[00:00] <gletob> Yes
[00:00] <gletob> billybigrigger_, yes why?
[00:02] <billybigrigger_> is it installing?
[00:03] <billybigrigger_> 9.04 wouldn't install on my old p 166mhz, isolinux was giving me problems, i had to eventually do a netboot, but if you got to the installer you got farther than me
[00:05] <gletob> It's at 22% Loading additional components
[00:09] <billybigrigger_> you should be good to go then
[00:16] <gletob> Uh oh! Bad burn! "There was a problem reading data from the CD-ROM.
[00:16] <gletob> "
[00:24] <Pirate_Hunter> how do i find my domain, setting up ISPConfig?
[00:43] <quentusrex> Is anyone here familiar with x509 certs?
[01:06] <hggdh> quentusrex: shoot
[01:07] <quentusrex> hggdh: ok, I have had major issues with my certs for over a week... Everything I do to diagnose the issue is fruitless....
[01:07] <quentusrex> I use TinyCA2 to manage my x509 certs.
[01:07] <quentusrex> It has worked well for apache, openvpn, and a few other apps.
[01:07] <quentusrex> But it flat out will not work with openldap
[01:07] <hggdh> quentusrex: so you have your own private CA
[01:07] <quentusrex> yes.
[01:08] <hggdh> so far so good
[01:08] <hggdh> what happens with LDAP?
[01:08] <quentusrex> I have confirmed the issue is with MY certs, because I can generate local certs and it works fine.
[01:08] <quentusrex> here is the bug: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/398366
[01:08] <hggdh> hold on. what is the difference between "MY certs" and "local certs"?
[01:09] <quentusrex> hggdh: I have my real certs,
[01:09] <quentusrex> generated on my workstation, and I have fake certs generated locally on the server.
[01:09] <quentusrex> my workstation, and the backups are responsible for generating the companies certs.
[01:09] <hggdh> oh, OK. My certs == officially issued certs
[01:09] <quentusrex> we can use real and fake
[01:09] <quentusrex> to describe them...
[01:10] <quentusrex> real ones = fail to start, fake ones work just fine.
[01:10] <quentusrex> I have tried on both ubuntu 8.04 and 9.04 versions of openldap
[01:11] <quentusrex> I can recreate the issue by creating a new fake CA on my workstation, and it still fails.
[01:11] <hggdh> OK. Have you checked the certs for similar options -- for starter, by 'openssl x509 -text -in a.cert.file
[01:12] <hggdh> and comparing both real and fake for differing options
[01:12] <quentusrex> so, it's either something with the way TinyCA2 generates certs(but doesn't effect openvpn or apache), or I have forgotten a step and repeatedly miss the same step in the cert generation.
[01:12] <quentusrex> I'll check...
[01:12] <hggdh> as far as I can remember, TinyCA2 uses openssl to actually do the work
[01:13] <ScottK> It does.
[01:13]  * hggdh also uses tinyca2, but no ldap
[01:13] <infinity> quentusrex: Well, OpenVPN and Apache both use openssl, while openldap uses gnutls, so it's entirely possible that the way TinyCA2 is doing the reqs is just missing a field (or something) that OpenSSL is forgiving about, but gnutls is grumpy about.
[01:13] <ScottK> Pretty much all the CA packages are front ends for openssl.
[01:14] <quentusrex> Right, I am aware that tinyCA2 uses openssl, and openldap uses gnutls,
[01:14] <quentusrex> but I'm unable to figure out which field causes the issues...
[01:14] <hggdh> yes. TLS is also more picky on the options you specify
[01:14] <hggdh> what would work on SSL may fail on TLS
[01:15] <quentusrex> but I have tls setup with openvpn
[01:15] <quentusrex> and it works.
[01:15] <infinity> quentusrex: Well, as suggested, you should compare the text dump of the "real" and "fake" certs, and go from there.
[01:15] <infinity> quentusrex: Anything "different" is suspect.
[01:15] <pixlbox> need help installing joomla
[01:15] <hggdh> for example, when you specify Netscape options, and do them wrong. SSL wouls swallow them, TLS will spit them out
[01:15] <quentusrex> infinity: can you suggest a command to dump all the cert info? (I have a command, but I've been stuck for a week. So I might be using the wrong one...)
[01:16] <hggdh> the easy way: openssl x509 -text -in <PEM>
[01:16] <hggdh> just the public cert, no private key here
[01:16] <quentusrex> right
[01:16] <quentusrex> everything that openldap seems to say, points to the issue being with the cacert,
[01:17] <quentusrex> but there is almost no documentation and even less info on the actual error...
[01:17] <quentusrex> just says tls fails with error code -1
[01:17] <infinity> Are you doing chain bundling?
[01:17] <quentusrex> I have one CA, and that is the only thing signing the certs.
[01:17] <quentusrex> only two levels, no sub CA's.
[01:17] <hggdh> quentusrex: if a real and a fake cert are the, er, same, and one works and one not, then there is something different on them
[01:19] <hggdh> you can also dump ASN1 (and I do not remember the opessl command for that, but it is there) the certs. Be prepared to get some sore eyes.
[01:19] <quentusrex> hggdh: I have compared the two certs
[01:20] <quentusrex> there are many more fields filled out with the tinyca2 ones...
[01:20] <quentusrex> the real ones.
[01:20] <quentusrex> the fake ones have almost no fields set...
[01:20] <hggdh> so now you have a start
[01:20] <hggdh> they *are* different
[01:20] <quentusrex> is there a way to diff them by fields?
[01:21] <hggdh> no, not really. You will have to do it by hand
[01:21] <infinity> Don't forget content of the fields.
[01:21] <infinity> You may have characters gnutls is unhappy with, who knows?
[01:21] <quentusrex> ok...
[01:21] <infinity> Maybe you're breaking an RFC, which openssl is notorious for not caring about. :P
[01:21] <quentusrex> this will be 'fun'
[01:22] <quentusrex> check this out:
[01:22] <quentusrex> Certificate:
[01:22] <quentusrex>     Data:
[01:22] <quentusrex>         Version: 1 (0x0)
[01:22] <quentusrex> vs
[01:22] <quentusrex> Certificate:
[01:22] <quentusrex>     Data:
[01:22] <quentusrex>         Version: 3 (0x2)
[01:22] <infinity> (openssl is the most liberally forgiving software in the world when it comes to sloppy input, which explains why your certs are happy with openssl-using apps, but not gnutls)
[01:22] <quentusrex> real one is version 3
[01:22] <quentusrex> great... so now I have to regen all my certs to make gnutls happy.... :(
[01:23] <hggdh> wow, from V1 to V3... how old is this V1 cert?
[01:23] <quentusrex> I just generated it with openssl
[01:23] <quentusrex> that's the fake one that works.
[01:23] <infinity> V1 is the default with an openssl req with no options, IIRC.
[01:23] <infinity> But gnutls should be happy with V3, I suspect that's a red herring.
[01:24] <quentusrex> is there a paste bin that you prefer?
[01:24] <quentusrex> I'll paste the cert dumps
[01:24] <infinity> ubuntu.com
[01:24] <hggdh> yes, it would be good
[01:24] <infinity> http://pastebin.ubuntu.com/ even
[01:24] <hggdh> pastebin.ubuntu.com
[01:25] <quentusrex> http://paste.ubuntu.com/216539/
[01:25] <quentusrex> those are both the cacerts.
[01:25] <quentusrex> I hadn't considered that the problem could be with a field in the cert
[01:26] <quentusrex> I thought it had something to do with corruptions, or not actually being signed or something... but all the verify commands I could find passed.
[01:26] <hggdh> quentusrex: what time is it now at your locale?
[01:26] <quentusrex> 5:30
[01:26] <quentusrex> west coast, USA
[01:27] <hggdh> of July 12th, right?
[01:27] <quentusrex> right
[01:27] <quentusrex> lol
[01:27] <quentusrex> I see an issue... :)
[01:27] <hggdh> look at the Not Before timestamps
[01:28] <quentusrex> right, but the real one you're looking at was just generated to pose as the real one
[01:28] <quentusrex> both generated with tinyca2 and both fail for the same reasons.
[01:28] <quentusrex> Just with random information in there
[01:28] <infinity> Well, does the real real one have that same timestamp? :)
[01:28] <quentusrex> nope
[01:28] <hggdh> yes. The point is both of these should *NOT* be valid to begin with
[01:28] <quentusrex> it was generated in March of 07
[01:28] <quentusrex> wait,
[01:29] <quentusrex> that is GMT
[01:29] <quentusrex> I'm -8 from there.
[01:29] <quentusrex> so it is valid.
[01:29] <hggdh> indeed
[01:29] <hggdh> so a red herring
[01:29] <quentusrex> yup
[01:29] <quentusrex> :)
[01:30] <quentusrex> I'd rather have false positives that turn out to be red herrings, than a false negative and never get a working ldap server... :(
[01:30] <quentusrex> I'm working on a script that will allow me to tweak the cert generation parameters
[01:30] <hggdh> OK. Next one. fake one that works has a 1024 key, real one that fails has a 4096 key. Have you tried a fake one with 4096?
