/srv/irclogs.ubuntu.com/2009/08/17/#ubuntu-server.txt

tsrk_how can I allow root login via SSH keys but not SSH password?00:19
jmarsdentsrk_: Since root has no password in Ubuntu, just set up the keys and you are all set :)00:22
tsrk_jmarsden, lets say (completely hypothetically of course) i had a root password. then, how would i do it? :)00:23
jmarsdenFirst you get rid of the root pw and then proceed as above.  Failing that, you set PasswordAuthentication no in sshd_config, but that would apply to all users, not just to root.00:24
tsrk_hmm, could do that, although there's some times i really want to use pws for other users00:25
jmarsdenThere is no good reason for a root pw on a Ubuntu machine that I know of, BTW.  So... get rid of it :)00:25
jmarsdensudo usermod -p '!' root00:26
tsrk_i'd much rather type "su" than remember some random options for sudo?00:26
jmarsdenAnd that is higher priority that a sane ssh config to do what you need... well, it is your choice.  sudo su works fine if you really can't remember sudo -s00:27
tsrk_what's the difference between sudo -s and -i?00:27
jmarsden-i simulates initial login, -s uses the $SHELL and does not simulate initial login.  man sudo00:28
tsrk_alright00:28
tsrk_and what about being secure at the startup console?00:28
tsrk_i guess i can block that option... but did they fix that?00:28
jmarsdenPlease explain how the default is insecure?00:28
tsrk_i think it used to be that with no root password, when the system was booting you could go into recovery mode and select root shell00:29
jmarsdenI'll try it in a virtual machine... but if you give someone physical access to the server, security is pretty much nonexistent anyway... they can steal the machine, remove a hard drive, boot from a CDROM, etc etc...00:31
tsrk_there can be a difference between hardware security and software security00:32
tsrk_first of all they might have console access without being physically in the same location as the machine00:32
tsrk_(the case 99% of the time where i work)00:32
tsrk_also, i'll know if someone tampers with hardware, but not necessarily software00:33
giovanitsrk_: with serial console access, and a grub/lilo password, they shouldn't be able to boot single user00:33
giovanithere should also be a bios password, etc00:33
tsrk_giovani, that's a good point00:34
tsrk_giovani, well, some of my machines need to be able to boot w/o a password00:34
giovaniboot?00:34
tsrk_(there's a bios password for setup, but not boot)00:34
giovaniyou don't need a password to boot00:34
giovaniI'm talking about modifying the bios, and modifying startup flags00:34
giovanithis is standard stuff at every company I've ever worked at00:34
giovanibios and lilo/grub password for modification00:34
tsrk_will that cover everything?00:35
giovaniclearly physical access to the box means you can pop the jumper and reset the bios00:35
tsrk_yeah00:35
giovanithat will cover everything remote unless you have an out-of-band management system like IPMI/DRAC/iLO/etc00:35
tsrk_alright00:35
giovaniso if all you have remote-access wise is serial console00:36
tsrk_i gotta reboot to check something, but i'll probably be back in  here in a few minutes00:36
giovanithen a boot manager and bios password are all you need00:36
tsrk_ok00:36
tsrk_thanks for the help00:36
giovaninp00:36
giovaniso, I haven't installed a new 9.04 server install until today00:41
giovaniwhen did lilo become the default boot manager?00:42
pmatulislilo?00:42
giovanior did that only happen because I put /boot on LVM and grub is presumed to be less happy with that?00:42
giovanipmatulis: yep00:42
pmatuliswill need to try that00:43
nick125I thought grub supported /boot on LVM....00:43
giovaninick125: it does, afaik00:43
giovanibut not incredibly well00:43
giovanias in, as of the latest stable, it only supports a single vg00:43
nick125Ah. Well, there's a reason not to put /boot on LVM :)00:43
giovaninot if lilo supports it perfectly00:44
giovanior if you use something newer than grub stable00:44
giovanithere's nothing that should prevent a boot manager from using LVM00:44
giovanianyway, yeah, with some googling it appears ubuntu doesn't believe grub is capable of nicely handling LVM /boot :)00:48
giovaniso it forces you to use lilo00:48
giovanigood to know00:48
pmatulistsrk_: did you figure out your no-password-for-root question?01:01
tsrk_pmatulis, yeah, thanks01:02
pmatulistsrk_: what did you do?01:02
tsrk_just disabled root pw and set up some other security stuff instead01:03
tsrk_at the bootloader01:03
giovanidisabled root pw?01:04
tsrk_yeah01:04
jmarsdensudo usermod -p '!' root01:04
giovaniwhat do you mean?01:04
tsrk_set the encrypted pw to !01:04
tsrk_yeah01:04
tsrk_what jmarsden said01:04
pmatulistsrk_: ah ok, thought you said hypothetically if root had a p/w01:04
giovaninothing should've been there to begin with01:04
tsrk_pmatulis, yeah, i hypothetically set the root pw to !01:05
tsrk_all of this is hypothetical01:05
pmatulistsrk_: k, b/c i thought i had an answer for you01:05
giovaniheh, now I'm confused01:05
tsrk_pmatulis, well lets say hypothetically that it wasn't all hypothetical, what was your answer going to be?01:05
tsrk_giovani, DW about it :P01:06
jmarsdengiovani: trsk_'s 'hypothetical' server used to have a root pw, because he created one... but now he has removed it :)01:06
pmatulistsrk_: adding these 2 lines at the end of /etc/ssh/sshd_config:01:06
pmatulisMatch User root01:06
pmatulis   PasswordAuthentication no01:06
giovanijmarsden: is it hypothetical in the sense that his imaginary friend has a problem he can't talk about?01:06
tonyyarussoHi, I need to consolidate my contacts information into a central location, so I was thinking of making an address book in an ldap server since most e-mail clients can load that.  Could someone teach me how to do that?01:06
tsrk_pmatulis, ah, that looks perfect! i might hypothetically have to use that :)01:07
giovanitonyyarusso: LDAP isn't really appropriate for a single person's contact storage01:07
tonyyarussogiovani: I'm open to other ideas if you have them.01:07
tonyyarussoBasically I want something I can load on my Linode and access from all of my computers.01:08
