[00:02] This might turn into a question that's too big for IRC, but I'm unsure where to start. I need to provide SSO for a small business. They're going to be using Google Apps as their email/calendar and the workstations are running Windows. Currently it's all peer to peer, but I need to centrally manage their installations. There's a Ubuntu 8.04 File/Print server... [00:03] I want the implementation to be Ubuntu based. I'd like them to have roaming profiles and I'd like it all to be centrally manageable. I like Google's UI for managing users and it seems to make sense to re-use that. [00:03] Am I reaching for the moon? === erichammond1 is now known as erichammond === erichammond1 is now known as erichammond [00:44] what kernel does 9.04 SE come with? [00:55] New bug: #387572 in bacula (universe) "package bacula-director-mysql 2.4.2-1ubuntu6 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/387572 === cheleo is now known as ycy__ === ycy__ is now known as cheleo [01:16] New bug: #387576 in libnss-ldap (universe) "Cannot use LDAP accounts on armel build; has incorrect symlink or /lib/nss_ldap.so incorrectly supplied" [Undecided,New] https://launchpad.net/bugs/387576 === asac_ is now known as asac [01:32] Is there an easy way of running a command recursively on every directory under the one I'm in? [01:33] Ops I meant "IN every directory" [01:36] fbc-mx: Use the find command. What are you trying to do? [02:59] owh, It's certainly doable, but it'll take a lot of work. There's also not a lot in the way of documentation for creating complete solutions like that. You're going to need Samba in the very least, and probably openldap or kerberos [03:03] I'm all for open source, but there's something to be said for the simplicity of setting up Active Directory. Getting a working Linux domain controller is pretty difficult. [03:04] It kinda helps AD that Microsoft wrote the standards that you're talking about. [03:04] That too, though it does help us that they used Kerberos [03:04] They use Microsoft Kerberos. [03:05] It's extended in some way that I forget the details of, though they did publish an RFC documenting it [03:05] twb: yep, and I believe that mit kerberos 1.7 will have much of their custom stuff [03:06] Samba 4 should make things a lot easier when it finally comes out [03:13] I *really* don't want to install a Windows server in this network, just so I have an AD. I might as well format the HDD on the Linux server and give them an all Windows solution. [03:14] Next, I'll remove Thunderbird, Firefox and OO.org and throw them right back into the stone-age :) [03:15] Imagine for a moment that I didn't say SSO with Google, does that change the picture any? How do real networks without Windows to central authentication? [03:15] Uh, that should read: "How do real networks without Windows do central authentication?" [03:17] owh: I use openldap [03:18] owh: but to take advantage of Google's SSO facilities, I imagine you'll need to write some type of pam plugin to talk to google over the net [03:18] owh: are you talking about using a web based application for machine authentication? [03:18] No. [03:19] I want them to talk to the samba server which is currently a peer, but will become a domain controller. [03:19] s/talk/authenticate/ [03:19] I'd like the samba server to get credentials from somewhere else. [03:20] owh: ah, that's not that hard then... you'll need to configure samba as a domain controller, and the easiest thing is configure samba to get users from ldap [03:20] owh: there's information in the serverguide for setting samba up with ldap, and as a DC [03:20] owh: I am also migrating to goole apps, and the SSO stuff is on the todo list [03:20] Yeah, I'm aware of the docs for that. What I haven't figured out is how their local person can manage accounts using that. [03:21] at this time there isn't a great single solution for that... but there are gui tools to manage an LDAP directory, phpldapadmin, lat, etc [03:22] also from the command line smbldaptools will tweak user settings [03:22] I've lookes at most if not all of those, but they all expose the innards of LDAP, which is highly obnoxious to a simple user. [03:22] s/lookes/looked/ [03:23] agreed, but AFAIK there isn't a simple