[01:30] <quentusrex> and test it on an openldap server
[01:30] <quentusrex> yup, and a real one with 1024
[01:30] <quentusrex> red herring.
[01:30] <hggdh> OK
[01:31] <hggdh> quentusrex: the real one is a CA cert
[01:32] <hggdh> I thought it was an user cert
[01:32] <hggdh> like the first one
[01:32] <quentusrex> both should be ca certs
[01:33] <quentusrex> hmm....
[01:33] <quentusrex> you're right...
[01:33] <hggdh> first one should be refused, it does not have 'CA: True" critical constraint
[01:34] <quentusrex> that's right... I've been using a self signed cert for the fake ones, thinking I had built ca certs.
[01:35] <infinity> quentusrex: So, some random googling suggests that you need to tell openldap where to find the path to the CA cert.
[01:35] <quentusrex> brb afk
[01:35] <quentusrex> infinity: I do, I specify it.
[01:35] <quentusrex> I think my test case is wrong...
[01:35] <quentusrex> brb though...
[01:35] <infinity> quentusrex: Have you run slapd in debug mode (slapd -d -1) to see if it's any more useful?
[01:37] <quentusrex_> back
[01:37] <quentusrex_> had to change computers for a moment
[01:38] <infinity> quentusrex: Have you run slapd in debug mode (slapd -d -1) to see if it's any more useful?
[01:38] <quentusrex_> infinity, I tried that, but I did not get anything more from it
[01:38] <quentusrex_> the same one line error. failed to start tls, with the error code -1
[01:38] <infinity> And I'll assume, since you have a testcase and all, that it's not file permissions?
[01:38] <quentusrex_> nope, not file permission problem
[01:39] <quentusrex_> but we've just proved that my test case was flawed.
[01:39] <quentusrex_> I am not sure I was actually generating a ca cert,
[01:39] <quentusrex_> but possibly a self signed cert,
[01:39] <hggdh> well, if you were using the CA cert as an LDAP "user" cert, then ldap would most probably barf
[01:39] <quentusrex_> so it could have been working because the cert was self signed it didn't need to look for the CA, so it didn't run into the same issue.
[01:40] <quentusrex_> nope, not an ldap user cert. as the server cert.
[01:40] <quentusrex_> the ldap server has nothing but default data in it...
[01:40] <hggdh> yes, server cert == user cert; there are CA certs, and "user" certs
[01:41] <infinity> Yeah, you need both here in your case...
[01:41] <infinity> TLSCertificateFile /etc/openldap/currentcert.pem
[01:41] <infinity> TLSCertificateKeyFile /etc/openldap/currentkey.pem
[01:41] <infinity> TLSCACertificateFile /etc/openldap/demoCA/cacert.pem
[01:41] <hggdh> you do not usually run *ON* a CA cert. You deploy a cert signed by the CA
[01:41] <infinity> The last one needs to be your CA, the first two are the server "user" cert.
[01:41] <quentusrex_> hggdh, right. that is what I'm doing.
[01:42] <quentusrex_> but you have to distribute the ca cert along with the client cert and key
[01:42] <quentusrex_> for tls.
[01:42] <hggdh> yes, you always have to distribute the CA certs.
[01:43] <hggdh> or, better saying, the real user should check on the CA cert, ideally out-of-band
[01:43] <infinity> Yes.  Lots of software out there explodes when you try to use "chained" certs, which is what I was driving at before.
[01:43] <hggdh> so. when you put the real CA cert (the one in the pastebin) as TLSCACertFile it fails
[01:44] <infinity> (ie: when your CA is bundled in the cert, rather than being an out-of-band check)
[01:45] <hggdh> but, when you put the real CA in the TLSCACertFile, you have to change the TLSCertFile accordingly. Did you do it?
[01:45]  * hggdh BTW asks for pardon on asking dumb questions, but one needs to be sure...
[01:47] <quentusrex_> yes, I did that... I think I'm on to something...
[01:47] <quentusrex_> I changed the order of the cert file includes.
[01:47] <quentusrex_> it changed the error code...
[01:47] <quentusrex_> if the CAcert line isn't first the error is -34
[01:47] <quentusrex_> with ca cert first it's -1
[01:49] <quentusrex_> I finally get an interesting error message:
[01:49] <quentusrex_>  gnutls-serv --x509keyfile ./ssl/server.pem --x509certfile ./ssl/server.pem
[01:49] <quentusrex_> Set static Diffie Hellman parameters, consider --dhparams.
[01:49] <quentusrex_> Error reading './ssl/server.pem' or './ssl/server.pem'
[01:49] <quentusrex_> Error: Base64 decoding error.
[01:49] <quentusrex_> I get this when I install gnutls-bin
[01:49] <quentusrex_> and run that first line....
[01:50] <JordiGH> Got a problem with two Ubuntu boxen not being able to relay email to one another.
[01:50] <JordiGH> The problem: http://erxz.com/pb/18721
[01:51] <JordiGH> web2 is running exim4. I am guessing I need to tweak stuff in web2's exim.conf, but I don't know what.
[01:52] <quentusrex_> hggdh and inifinity, you were right. It's a bad header.
[01:53] <quentusrex_> with the real keys I get this error:  gnutls-serv --x509keyfile ./key.pem --x509certfile ./cert.pem
[01:53] <quentusrex_> Set static Diffie Hellman parameters, consider --dhparams.
[01:53] <quentusrex_> Error reading './cert.pem' or './key.pem'
[01:53] <quentusrex_> Error: Base64 unexpected header error.
[01:53] <quentusrex_> Now, if only there were a way to find how which header..
[01:55] <ScottK> JordiGH: You need to authorize the other one to relay mail.  I could tell you how for Postfix, but Exim, I have no idea.
[01:56] <JordiGH> ScottK: Yeah, I have "host_accept_relay = 127.0.0.1 : ::::1 : 192.168.1.0/24" in exim.conf, which seems a bit cryptic.
[01:56] <ScottK> JordiGH: I'd try adding the IP of the other mail server to that.
[01:57] <JordiGH> ScottK: You mean the specific one instead of the netmasked IP network?
[01:57] <ScottK> JordiGH: Is it in 192.168.1.0/24?
[01:58] <JordiGH> web4 from which I telnetted is 192.168.1.248
[02:01] <ScottK> OK, then I'm confused.  I'd have expected that to work.
[02:01]  * ScottK looks around for someone who knows something about Exim.
[02:02] <JordiGH> Unless those streams of colons don't do what I expect them to.
[02:02] <infinity> JordiGH: The stream of colons is the IPv6 localhost.
[02:03] <infinity> JordiGH: Are you using exim's split config, or monolithic?
[02:03] <infinity> JordiGH: (Maybe you edited the monolithic config, but you're actually using split?)
[02:04] <twb> ScottK: #debian is full of exim weenies :-)
[02:04] <ScottK> Yet another reason not to go there.
[02:05] <JordiGH> Hey, I'm a Debian weenie. :-(
[02:05] <twb> You have to tiptoe around them
[02:05] <infinity> JordiGH: Also, if this is exim4, I suspect you want "relay_from_hosts", not "host_accept_relay"
[02:05] <JordiGH> infinity: /etc/exim only has exim.conf and exim.conf.0
[02:05] <twb> ScottK: having said that, IME #debian (on OFTC, at least) is more helpful than #ubuntu.
[02:05] <ScottK> Well I don't go there either.
[02:05] <twb> #ubuntu is like a preschool full of screaming toddlers trying to configure compiz
[02:05] <infinity> JordiGH: Eww, and no it's not, you're using exim3... Stop that. :)
[02:06] <JordiGH> infinity: dapper drake.
[02:06] <twb> JordiGH: remind us why postfix isn't allowed?
[02:06] <infinity> JordiGH: exim4 is on dapper.
[02:07] <infinity> JordiGH: exim3 is in universe and entirely unsupported, no?
[02:07] <JordiGH> Ah, you're right, exim4 is available.
[02:07] <JordiGH> twb: It isn't unallowed. You want me to use it instead?
[02:07] <infinity> twb: Don't get into an MTA flamewar. :P
[02:07] <infinity> twb: We support both for a reason.
[02:08] <twb> Eh, sorry.
[02:08] <twb> I should have added a ";-)"
[02:08] <JordiGH> I really have no preference.
[02:08] <ScottK> The reason being infinity likes Exim.
[02:08] <ScottK> ;-)
[02:08] <infinity> ScottK: And elmo. :P
[02:08] <ScottK> That too
[02:08] <JordiGH> MTAs are like toasters to me. They should toast, and exactly how they toast and which one should toast, I don't really care.
[02:08] <twb> JordiGH: then probably best to use whatever people around here will provide support for.
[02:08] <infinity> JordiGH: Anyhow.  exim4 should "just work" when you configure it out of the box.
[02:08] <infinity> JordiGH: Alternately, switch to postfix, which will also "just work" when configured with the help of people like twb.
[02:09] <JordiGH> infinity: alright... it's a debconf config, right? At least it is in Debian.
[02:09] <infinity> JordiGH: I couldn't care less what anyone other than me uses. :)
[02:09] <infinity> JordiGH: Same as the Debian debconf config, yeah.