tonyyarussoAlthough somewhere down the line I know I'll end up using LDAP (I'm planning to do sysadmin stuff as a career), so it seemed like a reasonable idea to start learning about it now if it would work.01:08
giovanitonyyarusso: well, #ubuntu-server isn't really the place to learn how to share contacts01:08
giovaninor is it the place to design an LDAP schema01:09
tonyyarussogiovani: Well, they would be stored on a server running Ubuntu, so I'm not sure why not.01:09
jmarsdentonyyarusso: At the low end of the complexity scale, a simple static web page (password protected so only you can see it) could work.01:09
tonyyarussojmarsden: I want something that can actually load in the address book features of for example Evolution, so it works in my e-mail client, not something I'd have to go copy and paste from.01:09
giovanitonyyarusso: because this is about ubuntu-specific issues ... sharing contacts isn't an issue with ubuntu01:10
tonyyarussogiovani: Again, if you have a better suggestion please let me know what it is.01:10
giovanithere are dozens of contact-sharing solutions01:10
giovaniuse google01:10
giovaniI have, and found tons01:10
tonyyarussoI haven't found any that suited the above description yet - they're all either manual syncing stuff or client-specific (ie Thunderbird extensions, etc.)01:11
giovanitonyyarusso: then you haven't googled enough01:12
giovanisyncml, groupdav, imap extensions01:12
tonyyarussosyncml is a manual syncing, not a central repository.01:13
tonyyarussoLooking at groupdav now.01:13
giovanithere's absolutely nothing about syncml that makes it "manual"01:16
giovaniit's a markup standard01:16
tonyyarusso"Currently not. The current draft requires that the client keeps an offline cache of the server data. Indeed GroupDAV basically specifies how such a cache is to be kept in sync with a server.01:16
MenZa!jfgi | giovani01:16
ubottugiovani: Acronyms or statements like noob, jfgi, stfu, or rtfm are not welcome in this channel. Period.01:16
tonyyarussoOnline access is something which should be well covered by the CalDAV protocol and is currently considered out of scope for GroupDAV.01:16
giovaniMenZa: I don't see how that's relevant01:17
giovanitonyyarusso: this is seriously out-of-scope for #ubuntu-server01:17
MenZaGenerally, saying people "Haven't Googled enough" isn't exactly helpful. Remember the !CoC :)01:17
MenZaLet's all be nice and happy and help each other.01:17
giovaniMenZa: it's an out-of-scope question, I've made numerous efforts to point him in the direction he should be going for help -- I think it's a perfectly valid response given the situation01:18
tonyyarussogiovani: Then show me a better channel...  Last I checked LDAP runs on Ubuntu, and you haven't come up with a better way than that, so I'm still hoping somewhere here can teach me some of the basics of ldap on Ubuntu.01:18
tonyyarussoYou pointed me to Google.  That's not help.01:18
giovaniit helped me find the answer to your question01:19
giovanijust because data is stored on an ubuntu server doesn't make it related to ubuntu01:19
MenZagiovani: If you found the answer, post that instead. :)01:19
giovaniMenZa: I have01:19
tonyyarussoIf you found a real answer, then link it please.  Your other suggestions don't match my criteria, and I stated why.01:19
giovaniMenZa: feel free to read the conversation you're critiqing01:19
MenZagiovani: All I'm saying is that asking people to Google is borderline to being 'nice'01:19
giovanitonyyarusso: they have, you've misunderstood their function01:19
MenZaAnd by that, I end the discussion.01:20
* MenZa huggles giovani and runs away.01:20
giovaniMenZa: I disagree, particularly when it's an off-topic question01:20
tonyyarussoI'll re-state the desired behavior:01:20
tonyyarussoI open Evolution on my laptop.  I go to compose a message, start typing in a contact name, and it auto-completes.01:20
tonyyarussoLater, I edit another contact, close that machine, and walk away.01:21
giovaniit's out of scope for this channel, have fun01:21
* giovani &01:21
tonyyarussoI get on my desktop, pull up Thunderbird, type in the second contact's name, and there it is, with the changes made earlier.01:21
matt_keysI'm running virt-manager locally to connect to kvm host remotely via ssh. When I point it to the iso, either locally or remotely, it has a problem finding it. Does anybody know what I'm doing wrong or a way around this?01:22
jmarsdentonyyarusso: Have you rejected existing tools such as conduit?  Conduit is GNOME-specific, so not at all relevant in this channel...01:24
jmarsdenmatt_keys: You might find better help in #ubuntu-virt for virtualization-specific questions.01:25
tonyyarussojmarsden: Yes.  Conduit again is just a syncing tool that has to be run separately - I want to be directly modifying a central record so I don't have to deal with unnecessary middleman steps.01:25
tonyyarussoIn short, Conduit would be functional, but inefficient and awkward.01:26
jmarsdenOK.  It seems to be the direction Ubuntu is moving in for exactly this kind of functionality. However... you are free to build your own tool if you insist... but #ubuntu-server is probably not a good place to expect a lesson on how to do that.  You can see the Server Guide at https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html for the basics of setting up OpenLDAP on Ubuntu.01:28
matt_keysjmarsden: Thanks I'll give it a shot.01:28
baffletonyyarusso: I think your questions is (somewhat) on topic to be honest; Especially considering the new blueprints for centralized AA in Ubuntu (OpenLDAP/Kerberos).02:01
tonyyarussobaffle: Thanks.  Any chance you know more about the answer?  ;)02:02
baffletonyyarusso: Well, a standard OpenLDAP installation will give you this.02:02
tonyyarussoThere is some really promising talk towards centralization, but of course talk is hard to use.02:02
baffletonyyarusso: Yes, I haven't really noticed much work happening to that blueprint; It seems to be targeted for Karmic, but at the way things are moving it seems to be Karmic+1 or +2..02:03
tonyyarussobaffle: I've been attempting to learn about that, but finding that lots of LDAP guides are rather overwhelming, and was hoping there might be a shortcut of sorts since I have a small, specific goal.02:03
