/srv/irclogs.ubuntu.com/2009/07/13/#ubuntu-server.txt

gletob	Yes	00:00
gletob	billybigrigger_, yes why?	00:00
billybigrigger_	is it installing?	00:02
billybigrigger_	9.04 wouldn't install on my old p 166mhz, isolinux was giving me problems, i had to eventually do a netboot, but if you got to the installer you got farther than me	00:03
gletob	It's at 22% Loading additional components	00:05
=== hggdh_ is now known as hggdh
billybigrigger_	you should be good to go then	00:09
gletob	Uh oh! Bad burn! "There was a problem reading data from the CD-ROM.	00:16
gletob	"	00:16
Pirate_Hunter	how do i find my domain, setting up ISPConfig?	00:24
quentusrex	Is anyone here familiar with x509 certs?	00:43
hggdh	quentusrex: shoot	01:06
quentusrex	hggdh: ok, I have had major issues with my certs for over a week... Everything I do to diagnose the issue is fruitless....	01:07
quentusrex	I use TinyCA2 to manage my x509 certs.	01:07
quentusrex	It has worked well for apache, openvpn, and a few other apps.	01:07
quentusrex	But it flat out will not work with openldap	01:07
hggdh	quentusrex: so you have your own private CA	01:07
quentusrex	yes.	01:07
hggdh	so far so good	01:08
hggdh	what happens with LDAP?	01:08
quentusrex	I have confirmed the issue is with MY certs, because I can generate local certs and it works fine.	01:08
quentusrex	here is the bug: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/398366	01:08
hggdh	hold on. what is the difference between "MY certs" and "local certs"?	01:08
uvirtbot	Launchpad bug 398366 in openldap "Certs generated with TinyCA2 and openssl cause errors in openldap and gnutls" [Undecided,New]	01:09
quentusrex	hggdh: I have my real certs,	01:09
quentusrex	generated on my workstation, and I have fake certs generated locally on the server.	01:09
quentusrex	my workstation, and the backups are responsible for generating the companies certs.	01:09
hggdh	oh, OK. My certs == officially issued certs	01:09
quentusrex	we can use real and fake	01:09
quentusrex	to describe them...	01:09
quentusrex	real ones = fail to start, fake ones work just fine.	01:10
quentusrex	I have tried on both ubuntu 8.04 and 9.04 versions of openldap	01:10
quentusrex	I can recreate the issue by creating a new fake CA on my workstation, and it still fails.	01:11
hggdh	OK. Have you checked the certs for similar options -- for starter, by 'openssl x509 -text -in a.cert.file	01:11
hggdh	and comparing both real and fake for differing options	01:12
quentusrex	so, it's either something with the way TinyCA2 generates certs(but doesn't effect openvpn or apache), or I have forgotten a step and repeatedly miss the same step in the cert generation.	01:12
quentusrex	I'll check...	01:12
hggdh	as far as I can remember, TinyCA2 uses openssl to actually do the work	01:12
ScottK	It does.	01:13
* hggdh also uses tinyca2, but no ldap		01:13
infinity	quentusrex: Well, OpenVPN and Apache both use openssl, while openldap uses gnutls, so it's entirely possible that the way TinyCA2 is doing the reqs is just missing a field (or something) that OpenSSL is forgiving about, but gnutls is grumpy about.	01:13
ScottK	Pretty much all the CA packages are front ends for openssl.	01:13
quentusrex	Right, I am aware that tinyCA2 uses openssl, and openldap uses gnutls,	01:14
quentusrex	but I'm unable to figure out which field causes the issues...	01:14
hggdh	yes. TLS is also more picky on the options you specify	01:14
hggdh	what would work on SSL may fail on TLS	01:14
quentusrex	but I have tls setup with openvpn	01:15
quentusrex	and it works.	01:15
infinity	quentusrex: Well, as suggested, you should compare the text dump of the "real" and "fake" certs, and go from there.	01:15
infinity	quentusrex: Anything "different" is suspect.	01:15
pixlbox	need help installing joomla	01:15
hggdh	for example, when you specify Netscape options, and do them wrong. SSL wouls swallow them, TLS will spit them out	01:15
quentusrex	infinity: can you suggest a command to dump all the cert info? (I have a command, but I've been stuck for a week. So I might be using the wrong one...)	01:15
hggdh	the easy way: openssl x509 -text -in <PEM>	01:16
hggdh	just the public cert, no private key here	01:16
quentusrex	right	01:16
quentusrex	everything that openldap seems to say, points to the issue being with the cacert,	01:16
quentusrex	but there is almost no documentation and even less info on the actual error...	01:17
quentusrex	just says tls fails with error code -1	01:17
infinity	Are you doing chain bundling?	01:17
quentusrex	I have one CA, and that is the only thing signing the certs.	01:17
quentusrex	only two levels, no sub CA's.	01:17
hggdh	quentusrex: if a real and a fake cert are the, er, same, and one works and one not, then there is something different on them	01:17
hggdh	you can also dump ASN1 (and I do not remember the opessl command for that, but it is there) the certs. Be prepared to get some sore eyes.	01:19
quentusrex	hggdh: I have compared the two certs	01:19
quentusrex	there are many more fields filled out with the tinyca2 ones...	01:20
quentusrex	the real ones.	01:20
quentusrex	the fake ones have almost no fields set...	01:20
hggdh	so now you have a start	01:20
hggdh	they are different	01:20
quentusrex	is there a way to diff them by fields?	01:20
hggdh	no, not really. You will have to do it by hand	01:21
infinity	Don't forget content of the fields.	01:21
infinity	You may have characters gnutls is unhappy with, who knows?	01:21
quentusrex	ok...	01:21
infinity	Maybe you're breaking an RFC, which openssl is notorious for not caring about. :P	01:21
quentusrex	this will be 'fun'	01:21
quentusrex	check this out:	01:22
quentusrex	Certificate:	01:22
quentusrex	Data:	01:22
quentusrex	Version: 1 (0x0)	01:22
quentusrex	vs	01:22
quentusrex	Certificate:	01:22
quentusrex	Data:	01:22
quentusrex	Version: 3 (0x2)	01:22
infinity	(openssl is the most liberally forgiving software in the world when it comes to sloppy input, which explains why your certs are happy with openssl-using apps, but not gnutls)	01:22
quentusrex	real one is version 3	01:22
quentusrex	great... so now I have to regen all my certs to make gnutls happy.... :(	01:22
hggdh	wow, from V1 to V3... how old is this V1 cert?	01:23
quentusrex	I just generated it with openssl	01:23
quentusrex	that's the fake one that works.	01:23
infinity	V1 is the default with an openssl req with no options, IIRC.	01:23
infinity	But gnutls should be happy with V3, I suspect that's a red herring.	01:23
quentusrex	is there a paste bin that you prefer?	01:24
quentusrex	I'll paste the cert dumps	01:24
infinity	ubuntu.com	01:24
hggdh	yes, it would be good	01:24
infinity	http://pastebin.ubuntu.com/ even	01:24
hggdh	pastebin.ubuntu.com	01:24
quentusrex	http://paste.ubuntu.com/216539/	01:25
quentusrex	those are both the cacerts.	01:25
quentusrex	I hadn't considered that the problem could be with a field in the cert	01:25
quentusrex	I thought it had something to do with corruptions, or not actually being signed or something... but all the verify commands I could find passed.	01:26
hggdh	quentusrex: what time is it now at your locale?	01:26
quentusrex	5:30	01:26
quentusrex	west coast, USA	01:26
hggdh	of July 12th, right?	01:27
quentusrex	right	01:27
quentusrex	lol	01:27
quentusrex	I see an issue... :)	01:27
hggdh	look at the Not Before timestamps	01:27
quentusrex	right, but the real one you're looking at was just generated to pose as the real one	01:28
quentusrex	both generated with tinyca2 and both fail for the same reasons.	01:28
quentusrex	Just with random information in there	01:28
infinity	Well, does the real real one have that same timestamp? :)	01:28
quentusrex	nope	01:28
hggdh	yes. The point is both of these should NOT be valid to begin with	01:28
quentusrex	it was generated in March of 07	01:28
quentusrex	wait,	01:28
quentusrex	that is GMT	01:29
quentusrex	I'm -8 from there.	01:29
quentusrex	so it is valid.	01:29
hggdh	indeed	01:29
hggdh	so a red herring	01:29
quentusrex	yup	01:29
quentusrex	:)	01:29
quentusrex	I'd rather have false positives that turn out to be red herrings, than a false negative and never get a working ldap server... :(	01:30