[02:09] <JordiGH> Hmmm... alright, what do I want here? I already don't know what to answer for the first question.
[02:10] <JordiGH> internet site?
[02:10] <infinity> Yes.
[02:10] <JordiGH> convert exim v3 config?
[02:10] <JordiGH> Okay, internet site.
[02:10] <twb> I don't provide support for postfix, either.  HAND.
[02:10] <quentusrex_> hggdh, alright. I've build the test system for the fake certs. I'm actually useing ca certs now...
[02:11] <quentusrex_> hggdh Any guess as to which of the headers are more likely to cause problems?
[02:12] <JordiGH> Man, SMTP sounds like LOLcatese to me.
[02:12] <JordiGH> "HELO web2"
[02:12] <JordiGH> "Why, hello there, web5".
[02:12] <JordiGH> "MAIL FROM: <jordigh@gmail.com>"
[02:13] <JordiGH> "Ah, yes, I see, and who is the recipient?"
[02:13] <JordiGH> "RCPT TO: <jordigh@gmail.com>"
[02:13] <JordiGH> "I'm afraid I can't let you do that, Bob..."
[02:13] <JordiGH> etc
[02:13] <JordiGH> Alright, so is the default the monolithic or the modular exim4 config?
[02:14] <infinity> No idea anymore.  It used to be a debconf question, I suspect someone's nixed it.
[02:14] <infinity> Probably defaults to monolithic now to avoid upstream getting grumpy about stupid Debian users and their bad bug reports.
[02:14] <infinity> (I use split)
[02:15] <infinity> JordiGH: If you have an exim.conf in /etc/exim4, you're using monolithic.  If not, it's in /var/lib/exim4, and you're using split.
[02:17] <JordiGH> I have a exim.conf.template...
[02:18] <infinity> grep dc_use_split_config /etc/exim4/update-exim4.conf.conf
[02:18] <infinity> (I knew it was a debconf question)
[02:18] <infinity> Must just have not been shown at your priority.
[02:20] <infinity> JordiGH: Anyhow, assuming you're using split, just edit dc_relay_nets in /etc/exim4/update-exim4.conf.conf, re-run "update-exim4.config", and restart exim.
[02:20] <JordiGH> infinity: It is a debconf question, but wasn't asked at install. It's asked with dpkg-reconfigure, though.
[02:20] <infinity> JordiGH: That's because dpkg-reconfigure defaults to priority=low
[02:20] <infinity> JordiGH: Your system's probably set to high or critical.
[02:22] <JordiGH> Hm... it still thinks that relaying to gmail.com is prohibited.
[02:22] <infinity> Seriously?
[02:23] <JordiGH> Yeah, identical SMTP session. :-/
[02:23] <JordiGH> http://erxz.com/pb/18721
[02:24] <infinity> http://pastebin.ubuntu.com/
[02:24] <infinity> That's with lucifer's IP (174.0.107.159/32) in dc_relay_nets
[02:24] <JordiGH> Wait, I think I had the wrong answer..
[02:26] <JordiGH> "Domains to relay mail for" that should be *, right?
[02:26] <infinity> Wow, linking the paste would have been helpful there to prove my point. :P
[02:26] <infinity> http://pastebin.ubuntu.com/216565/
[02:26] <infinity> No!
[02:26] <infinity> No, no, no.
[02:26] <infinity> * would be an open relay.
[02:27] <infinity> You only relay for the domains you accept mail for as an MX.
[02:27] <infinity> Whereas the relaying you want is allowing privileged hosts to relay through you.
[02:28] <JordiGH> What's the difference between "domains to relay mail for" and "machines to relay mail for"?
[02:29] <infinity> "machines" is what turns into "relay_nets".
[02:29] <infinity> Machines is who you will accept mail FROM, to send to anywhere.
[02:29] <infinity> Domains is who you will accept mail TO, from anywhere.
[02:29] <infinity> If you're not a secondary MX, relay_domains should be empty.
[02:30] <infinity> (usually)
[02:30] <JordiGH> Uhhhh...
[02:31] <infinity> JordiGH: Here's a simple config: http://pastebin.ubuntu.com/216566/
[02:31] <JordiGH> Okay, so I did tell debconf to use monolithic config.
[02:31] <infinity> JordiGH: It accepts mail for all those domains listed, it doesn't forward/relay mail for any other domains, and it accepts mail to ANYWHERE from the IPs listed.
[02:32] <infinity> JordiGH: (Of course, mine's a split config, so translate as required)
[02:33] <JordiGH> infinity: Kay... dc_other_hostnames is the machines from which I accept incoming SMTP connections?
[02:33] <JordiGH> infinity: dc_relay_domains is blank because those machines can send anywhere in the world, right?
[02:34] <infinity> JordiGH: other_hostnames is all the hostnames/domains that you accept mail FOR.
[02:34] <infinity> JordiGH: So, my config accepts mail for loki.0c3.net, szeretlek.net, etc...
[02:34] <infinity> JordiGH: (By default, you'd only accept mail for you actual hostname, without that line there)
[02:34] <JordiGH> infinity: Oh, so I can't email gmail.com from your machine?
[02:34] <infinity> JordiGH: But that's for local delivery.
[02:35] <infinity> JordiGH: You can email gmail.com from my machine if you're listed in relay_nets.
[02:35] <infinity> JordiGH: relay_nets defines the people who are allowed to send mail ANYWHERE.
[02:35] <JordiGH> Ah, ok, ok...
[02:35] <infinity> JordiGH: Anyone not in that list can only send mail to other_hostnames and relay_domains.
[02:35] <JordiGH> lessee..
[02:36] <infinity> JordiGH: Note that while the options have different names (obviously), every MTA has this exact concept.  You're filtering on two sets:  "People who can send mail to anyone", and "Anyone can send mail to a specific small set of addresses".
[02:37] <JordiGH> infinity: Interesting.
[02:43] <twb> !release
[02:44] <twb> !eol
[02:45] <JordiGH> Yes, I know DD is dead.
[02:45] <JordiGH> So is my website, kinda, but not because of DD.
[02:47] <twb> JordiGH: sorry, that was for me.
[02:47] <twb> I was too lazy to /msg ubotu, sorrry.
[02:51] <ScottK> Dapper is not dead for this channel, just weaklings who need X.
[02:58] <ScottK> Actually my desktop is still Dapper.  I haven't ever bothered to upgrade it.
[02:59] <JordiGH> infinity: http://pastebin.ubuntu.com/216574/
[02:59] <JordiGH> infinity: Still full of fail. :-(
[03:01] <infinity> JordiGH: You're running update-exim4.conf and restarting exim after changes, right?
[03:02] <JordiGH> infinity: ayup. "/etc/init.d/exim4 restart"
[03:02] <ajmitch> ScottK: you're even worse than me
[03:02] <twb> My laptop runs Sid because otherwise how can I test that my bugs have ACTUALLY been fixed when maintainers close them? ;-)
[03:02] <infinity> JordiGH: Oh, but you're still not using split config either.
[03:02] <infinity> JordiGH: So, editing that probably doesn't buy you much.
[03:02] <infinity> JordiGH: (Just find relay_from_hosts in your actual config and edit it)
[03:03] <ScottK> ajmitch: The smaller the computer it seems the newer I use.  Desktop is Dapper, laptop is Jaunty, netbook is Karmic.
[03:03] <JordiGH> infinity: How about I just use a split config?
[03:03]  * JordiGH doubts it makes a difference, but whatever.
[03:03] <infinity> JordiGH: Up to you. :)
[03:04]  * infinity needs to run off.
[03:04] <infinity> JordiGH: Ultimately, however you do it, you need exim to think that network is in relay_nets, and you win.
[03:20] <slestak> n external python package?  I am having import name resolution problems and dont see what is accuring
[03:20] <slestak> netbook ate my first line
[03:20] <slestak> is /usr/local/lib/python2.6/dist-packages/ a typical location for an external package?
[03:23] <JordiGH> /usr/local is stuff not managed by dpkg.
[03:25] <slestak> i used the modules setup.py
[03:25] <slestak> it is not in apt
[03:32] <ScottK> slestak: More likely site-packages, but that may be OK.
[03:32] <ScottK> slestak: import sys and then print sys.path to see if it's in your path.
[03:32] <slestak> ScottK: good idea
[03:33] <slestak> ScottK: last key in path is '/usr/local/lib/python2.6/dist-packages'
[03:34] <ScottK> Then that should be a fine location.
[03:34] <slestak> every .py in examples for package xlwt fails with the same error
[03:35] <slestak>   File "/usr/local/lib/python2.6/dist-packages/xlwt/Worksheet.py", line 52, in __init__
[03:35] <slestak>     self.Row = Row.Row
[03:35] <slestak> AttributeError: 'module' object has no attribute 'Row'
[03:36] <slestak> Row.py is on the dir, and it has a class name Row
[03:38] <ScottK> Try to append xlwt to sys.path
[03:39] <slestak> where is that adjusted?
[03:39] <ScottK> slestak: FYI, xlwt is packaged in Karmic, so you could ask for a backport of the package for whatever release you're using.