baffletonyyarusso: Ofcourse, the *infrastructure* is all there right now.02:03
baffletonyyarusso: I've run OpenLDAP/Kerberos auth for many years now.02:03
* tonyyarusso bought a 4-inch think book on the subject - 'tis a slow read02:03
baffletonyyarusso: Yes, I've bought the O'Reilly OpenLDAP and a few others as well. To be honest, I learned much more from just looking at the software, reading up on ASN.1 etc.02:04
tonyyarussoI would hope those sorts of blueprints are in place for the next LTS, which seems to be shaping up to be Karmic+1 based on Debian's move, so here's hoping.02:04
tonyyarussoASN.1?02:04
tonyyarussobaffle: One thing that seems odd is that lots of things talk a lot about designing schemas.  Aren't there some standard ones that most applications use?02:05
baffletonyyarusso: Well, yes and no.02:05
baffletonyyarusso: There are just guidelines.02:06
baffletonyyarusso: You really have to design your own tree.02:06
tonyyarussoyikes02:06
baffletonyyarusso: Everyone seems to do things differently. :)02:06
baffletonyyarusso: Sorry, have to be away, in the middle of an incident.02:08
* tonyyarusso goes to read more then02:10
giovanithis is what I said about an hour ago02:19
giovanidesigning an ldap schema is all on you02:19
giovanithis is why it's not used as a personal contact store -- and is used for reasonably sized companies that will gain immensely from the effort02:20
bafflegiovani: Well, it works perfectly as a personal contact store.02:31
bafflegiovani: And, to be honest, I think it is a good idea to tackle such an easy project before implementing a huge company wide directory.02:32
giovanibaffle: it's serious overkill, so, "works perfectly" is relative -- and no question you should understand LDAP before rolling it out company wide02:52
twbI don't think there are too many people who truly understand LDAP :-)03:07
VighI'm running a webserver on jaunty, and whenever Apache is running (~20% CPU load, not using full bandwidth), SSH performs very slowly (i.e. I am SSHing in and commands take a relatively long time to respond) -- any suggestions?03:33
twbVigh: set up QoS on your routers.03:37
twbVigh: the large http packets are "muscling out" your low-latency ssh packets.03:38
Vightwb: not an option, it's running on Amazon's cloud03:38
twbask amazon or google about qos on that platform, then03:38
twbI'm sure it's a widespread issue that someone else has already solved03:38
Vightwb: ok, will do -- thanks!03:39
tsrk_twb, how is amazon's cloud? how's pricing?05:05
twbtsrk_: I've no idea.05:08
tsrk_oh :(05:12
tsrk_what do I need to do to change my server's hostname? I know I should edit /etc/hostname and /etc/hosts, anything else?05:21
twbtsrk_: edit /etc/hostname and run hostname.05:22
tsrk_will hostname set /etc/hostname?05:23
twbNo, hostname sets the run-time value.  hostname(8) is called with /etc/hostname's contents at boot.05:23
tsrk_oh, i see05:23
twbtsrk_: note that some apps will be completely and utterly fucked by changing the hostname, e.g. an LDAP server05:23
tsrk_will that update /etc/hosts for me automatically?05:23
tsrk_oh really?05:24
twbNo, you'll need to change /etc/hosts as well, if you include a hostname in there.05:24
tsrk_the main things i'm running are openssh, proftpd, and samba05:24
tsrk_just the default ubuntu thing05:24
twbOpenSSH is unlikely to care.  I can't speak for ProFTPd or Samba.05:24
tsrk_ok05:24
twbIncidentally, I strongly encourage you to replace proftpd with sftp (for write access) and vsftpd (for anonymous read access).05:24
tsrk_is main.tsrk.us or main a better hostname?05:25
tsrk_i use openssh's sftp, but proftpd for backup05:25
twbtsrk_: /etc/hostname contains only the host name, not the FQDN05:25
tsrk_ok05:25
tsrk_so a hostname should just be "main'?05:25
twbThat depends on the context.05:26
twbIn the context of /etc/hostname, a hostname is just the name, not the FQDN.05:26
tsrk_this isn't my FQDN anyway05:26
twbI would, incidentally, use a more meaningful name than "main".05:26
tsrk_it doesn't actually have an FQDN05:26
tsrk_this is just a home server05:26
tsrk_i have main and test and out05:26
twbTypically I assign personal names to servers, then use DNS CNAME aliases to provide role names.05:26
tsrk_those are meaningful to me05:26
tsrk_hmm05:27
tsrk_i used to do tsrk1 tsrk2 tsrk305:27
twbSo e.g. www.lan CNAME ymir.lan05:27
tsrk_but that just got annoying05:27
jmarsdenSee http://www.faqs.org/rfcs/rfc1178.html -- Choosing a host name for your computer05:28
tsrk_jmarsden, thanks for the link, i read through it and it seemed interesting but i'm not sure i want to name my machines after colors :P05:35
jmarsdentsrk_: So pick some other scheme... that's just an example :)05:36
tsrk_i like to name them by what they do05:36
tsrk_because i'll be reinstalling if they ever do anything else05:36
jmarsdentsrk_: But then when you consolidate functions life is wierd, or when you have a mail/web/jabber server do you name it mailwebjabber.example.com .. and then you add mysql to it... now what?05:37
jmarsdenNext week someone wants an SNPP server... do you rename mailwebjabber to mailwebjabbersnpp now? :)05:38
tsrk_on this network i only really have the capacity for one internet-facing server, so i'm calling it out. my main internal server is never above 0.05 load afaik so i feel safe calling it main05:38
tsrk_this isn't likely to get any of those servers (i don't even know what they are)05:38
tsrk_but i could safely add jabber to my "out" server05:38
tsrk_anyway, if i were to run all those services, wouldn't vms be safer?05:39
jmarsdenIf you have the RAM, it might be.  But chroots for security-interesting services is usually safe enough.05:39
tsrk_lol @ "security-interesting"05:40
tsrk_and ram is getting pretty damn cheap these days05:40
twbjmarsden: thanks for the RFC05:40
jmarsdentsrk_: Yes; I have 8GB on my home desktop here, precisely so I can play with VMs :)05:41
jmarsdentwb: No problem.05:41
tsrk_i think processing power is becoming more the problem05:41
tsrk_8gb ram is like $100 now... but processors to saturate that ram aren't cheap05:42