quentusrex	I'm working on a script that will allow me to tweak the cert generation parameters	01:30
hggdh	OK. Next one. fake one that works has a 1024 key, real one that fails has a 4096 key. Have you tried a fake one with 4096?	01:30
quentusrex	and test it on an openldap server	01:30
quentusrex	yup, and a real one with 1024	01:30
quentusrex	red herring.	01:30
hggdh	OK	01:30
hggdh	quentusrex: the real one is a CA cert	01:31
hggdh	I thought it was an user cert	01:32
hggdh	like the first one	01:32
quentusrex	both should be ca certs	01:32
quentusrex	hmm....	01:33
quentusrex	you're right...	01:33
hggdh	first one should be refused, it does not have 'CA: True" critical constraint	01:33
quentusrex	that's right... I've been using a self signed cert for the fake ones, thinking I had built ca certs.	01:34
infinity	quentusrex: So, some random googling suggests that you need to tell openldap where to find the path to the CA cert.	01:35
quentusrex	brb afk	01:35
quentusrex	infinity: I do, I specify it.	01:35
quentusrex	I think my test case is wrong...	01:35
quentusrex	brb though...	01:35
infinity	quentusrex: Have you run slapd in debug mode (slapd -d -1) to see if it's any more useful?	01:35
quentusrex_	back	01:37
quentusrex_	had to change computers for a moment	01:37
infinity	quentusrex: Have you run slapd in debug mode (slapd -d -1) to see if it's any more useful?	01:38
quentusrex_	infinity, I tried that, but I did not get anything more from it	01:38
quentusrex_	the same one line error. failed to start tls, with the error code -1	01:38
infinity	And I'll assume, since you have a testcase and all, that it's not file permissions?	01:38
quentusrex_	nope, not file permission problem	01:38
quentusrex_	but we've just proved that my test case was flawed.	01:39
quentusrex_	I am not sure I was actually generating a ca cert,	01:39
quentusrex_	but possibly a self signed cert,	01:39
hggdh	well, if you were using the CA cert as an LDAP "user" cert, then ldap would most probably barf	01:39
quentusrex_	so it could have been working because the cert was self signed it didn't need to look for the CA, so it didn't run into the same issue.	01:39
quentusrex_	nope, not an ldap user cert. as the server cert.	01:40
quentusrex_	the ldap server has nothing but default data in it...	01:40
hggdh	yes, server cert == user cert; there are CA certs, and "user" certs	01:40
infinity	Yeah, you need both here in your case...	01:41
infinity	TLSCertificateFile /etc/openldap/currentcert.pem	01:41
infinity	TLSCertificateKeyFile /etc/openldap/currentkey.pem	01:41
infinity	TLSCACertificateFile /etc/openldap/demoCA/cacert.pem	01:41
hggdh	you do not usually run ON a CA cert. You deploy a cert signed by the CA	01:41
infinity	The last one needs to be your CA, the first two are the server "user" cert.	01:41
quentusrex_	hggdh, right. that is what I'm doing.	01:41
quentusrex_	but you have to distribute the ca cert along with the client cert and key	01:42
quentusrex_	for tls.	01:42
hggdh	yes, you always have to distribute the CA certs.	01:42
hggdh	or, better saying, the real user should check on the CA cert, ideally out-of-band	01:43
infinity	Yes. Lots of software out there explodes when you try to use "chained" certs, which is what I was driving at before.	01:43
hggdh	so. when you put the real CA cert (the one in the pastebin) as TLSCACertFile it fails	01:43
infinity	(ie: when your CA is bundled in the cert, rather than being an out-of-band check)	01:44
hggdh	but, when you put the real CA in the TLSCACertFile, you have to change the TLSCertFile accordingly. Did you do it?	01:45
* hggdh BTW asks for pardon on asking dumb questions, but one needs to be sure...		01:45
quentusrex_	yes, I did that... I think I'm on to something...	01:47
quentusrex_	I changed the order of the cert file includes.	01:47
quentusrex_	it changed the error code...	01:47
quentusrex_	if the CAcert line isn't first the error is -34	01:47
quentusrex_	with ca cert first it's -1	01:47
quentusrex_	I finally get an interesting error message:	01:49
quentusrex_	gnutls-serv --x509keyfile ./ssl/server.pem --x509certfile ./ssl/server.pem	01:49
quentusrex_	Set static Diffie Hellman parameters, consider --dhparams.	01:49
quentusrex_	Error reading './ssl/server.pem' or './ssl/server.pem'	01:49
quentusrex_	Error: Base64 decoding error.	01:49
quentusrex_	I get this when I install gnutls-bin	01:49
quentusrex_	and run that first line....	01:49
JordiGH	Got a problem with two Ubuntu boxen not being able to relay email to one another.	01:50
JordiGH	The problem: http://erxz.com/pb/18721	01:50
JordiGH	web2 is running exim4. I am guessing I need to tweak stuff in web2's exim.conf, but I don't know what.	01:51
quentusrex_	hggdh and inifinity, you were right. It's a bad header.	01:52
quentusrex_	with the real keys I get this error: gnutls-serv --x509keyfile ./key.pem --x509certfile ./cert.pem	01:53
quentusrex_	Set static Diffie Hellman parameters, consider --dhparams.	01:53
quentusrex_	Error reading './cert.pem' or './key.pem'	01:53
quentusrex_	Error: Base64 unexpected header error.	01:53
quentusrex_	Now, if only there were a way to find how which header..	01:53
ScottK	JordiGH: You need to authorize the other one to relay mail. I could tell you how for Postfix, but Exim, I have no idea.	01:55
JordiGH	ScottK: Yeah, I have "host_accept_relay = 127.0.0.1 : ::::1 : 192.168.1.0/24" in exim.conf, which seems a bit cryptic.	01:56
ScottK	JordiGH: I'd try adding the IP of the other mail server to that.	01:56
JordiGH	ScottK: You mean the specific one instead of the netmasked IP network?	01:57
ScottK	JordiGH: Is it in 192.168.1.0/24?	01:57
JordiGH	web4 from which I telnetted is 192.168.1.248	01:58
ScottK	OK, then I'm confused. I'd have expected that to work.	02:01
* ScottK looks around for someone who knows something about Exim.		02:01
JordiGH	Unless those streams of colons don't do what I expect them to.	02:02
infinity	JordiGH: The stream of colons is the IPv6 localhost.	02:02
infinity	JordiGH: Are you using exim's split config, or monolithic?	02:03
infinity	JordiGH: (Maybe you edited the monolithic config, but you're actually using split?)	02:03
twb	ScottK: #debian is full of exim weenies :-)	02:04
ScottK	Yet another reason not to go there.	02:04
JordiGH	Hey, I'm a Debian weenie. :-(	02:05
twb	You have to tiptoe around them	02:05
infinity	JordiGH: Also, if this is exim4, I suspect you want "relay_from_hosts", not "host_accept_relay"	02:05
JordiGH	infinity: /etc/exim only has exim.conf and exim.conf.0	02:05
twb	ScottK: having said that, IME #debian (on OFTC, at least) is more helpful than #ubuntu.	02:05
ScottK	Well I don't go there either.	02:05
twb	#ubuntu is like a preschool full of screaming toddlers trying to configure compiz	02:05
infinity	JordiGH: Eww, and no it's not, you're using exim3... Stop that. :)	02:05
JordiGH	infinity: dapper drake.	02:06
twb	JordiGH: remind us why postfix isn't allowed?	02:06
infinity	JordiGH: exim4 is on dapper.	02:06
infinity	JordiGH: exim3 is in universe and entirely unsupported, no?	02:07
JordiGH	Ah, you're right, exim4 is available.	02:07
JordiGH	twb: It isn't unallowed. You want me to use it instead?	02:07
infinity	twb: Don't get into an MTA flamewar. :P	02:07
infinity	twb: We support both for a reason.	02:07
twb	Eh, sorry.	02:08
twb	I should have added a ";-)"	02:08
JordiGH	I really have no preference.	02:08
ScottK	The reason being infinity likes Exim.	02:08
ScottK	;-)	02:08
infinity	ScottK: And elmo. :P	02:08
ScottK	That too	02:08
JordiGH	MTAs are like toasters to me. They should toast, and exactly how they toast and which one should toast, I don't really care.	02:08
twb	JordiGH: then probably best to use whatever people around here will provide support for.	02:08
infinity	JordiGH: Anyhow. exim4 should "just work" when you configure it out of the box.	02:08
infinity	JordiGH: Alternately, switch to postfix, which will also "just work" when configured with the help of people like twb.	02:08
JordiGH	infinity: alright... it's a debconf config, right? At least it is in Debian.	02:09
infinity	JordiGH: I couldn't care less what anyone other than me uses. :)	02:09
infinity	JordiGH: Same as the Debian debconf config, yeah.	02:09