[03:40] <slestak> im supposed to present this at a PUG tomorrow :)
[03:40] <ScottK> slestak: It's something like sys.path.append("pathyouwanttoadd")
[03:40] <slestak> dont think backport will be quick enough
[03:40] <ScottK> slestak: What release are you using?
[03:40] <slestak> im about the least exp guy in the group
[03:40] <slestak> 9.04
[03:41] <ScottK> slestak: What timezone are you in?
[03:41] <slestak> EST
[03:41] <JordiGH> infinity: If you're still there, the problem was that exim3 was still running even though I removed the package and /etc/init.d/exim stop didn't stop the daemon either. I killdashnined the process and restarted exim4 and now it works.
[03:41] <JordiGH> WTF.
[03:41]  * JordiGH has spent maybe 4 hours on this today.
[03:42] <ScottK> slestak: If you don't get it figured out tonight, we can probably manage a backport in the morning.
[03:42]  * ScottK would likely have to mangle some rules to get it done tongiht.
[03:42] <slestak> that would be awesome.  i used pyExcelerator, maybe I should just present that, its in Jaunty.  I just know xlwt and xlrd have replaced it
[03:42] <JordiGH> When is sysadmin day? I think I'm gonna demand lots of ice cream for it.
[03:43] <ScottK> JordiGH: sysadmin day is on the horizon.
[03:43] <slestak> bofh day?
[03:43] <JordiGH> Good.
[03:43]  * JordiGH wonders if he could also demand sexual favours on July 31st.
[03:43] <slestak> lo0l
[03:43] <JordiGH> Interesting sysadmin day is the day before my birthday.
[03:43] <ScottK> The horizon being an imaginary place you can walk towards, but never reach.
[03:43] <JordiGH> It's actually in a few weeks.
[03:44] <ScottK> JordiGH: This is probably going to sound silly to you, but we work very hard here to create an environment where everyone will be confortable, so it's not a huge deal, but talking about demanding sexual favors probably isn't the best idea for here.
[03:44] <slestak> ScottK: I'll try it on another workstation, see if it is consistent
[03:45] <JordiGH> I guess sex is going to make someone uncomfortable.
[03:45] <JordiGH> Fine, fine.
[03:49] <ScottK> slestak: sys.path.append("/usr/local/lib/python2.6/dist-packages/xlwt/")
[03:49] <slestak> ScottK: i just installed pyExclearator from repo. it works fine.  xlwt is a fork, so I'll just explain that the package imshowing is a lottledated
[03:49] <slestak> i can wait for karmic
[03:49] <ScottK> slestak: OK.  I'd try sys.path.append
[03:50] <slestak> but that will not help me when running a .py in bash?
[03:50] <slestak> or can i run the exampkles easily from the python shell, after touching up sys.path?
[03:53] <ScottK> Or edit the start of the example to do it for you.
[03:57] <slestak> no joy
[03:58] <slestak> I alsotried adding from xlwt.Row import *
[04:00] <slestak> well, im done for the night, thx for the help
[04:18] <quentusrex> hggdh: ScottK: infinity: are you still around?
[04:18] <quentusrex> I've narrowed the limitations for gnutls...
[04:18] <ScottK> Maybe.
[04:18] <quentusrex> I've removed almost all of the cert attributes
[04:19] <quentusrex> down to the fewest
[04:19] <quentusrex> but gnutls still can't handle it...
[04:26] <ScottK> Can gnutls generate certs like openssl does?
[04:27] <ScottK> If it can, maybe generate a cert from it and see what's in it.
[09:05] <zpotonaator> hey, can anybody tell me wher's the default logrotate conf for mail.log, currently it's rotating between 06:0 -07:00
[09:05] <zpotonaator> and only keeping 6 days of log
[09:06] <zpotonaator> but mail.log is not defined for logrotate to rotate
[09:13] <zpotonaator> found the solution, it's sysklogd that's rotating the logs by default, /etc/cron.daily/sysklogd, not logrotate
[09:14] <_ruben> which is a nice default solution, but very managable in the long run, imo
[09:14] <_ruben> add "not" somewhere in that line :)
[09:21] <zpotonaator> :P
[09:40] <Daviey> Hi, Can someone sponser an apache related SRU for Hardy to -proposed for me?
[09:40] <Daviey> bug #394696
[09:57] <j0nr> Hi all... running spamd seems to be a none starter for me on my 256MB RAM server. Is there any other ways to begin to control spam thats not too heavy on RAM? thanks
[09:59] <henkjan_> j0nr: greylisting
[10:06] <_ruben> tho from what i've read, greylisting is becoming less effective rapidly
[10:07] <_ruben> rbl checks remain fairly effective
[10:07] <_ruben> or just upgrade the server :)
[10:29] <RoyK> I use greylisting and the built-in bayes-filter in OS X mail. The greyfiltering takes out some 90-95% or so and most of the rest is taken by the OS X mailfilter
[10:29] <RoyK> s/mailfilter/spamfilter/
[10:59] <Daviey> j0nr: Or switch to a VPS provider that provides a spamd server :)
[11:00]  * Daviey knows of at least two in the UK that does this.
[11:12] <j0nr> Daviey: maybe they do... I will enquire
[11:12]  * j0nr is googleing greylisting
[11:12] <j0nr> postgrey?
[11:14] <_ruben> that's one implementation of it, yes
[11:22]  * Daviey uses postgrey.. Doesn't stop that much tbh.. Mainly due to alias email addresses which formward to my smtp server
[11:22] <Daviey> j0nr: What sort of mail volume do you have?
[11:45] <j0nr> Daviey: very little... but enough to want some sort of spam filter... (i dont need a male member enlargement!)
[11:47] <j0nr> probably <50 a day unwanted emails
[11:47] <Daviey> j0nr: How many mails in total?
[11:47] <j0nr> < 60 probably a day inc. spam (
[11:48] <j0nr> oh actaully.. i am on ubuntu-uk mailing list so more
[11:48] <Daviey> j0nr: It's just that i have a dedicated spamd server in the same datacentre..  You can use it for a while?
[11:48] <j0nr> still probably <100
[11:48] <j0nr> what datacentre?
[11:48] <Daviey> The same one as you :)
[11:50] <Nafallo> Daviey: what data centre?
[11:51] <j0nr> Daviey: oo sounds good....
[11:51] <j0nr> what are implications?
[11:52] <Daviey> Nafallo: RHC North
[11:52] <Sarthor> Hi, there was 2 lan cards in my ubuntu 9.04 i386, (eth0, eth1), i removed one lan card and put other, now my linux gave the name as eth2 to the new lan card, How can i change this eth2, back to eth1,
[11:52] <Nafallo> Daviey: doesn't sound like London...
[11:53] <Daviey> Nafallo: Oh, Is it only London that had datacentres? :)
[11:53] <\sh> Sarthor: vi /etc/udev/rules.d/70-persistent-net-rules.*
[11:53] <\sh> Sarthor: change the new eth2 to eth1 and remove the old entry
[11:53] <Nafallo> Daviey: well. that matters anyway ;-)
[11:54] <acalvo> Hi! I'm making a script to move an LDAP tree to a new one, but I'm having troubles with accents. In the command-line I can see that everything is right, but when it is stored to the LDAP it's all mix up...
[12:48] <j0nr> Daviey: what about this spam filter then?
[12:56] <Daviey> j0nr: Ok.. let me add your IP to my firewall
[12:56] <Daviey> j0nr: -> PM
[13:19] <awmcclain> I've looked for a while on google for this and I couldn't find it... anyone know how to set up ssh so that files created over ssh are automatically group writable?
[13:22] <henkjan_> awmcclain: man umask
[13:24] <awmcclain> henkjan_: No man entry. Also, for some reason  I was under the impression that setting a umask for a user didn't work over ssh, but that makes no sense.
[13:24] <awmcclain> That gives me enough.
[13:31] <awmcclain> Hrm, umask 022, but directories are g-w. Maybe it's an issue with bzr over ssh.
[13:31] <awmcclain> Oh never mind.
[13:40] <maxb> awmcclain: umask 022 explains directories being g-w
[13:40] <maxb> umask 002 is what would be required
[13:40] <awmcclain> maxb: Yeah, i just realized that, I changed to 0002 but I'm still seeing the same issue.
[13:40] <awmcclain> Oh.... let me check the user's profile and see if it's being overwritten
[13:41] <maxb> profile will not be involved in a bzr-over-ssh session
[13:41] <maxb> You will likely want to consider setting the umask via pam
[13:42] <maxb> Do be aware that umask 002 is an insecure configuration for any user whose primary group is not one private to themselves
[13:43] <awmcclain> maxb: Ah, that explains a lot. Understood. I'm guessing a google search of 'umask pam' is in order.
[13:44] <maxb> Specifically pam_umask.so
[13:45] <maxb> and man pam_umask
[13:46] <maxb> especially the usergroups option
[13:51] <ruben23> hi i have an existing disk on my server--> but disk is getting full, if i add up another disk can i merge it with my existing idsk..?