tsrk_although i heard there's amazing discounts if you work for intel or know someone that does05:42
tsrk_a guy i work with managed to get two 8-core nehalems for free through intel05:43
jmarsdenWell, I picked up a Q9550 last week for US$169 from Microcenter :)  2.83GHz quad core with 12MB L3... that's a fair bit of CPU power for not much $$05:43
tsrk_yeah that's pretty good05:43
tsrk_can run 3 light vms + host OS pretty well?05:43
jmarsdenYes.05:44
tsrk_i'm gonna need to switch to a laptop soon though05:44
tsrk_i'm really trying to wait till they get quad core05:44
jmarsdenMaybe better to get a cheap netbook and ssh into your desktop or server(s) ... also avoids the "oops, I droped it and just blew X thousand dollars" syndrome :)05:45
tsrk_i have a lenovo s10 for now05:46
tsrk_it's decent05:46
tsrk_but i think i'll need more for college05:46
tsrk_cause i really don't want to bring a desktkop05:46
twbIt really irks me when a single-user laptop has enough CPU and memory to run all of .gov05:48
jmarsdentsrk_: It all depends what you'll be doing with it.  Maybe leave a desktop at home on a fast Internet connection, or rent a VPS somewhere for your computationally intensive tasks?05:48
twb"I upgraded my lappy from 4GiB to 8GiB so I can run two eclipse instances at once and still browse in 100 tabs in iceweasel."05:48
jmarsdenWell, some people have money to spend on fancy laptops for those kinds of reasons, I suppose :)05:49
tsrk_twb, i'm just saying i need more than my s10 with 1gb of ram and 1.6ghz single-core05:49
tsrk_jmarsden, i think i'll need more local power and especially screen space05:50
tsrk_i've been looking at the lenovo T-series and they look nice05:50
twbjmarsden: it just seems retarded when you could put all that power in a colo rack and just run ssh on the laptop-cum-xterm05:50
jmarsdentsrk_: Understood.  Although a $200 screen for your dorm room would handle the screen space.05:50
jmarsdentwb: Yes, that's definitely more the way I tend to do things.05:51
twbIf I could find a cellphone with HDMI that could run Debian, I'd replace my EeePC with it.05:51
tsrk_jmarsden, i really don't want to be working on stuff in my dorm room. a laptop gives me nice portability05:51
twb(Apparently HDMI uptake is low due to royalty fees, and DVI-D isn't used because the connector is relatively huge.)05:52
twbjmarsden: it's also a pain in the arse to lug a 3kg A4 laptop when a 500g A5 one would suffice.05:52
jmarsdentwb: I think Apple has some weird mini-DVI connector to try and work around that connector issue, maybe it will eventually become a "standard"?05:53
twbjmarsden: well, HDMI is backward-compatible with DVI-D05:53
jmarsdentsrk_: When I went to college (1980 to 1983), noone had computers useful for real work at all, we all used the campus mainframes :)05:54
tsrk_jmarsden, well, now they even expect me to buy maple for a basic calculus class05:55
tsrk_btw, will a netbook run that?05:55
jmarsdenI think there's a few free alternatives, if you want to cause a few raised eyebrows :)05:57
twbtsrk_: apps run in the server room, not on your netbook.  That's the whole point.05:57
tsrk_twb, graphical ones?05:57
twbjmarsden: IME it's easier to just change uni when they start demanding you learn with proprietary tools that have mature FOSS alternatives.05:57
twbtsrk_: sure.05:57
tsrk_twb, i don't have that kinda bandwidth here :(05:57
twbtsrk_: you don't have ISDN or ADSL1 at home?05:58
jmarsdentsrk_: Have you played with mathomatic or maxima for example?05:58
tsrk_jmarsden, i've used maxima some05:58
tsrk_it seemed somewhat useful, but a lot of the stuff i think is maple specific05:58
tsrk_i might be able to do it in maxima but it'd take extra effort05:59
tsrk_and if i'm using maple on tests etc... i should really use it all the time05:59
jmarsdenThat should be fine, and should run on a 1.6GHz netbook... you'd have to translate from maple, and the exta effort woudl make surfe you actually learned the underlying principles, I'd think?05:59
twbjmarsden: unfortunately unis no longer test understanding05:59
tsrk_twb, yeah, i'm starting to think that this is more of a class on how to use maple than math06:00
tsrk_but i guess i'll see06:00
tsrk_this isn't for uni though06:00
twbpolytechnic, whatever06:00
tsrk_it's a community college (replacement for high-school class)06:00
jmarsdentwb: Agreed, but that doesn't mean you should avoid understanding ... you just ahve to reconvert the courses to ensure they teach you want you really wanted to learn.06:00
twbjmarsden: that being the case, there's no point going to school at all.06:01
jmarsdenI can't see the value of teaching someone basic calculus with a program at that level.06:01
jmarsdentwb: well, only that others recognize the degree you get at the end, basically.06:01
twbjmarsden: the whole point of school is to provide regular, objective assessment, so you know what to revise06:01
twbjmarsden: eh, you can just forge those06:01
tsrk_thanks for the ideas :)06:02
jmarsdenI wouldn't know about that :)06:02
twbConsider: do you really want to work for an employer who cares more about accreditation (in maple, not math) than about your actual competence?06:02
twbI got my last job management going "hey, I think I've seen you at the local LUG.  You were pretty helpful."06:03
twbs/job/job by/06:03
jmarsdentwb: That's slightly unusual.  More common is that you need to get past the keyword screening secretarial staff to even get your resume (never mind yourself) in front of someone capable of evaluating your actual competence.06:04
twbBleh.  Such places probably have a dress code and evil shit like that06:04
tsrk_twb, those places also give you more monies06:05
twbMeh.  They'd have to pay a lot more for the privilege of making me dress up funny and turn up at 9AM every day06:06
jmarsdenNot always... Hewlett Packard (for whom I once worked) had no timeclocks and no dress code for us techies... but the recruitment process to get in the door of their R&D dept. was... somewhat bureaucratic.06:06
tsrk_well, i'll do what it takes06:07
=== Anthony_Whitford is now known as awlt