JordiGH	Hmmm... alright, what do I want here? I already don't know what to answer for the first question.	02:09
JordiGH	internet site?	02:10
infinity	Yes.	02:10
JordiGH	convert exim v3 config?	02:10
JordiGH	Okay, internet site.	02:10
twb	I don't provide support for postfix, either. HAND.	02:10
quentusrex_	hggdh, alright. I've build the test system for the fake certs. I'm actually useing ca certs now...	02:10
quentusrex_	hggdh Any guess as to which of the headers are more likely to cause problems?	02:11
JordiGH	Man, SMTP sounds like LOLcatese to me.	02:12
JordiGH	"HELO web2"	02:12
JordiGH	"Why, hello there, web5".	02:12
JordiGH	"MAIL FROM: <jordigh@gmail.com>"	02:12
JordiGH	"Ah, yes, I see, and who is the recipient?"	02:13
JordiGH	"RCPT TO: <jordigh@gmail.com>"	02:13
JordiGH	"I'm afraid I can't let you do that, Bob..."	02:13
JordiGH	etc	02:13
JordiGH	Alright, so is the default the monolithic or the modular exim4 config?	02:13
infinity	No idea anymore. It used to be a debconf question, I suspect someone's nixed it.	02:14
infinity	Probably defaults to monolithic now to avoid upstream getting grumpy about stupid Debian users and their bad bug reports.	02:14
infinity	(I use split)	02:14
infinity	JordiGH: If you have an exim.conf in /etc/exim4, you're using monolithic. If not, it's in /var/lib/exim4, and you're using split.	02:15
JordiGH	I have a exim.conf.template...	02:17
infinity	grep dc_use_split_config /etc/exim4/update-exim4.conf.conf	02:18
infinity	(I knew it was a debconf question)	02:18
infinity	Must just have not been shown at your priority.	02:18
infinity	JordiGH: Anyhow, assuming you're using split, just edit dc_relay_nets in /etc/exim4/update-exim4.conf.conf, re-run "update-exim4.config", and restart exim.	02:20
JordiGH	infinity: It is a debconf question, but wasn't asked at install. It's asked with dpkg-reconfigure, though.	02:20
infinity	JordiGH: That's because dpkg-reconfigure defaults to priority=low	02:20
infinity	JordiGH: Your system's probably set to high or critical.	02:20
JordiGH	Hm... it still thinks that relaying to gmail.com is prohibited.	02:22
infinity	Seriously?	02:22
JordiGH	Yeah, identical SMTP session. :-/	02:23
JordiGH	http://erxz.com/pb/18721	02:23
infinity	http://pastebin.ubuntu.com/	02:24
infinity	That's with lucifer's IP (174.0.107.159/32) in dc_relay_nets	02:24
JordiGH	Wait, I think I had the wrong answer..	02:24
JordiGH	"Domains to relay mail for" that should be *, right?	02:26
infinity	Wow, linking the paste would have been helpful there to prove my point. :P	02:26
infinity	http://pastebin.ubuntu.com/216565/	02:26
infinity	No!	02:26
infinity	No, no, no.	02:26
infinity	* would be an open relay.	02:26
infinity	You only relay for the domains you accept mail for as an MX.	02:27
infinity	Whereas the relaying you want is allowing privileged hosts to relay through you.	02:27
JordiGH	What's the difference between "domains to relay mail for" and "machines to relay mail for"?	02:28
infinity	"machines" is what turns into "relay_nets".	02:29
infinity	Machines is who you will accept mail FROM, to send to anywhere.	02:29
infinity	Domains is who you will accept mail TO, from anywhere.	02:29
infinity	If you're not a secondary MX, relay_domains should be empty.	02:29
infinity	(usually)	02:30
JordiGH	Uhhhh...	02:30
infinity	JordiGH: Here's a simple config: http://pastebin.ubuntu.com/216566/	02:31
JordiGH	Okay, so I did tell debconf to use monolithic config.	02:31
infinity	JordiGH: It accepts mail for all those domains listed, it doesn't forward/relay mail for any other domains, and it accepts mail to ANYWHERE from the IPs listed.	02:31
infinity	JordiGH: (Of course, mine's a split config, so translate as required)	02:32
JordiGH	infinity: Kay... dc_other_hostnames is the machines from which I accept incoming SMTP connections?	02:33
JordiGH	infinity: dc_relay_domains is blank because those machines can send anywhere in the world, right?	02:33
infinity	JordiGH: other_hostnames is all the hostnames/domains that you accept mail FOR.	02:34
infinity	JordiGH: So, my config accepts mail for loki.0c3.net, szeretlek.net, etc...	02:34
infinity	JordiGH: (By default, you'd only accept mail for you actual hostname, without that line there)	02:34
JordiGH	infinity: Oh, so I can't email gmail.com from your machine?	02:34
infinity	JordiGH: But that's for local delivery.	02:34
infinity	JordiGH: You can email gmail.com from my machine if you're listed in relay_nets.	02:35
infinity	JordiGH: relay_nets defines the people who are allowed to send mail ANYWHERE.	02:35
JordiGH	Ah, ok, ok...	02:35
infinity	JordiGH: Anyone not in that list can only send mail to other_hostnames and relay_domains.	02:35
JordiGH	lessee..	02:35
infinity	JordiGH: Note that while the options have different names (obviously), every MTA has this exact concept. You're filtering on two sets: "People who can send mail to anyone", and "Anyone can send mail to a specific small set of addresses".	02:36
JordiGH	infinity: Interesting.	02:37
twb	!release	02:43
ubottu	Ubuntu releases a new version every 6 months. Each version is supported for 18 months to 5 years. More info at http://www.ubuntu.com/ubuntu/releases & http://wiki.ubuntu.com/TimeBasedReleases	02:43
twb	!eol	02:44
ubottu	End-Of-Life is the time when security updates for an Ubuntu release stop. See https://wiki.ubuntu.com/Releases	02:44
JordiGH	Yes, I know DD is dead.	02:45
JordiGH	So is my website, kinda, but not because of DD.	02:45
twb	JordiGH: sorry, that was for me.	02:47
twb	I was too lazy to /msg ubotu, sorrry.	02:47
ScottK	Dapper is not dead for this channel, just weaklings who need X.	02:51
ScottK	Actually my desktop is still Dapper. I haven't ever bothered to upgrade it.	02:58
JordiGH	infinity: http://pastebin.ubuntu.com/216574/	02:59
JordiGH	infinity: Still full of fail. :-(	02:59
infinity	JordiGH: You're running update-exim4.conf and restarting exim after changes, right?	03:01
JordiGH	infinity: ayup. "/etc/init.d/exim4 restart"	03:02
ajmitch	ScottK: you're even worse than me	03:02
twb	My laptop runs Sid because otherwise how can I test that my bugs have ACTUALLY been fixed when maintainers close them? ;-)	03:02
infinity	JordiGH: Oh, but you're still not using split config either.	03:02
infinity	JordiGH: So, editing that probably doesn't buy you much.	03:02
infinity	JordiGH: (Just find relay_from_hosts in your actual config and edit it)	03:02
ScottK	ajmitch: The smaller the computer it seems the newer I use. Desktop is Dapper, laptop is Jaunty, netbook is Karmic.	03:03
JordiGH	infinity: How about I just use a split config?	03:03
* JordiGH doubts it makes a difference, but whatever.		03:03
infinity	JordiGH: Up to you. :)	03:03
* infinity needs to run off.		03:04
infinity	JordiGH: Ultimately, however you do it, you need exim to think that network is in relay_nets, and you win.	03:04
slestak	n external python package? I am having import name resolution problems and dont see what is accuring	03:20
slestak	netbook ate my first line	03:20
slestak	is /usr/local/lib/python2.6/dist-packages/ a typical location for an external package?	03:20
JordiGH	/usr/local is stuff not managed by dpkg.	03:23
slestak	i used the modules setup.py	03:25
slestak	it is not in apt	03:25
ScottK	slestak: More likely site-packages, but that may be OK.	03:32
ScottK	slestak: import sys and then print sys.path to see if it's in your path.	03:32
slestak	ScottK: good idea	03:32
slestak	ScottK: last key in path is '/usr/local/lib/python2.6/dist-packages'	03:33
ScottK	Then that should be a fine location.	03:34
slestak	every .py in examples for package xlwt fails with the same error	03:34
slestak	File "/usr/local/lib/python2.6/dist-packages/xlwt/Worksheet.py", line 52, in __init__	03:35
slestak	self.Row = Row.Row	03:35
slestak	AttributeError: 'module' object has no attribute 'Row'	03:35
slestak	Row.py is on the dir, and it has a class name Row	03:36
ScottK	Try to append xlwt to sys.path	03:38
slestak	where is that adjusted?	03:39
ScottK	slestak: FYI, xlwt is packaged in Karmic, so you could ask for a backport of the package for whatever release you're using.	03:39
slestak	im supposed to present this at a PUG tomorrow :)	03:40
ScottK	slestak: It's something like sys.path.append("pathyouwanttoadd")	03:40