gui tool to do everything you'd like [03:23] err without exposing LDAP anyway :0 [03:23] I'm happy to assist in an integrated Google SSO solution. From what I've read thus far, it's really there to provide local authentication to a remote Google Application. Not quite what I need. [03:24] I really don't want to have to provide all manner of sync tools and password change things - yuk. [03:24] there was a lot of discussion at the last UDS for a central directory solution, and the plan is to use the adduser scripts for LDAP management [03:25] That's probably going to help making it possible to manage the users through the existing Ubuntu User GUI Admin Tool [03:25] it should :-) [03:25] So, I'm a decade too early then :) [03:26] Ok, so, how does a large - say SUN - installation do this? [03:26] I mean, I cannot believe we're the first to tread this ground. [03:26] I imagine there own admin tools [03:27] So is everyone else just cobbling together all little bits and pieces with their own little scripts? [03:27] all the pieces are there - the bits to tie them together & manage them aren't [03:27] that's the consensus I've come up with... from being around multiple admins [03:27] and it's those management tools & ways of setting things up that take a significant amount of time [03:28] Yup [03:28] right you pretty much expose no LDAP innards, or all of them [03:28] and if you don't expose them you're locked into a certain tree configuration... which may or may not be a bad thing [03:29] So how does AD deal with that? I cannot imagine the MCSE's I know doing any thinking of their own. [03:29] Point - click - hunt - click - hunt - whoops - click - fixed. [03:30] Or is that unfair? [03:30] because a lot of things on the client & server are preconfigured in the case of AD [03:30] AD locks you into their directory layout [03:30] s/a lot/nearly everything/ [03:30] it's really hard to add attributes in AD for example [03:31] well once you do the pretty GUI admin tools won't know about your changes [03:32] I read/skimmed the LP blueprint on some of this. I didn't really understand the concerns raised about example.com vs example, etc. [03:32] * owh is hunting for the URL [03:32] flexibility is both the best & worst thing about what we have [03:33] Never a truer word has been spoken. [03:33] The URL: https://blueprints.launchpad.net/ubuntu/+spec/ldap-defaultdit-usergrp-mgmt [03:33] There is nothing wrong with making a choice. Ubuntu is a good example of that, u-s, ditto. [03:33] * ajmitch spent a little bit of time looking at this in the past [03:34] but not enough to suggest an easy way out :) [03:35] Well, one comment in that page was to use the ubuntu-server survey to determine a starting point. SOHO was indicated by I'm guessing nijaba. [03:36] yep, that's the sort of target market I'd like to look at [03:36] since NZ is full of small businesses [03:36] It's a good starting point. You can argue that a big organisation is a collection of SOHO's anyway. [03:37] * owh didn't know you were in NZ. [03:37] yep, in Dunedin enjoying the snow today [03:37] you'll be coming to LCA next year I hope? [03:37] Details? [03:38] late january in wellington [03:38] Sounds like an interesting idea. [03:38] http://www.lca2010.org.nz/ [03:38] Hmm, a very interesting idea indeed! [03:39] I'm just talking to one of the organisers now in our LoCo channel who wants people to talk about the sort of things you're asking [03:39] Channel? [03:39] irc channel, the usual #ubuntu-nz [03:40] but we'll need someone able to talk on such things [03:40] Well some of the time, if not most of the time, the problem is not writing the code. The problem is defining the problem. [03:40] Design, Design, Design. [03:41] And some coding on the side :) [03:41] of course [03:44] * ScottK works on some complex projects where the cost is 50% design, 20 % code, 30% testing and they don't test nearly enough. [03:45] One of my colleagues is the testing manager for a bank - he agrees :) [03:47] In a previous life I was a multi-media developer, design was 85%. [03:50] owh: it probably doesn't help that he's writing in COBOL on an AIX [03:51] You have no idea how funny that is twb. Lemmie tell you a little anonymised story. [03:52] * twb cowers [03:52] "I work for an investment bank. I have dealt with code written by stock exchanges. I have seen how the computer systems that store your money are run. If I ever make a fortune, I will store it in gold bullion under my bed." -- Matthew Crosby [03:53] An organisation bills $1million per day. It's a telco. Their billing software runs on a VAX cluster. VAXen are no longer made. They do not have infrastructure or resources to run an old system and a new system side-by-side to trial a new system. Their solution was to virtualise their hurd of VAXen. [03:53] owh: ever seens the emulation layers necessary to run a Lisp Machine on AMD64 hardware? [03:54] * owh shudders. [03:54] That's like emulating a PDP-11 on a 6502 running virtually. [03:54] on such things empires are built [03:54] lispm -> genera -> alpha -> powerpc (ivory) -> os x [03:55] twb: Where's the AMD64 in that? [03:55] os x runs on AMD64 CPUs now [03:55] Didn't know that. [03:55] Apple dropped PowerPC years ago [03:55] I thought it was all Intel. [03:55] (Note that 64-bit Intel CPUs are AMD64 architecture.) [03:56] Ah [03:56] * owh is waiting for a shiny 17" MacBook to arrive. [03:57] This is so I can finally virtualise things again - bleh. [03:58] * ScottK has been bitten by "Don't worry, we're emulating the old environment so the software won't even know the difference." [03:58] Details? [03:58] They don't have to be sordid :) [04:00] So, if integrated SSO is not ready for prime-time like discussion seems to indicate. What would be a smart way to start down the road so past investments don't end up being thrown out with the bathwater? [04:03] It didn't go well. [04:03] What kind of issues were there? [04:03] Except of timing and I/O the emulation worked fine. [04:04] You mean internal clocks etc? [04:04] Yes [04:04] It was essentially hand built assembly language, so it mattered. [04:04] When virtual time and real time don't match - fun. [04:05] That and timing mattered for some of the pieces it was integrated with. [04:05] The getting bitten part was that none of this was noticed until the project was in the integration testing phase. [04:06] At which point it was too late to go back .... [04:06] I can just imagine trying to implement say a serial driver in an emulated environment. [04:06] You're imagining in the right direction. [04:06] So you couldn't sync clocks in any other way? [04:07] The old system was extremely deterministic. The new one, not so much. [04:07] Imagine something engineered for a hard RT kernel and you swap in a regular one and expect it to be happy. [04:08] phone [04:12] That was the weirdest phone call I've had in years. Anyway moving right along. [04:13] Yeah, I can see your fun. [04:13] How did you end up fixing it? [04:14] Fortunately I didn't have to. I was involved in one of the projects that had to integrate with it. We got promised it would be transparent. We weren't at all suprised it wasn't. [04:15] So we screamed and beat the other project with a metaphorical stick until they bug fixed a design into existence. [04:16] Riiight. That's code for: "Ah, we uhm stopped virtualising it?" [04:16] No, they actually made it sort of work. [04:17] Well enough to pretend it was sort of OK until the real rehosted version was done. [04:17] Then, of course, funding got cut so not all these bastardized ones got replaced ..... [04:17] So the long term solution was lowered expectations. [04:18] Very motivational story, yes? [04:18] I'll say. [04:19] That seems to be the modus operandi these days. [04:19] Of course that was the last time they got away with 'Trust us ....'. === s_markow_ is now known as s_markow [05:26] Authentication is a funny thing. Seems not all people can get their hands around the difference between me authenticating them and them authenticating me. === gaveen_ is now known as gaveen [09:04] hi [09:07] i just install ubuntu server (8.10, and 9.04) as guest os under vmware esx4. "dd" is very slow (20MB/s). I have 200MB/s result under debian (same config, iscsi san storage). A,y idea what could be wrong with ubuntu server default install/kernel please ? (mtpbase maybe something?) [09:08] <_ruben> "interesting" .. never done any real performance testing with linux guests on esx (ESXi 