awltI want to expedite running vmbuilder within a corp network, so it makes sense to have a local apt-mirror to avoid being reliant on the internet.  So apt-mirror provides the standard stuff, but what about my own corporate artifacts that won't reside on the internet? Can they be added to an apt-mirror, or do I need something else? (Do I need to run my own corporate PPA? Is that the right strategy?)06:12
twbawlt: you mean "how can I make a private apt repo"?06:17
awltI think so, yes.06:17
tsrk_i am i still connected?06:18
twbawlt: it's dead easy, I just forget the command06:19
twbthingy-scanpackages06:19
awltdpkg-scanpackages?06:21
twbya06:24
awltI still need the apt-mirror, right?  There isn't a solution that is both a private apt repo and proxy?06:25
jmarsdenRight, just use both together.06:26
twbIn theory you can make a debmirror, then copy your own debs into it and generate new a Packages file.  But that's super sucky, so don't do it06:28
awltI want to avoid the super sucky strategy, that is why I am asking.  ;-)06:29
jeeves_Mossis there an easy way to send e-mail form the CLI (using mailx) through a gmail account?06:44
twbmsmtp-mta can use gmail as its smarthost06:45
twbmailx then just sees the /usr/sbin/sendmail symlink06:45
jeeves_Mosstwb, ?  can you give me a link for a "howto"?06:45
twbYou WILL need to store the gmail password in cleartext in /etc/msmtp or ~/.netrc, or be prompted for it each time.06:46
twbhttp://twb.ath.cx/Preferences/.msmtprc06:46
jeeves_Mosstwb, that's fine.  I'm looking to test it on a local system before I deploy it.  I'm concered about the cert from gmail (since they use TSL I think), and I need to be able to e-mail a list of people (the systems admin group)06:47
twbaptitude install ca-certificates06:48
jeeves_Mosstwb, I don't mean to be rude/dumb, but could you give me a hand to set this up so I can write it down and get past the "pit falls"?06:48
twbjeeves_Moss: start by "aptitude install msmtp-mta ca-certificates"06:48
jeeves_Mosstwb, ok, one sec.  (thanks again BTW)06:49
jeeves_Mosstwb, ok, we're good.  next?06:51
twbNow try /usr/sbin/sendmail -oi -t -d -v <test.msg06:51
twbExpect it to complain in some fashion; pastebin the output06:52
jeeves_Mossit's giving me that test.msg "no such file or directory"06:52
twbYou need to write a file test.msg06:52
twbIt will contain the headers (e.g. "To: fred@example.net"), a blank line, then the message body.06:53
jeeves_Mossohhhh, sorry.  one sec06:53
jeeves_Mossok, so how should the file be constructed?06:54
twb15:54 <twb> It will contain the headers (e.g. "To: fred@example.net"), a blank line, then the message body.06:54
jeeves_Mosshttp://pastebin.ca/153218506:55
jeeves_Mosstwb, will this let me write an e-mail to a group of people from one file?06:56
twbjeeves_Moss: what we are setting up is the ability for you to send arbitrary emails through your existing gmail account.06:56
jeeves_Mosstwb, I need to be able to send e-mails locally (say if a service goes down or when I cron job finished) through my gmail account06:57
twbIf an email is only delivered locally, then by definition it doesn't pass through gmail06:57
twbIf you need local delivery, msmtp will not suffice; you'll need something larger, like postfix.06:58
twbFor example if you want to be able to email other users on the local host, while the local host isn't connected to Internet.06:58
jeeves_Mosstwb, ok, well, I need to be able to send it through the gmail account.  it's because the e-mails are actully sending a txt to a cell phone (unless there is an easier way to send a txt msg from the CLI)06:59
gnuyogajeeves_Moss: if u r looking at local email delivery system, then u need local email server. else if u just want to send an email out using existing gmail account u need to follow  twd06:59
twbI'm not familiar with email to SMS bridges.06:59
twb!u06:59
ubottuU is the 21st letter of the modern latin alphabet. Neither 'U' or 'Ur' are words in the English language. Nor are 'R', 'Y', 'l8', 'Ne1' or 'Bcuz'. Mangled English is hard for non-native English speakers. Please see http://geekosophical.net/random/abbreviations/ for more information.06:59
jeeves_Mosstwb, if you send an e-mail to <phonenumber>@fido.ca then it will send the contents of the email as a text to the cell07:00
twbBy "a text" I presume you mean SMS?07:00
jeeves_Mosstwb, yes, sorry07:01
jeeves_Mosstwb, basically, I need to be able to send SMS messages from the CLI07:01
twbDo you own or pay for service on fido.ca?07:02
twbI thought gratis mail->sms bridges were extinct.07:02
jeeves_Mossno, that's why I went the gmail is a free way of doing it07:02
twbBut gmail isn't fido.ca07:02
jeeves_Moss(since all you do is send an e-mail to <phone_number>@fido.ca07:02
jeeves_Mossand if it's bell, then it's <phone_number>@txt.bell.ca07:03
jeeves_Mosstwb, that's why I wondered how to send an e-mail through gmail from the CLI07:04
twbjeeves_Moss: surely what you really mean, then, is "I need to be able to send email to N@fido.ca from the CLI."07:05
jeeves_Mosstwb, yes.07:05
twbI would normally use the ISP's smarthost rather than gmail's, if only because it'll be faster.07:05
jeeves_Mosstwb, but when I tried it from my main domain, I was unable to receive it, but when I sent it from the gmail account, it worked07:06
twbjeeves_Moss: that's probably because your own domain isn't set up properly to send mail07:06
jeeves_Mosstwb, this is why I thought that gmail would be the better option (or currently from testing, the only option)07:06
jeeves_Mosstwb, my mail domain works fine for regular send/receive07:07
twbI doubt that.07:07
twbProbably you are receiving with IMAP or POP3, and sending all mail to a smarthost relay07:07
jeeves_Mossok, one sec, I'll test it07:07
twbi.e. you are not participating in mail directly.07:07
twbSo what I'm saying is, just send CLI mail using that smarthost as well.  It doesn't have to be the gmail smarthost.07:08
jeeves_Mossthe mail e-mail server on our main domain is not local to this box I'm testing on.  it's in Michigan, and i'm on Vancouver island07:08
twbWell, anyway, it doesn't really matter what smarthost you use, the procedure is still the same.07:09
jeeves_Mosshummm, one sec07:09
twbYou need to tell /etc/msmtprc or ~/.msmtprc to use the smarthost.07:09
jeeves_Mossone sec.  testing something07:09