slestak	dont think backport will be quick enough	03:40
ScottK	slestak: What release are you using?	03:40
slestak	im about the least exp guy in the group	03:40
slestak	9.04	03:40
ScottK	slestak: What timezone are you in?	03:41
slestak	EST	03:41
JordiGH	infinity: If you're still there, the problem was that exim3 was still running even though I removed the package and /etc/init.d/exim stop didn't stop the daemon either. I killdashnined the process and restarted exim4 and now it works.	03:41
JordiGH	WTF.	03:41
* JordiGH has spent maybe 4 hours on this today.		03:41
ScottK	slestak: If you don't get it figured out tonight, we can probably manage a backport in the morning.	03:42
* ScottK would likely have to mangle some rules to get it done tongiht.		03:42
slestak	that would be awesome. i used pyExcelerator, maybe I should just present that, its in Jaunty. I just know xlwt and xlrd have replaced it	03:42
JordiGH	When is sysadmin day? I think I'm gonna demand lots of ice cream for it.	03:42
ScottK	JordiGH: sysadmin day is on the horizon.	03:43
slestak	bofh day?	03:43
JordiGH	Good.	03:43
* JordiGH wonders if he could also demand sexual favours on July 31st.		03:43
slestak	lo0l	03:43
JordiGH	Interesting sysadmin day is the day before my birthday.	03:43
ScottK	The horizon being an imaginary place you can walk towards, but never reach.	03:43
JordiGH	It's actually in a few weeks.	03:43
ScottK	JordiGH: This is probably going to sound silly to you, but we work very hard here to create an environment where everyone will be confortable, so it's not a huge deal, but talking about demanding sexual favors probably isn't the best idea for here.	03:44
slestak	ScottK: I'll try it on another workstation, see if it is consistent	03:44
JordiGH	I guess sex is going to make someone uncomfortable.	03:45
JordiGH	Fine, fine.	03:45
ScottK	slestak: sys.path.append("/usr/local/lib/python2.6/dist-packages/xlwt/")	03:49
slestak	ScottK: i just installed pyExclearator from repo. it works fine. xlwt is a fork, so I'll just explain that the package imshowing is a lottledated	03:49
slestak	i can wait for karmic	03:49
ScottK	slestak: OK. I'd try sys.path.append	03:49
slestak	but that will not help me when running a .py in bash?	03:50
slestak	or can i run the exampkles easily from the python shell, after touching up sys.path?	03:50
ScottK	Or edit the start of the example to do it for you.	03:53
slestak	no joy	03:57
slestak	I alsotried adding from xlwt.Row import *	03:58
slestak	well, im done for the night, thx for the help	04:00
quentusrex	hggdh: ScottK: infinity: are you still around?	04:18
quentusrex	I've narrowed the limitations for gnutls...	04:18
ScottK	Maybe.	04:18
quentusrex	I've removed almost all of the cert attributes	04:18
quentusrex	down to the fewest	04:19
quentusrex	but gnutls still can't handle it...	04:19
=== s_markow_ is now known as s_markow
ScottK	Can gnutls generate certs like openssl does?	04:26
ScottK	If it can, maybe generate a cert from it and see what's in it.	04:27
=== Kyon0 is now known as Kyon`Away
=== Kyon`Away is now known as Kyon0`Away
=== ircd is now known as Guest18724
zpotonaator	hey, can anybody tell me wher's the default logrotate conf for mail.log, currently it's rotating between 06:0 -07:00	09:05
zpotonaator	and only keeping 6 days of log	09:05
zpotonaator	but mail.log is not defined for logrotate to rotate	09:06
zpotonaator	found the solution, it's sysklogd that's rotating the logs by default, /etc/cron.daily/sysklogd, not logrotate	09:13
_ruben	which is a nice default solution, but very managable in the long run, imo	09:14
_ruben	add "not" somewhere in that line :)	09:14
zpotonaator	:P	09:21
Daviey	Hi, Can someone sponser an apache related SRU for Hardy to -proposed for me?	09:40
Daviey	bug #394696	09:40
uvirtbot	Launchpad bug 394696 in apache2-mpm-itk "Please rebuild apache2-mpm-itk [Hardy] to handle updated apache source" [High,Confirmed] https://launchpad.net/bugs/394696	09:40
j0nr	Hi all... running spamd seems to be a none starter for me on my 256MB RAM server. Is there any other ways to begin to control spam thats not too heavy on RAM? thanks	09:57
henkjan_	j0nr: greylisting	09:59
_ruben	tho from what i've read, greylisting is becoming less effective rapidly	10:06
_ruben	rbl checks remain fairly effective	10:07
_ruben	or just upgrade the server :)	10:07
RoyK	I use greylisting and the built-in bayes-filter in OS X mail. The greyfiltering takes out some 90-95% or so and most of the rest is taken by the OS X mailfilter	10:29
RoyK	s/mailfilter/spamfilter/	10:29
Daviey	j0nr: Or switch to a VPS provider that provides a spamd server :)	10:59
* Daviey knows of at least two in the UK that does this.		11:00
j0nr	Daviey: maybe they do... I will enquire	11:12
* j0nr is googleing greylisting		11:12
j0nr	postgrey?	11:12
_ruben	that's one implementation of it, yes	11:14
* Daviey uses postgrey.. Doesn't stop that much tbh.. Mainly due to alias email addresses which formward to my smtp server		11:22
Daviey	j0nr: What sort of mail volume do you have?	11:22
=== Kyon0`Away is now known as Kyon0
j0nr	Daviey: very little... but enough to want some sort of spam filter... (i dont need a male member enlargement!)	11:45
j0nr	probably <50 a day unwanted emails	11:47
Daviey	j0nr: How many mails in total?	11:47
j0nr	< 60 probably a day inc. spam (	11:47
j0nr	oh actaully.. i am on ubuntu-uk mailing list so more	11:48
Daviey	j0nr: It's just that i have a dedicated spamd server in the same datacentre.. You can use it for a while?	11:48
j0nr	still probably <100	11:48
j0nr	what datacentre?	11:48
Daviey	The same one as you :)	11:48
Nafallo	Daviey: what data centre?	11:50
j0nr	Daviey: oo sounds good....	11:51
j0nr	what are implications?	11:51
Daviey	Nafallo: RHC North	11:52
Sarthor	Hi, there was 2 lan cards in my ubuntu 9.04 i386, (eth0, eth1), i removed one lan card and put other, now my linux gave the name as eth2 to the new lan card, How can i change this eth2, back to eth1,	11:52
Nafallo	Daviey: doesn't sound like London...	11:52
Daviey	Nafallo: Oh, Is it only London that had datacentres? :)	11:53
\sh	Sarthor: vi /etc/udev/rules.d/70-persistent-net-rules.*	11:53
\sh	Sarthor: change the new eth2 to eth1 and remove the old entry	11:53
Nafallo	Daviey: well. that matters anyway ;-)	11:53
acalvo	Hi! I'm making a script to move an LDAP tree to a new one, but I'm having troubles with accents. In the command-line I can see that everything is right, but when it is stored to the LDAP it's all mix up...	11:54
j0nr	Daviey: what about this spam filter then?	12:48
Daviey	j0nr: Ok.. let me add your IP to my firewall	12:56
Daviey	j0nr: -> PM	12:56
awmcclain	I've looked for a while on google for this and I couldn't find it... anyone know how to set up ssh so that files created over ssh are automatically group writable?	13:19
henkjan_	awmcclain: man umask	13:22
awmcclain	henkjan_: No man entry. Also, for some reason I was under the impression that setting a umask for a user didn't work over ssh, but that makes no sense.	13:24
awmcclain	That gives me enough.	13:24
awmcclain	Hrm, umask 022, but directories are g-w. Maybe it's an issue with bzr over ssh.	13:31
awmcclain	Oh never mind.	13:31
uvirtbot	New bug: #398733 in dovecot (main) "Dovecot Plain auth broken in 1.1.1, fixed in 1.2.1" [Undecided,New] https://launchpad.net/bugs/398733	13:34
maxb	awmcclain: umask 022 explains directories being g-w	13:40
maxb	umask 002 is what would be required	13:40
awmcclain	maxb: Yeah, i just realized that, I changed to 0002 but I'm still seeing the same issue.	13:40
awmcclain	Oh.... let me check the user's profile and see if it's being overwritten	13:40
maxb	profile will not be involved in a bzr-over-ssh session	13:41
maxb	You will likely want to consider setting the umask via pam	13:41
maxb	Do be aware that umask 002 is an insecure configuration for any user whose primary group is not one private to themselves	13:42
awmcclain	maxb: Ah, that explains a lot. Understood. I'm guessing a google search of 'umask pam' is in order.	13:43
maxb	Specifically pam_umask.so	13:44
maxb	and man pam_umask	13:45
maxb	especially the usergroups option	13:46
