting mail server task with a 'no configuration' option for postfix, resulted in not adding user to admin group14:52
lamontivoks: how very strange15:11
ivoksyeah15:12
ivokswe had hard time to figure out how come that happend to that user15:12
ivoksuntil she put all the steps in install15:13
sorenlamont: It turned out to be because the postinst of postfix exited with an error code causing the rest d-i's finish-install stuff to be skipped.15:13
ivoksthere was even a blog about it15:13
ivoksright15:13
sorenlamont: Yes, postfix. So it was all your fault :)15:14
Sam-I-Amalways blame lamont :P15:18
lamontI totally win15:20
uvirtbotNew bug: #387930 in kerberos-configs (universe) "package krb5-config 1.22 failed to install/upgrade: Unterprozess post-installation script gab den Fehlerwert 1 zur?ck" [Undecided,New] https://launchpad.net/bugs/38793015:20
zulso has anyone created a mirror from a cd-rom?16:28
mathiazzul: what do you mean exactly?16:28
mathiazzul: the packages on the cdrom have the same structure as a mirror16:29
mathiazzul: there are dists/ and pool/ directories at the root of the iso16:29
zulmathiaz: gotcha16:29
th0mis there a way to freeze a test server ?16:46
th0m(to smiluate a troubleshooting)16:46
th0mcat /dev/random > /dev/something_crucial ?16:46
ivoksttx: you should've been quiet :)16:59
ttxivoks: I won't say anything more :P16:59
ivokskirkland: so, what's your opinion on dkms?16:59
ivokskirkland: did you use it for kvm backports?17:00
ivokswell, i have to go now... take care17:10
leonelwill postgresql 8.4  included in Karmic ???  PostgreSQL 8.4 RC1 was released today ..17:31
mathiazleonel: I'm not sure we include RCs in Debian/Ubuntu17:56
leonelmathiaz: of course not, I mean  now that  the  RC 1 is out, the Final version will be  on  Jun 29 so .. I guess it can make to Debian / Ubuntu right ??18:03
mathiazleonel: probably - if pitti has time to upload 8.4 to debian before FeatureFreeze (end of august)18:04
=== mcasadevall is now known as NCommander
newtoubuntui am trying to uninstall gnome flash18:50
newtoubuntucan any one help?18:50
=== newtoubuntu is now known as hezali
giovani|workwhat's gnome flash?18:52
=== nxvl_ is now known as nxvl
jeiworthhi all, we are currently looking for a decent groupware for our tiny grafic design office, so far i have been checking zimbra, opengroupware and openxchange and it looks like we'll go for zimbra (although i have a bit of a stomach ache due to yahoo perhaps being sold to the evil overlord ;o)) anyone here with experience with opensource groupware?19:13
sarthorHi, How to install / Run http://www.shorewall.net/MultiISP.html#lsm19:19
kirklandivoks around?19:19
mathiazkees: does this compiler error ring a bell? http://paste.ubuntu.com/197240/20:09
Hecatehezali, i don't know what gnome föash is supposed to be, either. maybe you're talking about gnash aka. gnu flash. if you do: this is totally off topic in the server chan.20:11
keesmathiaz: checking20:27
keesmathiaz: never seen that before.20:27
keesmathiaz: http://www.cellperformance.com/mike_acton/2006/06/understanding_strict_aliasing.html might be helpful?20:28
mathiazkees: ok - I haven't done any investigation on this one20:28
mathiazkees: is the failure related to the FORTIFY defaults?20:29
keesmathiaz: I don't think so -- likely just gcc tightening semantics of the language21:24
mawon a fresh install, what does ubuntu-server use as a MTA21:29
mawcan mail be relayed off the server or do I need to install postfix?21:29
oruworkmaw-> I am very new to linux and I set up postfix / dovecot about 6 monhts ago for a 10 people company that i work for and we haven't had a single problem21:37
oruworkmaw-> to be more specific, its not just for internal email, its for external21:37
mawmy question was asking if anyone knows if an MTA is shipped in the default install21:38
mawso apps can send email etc...21:38
oruworkyes it does21:38
Nafallomaw: not unless you ticket the task for it21:38
mawI am not trying to setup a mailserver for users21:38
Nafalloticked even21:38
oruworkmaw-> yeah, you have to check the mail task at install21:38
mawthat would have been postfix if I clicked that box?21:38
Nafallooh. shipped.21:38
NafalloI reckon so.21:39
mawah ok21:39
Nafallopostfix and exim (IIRC) are both on the install disk.21:39
Nafallobut none is installed by default of course :-)21:39
mawright... just clarifing. FreeBSD ships with sendmail already installed but configured as a local mailer21:40
Nafallomaw: it's a decision made to not install any listening daemons by default.21:40
Nafallocups would be the exception, but set to bind to localhost in default installs.21:41
mawright21:41
mawI essentially verified that with  netstat -an21:42
mawok thx for clarifying21:42
Nafallonetstat -ltun is what I would have used :-)21:42
mawwhoops forgot the l :P21:43
Nafalloa and l are a bit mutually exclusive aren't they?21:44
* Nafallo checks the manual21:44
Nafalloyeah. looks like it.21:44
hvnI'll add sudo and -p: sudo netstat -ltunp21:44
hvnshows the listening process too21:45
mawindeed, -a and -l would have similar info. That is not necessary as one might want to know just listening compared to all21:45
billybigriggercan any suggest a good apache log analyzer? besides awstats and webalizer?21:54
uvirtbotNew bug: #348990 in postfix (main) "Deinstallation doesn't delete all files" [Low,Confirmed] https://launchpad.net/bugs/34899022:41

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!