jeeves_Mossok, my domain won't send to the phone, and hotmail won't send to the phone07:10
jeeves_Mossok, I stand corrected.  I CAN send to my phone from hotmail (there's just a HUGE delay)07:12
jeeves_Mosscan anyone point me in a good direction to send e-mail through gmail from the CLI?08:01
pwnguinanyone know what happens if you boot Ubuntu with two identical, non-raided disks?08:17
pwnguinie imaged data08:17
jeeves_Mosspwnguin, it depends on what the first disk on the chain is, and where the boot loader is08:23
psteynHi. when I run php -v it says 'with Suhosin-Patch'08:32
psteynbut when I try and do apt-get install php5-suhosin it shows as a new install08:33
psteynwhat gives?08:33
pwnguinjeeves_Moss: lets say one's sata and the other's sata in a usb enclosure08:37
sorenpwnguin: I'm not sure what kind of answer you're looking for. It'll boot up and run.08:38
jeeves_Mosspwnguin, well, once again, it depends on how you have the boot device selection08:38
pwnguinhmm08:38
pwnguinsoren: if the UUID's are identical...08:39
jeeves_Mossmy netbook defaults to booting from USB, but I can choose where it boots08:39
pwnguinbasically, im looking at the pitfalls of applying jwz's backup trick to Ubuntu08:39
sorenpwnguin: It's not going to magically pretend like they're RAID1'ed, if that's what you're asking.08:39
pwnguinsoren: no, but im wondering if it will just give up or decide randomly08:40
sorenDecide randomly.08:40
soren..but work.08:40
pwnguin"work"08:40
sorenWork.08:41
pwnguinin the case of a cron rsync08:41
pwnguinit'll work, but you could randomly land on the nightly backup and miss whatever since last run08:41
sorenYes, if you reboot it migt use the other disk and work with that.08:42
pwnguinthats kinda what i thought i'd do08:43
pwnguinfor reference, here's the general plan, applied to OSX08:45
pwnguinhttp://jwz.livejournal.com/801607.html08:45
pwnguinbut i think it's a non-started and I'll look at other stuff08:45
pwnguinnon-starter even08:46
bafflejmarsden: Apple uses Displayport and mini-displayport. My Lenovo W500 also has Displayport. I've noticed that displays are starting to come with that connector now as well.08:49
sorenpwnguin: I actually used to do something just like that.09:02
sorenpwnguin: The disks just didn't share their UUID.09:03
sorenpwnguin: This was long before UUID booting came around, so the boot loaders on each drive just pointed at /dev/hda. In case of failure, I'd swap the disks and it'd boot from the new /dev/hda.09:04
pwnguinsoren: honestly, i put it on hold after i realized i'd need to sync the MBR09:10
pwnguinthe UUID thing i thing is also going to put a stake through it09:11
sorenpwnguin: With grub, that's easy. Just install it once, and you're done. menu.lst will be kept in sync by the rsync thing.09:14
twbsoren: apparently this is coming for extlinux, too09:15
pwnguinit was more i didn't want to look up the command to install grub to a specific disk, but yea09:15
sorentwb: "this"?09:15
twban auto-updated menu.lst09:15
twbhttp://bugs.debian.org/54129309:15
pwnguintechnically, you could just do a find and replace on the menu.list and fstab09:16
twbOr rather extlinux.conf.09:16
sorenextlinux?09:17
pwnguinlooks like an alternative bootloader09:17
pwnguin?09:17
twbextlinux is a bootloader that isn't shit09:17
twbNever mind.09:17
twbAs to backing up the OS from one machine to another, you can use tune2fs to make the UUIDs match, and similar techniques for swap, LVM and mdadm UUIDs.  You need to edit the MACs in /etc/udev/rules/*persistent-net*, though.09:18
pwnguini have to admit, the main use case for this is having a live, connected backup disk on the same machine09:19
sorenI really wouldn't recommend making the UUID's match.09:19
twbI've also had... exciting times with whitebox cases where the primary SATA disk in a RAID1 dies, and the bootloader on the second disk doesn't work because it's trying to talk to (hd0) instead of (hd1) -- or vice-versa, because some BIOSes will automatically present sdb as sda to the OS :-/09:19
twbsoren: sorry, I do this when the disks are in separate machines, not in the same box09:19
sorentwb: Even then.09:20
sorentwb: What's the point?09:20
pwnguintaking something that has "universally unique" in the name and making it locally not unique sounds like a bad idea09:20
twbsoren: the point is not having to edit fstab and every other damn reference to the UUIDs after every sync09:20
twbsoren: in particular, if your latest sync dies halfway, you KNOW that fstab will refer to the correct UUIDs.09:20
sorentwb: Why would you sync fstab between two different systems?09:20
twbsoren: because your second system is a BCP failover for the first one09:20
sorenWho cares if the fstab matches if all the data does?09:21
twbsoren: because you want it to boot up without having to talk some fuckwit in Africa through manually fixing fstab from a livecd09:21
sorenThat's the entire point. Just leave the fstab be and you're don't have to.09:22
twbErm, but the root filesystem during backup isn't the root filesystem you're backing up.09:23
twbIt's not a load balancing system, it's a BCP system09:23
pwnguinthe problem is menu.lst09:23
pwnguinyou can't exclude it, because it points to the kernel09:23
pwnguinbut you can't leave it alone, because it includes a UUID09:23
twbpwnguin: here, IIRC it points to an LVM volume09:24
twbYeah, it does.09:24
sorentwb: I'm not what you mean by BCP system?09:24
twbsoren: BCP is business continuity planning09:25
pwnguinthis is a technology?09:25
sorentwb: Ok... I'm still not getting it, I must admin.09:25
sorenadmit.09:25
twbOnly in the way that, say, Human Resources is a technology09:25
pwnguinit's a failover cluster, i think is the term of art09:26
LiraNunawhat does 'passwd: Authentication token manipulation error' means?09:26
twbbusiness continuity is about "oh fuck, a mission-critical service is down.  If it's not back up in four hours, we will be bankrupt."09:26
sorentwb: The fact that it's meant to be used as a drop-in replacement doesn't mean that you can't be clever with fstab.09:26
LiraNunaauto.log says 'pam_mysql - only super user is allowed to change authentication token.'09:26
LiraNunaany idea why?09:26