ruben23	hi i have an existing disk on my server--> but disk is getting full, if i add up another disk can i merge it with my existing idsk..?	13:51
ruben23	particularly im using the directory for saving /var/spool/asterisk/monitor---->rela time saving of voice records..	13:51
ruben23	anyone have idea	14:58
pirx	hi! has anyone used linux-ha (high availability)? looking for a good tutorial/howto...	15:31
jmarsden	pirx: Using Google gets me: http://www.linux-ha.org/HeartbeatTutorials	16:10
shivek	So what's your website url	16:58
shivek	I want to check it out	16:59
balloooza	well... right now I have a photo gallery	16:59
shivek	Give me the url	16:59
balloooza	shivek: http://balloooza.homelinux.com/gallery3	16:59
shivek	mysql ??	17:00
balloooza	shivek: ? what are you asking	17:00
shivek	does the speed depends on my computer specifications or bandwidth or both?	17:00
balloooza	shivek: my bandwith is slow, depending where you are	17:01
shivek	I'm in India	17:01
balloooza	shivek: illinois	17:01
balloooza	shivek: usa	17:01
shivek	my bandwidth is 215kbps	17:01
shivek	ok	17:01
shivek	what's your bandwidth	17:02
balloooza	shivek: ouch, you will never load my site, but I can still help you	17:02
shivek	yeah help me	17:02
shivek	its not loading	17:02
balloooza	shivek: so, what kind of site, for a buisnuiss	17:02
firecrotch	wow I'm in Wisconsin and I can't even load your site, balloooza	17:02
balloooza	shivek: it will be slow, has to go around the world	17:02
balloooza	maby it is not running?	17:03
shivek	no I'm a student I want a personal website	17:03
balloooza	maby the site is closed, I did some maintnence, and maby messed up the firewall	17:03
shivek	balloooza: yeah its not running	17:04
balloooza	so a personal site, like reseme (sorry I cannot spell)	17:04
shivek	balloooza: yeah I'm just 14 and I've developed a site for me. what's reseme? " D	17:05
balloooza	shivek: same age, that is a thing that you make to get a job (I thought you ment university)	17:06
shivek	balloooza: should I use MySQl or something else	17:06
shivek	Are u also 14 ??	17:06
balloooza	shivek: mysql is a database	17:06
balloooza	shivek: yes 14	17:07
shivek	so do u also wanna become a hacker ?	17:07
balloooza	shivek: ya	17:07
shivek	who are u insipired from	17:07
shivek	I think we should work together	17:08
shivek	Working together we will be masters	17:08
shivek	What all languages do u know??	17:08
shivek	balloooza: Are you there ?	17:09
balloooza	shivek: that is a little off topic, but no languages yet, but I want to get a little development board for my birthday, so I will learn	17:09
shivek	Oh	17:09
shivek	you don't even know html ?	17:09
balloooza	yes, html	17:10
balloooza	shivek: that is a markup language, what you will most likly use for the website	17:10
shivek	yeah	17:10
shivek	I know	17:10
shivek	I know html	17:11
shivek	and I'm learning python 3	17:11
shivek	Do you have an orkut account ?	17:11
balloooza	That is what I will use to program, second q: no	17:11
=== so is now known as simon-o
shivek	What do u mean . I didn't get u	17:12
balloooza	shivek: hu, no orkut, and also if we start bugging people (none here) we should move to pm	17:12
shivek	pm ?	17:13
balloooza	shivek: Private Message	17:13
shivek	ok	17:13
balloooza	but only if we are bugging somone	17:13
shivek	i just want that we should stay in touch.	17:14
shivek	balloooza: Because I've never found anyone of my age who wants to become a hacker!	17:14
balloooza	OK, how wold I do that? I have gmail, I think that is related to orkut?	17:15
balloooza	btw, mw website is not working, have to figure that out	17:15
shivek	balloooza: yeah it is	17:15
shivek	just give me your email id	17:15
shivek	I'll add you	17:15
=== obstriege is now known as obst
=== dazman is now known as Guest26280
balloooza	shivek: it is in my info for irc	17:16
shivek	balloooza: and you should get an orkut account	17:16
balloooza	shivek: did you get it?	17:16
shivek	balloooza: no it isn't displayed	17:17
balloooza	oh, let me take off the hide...	17:17
balloooza	now try	17:17
shivek	balloooza: sure and you should also get an orkut account because hackers also need to know moron mentality .	17:18
=== maxb_ is now known as maxb
balloooza	just signing up...	17:18
shivek	balloooza: take mine<shivekk@gmail.com> .yeah cool add me as ypur friend .Search shivek khurana	17:19
shivek	balloooza: What's your full name ?	17:19
balloooza	accualy I put in my birthday, and it said 18	17:20
specto	I hope you guys know that this chat is logged.	17:20
balloooza	shivek: yes, do not say stuff personal, that is why I have not said stuff personal	17:20
shivek	balloooza: Ok. You can still create one , add any year that it accepts	17:21
shivek	balloooza: it doesn't really matters.	17:22
shivek	specto : thanks for warning :D	17:22
specto	shivek: no problem.	17:22
shivek	balloooza: done ?	17:22
balloooza	ok shivek, I have added you, have you added me?	17:23
specto	!offtopic	17:23
ubottu	#ubuntu is the Ubuntu support channel, for all Ubuntu-related support questions. Please use #ubuntu-offtopic for other topics. Thanks!	17:23
shivek	wait let me see.	17:23
shivek	ubottu: thanks for your advice.	17:24
ubottu	Error: I am only a bot, please don't think I'm intelligent :)	17:24
balloooza	shivek: lets move this to gmaail chat :)	17:24
shivek	balloooza: I'm coming there	17:24
Pirate_Hunter	anyone here with knowledge of ISPConfig if so, could i get help, trying to figure out why I the browser interface doesnt work even knowing it installed correctly?	17:38
Pirate_Hunter	anyone here with knowledge of ISPConfig if so, could i get help, trying to figure out why I the browser interface doesnt work even knowing it installed correctly?	17:44
ruben23	hi i have an existing disk on my server--> but disk is getting full, if i add up another disk can i merge it with my existing idsk..?	17:45
ruben23	particularly im using the directory for saving /var/spool/asterisk/monitor---->rela time saving of voice records..	17:45
firecrotch	Pirate_Hunter: I myself haven't used ISPConfig, but maybe I can help you troubleshoot...	17:46
firecrotch	Pirate_Hunter: From what I know, it uses Apache? is apache running?	17:46
=== iulian is now known as Guest22306
Pirate_Hunter	firecrotch, should be, how do i check (sorry i am very new to the server side of linux)	17:47
firecrotch	Pirate_Hunter: ps -e \| grep apache	17:47
firecrotch	it should print out a line with a number, a question mark (or pts/#), a timestamp, and then the word apache	17:48
Pirate_Hunter	firecrotch, http://paste.ubuntu.com/217104/	17:49
Pirate_Hunter	firecrotch, yah i think that is correct so it is working	17:49
firecrotch	Pirate_Hunter: Ok, apache is running, so the next step is to check apache's error log, which is located at /var/log/apache2/error.log	17:50
Pirate_Hunter	firecrotch, http://paste.ubuntu.com/217106/ no errors there that i noticed	17:52
Pirate_Hunter	firecrotch, i think it could be ispconfig itself, even so it did successfully compile and give me the login details just doesnt work in browser :s	17:53
firecrotch	Pirate_Hunter: What is the error you get when you try to access the ISPConfig page?	17:53
Pirate_Hunter	firecrotch, one sec let me check on the actual box but its something like not accessible, temporary down or soemthing	17:53
Pirate_Hunter	firecrotch, xyz.de refused connection - the server might be busy or you may have network connection problem try again later	17:56
Pirate_Hunter	firecrotch, that is all i get nothing more specific	17:57
firecrotch	Pirate_Hunter: Are you trying to connect to it via https ?	17:59
Pirate_Hunter	firecrotch, yup that is what i chose, how come?	17:59
firecrotch	Pirate_Hunter: I think it is a problem with ISPConfig itself, or apache's configuration, since it's refusing the connection	18:00
Pirate_Hunter	firecrotch, ok but how do i go about finding out which is the problem since syslog doesnt say anything	18:01
firecrotch	Pirate_Hunter: If you can paste all of your apache configuration files (/etc/apache2/sites-enabled) I can take a look	18:03
specto	firecrotch: pastbin please.	18:05
Pirate_Hunter	firecrotch, they are default installed via tasksel havent changed anything was meant to once ispconfig was installed	18:05