[13:51] <ruben23> particularly im using the directory for saving /var/spool/asterisk/monitor---->rela time saving of voice records..
[14:58] <ruben23> anyone have idea
[15:31] <pirx> hi! has anyone used linux-ha (high availability)? looking for a good tutorial/howto...
[16:10] <jmarsden> pirx: Using Google gets me: http://www.linux-ha.org/HeartbeatTutorials
[16:58] <shivek> So what's your website url
[16:59] <shivek> I want to check it out
[16:59] <balloooza> well... right now I have a photo gallery
[16:59] <shivek> Give me the url
[16:59] <balloooza> shivek: http://balloooza.homelinux.com/gallery3
[17:00] <shivek> mysql ??
[17:00] <balloooza> shivek: ? what are you asking
[17:00] <shivek> does the speed depends on my computer specifications or bandwidth or both?
[17:01] <balloooza> shivek: my bandwith is slow, depending where you are
[17:01] <shivek> I'm in India
[17:01] <balloooza> shivek: illinois
[17:01] <balloooza> shivek: usa
[17:01] <shivek> my bandwidth is 215kbps
[17:01] <shivek> ok
[17:02] <shivek> what's your bandwidth
[17:02] <balloooza> shivek: ouch, you will never load my site, but I can still help you
[17:02] <shivek> yeah help me
[17:02] <shivek> its not loading
[17:02] <balloooza> shivek: so, what kind of site, for a buisnuiss
[17:02] <firecrotch> wow I'm in Wisconsin and I can't even load your site, balloooza
[17:02] <balloooza> shivek: it will be slow, has to go around the world
[17:03] <balloooza> maby it is not running?
[17:03] <shivek> no I'm a student I want a personal website
[17:03] <balloooza> maby the site is closed, I did some maintnence, and maby messed up the firewall
[17:04] <shivek> balloooza: yeah its not running
[17:04] <balloooza> so a personal site, like reseme (sorry I cannot spell)
[17:05] <shivek> balloooza: yeah I'm just 14 and I've developed a site for me. what's reseme?  " D
[17:06] <balloooza> shivek: same age, that is a thing that you make to get a job (I thought you ment university)
[17:06] <shivek> balloooza: should I use MySQl or something else
[17:06] <shivek> Are u also 14 ??
[17:06] <balloooza> shivek: mysql is a database
[17:07] <balloooza> shivek: yes 14
[17:07] <shivek> so do u also wanna become a hacker ?
[17:07] <balloooza> shivek: ya
[17:07] <shivek> who are u insipired from
[17:08] <shivek> I think we should work together
[17:08] <shivek> Working together we will be masters
[17:08] <shivek> What all languages do u know??
[17:09] <shivek> balloooza: Are you there ?
[17:09] <balloooza> shivek: that is a little off topic, but no languages yet, but I want to get a little development board for my birthday, so I will learn
[17:09] <shivek> Oh
[17:09] <shivek> you don't even know html ?
[17:10] <balloooza> yes, html
[17:10] <balloooza> shivek: that is a markup language, what you will most likly use for the website
[17:10] <shivek> yeah
[17:10] <shivek> I know
[17:11] <shivek> I know html
[17:11] <shivek> and I'm learning python 3
[17:11] <shivek> Do you have an orkut account ?
[17:11] <balloooza> That is what I will use to program, second q: no
[17:12] <shivek> What do u mean . I didn't get u
[17:12] <balloooza> shivek: hu, no orkut, and also if we start bugging people (none here) we should move to pm
[17:13] <shivek> pm ?
[17:13] <balloooza> shivek: Private Message
[17:13] <shivek> ok
[17:13] <balloooza> but only if we are bugging somone
[17:14] <shivek> i just want that we should stay in touch.
[17:14] <shivek> balloooza: Because I've never found anyone of my age who wants to become a hacker!
[17:15] <balloooza> OK, how wold I do that? I have gmail, I think that is related to orkut?
[17:15] <balloooza> btw, mw website is not working, have to figure that out
[17:15] <shivek> balloooza: yeah it is
[17:15] <shivek> just give me your email id
[17:15] <shivek> I'll add you
[17:16] <balloooza> shivek: it is in my info for irc
[17:16] <shivek> balloooza: and you should get an orkut account
[17:16] <balloooza> shivek: did you get it?
[17:17] <shivek> balloooza: no it isn't displayed
[17:17] <balloooza> oh, let me take off the hide...
[17:17] <balloooza> now try
[17:18] <shivek> balloooza: sure and you should also get an orkut account because hackers also need to know moron mentality .
[17:18] <balloooza> just signing up...
[17:19] <shivek> balloooza: take mine<shivekk@gmail.com> .yeah cool add me as ypur friend .Search shivek khurana
[17:19] <shivek> balloooza: What's your full name ?
[17:20] <balloooza> accualy I put in my birthday, and it said 18
[17:20] <specto> I hope you guys know that this chat is logged.
[17:20] <balloooza> shivek: yes, do not say stuff personal, that is why I have not said stuff personal
[17:21] <shivek> balloooza: Ok. You can still create  one , add any year that it accepts
[17:22] <shivek> balloooza: it doesn't really matters.
[17:22] <shivek> specto : thanks for warning :D
[17:22] <specto> shivek: no problem.
[17:22] <shivek> balloooza: done ?
[17:23] <balloooza> ok shivek, I have added you, have you added me?
[17:23] <specto> !offtopic
[17:23] <shivek> wait let me see.
[17:24] <shivek> ubottu: thanks for your advice.
[17:24] <balloooza> shivek: lets move this to gmaail chat :)
[17:24] <shivek> balloooza: I'm coming there
[17:38] <Pirate_Hunter> anyone here with knowledge of ISPConfig if so, could i get help, trying to figure out why I the browser interface doesnt work even knowing it installed correctly?
[17:44] <Pirate_Hunter> anyone here with knowledge of ISPConfig if so, could i get help, trying to figure out why I the browser interface doesnt work even knowing it installed correctly?
[17:45] <ruben23> hi i have an existing disk on my server--> but disk is getting full, if i add up another disk can i merge it with my existing idsk..?
[17:45] <ruben23> particularly im using the directory for saving /var/spool/asterisk/monitor---->rela time saving of voice records..
[17:46] <firecrotch> Pirate_Hunter: I myself haven't used ISPConfig, but maybe I can help you troubleshoot...
[17:46] <firecrotch> Pirate_Hunter: From what I know, it uses Apache? is apache running?
[17:47] <Pirate_Hunter> firecrotch, should be, how do i check (sorry i am very new to the server side of linux)
[17:47] <firecrotch> Pirate_Hunter: ps -e | grep apache
[17:48] <firecrotch> it should print out a line with a number, a question mark (or pts/#), a timestamp, and then the word apache
[17:49] <Pirate_Hunter> firecrotch, http://paste.ubuntu.com/217104/
[17:49] <Pirate_Hunter> firecrotch, yah i think that is correct so it is working
[17:50] <firecrotch> Pirate_Hunter:  Ok, apache is running, so the next step is to check apache's error log, which is located at /var/log/apache2/error.log
[17:52] <Pirate_Hunter> firecrotch, http://paste.ubuntu.com/217106/ no errors there that i noticed
[17:53] <Pirate_Hunter> firecrotch, i think it could be ispconfig itself, even so it did successfully compile and give me the login details just doesnt work in browser :s
[17:53] <firecrotch> Pirate_Hunter:  What is the error you get when you try to access the ISPConfig page?
[17:53] <Pirate_Hunter> firecrotch, one sec let me check on the actual box but its something like not accessible, temporary down or soemthing
[17:56] <Pirate_Hunter> firecrotch, xyz.de refused connection - the server might be busy or you may have network connection problem try again later
[17:57] <Pirate_Hunter> firecrotch, that is all i get nothing more specific
[17:59] <firecrotch> Pirate_Hunter: Are you trying to connect to it via https ?
[17:59] <Pirate_Hunter> firecrotch, yup that is what i chose, how come?
[18:00] <firecrotch> Pirate_Hunter: I think it is a problem with ISPConfig itself, or apache's configuration, since it's refusing the connection
[18:01] <Pirate_Hunter> firecrotch, ok but how do i go about finding out which is the problem since syslog doesnt say anything
[18:03] <firecrotch> Pirate_Hunter: If you can paste all of your apache configuration files (/etc/apache2/sites-enabled) I can take a look
[18:05] <specto> firecrotch: pastbin please.
[18:05] <Pirate_Hunter> firecrotch, they are default installed via tasksel havent changed anything was meant to once ispconfig was installed
[18:05] <firecrotch> ISPConfig changes your apache configs, I think
[18:06] <Pirate_Hunter> firecrotch, :o Oh didnt know that one sec
[18:07] <firecrotch> Pirate_Hunter: I've come across something that may have something to do with it... is it ISPConfig 2 or ISPConfig 3that you installed?