sorentwb: Besides, if you're using lvm, you don't need UUID's anyway.09:26
twbsoren: /boot, at least, isn't on LVM.09:27
sorentwb: Point.09:27
twbThe main reason I use UUIDs in fstab is because that's what the target Ubuntu server uses by default.09:27
twbAFAICT you're right, that using LVM LV names would also work fine09:27
sorentwb: True. It does so, because it's the safe choice.09:27
pwnguinLVM isn't safe?09:28
sorenWell...09:28
sorenIt's the safe choice until someone *on purpose* duplicates their universally unique ID's.09:28
sorenpwnguin: Someone might plug in a hard drive with a lvm vg on it with the same name.09:29
pwnguinheh09:29
sorenpwnguin: lvm names aren't unique, but they are consistent, which is /usually/ the problem UUID's are meant to solve.09:29
pwnguinLiraNuna: i would guess pam_mysql is trying to change the password and PAM is not having any of it09:29
* soren runs to get his laptop power supply.09:29
twbsoren: duplicating UUIDs is only a problem if you ever put both duplicates into the same system09:29
pwnguinwhich is kinda my goal09:30
LiraNunapwnguin, sys users can change their password without being root09:30
twbpwnguin: yeah, sorry, I ran off on a tangent.  My implementation uses two complete systems, rather than just having a failover HDD09:30
pwnguinLiraNuna: not on the pam stack09:30
pwnguinits' about the provided password, not the hash stored in shadow09:30
LiraNunapwnguin, no password is being provided09:31
twbIs LiraNuna's problem that pam_mysql only supports the auth part, and not the session/account/thingy parts?09:31
LiraNunapwnguin, http://pastie.org/58563609:31
pwnguintwb: im just making sure i can nail this trivial rsync thing down, cuz i really like the idea of having a hot spare09:31
* soren mumbles something about raid.09:32
* pwnguin mumbles something about historic value09:32
pwnguinraid will dutifully delete both copies of a file when asked to do so09:32
LiraNunardiff-backup09:32
pwnguinLiraNuna: that's on my list09:33
pwnguinpersonally, i'm backing up to a NAS with mirror raid09:33
pwnguini'll probably end up with something like deja dup09:34
sorenpwnguin: I've seen people use RAID1 with an external drive that they plug in once a day, sync up, and unplug again.09:34
pwnguinheh09:34
twbpwnguin: there is a difference between a backup (RAID) and an archive.09:34
pwnguintwb: i know this.09:35
sorenYou don't have physically unplug the disk, you can just to the mdadm magic to pretend like you did... and that's scriptable.09:35
pwnguinfor example: i have a desktop. it backs up to a NAS. the NAS has two drives in mirror09:35
twbPersonally for in-system disks, I would have a RAID1 or RAID5, and then ON TOP of that utilize hard-linking to make incremental archives.09:36
* soren is a RAID1+Bacula sort of person09:36
pwnguinthere's about a billion backup packages in Ubuntu09:36
pwnguini checked and graphed some inheritance09:37
twbWhere basically the archive just does a glorified cp -al current $today09:37
twbas a cron job09:37
sorenBacula backs up to a local file based archive which is synced to Amazon S3 and removed locally.09:37
pwnguinbacula seems a bit enterprisey09:37
sorenpwnguin: 'tis.09:37
pwnguinsbackup looked interesting09:40
pwnguinbut is hellaciously buggy09:40
LiraNunain http://pam-mysql.sourcearchive.com/documentation/0.6.2-1/pam__mysql_8c-source.html line 02236, it checks if user is root09:41
pwnguinLiraNuna: do you know how your PAM stack is currently configured?09:42
pwnguin(ie do you really want users in mysql?)09:42
LiraNunayes09:42
twbI have always been too lucid to learn bacula or amanda.09:42
LiraNunait first checks if sys user exists, then resorts to mysql09:42
twbmysql is a bloody toy database09:42
twbMight as well use sqlite09:42
LiraNunaI'll need to manage thousand of users on one machine09:43
twbLiraNuna: even flat files can manage a mere thousand users09:43
pwnguingenerally ldap is optimized for that09:43
twbFor unix auth, LDAP and kerberos is the future09:43
pwnguinbut probably, mysql is handy for network auth09:43
pwnguinanyways09:43
LiraNunatwb, yes, but I also need other processes logging in using same credentials09:43
twbpwnguin: if you want handy and don't care about robustness or security, I would say NIS over mysql ;-)09:43
pwnguinmy impression is that the error you are recieving is that the mysql module is attempting to modify the password token09:44
LiraNunaFTP, mail etc09:44
twbLiraNuna: all of which should be using pam, and so can use pam_krb or pam_ldap09:44
LiraNunapwnguin, look at the source at http://pam-mysql.sourcearchive.com/documentation/0.6.2-1/pam__mysql_8c-source.html line 0223609:44
pwnguinyou type in a password, pam converts it to a token09:44
twbI'm not saying that kerberos and ldap are *easy*, but they are robust, secure and scalable.09:45
LiraNunatwb, buzzword buzzword buzzword :)09:45
LiraNunaj/just kidding09:45
pwnguinanyways, some crazy pam stacks might fiddle with the password between modules09:46
LiraNunapwnguin, this behavior is built into the source so users can't their own password09:46
pwnguincan't what their own password?09:46
LiraNuna+set09:47
LiraNunamy bad, it's getting late09:47
LiraNunapwnguin, all I have is pam_unix, pam_mysql and pam_deny09:47
pwnguinwell, pam source code is out of my expertise09:49
pwnguinand it's 3am09:49
LiraNunait's quite readable09:49
pwnguinexcept i dont know the call patterns09:50
LiraNunaif(guid() != 0 /* NOT ROOT */ ) error("only root ...);09:50
LiraNunaline 223609:50
LiraNunaI'm just wondering if it's a desired behavior09:50
twbLiraNuna: if you have pam_unix before pam_mysql, that is the problem09:52
twbLiraNuna: pastebin the non-comment, non-blank lines from /etc/pam.d/common-*09:52
LiraNunatwb, was about to do that09:52
pwnguinhmm. my laptop's downstairs09:53
pwnguinbut i recall needing to do something to pass the password09:53
twbpwnguin: pam is extremely not fun if you don't grok it deeply09:53
twbpwnguin: I guess you're thinking of use_first_pass09:54
pwnguinyea09:54
LiraNunatwb, http://pastie.org/58564609:54
pwnguintwb: i had a coworker totally nuke a VMware esx server09:54
pwnguinapparently he tried copying over pam lib files09:55