3.5 in my case) .. dd is far from useful as a benchmark, iometer is way better, then again, its linux client is kinda crappy as well [09:11] if I change etc/sudoers what service do I need to restart for the changes to take effect? [09:13] _ruben, i can understand that dd is not the tool for benchmark , but i should have at least the same perf as a debian default install. I cant get what's wrong ... [09:27] Ethos: No need to restart anything. [09:32] thanks === cjwatson_ is now known as cjwatson [09:55] th0m: Are you running vmware tools/open-vm-tools in both - on the same hardware? [09:56] New bug: #387728 in nut (universe) "package nut 2.4.1-2ubuntu4 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/387728 [11:21] New bug: #244233 in mailman "Logrotate is noisy with: Re-opening all log files" [Undecided,Fix released] https://launchpad.net/bugs/244233 [11:35] New bug: #387778 in bacula (universe) "Incorrect application entry for bacula-console-qt" [Undecided,New] https://launchpad.net/bugs/387778 [12:11] New bug: #387813 in bind9 (main) "package bind9 1:9.5.1.dfsg.P2-1 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/387813 === daxroc1 is now known as daxroc === cjwatson_ is now known as cjwatson [13:31] New bug: #387852 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/387852 [13:38] hail ivoks [13:39] hi [13:40] yo :) [13:49] ttx: you remember the hadoop session? [13:51] The HDFS filesystem is a Java-based filesystem [13:51] ivoks: yes [13:51] hm... sometimes, developers play interesting games :) [13:51] ivoks: yes :) [13:52] ttx: so, were there any significant stuff regarding java dependecies? [13:53] ivoks: there are a few issues, but nothing that cannot be worked-around [13:53] aparently, there is source package [13:53] so we could try to get it in ubuntu [13:53] ivoks: I wanted to have a look at the debian packaging from Cloudera [13:53] i might work on that, but i'll need your help with java stuff [13:54] ttx: that's the one i was thinking about [13:54] ivoks: I can send you the email about deps I already sent to soren a few weeks ago [13:54] that would be good [13:54] ivoks: my guess about the cloudera packages is that they packaged a binary directly... I would be very surprised if they did it following the rules [13:55] ttx: that's what they said, i didn't check it yest [13:55] yet [13:56] ivoks: mail sent [13:57] ivoks: I'm available for help :) [13:57] i've read it [13:58] i hate non-FHS apps [13:58] ivoks: Java applications are notoriously FHS-adverse. With a few notable exceptions [14:00] ivoks: and Java upstream usually don't like when you try to install their software in a FHS-compliant way. They blame all issues on your symlink hacks. [14:01] this is a good argument for pro-mono advocates [14:01] :) [14:01] (which makes sense, from their OS-neutral point of view) [14:01] heh, don't start me on that one ;) [14:28] Hello [14:28] 9.10 (alpha2) => frederic is not in the sudoers file. [14:35] RobertF: So? is he a member of the admin group? [14:38] dnperfors: is it a bug? [14:38] dnperfors: I create the user during the install [14:48] i've heard about an issue where the user created during install doesnt always get sudo access like they should [14:48] not sure if its an official bug yet [14:51] there was one couple of releases ago [14:52] iirc, selecting mail server task with a 'no configuration' option for postfix, resulted in not adding user to admin group [15:11] ivoks: how very strange [15:12] yeah [15:12] we had hard time to figure out how come that happend to that user [15:13] until she put all the steps in install [15:13] lamont: It turned out to be because the postinst of postfix exited with an error code causing the rest d-i's finish-install stuff to be skipped. [15:13] there was even a blog about it [15:13] right [15:14] lamont: Yes, postfix. So it was all your fault :) [15:18] always blame lamont :P [15:20] I totally win [15:20] New bug: #387930 in kerberos-configs (universe) "package krb5-config 1.22 failed to install/upgrade: Unterprozess post-installation script gab den Fehlerwert 1 zur?ck" [Undecided,New] https://launchpad.net/bugs/387930 [16:28] so has anyone created a mirror from a cd-rom? [16:28] zul: what do you mean exactly? [16:29] zul: the packages on the cdrom have the same structure as a mirror [16:29] zul: there are dists/ and pool/ directories at the root of the iso [16:29] mathiaz: gotcha [16:46] is there a way to freeze a test server ? [16:46] (to smiluate a troubleshooting) [16:46] cat /dev/random > /dev/something_crucial ? [16:59] ttx: you should've been quiet :) [16:59] ivoks: I won't say anything more :P [16:59] kirkland: so, what's your opinion on dkms? [17:00] kirkland: did you use it for kvm backports? [17:10] well, i have to go now... take care [17:31] will postgresql 8.4 included in Karmic ??? PostgreSQL 8.4 RC1 was released today .. [17:56] leonel: I'm not sure we include RCs in Debian/Ubuntu [18:03] mathiaz: of course not, I mean now that the RC 1 is out, the Final version will be on Jun 29 so .. I guess it can make to Debian / Ubuntu right ?? [18:04] leonel: probably - if pitti has time to upload 8.4 to debian before FeatureFreeze (end of august) === mcasadevall is now known as NCommander [18:50] i am trying to uninstall gnome flash [18:50] can any one help? === newtoubuntu is now known as hezali [18:52] what's gnome flash? === nxvl_ is now known as nxvl [19:13] hi all, we are currently looking for a decent groupware for our tiny grafic design office, so far i have been checking zimbra, opengroupware and openxchange and it looks like we'll go for zimbra (although i have a bit of a stomach ache due to yahoo perhaps being sold to the evil overlord ;o)) anyone here with experience with opensource groupware? [19:19] Hi, How to install / Run http://www.shorewall.net/MultiISP.html#lsm [19:19] ivoks around? [20:09] kees: does this compiler error ring a bell? http://paste.ubuntu.com/197240/ [20:11] hezali, i don't know what gnome föash is supposed to be, either. maybe you're talking about gnash aka. gnu flash. if you do: this is totally off topic in the server chan. [20:27] mathiaz: checking [20:27] mathiaz: never seen that before. [20:28] mathiaz: http://www.cellperformance.com/mike_acton/2006/06/understanding_strict_aliasing.html might be helpful? [20:28] kees: ok - I haven't done any investigation on this one [20:29] kees: is the failure related to the FORTIFY defaults? [21:24] mathiaz: I don't think so -- likely just gcc tightening semantics of the language [21:29] on a fresh install, what does ubuntu-server use as a MTA [21:29] can mail be relayed off the server or do I need to install postfix? [21:37] maw-> I am very new to linux and I set up postfix / dovecot about 6 monhts ago for a 10 people company that i work for and we haven't had a single problem [21:37] maw-> to be more specific, its not just for internal email, its for external [21:38] my question was asking if anyone knows if an MTA is shipped in the default install [21:38] so apps can send email etc... [21:38] yes it does [21:38] maw: not unless you ticket the task for it [21:38] I am not trying to setup a mailserver for users [21:38] ticked even [21:38] maw-> yeah, you have to check the mail task at install [21:38] that would have been postfix if I clicked that box? [21:38] oh. shipped. [21:39] I reckon so. [21:39] ah ok [21:39] postfix and exim (IIRC) are both on the install disk. [21:39] but none is installed by default of course :-) [21:40] right... just clarifing. FreeBSD ships with sendmail already installed but configured as a local mailer [21:40] maw: it's a decision made to not install any listening daemons by default. [21:41] cups would be the exception, but set to bind to localhost in default installs. [21:41] right [21:42] I essentially verified that with netstat -an [21:42] ok thx for clarifying [21:42] netstat -ltun is what I would have used :-) [21:43] whoops forgot the l :P [21:44] a and l are a bit mutually exclusive aren't they? [21:44] * Nafallo checks the manual [21:44] yeah. looks like it. [21:44] I'll add sudo and -p: sudo netstat -ltunp [21:45] shows the listening process too [21:45] indeed, -a and -l would have similar info. That is not necessary as one might want to know just listening compared to all [21:54] can any suggest a good apache log analyzer? besides awstats and webalizer? [22:41] New bug: #348990 in postfix (main) "Deinstallation doesn't delete all files" [Low,Confirmed] https://launchpad.net/bugs/348990