[18:07] <Pirate_Hunter> firecrotch, http://paste.ubuntu.com/217116/ i installed 2 since i think 3 is still beta
[18:08] <firecrotch> Pirate_Hunter: I noticed somewhere that you have to change /bin/sh to point to /bin/bash instead of /bin/dash for the install, or else there will be problems
[18:09] <Pirate_Hunter> firecrotch, i set up the server based on this tutorial http://www.howtoforge.com/perfect-server-ubuntu8.04-lts-p4 might help to know
[18:09] <Pirate_Hunter> firecrotch, i did do that, its in that tutorial
[18:09] <firecrotch> Pirate_Hunter: haha that's where I saw it ;)
[18:10] <Pirate_Hunter> firecrotch, yup that is what i used for my setup the problem is ispc can only be unninstalled from the browser interface i think otherwise i would do it again
[18:11] <firecrotch> Pirate_Hunter:  And you are trying to access it via port 81, right?
[18:12] <Pirate_Hunter> firecrotch, yup just how the online manual states i havent really changed much except the host and a few bits
[18:13] <firecrotch> Pirate_Hunter: Well, you've got me stumped
[18:13] <firecrotch> Note to self: don't bother with ISPConfig
[18:14] <Pirate_Hunter> i will try to unninstall it again, can you at least provide me with a tut for a good server setup?
[18:16] <firecrotch> Pirate_Hunter: I've used EBox before, but I don't know if it does everything that ISPConfig does
[18:16] <Pirate_Hunter> ebox will check it out now, what are you using now?
[18:17] <firecrotch> Well currently I don't have any need for anything other than a simple web server, so I just have a ubuntu 8.10 box running apache and mysql right now
[19:03] <Pirate_Hunter> firecrotch,  sorry system went down
[19:04] <ball> Is there a way I can ask an Ubuntu Server box to enter "standby" mode?
[19:05] <firecrotch> Pirate_Hunter: welcome back :)
[19:08] <Pirate_Hunter> firecrotch, np well checking out ebox I think just about does what ispconfig does just in a different way still what do i know (all i want is to host my own site(s))
[19:08] <Pirate_Hunter> \np\*\no problem\
[19:09] <Pirate_Hunter> firecrotch, what you up to since i got time to spare
[19:09] <firecrotch> Pirate_Hunter: If it's just going to be a standalone webserver, I personally don't see the need for something like ISPConfig or ebox.  It's pretty easy to host your own websites on a server with just apache, mysql and php installed.  Look into apache virtual hosts
[19:10] <firecrotch> I'm currently configuring Kubuntu on my boss's laptop
[19:11] <Pirate_Hunter> firecrotch, oh didnt know i am quite new to this, I think i am ready to start using ubuntu for serious stuff without the desktop feature and wow your boss i can't even persuade anyone to try ubuntu or any linux OS
[19:13] <Pirate_Hunter> firecrotch, why kubuntu isn't that too bloated (in my opinion)
[19:13] <firecrotch> Pirate_Hunter: Well, we use ubuntu server for our servers, and Xubuntu on computers that we use to display videos and stuff on digital signage, and I use Kubuntu on my workstation since it's what I prefer, and he likes it :)
[19:15] <Pirate_Hunter> firecrotch, i bet he likes the eyecandy which is what made me try it in the first place, I have to admit it is neater more like being in an alternate version of windows
[19:15] <jon_high9000> I am configuring Postfix. mainly, to use postfix as an alternate smtp server in place of gmail. my question is this; i selected internet site and for mail name entered mail.gmail.com. based on what i have described does this sound correct?
[19:16] <firecrotch> Pirate_Hunter: Yeah, I've always found KDE to be more... Windows-like, and gnome to be more Mac-like
[19:17] <ball> I like Blackbox
[19:17] <ball> ...but Gnome and Xfce4 are both things I could put in front of civilians
[19:18] <firecrotch> KDE seems to be more intuitive to new users who are used to Windows, in my opinion
[19:18] <Pirate_Hunter> yeah i agree on the kde part except the Mac bit since i havent used OSX :'(
[19:19] <Pirate_Hunter> ball, the civilians i know run from linux, some find it too hard even knowing the menu is right at the frigging top
[19:19] <ball> Pirate_Hunter: people are animals and animals fear change
[19:20] <firecrotch> Pirate_Hunter: Change the menu name to "Start" and put it at the bottom left corner and they'll have no trouble :)
[19:20] <Pirate_Hunter> i agree most users will be right at home with kde and koqueror needs some praising
[19:21] <jon_high9000> sorry about this folks. double checked my research and it is correct. my bad.
[19:21] <Pirate_Hunter> i did, i did they complained on the way they had to do things, if not the apps they wanted are not there even firefox was weird (it has been around for a long time :/)
[19:21] <howie> i just made the the switch from windows to full ubuntu like 2 weeks ago and i gotta say i couldnt be happier..
[19:21] <firecrotch> I think this discussion would be better suited for #ubuntu-offtopic  btw
[19:24] <Pirate_Hunter> true say however im doing something in another box
[19:24] <Pirate_Hunter> thanks for earlier on firecrotch
[19:25] <firecrotch> no problem :)
[19:26]  * ball sighs
[19:36] <sleepster> I am looking for a patch for my kernel?  It is currently configured for 100HZ and I would like it to be set to 1000HZ.   the I/O performance is terrible when CONFIG_HZ is set to 100 which is the default I believe for ubuntu server kernel
[19:40] <balloooza> is it possible to dump all the apache configuration, I just want to start over (I realy messed it up, durring an upgrade, did not make backups of the working state, shoot me)
[19:51] <bogeyd6> balloooza, which ubuntu version?
[19:51] <balloooza> 8.04
[19:51] <bogeyd6> nice
[19:52] <balloooza> nice, my version, or what I did :)
[19:55] <bogeyd6> baffle, https://help.ubuntu.com/8.04/serverguide/C/httpd.html
[19:55] <bogeyd6> sorry im at office so im in and out
[19:55] <bogeyd6> balloooza,
[19:55] <balloooza> bogeyd6: yes?
[19:56] <bogeyd6> balloooza,  https://help.ubuntu.com/8.04/serverguide/C/httpd.html
[19:56] <bogeyd6> start all over with that link
[19:56] <balloooza> Thanks
[19:57] <mathiaz> sommer: do you know where a copy of the ubuntu server guide for 7.10 could be found?
[19:57] <mathiaz> MagicFab: ^^
[19:59] <bogeyd6> mathiaz, http://ubuntuguide.org/wiki/Ubuntu:Gutsy
[19:59] <bogeyd6> specifically http://ubuntuguide.org/wiki/Ubuntu:Gutsy#Servers
[20:00] <MagicFab> bogeyd6, tx!
[20:00] <bogeyd6> is there a compelling reason to be using 7.10?
[20:07] <MagicFab> bogeyd6, no, which is why i am helping upgrade / recover data from it :)
[20:09] <balloooza> now I have a new problem, there are no files in /etc/apache2, yes I doo have a backup of them, but how do I get the original factory files
[20:10] <balloooza> (ie all I have is httpd.conf)
[20:16] <bogeyd6> hmm
[20:16] <bogeyd6> ballooza
[20:16] <balloooza> bogeyd6: why do you say the name
[20:17] <bogeyd6> sudo apt-get remove apache2 && sudo apt-get install apache2
[20:18] <balloooza> running now...
[20:18] <bogeyd6> kk
[20:18] <bogeyd6> i always had a problem with it not putting init files back
[20:18] <balloooza> bogeyd6: still, nothing in the /etc/apache folder
[20:19] <balloooza> apache2
[20:19] <alexm> you should add --purge to remove for apt to remove config files
[20:19] <bogeyd6> yeah
[20:19] <bogeyd6> just thought of that
[20:19] <balloooza> ok, doing...
[20:19] <balloooza> still nothing
[20:19] <bogeyd6> ok
[20:19] <bogeyd6> did you do the purge?
[20:19] <balloooza> yes
[20:19] <bogeyd6> kk
[20:20] <alexm> are you concerned about /etc/apache or /etc/apache2 ?
[20:20] <balloooza> do you know what package the default config is in (I would have guessed apache2
[20:20] <bogeyd6> balloooza, apt-get --purge remove apache2-common apache2
[20:20] <balloooza> aeger /etc/apache2
[20:20] <bogeyd6> balloooza, apt-get install apache2
[20:20] <bogeyd6> that will work, i just tried it
[20:21] <balloooza> dont wory about the thing in the beginning awrng thing
[20:21] <alexm> then you should purge package apache2.2-common
[20:21] <alexm> dpkg -S /etc/apache2 show the package name owning the file or directory
[20:21] <bogeyd6> balloooza, sudo apt-get --purge remove apache2-common apache2 && sudo apt-get install apache2
[20:22] <bogeyd6> it works
[20:22] <bogeyd6> on 8.04.1
[20:22] <balloooza> so wait, so far I ran purge remove one, then the install apache2 one, now what do I do?