firecrotch	ISPConfig changes your apache configs, I think	18:05
Pirate_Hunter	firecrotch, :o Oh didnt know that one sec	18:06
firecrotch	Pirate_Hunter: I've come across something that may have something to do with it... is it ISPConfig 2 or ISPConfig 3that you installed?	18:07
Pirate_Hunter	firecrotch, http://paste.ubuntu.com/217116/ i installed 2 since i think 3 is still beta	18:07
firecrotch	Pirate_Hunter: I noticed somewhere that you have to change /bin/sh to point to /bin/bash instead of /bin/dash for the install, or else there will be problems	18:08
Pirate_Hunter	firecrotch, i set up the server based on this tutorial http://www.howtoforge.com/perfect-server-ubuntu8.04-lts-p4 might help to know	18:09
Pirate_Hunter	firecrotch, i did do that, its in that tutorial	18:09
firecrotch	Pirate_Hunter: haha that's where I saw it ;)	18:09
Pirate_Hunter	firecrotch, yup that is what i used for my setup the problem is ispc can only be unninstalled from the browser interface i think otherwise i would do it again	18:10
firecrotch	Pirate_Hunter: And you are trying to access it via port 81, right?	18:11
Pirate_Hunter	firecrotch, yup just how the online manual states i havent really changed much except the host and a few bits	18:12
firecrotch	Pirate_Hunter: Well, you've got me stumped	18:13
firecrotch	Note to self: don't bother with ISPConfig	18:13
Pirate_Hunter	i will try to unninstall it again, can you at least provide me with a tut for a good server setup?	18:14
firecrotch	Pirate_Hunter: I've used EBox before, but I don't know if it does everything that ISPConfig does	18:16
Pirate_Hunter	ebox will check it out now, what are you using now?	18:16
firecrotch	Well currently I don't have any need for anything other than a simple web server, so I just have a ubuntu 8.10 box running apache and mysql right now	18:17
=== zoopster1 is now known as zoopster
Pirate_Hunter	firecrotch, sorry system went down	19:03
ball	Is there a way I can ask an Ubuntu Server box to enter "standby" mode?	19:04
firecrotch	Pirate_Hunter: welcome back :)	19:05
Pirate_Hunter	firecrotch, np well checking out ebox I think just about does what ispconfig does just in a different way still what do i know (all i want is to host my own site(s))	19:08
Pirate_Hunter	\np\*\no problem\	19:08
Pirate_Hunter	firecrotch, what you up to since i got time to spare	19:09
firecrotch	Pirate_Hunter: If it's just going to be a standalone webserver, I personally don't see the need for something like ISPConfig or ebox. It's pretty easy to host your own websites on a server with just apache, mysql and php installed. Look into apache virtual hosts	19:09
firecrotch	I'm currently configuring Kubuntu on my boss's laptop	19:10
Pirate_Hunter	firecrotch, oh didnt know i am quite new to this, I think i am ready to start using ubuntu for serious stuff without the desktop feature and wow your boss i can't even persuade anyone to try ubuntu or any linux OS	19:11
Pirate_Hunter	firecrotch, why kubuntu isn't that too bloated (in my opinion)	19:13
firecrotch	Pirate_Hunter: Well, we use ubuntu server for our servers, and Xubuntu on computers that we use to display videos and stuff on digital signage, and I use Kubuntu on my workstation since it's what I prefer, and he likes it :)	19:13
Pirate_Hunter	firecrotch, i bet he likes the eyecandy which is what made me try it in the first place, I have to admit it is neater more like being in an alternate version of windows	19:15
jon_high9000	I am configuring Postfix. mainly, to use postfix as an alternate smtp server in place of gmail. my question is this; i selected internet site and for mail name entered mail.gmail.com. based on what i have described does this sound correct?	19:15
firecrotch	Pirate_Hunter: Yeah, I've always found KDE to be more... Windows-like, and gnome to be more Mac-like	19:16
ball	I like Blackbox	19:17
ball	...but Gnome and Xfce4 are both things I could put in front of civilians	19:17
firecrotch	KDE seems to be more intuitive to new users who are used to Windows, in my opinion	19:18
Pirate_Hunter	yeah i agree on the kde part except the Mac bit since i havent used OSX :'(	19:18
Pirate_Hunter	ball, the civilians i know run from linux, some find it too hard even knowing the menu is right at the frigging top	19:19
ball	Pirate_Hunter: people are animals and animals fear change	19:19
firecrotch	Pirate_Hunter: Change the menu name to "Start" and put it at the bottom left corner and they'll have no trouble :)	19:20
Pirate_Hunter	i agree most users will be right at home with kde and koqueror needs some praising	19:20
jon_high9000	sorry about this folks. double checked my research and it is correct. my bad.	19:21
Pirate_Hunter	i did, i did they complained on the way they had to do things, if not the apps they wanted are not there even firefox was weird (it has been around for a long time :/)	19:21
howie	i just made the the switch from windows to full ubuntu like 2 weeks ago and i gotta say i couldnt be happier..	19:21
firecrotch	I think this discussion would be better suited for #ubuntu-offtopic btw	19:21
Pirate_Hunter	true say however im doing something in another box	19:24
Pirate_Hunter	thanks for earlier on firecrotch	19:24
firecrotch	no problem :)	19:25
* ball sighs		19:26
sleepster	I am looking for a patch for my kernel? It is currently configured for 100HZ and I would like it to be set to 1000HZ. the I/O performance is terrible when CONFIG_HZ is set to 100 which is the default I believe for ubuntu server kernel	19:36
balloooza	is it possible to dump all the apache configuration, I just want to start over (I realy messed it up, durring an upgrade, did not make backups of the working state, shoot me)	19:40
bogeyd6	balloooza, which ubuntu version?	19:51
balloooza	8.04	19:51
bogeyd6	nice	19:51
balloooza	nice, my version, or what I did :)	19:52
bogeyd6	baffle, https://help.ubuntu.com/8.04/serverguide/C/httpd.html	19:55
bogeyd6	sorry im at office so im in and out	19:55
bogeyd6	balloooza,	19:55
balloooza	bogeyd6: yes?	19:55
bogeyd6	balloooza, https://help.ubuntu.com/8.04/serverguide/C/httpd.html	19:56
bogeyd6	start all over with that link	19:56
balloooza	Thanks	19:56
mathiaz	sommer: do you know where a copy of the ubuntu server guide for 7.10 could be found?	19:57
mathiaz	MagicFab: ^^	19:57
bogeyd6	mathiaz, http://ubuntuguide.org/wiki/Ubuntu:Gutsy	19:59
bogeyd6	specifically http://ubuntuguide.org/wiki/Ubuntu:Gutsy#Servers	19:59
MagicFab	bogeyd6, tx!	20:00
bogeyd6	is there a compelling reason to be using 7.10?	20:00
MagicFab	bogeyd6, no, which is why i am helping upgrade / recover data from it :)	20:07
balloooza	now I have a new problem, there are no files in /etc/apache2, yes I doo have a backup of them, but how do I get the original factory files	20:09
balloooza	(ie all I have is httpd.conf)	20:10
bogeyd6	hmm	20:16
bogeyd6	ballooza	20:16
balloooza	bogeyd6: why do you say the name	20:16
bogeyd6	sudo apt-get remove apache2 && sudo apt-get install apache2	20:17
balloooza	running now...	20:18
bogeyd6	kk	20:18
bogeyd6	i always had a problem with it not putting init files back	20:18
balloooza	bogeyd6: still, nothing in the /etc/apache folder	20:18
balloooza	apache2	20:19
alexm	you should add --purge to remove for apt to remove config files	20:19
bogeyd6	yeah	20:19
bogeyd6	just thought of that	20:19
balloooza	ok, doing...	20:19
balloooza	still nothing	20:19
bogeyd6	ok	20:19
bogeyd6	did you do the purge?	20:19
balloooza	yes	20:19
bogeyd6	kk	20:19
alexm	are you concerned about /etc/apache or /etc/apache2 ?	20:20
balloooza	do you know what package the default config is in (I would have guessed apache2	20:20
bogeyd6	balloooza, apt-get --purge remove apache2-common apache2	20:20
balloooza	aeger /etc/apache2	20:20
bogeyd6	balloooza, apt-get install apache2	20:20
bogeyd6	that will work, i just tried it	20:20
balloooza	dont wory about the thing in the beginning awrng thing	20:21
alexm	then you should purge package apache2.2-common	20:21
alexm	dpkg -S /etc/apache2 show the package name owning the file or directory	20:21
bogeyd6	balloooza, sudo apt-get --purge remove apache2-common apache2 && sudo apt-get install apache2	20:21
bogeyd6	it works	20:22
bogeyd6	on 8.04.1	20:22
balloooza	so wait, so far I ran purge remove one, then the install apache2 one, now what do I do?	20:22
bogeyd6	the command i just gave you	20:22
bogeyd6	we didnt do the the -common last time	20:22
balloooza	I am looking for /etc/apache2/apache.conf	20:24
bogeyd6	balloooza, if you run that command it will default everything back to square one, just like you wanted. sudo apt-get --purge remove apache2-common apache2 && sudo apt-get install apache2	20:25
balloooza	OK, it didn't, but I will work on it more, obviously I have a non standered problem	20:26
alexm	balloooza: it will remove all the files that came or were created during the apache installation, but not those you created afterwards	20:27
alexm	if you want to make sure that you remove all of them, rm -rf /etc/apache2 after backing it up (just in case) and purging it	20:28
alexm	maybe package etckeeper will help you track changes on /etc/apache2 files, it's worth trying	20:29
ruben231	hi	20:33
ruben231	by default what is the password of root in fresh install ubuntu..?	20:33
ruben231	ubuntu-server	20:33
balloooza	there is none	20:33
balloooza	"for safty:	20:33
ruben231	no password..?	20:34
ruben231	just blank	20:34
balloooza	(ubuntu uses sudo instead of root, this is annoying somtimes, but I have learned to like it, I do not have to give put a root password	20:34
balloooza	BTW, there is no password, that means you cannot log onto it, this is ubutu security modle, so telling you how-to would be unexceptable, on the forums or here	20:35
bogeyd6	!noroot	20:36
ubottu	We don't support a root password so don't suggest one unless you are going to be here 24/7 to help someone who has problems as a result of having one, many thanks ;-)	20:36
bogeyd6	!root	20:36
ubottu	Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo	20:36
bogeyd6	sage advice ruben	20:36
ruben23	ok got it	20:36
balloooza	those are some new ubottu commands. saves me typing	20:37
bogeyd6	i wonder	20:37
bogeyd6	!root @ bogeyd6	20:37
ubottu	Sorry, I don't know anything about root @ bogeyd6	20:37
balloooza	bogeyd6: how do I get a list of all ubottu s commands ( I have a feeling he will tell me)	20:38
balloooza	!connands @ balloooza	20:39
ubottu	Error: I am only a bot, please don't think I'm intelligent :)	20:39
balloooza	!bot	20:39
ubottu	Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://ubottu.com/factoids.cgi - Usage info: http://wiki.ubuntu.com/UbuntuBots	20:39
balloooza	yay, that was it!!	20:40
bogeyd6	i dont know	20:40
bogeyd6	there you go	20:40
balloooza	I got it	20:40
bogeyd6	!iptables	20:40
ubottu	Ubuntu, like any other linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command (see https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw), or 'iptables' (https://help.ubuntu.com/community/IptablesHowTo). GUI applications such as Firestarter/Gufw (Gnome) or Guarddog (KDE) also exist	20:40
DormantOden	hey Ubuntu people	20:46
DormantOden	I seem to have a HUGE memory leakage problem	20:46
DormantOden	anyone know of any active memory readers?	20:47
balloooza	is this an ubuntu problem or ubuntu server	20:47
DormantOden	server	20:48
balloooza	run top	20:48
balloooza	then sort by memory usage	20:49
jbernard	DormantOden: once top comes up, hit 'O', then 'n', then <enter>	20:49
jbernard	DormantOden: that will sort the list by memory usage	20:49
DormantOden	will do =)	20:51
DormantOden	hmm, seems steady now	20:53
DormantOden	I was restarting apache quite alot.... Ill try that alot again :P	20:53
DormantOden	gah!	20:57
DormantOden	Found it!	20:57
DormantOden	Damn you migrate database!	20:57
DormantOden	its going to asplode again!	20:57
DormantOden	quick, how do i stop somthing 0o	20:58
DormantOden	ahhh... it died. ='(	20:59
firecrotch	DormantOden: what are you trying to do?	20:59
DormantOden	stop a massive memory leak	20:59
DormantOden	at least i found the culprit :P	20:59
DormantOden	it used like 2 gigs in 3 minutes 0o	21:00
firecrotch	DormantOden: whats the cause of the mem leak?	21:00
DormantOden	a doogy plugin by the looks of it. I tried to migrate some database things and it exploded	21:01
DormantOden	some chat plugin for redmine to be specific	21:01
DormantOden	How can I stop ruby, just for future needs?	21:02
troglobyte	If I wanted to automate a scp upload to /var/www/dirname (owned by www-data) do I just add the uploading user to the www-data group?	21:06
garchonix	hello	21:08
garchonix	could someone give me a hand? i need to sync two dirs, but transferring only files that in IN THE DESTINATION have mtime < some_time	21:08
garchonix	what would be the best way to do that?	21:08
jfontan1	troglobyte, that and also giving write premissions to group (that must be www-data)	21:12
troglobyte	jfontan1, thanks!	21:13
=== jfontan1 is now known as jfontan
quentusrex	Is anyone around that is familiar with x509 certs and gnutls?	21:25
=== cjwatson_ is now known as cjwatson
Bilge	Even though migrating from LTS to 9.04 would require upgrading in several steps, would it be possible, in future, to upgrade directly from an old LTS distro to a new one?	21:49
infinity	Bilge: We support LTS->LTS upgrades, yes.	21:52
infinity	Bilge: (For instance, we support dapper->hardy right now)	21:52
docta_v	i have some custom packages i've built and i'd like to authenticate them using apt... just wondering what the best method is to deal with trusted.gpg	22:04
docta_v	i was considering either... making my own package to replace this file wholesale... or running a script on every system to add the new key. there doesn't appear to be an easy way to deal with this issue	22:04
majikman	does anyone else here have issues with ubuntu's default configuration of having tomcat log stuff into syslog?	22:10
n8bounds	Hullo all	22:31
KillMeNow	howdy	22:31
n8bounds	anyone here handy with bind9?	22:32
KillMeNow	i'm fairly handy	22:33
n8bounds	i have a in-addr.arpa zone problem...	22:33
KillMeNow	what' the problem	22:33
n8bounds	my bind server hosts a few public zones	22:33
n8bounds	but i never set up a reverse lookup zone	22:33
n8bounds	trying to do that today results in fail	22:33
KillMeNow	well, you normally wouldn't	22:33
KillMeNow	unless the IP range has been swipped to you	22:33
n8bounds	i have to for our mail server	22:34
KillMeNow	for the public side	22:34
KillMeNow	ok, has the IP range been swipped to you?	22:34
n8bounds	our ISP (AT&T) delegates our public subnet's DNS (including the in-addr.arpa) zones to us	22:34
KillMeNow	ok	22:34
n8bounds	right, so the named service restarts fine with the config I have	22:34
n8bounds	but it refuses to answer	22:35
n8bounds	would u mind if i pasted one line from syslog in here?	22:35
KillMeNow	nope	22:35
n8bounds	Jul 13 17:35:11 mail named[21637]: client 65.188.241.191#62828: view external: query (cache) '132.82.145.12.in-addr.arpa/PTR/IN' denied	22:35
KillMeNow	ulness you wanted to use pastebin	22:35
n8bounds	i may have to	22:36
KillMeNow	are you running bind9 in a chroot jail?	22:36
n8bounds	the server's hostname is mail, obviously, and the client ip is an external source--of our network	22:36
n8bounds	negative	22:36
KillMeNow	k	22:36
n8bounds	this is just bind9 apt-got on 8.04.2	22:36
KillMeNow	ok	22:36
KillMeNow	i'm assuming then you created a in-addr.arpa zone for that IP block?	22:37
n8bounds	yes: http://pastebin.com/m7b432cde	22:38
KillMeNow	do you get any errors when you do your rndc reload?	22:40
n8bounds	negative	22:41
n8bounds	named-checkconf & named-checkzone pass fine too	22:41
KillMeNow	have you tried using the host command to dig out the reverse pointers locally to the DNS server?	22:43
n8bounds	no, good idea	22:44
n8bounds	lets see...	22:44
goldrake	hallo	22:44
n8bounds	Host 128-28.82.145.12.IN-ADDR.ARPA not found: 5(REFUSED)	22:44
n8bounds	@goldrake hiya	22:44
KillMeNow	also, the error also says that the query (cache) is denied, i'm not seeing the statement "allow-query-cache" in your named.conf	22:45
n8bounds	well, if i enable that, it just recurses through and ends up without an answer at the root servers...	22:45
KillMeNow	course you didn't post your named.conf	22:45
goldrake	good evening n8bounds	22:45
KillMeNow	hrm... if you don't "allow-recursion" i'm not sure it will allow it to go to the root servers	22:46