[20:22] <bogeyd6> the command i just gave you
[20:22] <bogeyd6> we didnt do the the -common last time
[20:24] <balloooza> I am looking for /etc/apache2/apache.conf
[20:25] <bogeyd6> balloooza, if you run that command it will default everything back to square one, just like you wanted.  sudo apt-get --purge remove apache2-common apache2 && sudo apt-get install apache2
[20:26] <balloooza> OK,  it didn't, but I will work on it more, obviously I have a non standered problem
[20:27] <alexm> balloooza: it will remove all the files that came or were created during the apache installation, but not those you created afterwards
[20:28] <alexm> if you want to make sure that you remove all of them, rm -rf /etc/apache2 after backing it up (just in case) and purging it
[20:29] <alexm> maybe package etckeeper will help you track changes on /etc/apache2 files, it's worth trying
[20:33] <ruben231> hi
[20:33] <ruben231> by default what is the password of root in fresh install ubuntu..?
[20:33] <ruben231> ubuntu-server
[20:33] <balloooza> there is none
[20:33] <balloooza> "for safty:
[20:34] <ruben231> no password..?
[20:34] <ruben231> just blank
[20:34] <balloooza> (ubuntu uses sudo instead of root, this is annoying somtimes, but I have learned to like it,  I do not have to give put a root password
[20:35] <balloooza> BTW, there is no password, that means you cannot log onto it, this is ubutu security modle, so telling you how-to would be unexceptable, on the forums or here
[20:36] <bogeyd6> !noroot
[20:36] <bogeyd6> !root
[20:36] <bogeyd6> sage advice ruben
[20:36] <ruben23> ok got it
[20:37] <balloooza> those are some new ubottu commands. saves me typing
[20:37] <bogeyd6> i wonder
[20:37] <bogeyd6> !root @ bogeyd6
[20:38] <balloooza> bogeyd6: how do I get a list of all ubottu s commands ( I have a feeling he will tell me)
[20:39] <balloooza> !connands @ balloooza
[20:39] <balloooza> !bot
[20:40] <balloooza> yay, that was it!!
[20:40] <bogeyd6> i dont know
[20:40] <bogeyd6> there you go
[20:40] <balloooza> I got it
[20:40] <bogeyd6> !iptables
[20:46] <DormantOden> hey Ubuntu people
[20:46] <DormantOden> I seem to have a HUGE memory leakage problem
[20:47] <DormantOden> anyone know of any active memory readers?
[20:47] <balloooza> is this an ubuntu problem or ubuntu server
[20:48] <DormantOden> server
[20:48] <balloooza> run top
[20:49] <balloooza> then sort by memory usage
[20:49] <jbernard> DormantOden: once top comes up, hit 'O', then 'n', then <enter>
[20:49] <jbernard> DormantOden: that will sort the list by memory usage
[20:51] <DormantOden> will do =)
[20:53] <DormantOden> hmm, seems steady now
[20:53] <DormantOden> I was restarting apache quite alot.... Ill try that alot again :P
[20:57] <DormantOden> gah!
[20:57] <DormantOden> Found it!
[20:57] <DormantOden> Damn you migrate database!
[20:57] <DormantOden> its going to asplode again!
[20:58] <DormantOden> quick, how do i stop somthing 0o
[20:59] <DormantOden> ahhh... it died. ='(
[20:59] <firecrotch> DormantOden: what are you trying to do?
[20:59] <DormantOden> stop a massive memory leak
[20:59] <DormantOden> at least i found the culprit :P
[21:00] <DormantOden> it used like 2 gigs in 3 minutes 0o
[21:00] <firecrotch> DormantOden: whats the cause of the mem leak?
[21:01] <DormantOden> a doogy plugin by the looks of it. I tried to migrate some database things and it exploded
[21:01] <DormantOden> some chat plugin for redmine to be specific
[21:02] <DormantOden> How can I stop ruby, just for future needs?
[21:06] <troglobyte> If I wanted to automate a scp upload to /var/www/dirname (owned by www-data) do I just add the uploading user to the www-data group?
[21:08] <garchonix> hello
[21:08] <garchonix> could someone give me a hand? i need to sync two dirs, but transferring only files that in IN THE DESTINATION have mtime < some_time
[21:08] <garchonix> what would be the best way to do that?
[21:12] <jfontan1> troglobyte, that and also giving write premissions to group (that must be www-data)
[21:13] <troglobyte> jfontan1, thanks!
[21:25] <quentusrex> Is anyone around that is familiar with x509 certs and gnutls?
[21:49] <Bilge> Even though migrating from LTS to 9.04 would require upgrading in several steps, would it be possible, in future, to upgrade directly from an old LTS distro to a new one?
[21:52] <infinity> Bilge: We support LTS->LTS upgrades, yes.
[21:52] <infinity> Bilge: (For instance, we support dapper->hardy right now)
[22:04] <docta_v> i have some custom packages i've built and i'd like to authenticate them using apt... just wondering what the best method is to deal with trusted.gpg
[22:04] <docta_v> i was considering either... making my own package to replace this file wholesale... or running a script on every system to add the new key. there doesn't appear to be an easy way to deal with this issue
[22:10] <majikman> does anyone else here have issues with ubuntu's default configuration of having tomcat log stuff into syslog?
[22:31] <n8bounds> Hullo all
[22:31] <KillMeNow> howdy
[22:32] <n8bounds> anyone here handy with bind9?
[22:33] <KillMeNow> i'm fairly handy
[22:33] <n8bounds> i have a in-addr.arpa zone problem...
[22:33] <KillMeNow> what' the problem
[22:33] <n8bounds> my bind server hosts a few public zones
[22:33] <n8bounds> but i never set up a reverse lookup zone
[22:33] <n8bounds> trying to do that today results in fail
[22:33] <KillMeNow> well, you normally wouldn't
[22:33] <KillMeNow> unless the IP range has been swipped to you
[22:34] <n8bounds> i have to for our mail server
[22:34] <KillMeNow> for the public side
[22:34] <KillMeNow> ok, has the IP range been swipped to you?
[22:34] <n8bounds> our ISP (AT&T) delegates our public subnet's DNS (including the in-addr.arpa) zones to us
[22:34] <KillMeNow> ok
[22:34] <n8bounds> right, so the named service restarts fine with the config I have
[22:35] <n8bounds> but it refuses to answer
[22:35] <n8bounds> would u mind if i pasted one line from syslog in here?
[22:35] <KillMeNow> nope
[22:35] <n8bounds> Jul 13 17:35:11 mail named[21637]: client 65.188.241.191#62828: view external: query (cache) '132.82.145.12.in-addr.arpa/PTR/IN' denied
[22:35] <KillMeNow> ulness you wanted to use pastebin
[22:36] <n8bounds> i may have to
[22:36] <KillMeNow> are you running bind9 in a chroot jail?
[22:36] <n8bounds> the server's hostname is mail, obviously, and the client ip is an external source--of our network
[22:36] <n8bounds> negative
[22:36] <KillMeNow> k
[22:36] <n8bounds> this is just bind9 apt-got on 8.04.2
[22:36] <KillMeNow> ok
[22:37] <KillMeNow> i'm assuming then you created a in-addr.arpa zone for that IP block?
[22:38] <n8bounds> yes: http://pastebin.com/m7b432cde
[22:40] <KillMeNow> do you get any errors when you do your rndc reload?
[22:41] <n8bounds> negative
[22:41] <n8bounds> named-checkconf & named-checkzone pass fine too
[22:43] <KillMeNow> have you tried using the host command to dig out the reverse pointers locally to the DNS server?
[22:44] <n8bounds> no, good idea
[22:44] <n8bounds> lets see...
[22:44] <goldrake> hallo
[22:44] <n8bounds> Host 128-28.82.145.12.IN-ADDR.ARPA not found: 5(REFUSED)
[22:44] <n8bounds> @goldrake hiya
[22:45] <KillMeNow> also, the error also says that the query (cache) is denied, i'm not seeing the statement "allow-query-cache" in your named.conf
[22:45] <n8bounds> well, if i enable that, it just recurses through and ends up without an answer at the root servers...
[22:45] <KillMeNow> course you didn't post your named.conf
[22:45] <goldrake> good evening n8bounds
[22:46] <KillMeNow> hrm...  if you don't "allow-recursion" i'm not sure it will allow it to go to the root servers
[22:46] <n8bounds> but im trying to be authoritative...
[22:46] <n8bounds> i dont want it to recurse to the roots
[22:47] <n8bounds> if you dont mind
[22:47] <n8bounds> i just enabled query-cache to any
[22:47] <n8bounds> from your machine, run this command: dig @ns.epescarriers.com -x 12.145.82.132
[22:47] <n8bounds> you will get NOERROR, but no answer either
[22:48] <KillMeNow> host 12.145.82.132 gives this reply:  132.82.145.12.in-addr.arpa is an alias for 132.128/28.82.145.12.in-addr.arpa.
[22:50] <n8bounds> now why would yours be different...
[22:52] <n8bounds> anyway, that doesn't make any sense either way
[22:52] <n8bounds> as I have 132.82.145.12.in-addr.arpa as a PTR rr not a CNAME
[22:53] <KillMeNow> dunno
[22:53] <KillMeNow> but are you still getting the denied error from localhost?
[22:55] <n8bounds> yes
[22:55] <n8bounds> i forgot to mention
[22:55] <n8bounds> this is "split"
[22:55] <n8bounds> i have two views
[22:55] <n8bounds> of which loopback does not fall into the external view
[22:55] <n8bounds> where that reverse zone is configured
[22:56] <KillMeNow> figured when i seen the "view external"
[22:56] <KillMeNow> however, if it works on the internal side, then we need to look at why it's not allowing it externally
[22:56] <KillMeNow> did you enable IPv6?
[22:59] <majikman> anyone know how to reconfigure tomcat so that it stops logging into syslog?
[23:01] <n8bounds> yes
[23:01] <n8bounds> i did enable ip6
[23:03] <n8bounds> i finally got my thread started: http://ubuntuforums.org/showthread.php?p=7611249#post7611249
[23:03] <n8bounds> there are almost ALL the config files
[23:03] <n8bounds> @majikman, lemme see how I have mine set up
[23:04] <majikman> n8bounds, i think i have to modify the /etc/init.d/tomcat6 file. ps shows this option.... -outfile SYSLOG -errfile SYSLOG
[23:05] <n8bounds> check out  /etc/tomcat5.5/logging.properties
[23:06] <n8bounds> mine logs to syslog, but only on errors, it seems
[23:06] <n8bounds> mostly it logs to a few files in /var/log/tomcat5.5/
[23:08] <n8bounds> my init.d script uses "$CATALINA_BASE/logs" "$CATALINA_BASE/temp
[23:08] <n8bounds> "
[23:08] <goldrake> good night
[23:09] <majikman> n8bounds, thanks for looking. thats interesting to know. my logging.properties isn't set to use syslog and my init.d file is hardcoded to syslog. i just changed it and it should hopefully start working the way i want it to now
[23:10] <n8bounds> @majikman, np. make sure you create the tomcat5.5 subdir in /var/log if its not created already
[23:10] <KillMeNow> are you running SELinux n8bounds?
[23:10] <n8bounds> negative
[23:10] <n8bounds> i have no idea how to add that to ubuntu
[23:11] <KillMeNow> apparmor is Ubuntu
[23:11] <KillMeNow> and i've never gotten it to work properly
[23:11] <KillMeNow> always caused me more pain
[23:12] <n8bounds> yeah, but i know what apparmor looks like (at least) when it complains in syslog
[23:12] <n8bounds> and it isnt
[23:12] <n8bounds> it did when I tried to use a non-default dir for zone files
[23:12] <n8bounds> so i just went back to /var/cache/bind/
[23:14] <jdstrand> n8bounds: you could also adjust /etc/apparmor.d/usr.sbin.named
[23:14] <n8bounds> yeah, i started to do that, but i'd have to do it on about 10 servers
[23:14] <n8bounds> so i just went the easy way ;)
[23:15] <n8bounds> it was easier to add one more dir to my /etc/* -R backup script :)
[23:15]  * jdstrand nods
[23:17] <KillMeNow> when i resolve ns.epescarriers.com i get 12.145.82.132
[23:17] <n8bounds> correct
[23:17] <n8bounds> but if you try to reverse query 12.145.82.132 you get fail
[23:17] <KillMeNow> yea, it fails
[23:17] <n8bounds> yeah
[23:17] <n8bounds> i have no idea why
[23:18] <KillMeNow> host 12.145.82.132 nx.epescarriers.com gives me fail
[23:18] <n8bounds> you mean ns, not nx, yes?
[23:18] <KillMeNow> yea
[23:18] <KillMeNow> sorry
[23:18] <n8bounds> cool
[23:19] <KillMeNow> Host 132.82.145.12.in-addr.arpa not found: 5(REFUSED)
[23:19] <KillMeNow> that's the exact error
[23:19] <n8bounds> right
[23:19] <n8bounds> me too
[23:20] <KillMeNow> ok, stop and start the named service then hit the syslog
[23:20] <KillMeNow> make sure everything looks copasetic and all the zone files are actually loaded
[23:23] <n8bounds> it is
[23:23] <n8bounds> PS, i would have a big problem if it wasnt
[23:24] <n8bounds> zone 128-28.82.145.12.IN-ADDR.ARPA/IN/external: loaded serial 2009071315
[23:24] <n8bounds> that's the wonky part
[23:24] <KillMeNow> yea, WTF over
[23:24] <n8bounds> it loads it, but doesnt act authoritative
[23:25] <phaidros> hm, after installing hwinfo on a machine i get this:
[23:25] <phaidros> Inconsistency detected by ld.so: ../sysdeps/x86_64/dl-machine.h: 416: elf_machine_rela_relative: Assertion `((reloc->r_info) & 0xffffffff) == 8' failed!
[23:25] <phaidros> for every command ..
[23:25] <phaidros> any hints on that? (I'm not wanting to reboot quick, because it is a xen dom0 instance with 8 virtual machines)
[23:26] <KillMeNow> well, it's not a servfail error, but a refused error
[23:30] <n8bounds> right
[23:30] <n8bounds> @phaidros something is seriously wrong
[23:30] <n8bounds> check your filesystems, you might be full
[23:31] <phaidros> n8bounds: I expected :/
[23:31] <phaidros> n8bounds: !
[23:31] <n8bounds> # df -HT
[23:31] <phaidros> good hint
[23:31] <n8bounds> ...if you can
[23:31] <n8bounds> that is
[23:31] <phaidros> hehe
[23:31] <phaidros> of course not
[23:31] <n8bounds> try to init 1, when u can bring the vms down
[23:31] <phaidros> ok, full fs makes sense
[23:31] <n8bounds> yeah..
[23:31] <phaidros> *sigh*
[23:32] <n8bounds> @KillMeNow I added another post http://ubuntuforums.org/showthread.php?t=1212421 and I think I know the problem, just not the solution
[23:32] <phaidros> so, the whole procedure again, all vms down, write users mails before, repair dom0, bring everything up and fix all which broke on the way :D
[23:32] <n8bounds> bind doesnt seem to think it should be authoritative for that zone
[23:33] <n8bounds> @phaidros, yeah, might be good to throw an fsck in there somewhere ;)
[23:36] <n8bounds> KillMeNow: you must be 216.99.213.136
[23:36] <n8bounds> ;)
[23:36] <KillMeNow> yes, that's me
[23:37] <n8bounds> I think I've read the zytrax bind book about 20 times now
[23:37] <n8bounds> also, the bv ARM isnt very detailed
[23:37] <KillMeNow> ok for giggles allow-recursion
[23:37] <n8bounds> ok, standby
[23:38] <n8bounds> wide open
[23:39] <KillMeNow> yes, the problem is TOTALLY that it's not acting as authority
[23:39] <KillMeNow> it punted me to the root servers when you enabled recursion
[23:39] <n8bounds> ytes
[23:40] <KillMeNow> https://lists.isc.org/pipermail/bind-users/2004-October/053137.html
[23:40] <KillMeNow> read that
[23:40] <KillMeNow> i think that will clear up your problem
[23:40] <KillMeNow> maybe
[23:42] <n8bounds> whoa... thats written by The Man, himself..
[23:43] <KillMeNow> yea
[23:43] <n8bounds> that has to work. trying it now
[23:43] <KillMeNow> and the situation sounds just like the one you're experiencing
[23:44] <n8bounds> yes it does
[23:45] <n8bounds> why does he write it zone "224-239.0.80.62.in-addr.arpa" { intead of zone "224-239.0.80.62.in-addr.arpa" IN {
[23:45] <n8bounds> (i thot u needed the IN)
[23:46] <KillMeNow> it was written in 2004
[23:46] <n8bounds> ah
[23:46] <KillMeNow> it's the concept however
[23:46] <n8bounds> tru
[23:47] <KillMeNow> and it explains WHY when i do just host 12.145.82.132 i get the cname pointer
[23:48] <EAS> anyone know what the story is about DRBD8 for Jaunty?
[23:50] <EAS> do I just need the utils?
[23:50] <KillMeNow> no idea EAS
[23:52] <n8bounds> not sure
[23:53] <n8bounds> @KillMeNow, I changed this part of the external view
[23:53] <n8bounds> http://pastebin.com/m678ec31b
[23:54] <EAS> ok, looks like the drbd module is now part of the linux-image-*-server package...
[23:55] <n8bounds> hmm
[23:56] <n8bounds> @KillMeNow, I'm getting these now "zone 82.145.12.IN-ADDR.ARPA/IN/external: refresh: non-authoritative answer from master 212.82.225.7#53 (source 0.0.0.0#0)" I must have picked a fools master
[23:56] <n8bounds> ...any clue on how I find the master for that zone?
[23:56] <n8bounds> i looks like xbru.br.ns.els-gms.att.net.
[23:56] <n8bounds> but i may be way off
[23:56] <KillMeNow> yea, those are the authoriative which CNAME it to you
[23:56] <KillMeNow> one second
[23:57] <KillMeNow> heh, ok now i get servfail when i try to grab the reverse
[23:58] <n8bounds> can you use hostnames as masters?
[23:59] <KillMeNow> i wouldn't think
[23:59] <n8bounds> heh, ur right
[23:59] <KillMeNow> what is your resolv.conf pointed to?
[23:59] <KillMeNow> or are you doing these queries from a separate machine?
[23:59] <n8bounds> the latter