n8bounds	but im trying to be authoritative...	22:46
n8bounds	i dont want it to recurse to the roots	22:46
n8bounds	if you dont mind	22:47
n8bounds	i just enabled query-cache to any	22:47
n8bounds	from your machine, run this command: dig @ns.epescarriers.com -x 12.145.82.132	22:47
n8bounds	you will get NOERROR, but no answer either	22:47
KillMeNow	host 12.145.82.132 gives this reply: 132.82.145.12.in-addr.arpa is an alias for 132.128/28.82.145.12.in-addr.arpa.	22:48
n8bounds	now why would yours be different...	22:50
n8bounds	anyway, that doesn't make any sense either way	22:52
n8bounds	as I have 132.82.145.12.in-addr.arpa as a PTR rr not a CNAME	22:52
KillMeNow	dunno	22:53
KillMeNow	but are you still getting the denied error from localhost?	22:53
n8bounds	yes	22:55
n8bounds	i forgot to mention	22:55
n8bounds	this is "split"	22:55
n8bounds	i have two views	22:55
n8bounds	of which loopback does not fall into the external view	22:55
n8bounds	where that reverse zone is configured	22:55
KillMeNow	figured when i seen the "view external"	22:56
KillMeNow	however, if it works on the internal side, then we need to look at why it's not allowing it externally	22:56
KillMeNow	did you enable IPv6?	22:56
majikman	anyone know how to reconfigure tomcat so that it stops logging into syslog?	22:59
n8bounds	yes	23:01
n8bounds	i did enable ip6	23:01
n8bounds	i finally got my thread started: http://ubuntuforums.org/showthread.php?p=7611249#post7611249	23:03
n8bounds	there are almost ALL the config files	23:03
n8bounds	@majikman, lemme see how I have mine set up	23:03
majikman	n8bounds, i think i have to modify the /etc/init.d/tomcat6 file. ps shows this option.... -outfile SYSLOG -errfile SYSLOG	23:04
n8bounds	check out /etc/tomcat5.5/logging.properties	23:05
n8bounds	mine logs to syslog, but only on errors, it seems	23:06
n8bounds	mostly it logs to a few files in /var/log/tomcat5.5/	23:06
n8bounds	my init.d script uses "$CATALINA_BASE/logs" "$CATALINA_BASE/temp	23:08
n8bounds	"	23:08
goldrake	good night	23:08
majikman	n8bounds, thanks for looking. thats interesting to know. my logging.properties isn't set to use syslog and my init.d file is hardcoded to syslog. i just changed it and it should hopefully start working the way i want it to now	23:09
n8bounds	@majikman, np. make sure you create the tomcat5.5 subdir in /var/log if its not created already	23:10
KillMeNow	are you running SELinux n8bounds?	23:10
n8bounds	negative	23:10
n8bounds	i have no idea how to add that to ubuntu	23:10
KillMeNow	apparmor is Ubuntu	23:11
KillMeNow	and i've never gotten it to work properly	23:11
KillMeNow	always caused me more pain	23:11
n8bounds	yeah, but i know what apparmor looks like (at least) when it complains in syslog	23:12
n8bounds	and it isnt	23:12
n8bounds	it did when I tried to use a non-default dir for zone files	23:12
n8bounds	so i just went back to /var/cache/bind/	23:12
jdstrand	n8bounds: you could also adjust /etc/apparmor.d/usr.sbin.named	23:14
n8bounds	yeah, i started to do that, but i'd have to do it on about 10 servers	23:14
n8bounds	so i just went the easy way ;)	23:14
n8bounds	it was easier to add one more dir to my /etc/* -R backup script :)	23:15
* jdstrand nods		23:15
KillMeNow	when i resolve ns.epescarriers.com i get 12.145.82.132	23:17
n8bounds	correct	23:17
n8bounds	but if you try to reverse query 12.145.82.132 you get fail	23:17
KillMeNow	yea, it fails	23:17
n8bounds	yeah	23:17
n8bounds	i have no idea why	23:17
KillMeNow	host 12.145.82.132 nx.epescarriers.com gives me fail	23:18
n8bounds	you mean ns, not nx, yes?	23:18
KillMeNow	yea	23:18
KillMeNow	sorry	23:18
n8bounds	cool	23:18
KillMeNow	Host 132.82.145.12.in-addr.arpa not found: 5(REFUSED)	23:19
KillMeNow	that's the exact error	23:19
n8bounds	right	23:19
n8bounds	me too	23:19
KillMeNow	ok, stop and start the named service then hit the syslog	23:20
KillMeNow	make sure everything looks copasetic and all the zone files are actually loaded	23:20
n8bounds	it is	23:23
n8bounds	PS, i would have a big problem if it wasnt	23:23
n8bounds	zone 128-28.82.145.12.IN-ADDR.ARPA/IN/external: loaded serial 2009071315	23:24
n8bounds	that's the wonky part	23:24
KillMeNow	yea, WTF over	23:24
n8bounds	it loads it, but doesnt act authoritative	23:24
phaidros	hm, after installing hwinfo on a machine i get this:	23:25
phaidros	Inconsistency detected by ld.so: ../sysdeps/x86_64/dl-machine.h: 416: elf_machine_rela_relative: Assertion `((reloc->r_info) & 0xffffffff) == 8' failed!	23:25
phaidros	for every command ..	23:25
phaidros	any hints on that? (I'm not wanting to reboot quick, because it is a xen dom0 instance with 8 virtual machines)	23:25
KillMeNow	well, it's not a servfail error, but a refused error	23:26
n8bounds	right	23:30
n8bounds	@phaidros something is seriously wrong	23:30
n8bounds	check your filesystems, you might be full	23:30
phaidros	n8bounds: I expected :/	23:31
phaidros	n8bounds: !	23:31
n8bounds	# df -HT	23:31
phaidros	good hint	23:31
n8bounds	...if you can	23:31
n8bounds	that is	23:31
phaidros	hehe	23:31
phaidros	of course not	23:31
n8bounds	try to init 1, when u can bring the vms down	23:31
phaidros	ok, full fs makes sense	23:31
n8bounds	yeah..	23:31
phaidros	sigh	23:31
n8bounds	@KillMeNow I added another post http://ubuntuforums.org/showthread.php?t=1212421 and I think I know the problem, just not the solution	23:32
phaidros	so, the whole procedure again, all vms down, write users mails before, repair dom0, bring everything up and fix all which broke on the way :D	23:32
n8bounds	bind doesnt seem to think it should be authoritative for that zone	23:32
n8bounds	@phaidros, yeah, might be good to throw an fsck in there somewhere ;)	23:33
n8bounds	KillMeNow: you must be 216.99.213.136	23:36
n8bounds	;)	23:36
KillMeNow	yes, that's me	23:36
n8bounds	I think I've read the zytrax bind book about 20 times now	23:37
n8bounds	also, the bv ARM isnt very detailed	23:37
KillMeNow	ok for giggles allow-recursion	23:37
n8bounds	ok, standby	23:37
n8bounds	wide open	23:38
KillMeNow	yes, the problem is TOTALLY that it's not acting as authority	23:39
KillMeNow	it punted me to the root servers when you enabled recursion	23:39
n8bounds	ytes	23:39
KillMeNow	https://lists.isc.org/pipermail/bind-users/2004-October/053137.html	23:40
KillMeNow	read that	23:40
KillMeNow	i think that will clear up your problem	23:40
KillMeNow	maybe	23:40
n8bounds	whoa... thats written by The Man, himself..	23:42
KillMeNow	yea	23:43
n8bounds	that has to work. trying it now	23:43
KillMeNow	and the situation sounds just like the one you're experiencing	23:43
n8bounds	yes it does	23:44
n8bounds	why does he write it zone "224-239.0.80.62.in-addr.arpa" { intead of zone "224-239.0.80.62.in-addr.arpa" IN {	23:45
n8bounds	(i thot u needed the IN)	23:45
KillMeNow	it was written in 2004	23:46
n8bounds	ah	23:46
KillMeNow	it's the concept however	23:46
n8bounds	tru	23:46
KillMeNow	and it explains WHY when i do just host 12.145.82.132 i get the cname pointer	23:47
EAS	anyone know what the story is about DRBD8 for Jaunty?	23:48
EAS	do I just need the utils?	23:50
KillMeNow	no idea EAS	23:50
n8bounds	not sure	23:52
n8bounds	@KillMeNow, I changed this part of the external view	23:53
n8bounds	http://pastebin.com/m678ec31b	23:53
EAS	ok, looks like the drbd module is now part of the linux-image-*-server package...	23:54
n8bounds	hmm	23:55
n8bounds	@KillMeNow, I'm getting these now "zone 82.145.12.IN-ADDR.ARPA/IN/external: refresh: non-authoritative answer from master 212.82.225.7#53 (source 0.0.0.0#0)" I must have picked a fools master	23:56
n8bounds	...any clue on how I find the master for that zone?	23:56
n8bounds	i looks like xbru.br.ns.els-gms.att.net.	23:56
n8bounds	but i may be way off	23:56
KillMeNow	yea, those are the authoriative which CNAME it to you	23:56
KillMeNow	one second	23:56
KillMeNow	heh, ok now i get servfail when i try to grab the reverse	23:57
n8bounds	can you use hostnames as masters?	23:58
KillMeNow	i wouldn't think	23:59
n8bounds	heh, ur right	23:59
KillMeNow	what is your resolv.conf pointed to?	23:59
KillMeNow	or are you doing these queries from a separate machine?	23:59
n8bounds	the latter	23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!