pwnguinto "fix" a problem09:55
LiraNunawere they different arch? :D09:55
pwnguinafaik, vmware doesn't do multiarch09:55
pwnguinbut the disk was full09:55
pwnguinleading to very empty pam_unix09:55
LiraNunaouch09:55
pwnguinoh i think i know what happened09:56
pwnguinthe disk was full09:56
pwnguinthe new vsphere stuff has a new user09:56
pwnguinfor VM migration09:56
pwnguinbecause the disk was full it was failing to log in09:57
pwnguinand apparently his first idea to fix broken login was copy the library packages from a known good server09:57
LiraNunatwb, any idea of the correct order?09:57
pwnguinsee, this is why pam code is unreadable09:59
pwnguinpam_sm_chauthtok - service provider implementation for pam_chauthtok09:59
pwnguinchauthtok stands for CHANGE auth tok, not check09:59
LiraNunachmod = CHANGE modes10:00
LiraNunachown = CHANGE owner10:00
LiraNunachgrp = CHANGE owner10:00
LiraNunaI see a pattern here10:00
pwnguinprobably not a good idea to guess10:00
LiraNunamakes sense to me10:00
LiraNunack would be check10:00
pwnguinchk is a frequent mneumonic10:01
LiraNunafsck10:01
twbSorry, I was elsewhere10:01
twbLiraNuna: you realize you just handed us a copy of your mysql root password10:02
LiraNunatwb, haha it's in a VM10:02
LiraNunatwb, I don't care, since it's in a toy VM :)10:02
LiraNunaelse I'd mask them10:02
twbLiraNuna: my unerstanding is that pam_mysql doesn't have account/auth/session support, only password.10:02
twbThis is based on the apt package description10:02
LiraNunaI was following this - http://www.spencerstirling.com/computergeek/mysqluser.html10:03
LiraNunatwb, libnss-mysql handles the rest10:03
twbLiraNuna: er, no it doesn't.10:03
twbLiraNuna: libnss provides name resolution, not session stuff10:03
LiraNunaoh?10:03
twblibnss basically just means getent(1) works10:03
LiraNunamy bad10:03
LiraNunaah, right, id -> name10:03
twbI'm actually surprised that ANYONE can reset their mysql password via passwd(1)10:04
LiraNunamysql password?10:04
LiraNunayou mean a password that is stored in the database?10:04
twbLiraNuna: I mean the password that's in the mysql relation10:04
LiraNunaroot can do that, if I do sudo passwd username it will UPDATE the field10:04
LiraNunausing md5crypt10:05
twbAnyways, your pam.d common entries look OK to me10:05
LiraNunawill also update the lastchange field to current unix time10:05
twb(Assuming pam_mysql is a well-behaved and complete implementation, which I'm not convinced it is.)10:05
LiraNunatwb,  look at the source at http://pam-mysql.sourcearchive.com/documentation/0.6.2-1/pam__mysql_8c-source.html line 223610:06
pwnguinits pretty clear10:06
pwnguinon that part10:06
twbLiraNuna: ah, heh10:06
LiraNunashould I patch it?10:07
LiraNunaI don't think it's correct behavior10:07
twbNot without understanding the implications10:07
twbRemember when someone tried to fix up entropy in ssl/ssh?10:07
LiraNunahaha10:07
pwnguingetuid != 0? DENIED10:07
twbBootstrapping and security are things you Should Not Fuck With.10:08
LiraNunapwnguin, question is why10:08
twbLiraNuna: ask the devs10:08
pwnguinLiraNuna: no, the question is why sudo works10:08
LiraNunasudo executes with root10:08
LiraNunaprivs10:08
pwnguinsudo executes with effective root privs, no?10:08
pwnguingeteuid() vs getuid()10:09
LiraNunayes, sudo id10:09
LiraNuna$ sudo id10:09
LiraNunauid=0(root) gid=0(root) groups=0(root)10:09
pwnguinpasswd is probably a setuid program10:10
LiraNunaeuid will be the used invoking that10:10
LiraNunauser*10:10
* LiraNuna emails the developer10:11
twbpwnguin: sudo is setuid, then it relinquishes privileges later.10:11
twbpasswd is also setuid10:11
LiraNunathing is sudo passwd does store the password in the db10:11
LiraNunaso I really question that check10:12
twbLiraNuna: because passwd sees euid=010:12
twbOr rather pam_mysql, via passwd, does10:12
pwnguintwb: pam_mysql does getuid()10:12
LiraNuna^10:12
twbHuh.10:12
twbOh well, again I would go pester the pam_mysql devs10:13
LiraNunaon it10:13
pwnguinhttp://pam-mysql.sourcearchive.com/documentation/0.6.2-1/pam__mysql_8c-source.html10:13
pwnguin02235       if (getuid() != 0) {10:13
jeeves_MossI'm getting "TLS certificate verification failed: the certificate hasn't got a known issuer" from mailx when I try to send through gmail.  what am I doing wrong?10:14
LiraNuna'Use geteuid() instead of getuid() to check if the current user is uthorized to change the password (PR #1338667). '10:15
LiraNunahttp://pam-mysql.sourceforge.net/10:15
LiraNunaapparently that release isn't in debian/ubuntu10:15
pwnguindamn im good10:15
LiraNunahehe10:15
pwnguinprobably, you want to look at the source to what you are using10:16
pwnguinapt-get source10:16
LiraNunait's the old version10:16
pwnguinmaybe even apply the patches10:16
LiraNunaas per apt-cache policy10:16
pwnguindont trust version numbers10:16
LiraNunapwnguin, he removed the check for guid() on that version10:16
LiraNunathe source is way different10:17
pwnguinits entirely possible that the debian package is patching the tarball10:18
pwnguinwell, its late10:20
pwnguingnite10:20
LiraNunathe source night10:20
LiraNunathanks for the help10:20
jeeves_MossLiraNuna, still in here?10:27
LiraNunayes10:27
jeeves_Mossare you any good with certs?10:27
jeeves_MossI'm having issues with the "howto" @ http://www.ericstockwell.com/10:27
LiraNunasorry, I don't know much about smtp auth10:28
LiraNunaI failed setting it up myself :/10:28
jeeves_MossI get that it can't find the file (and I can't "locate" it either)10:28
LiraNunasudo updatedb10:28
LiraNunathen locate again10:28
jeeves_Mosstried that10:29
jeeves_Mossthe file phsyically isn't in the ZIP10:29
LiraNunasorry, it's too late and I lack the knowledge to help10:30
jeeves_Mossthen I get send-mail: TLS certificate verification failed: the certificate hasn't got a known issuer10:30
LiraNunaoh10:30
LiraNunadid you self sign it?10:30
jeeves_Mossno, I followed the instructions in the howto.  I don't want to receive, I just want to use the SMTP server10:31
LiraNuna"Scriptable sendmail via Gmail in Ubuntu 8.04*" ?10:32
jeeves_Mossyep10:33
LiraNunayou're probably looking for http://www.marksanborn.net/linux/send-mail-postfix-through-gmails-smtp-on-a-ubuntu-lts-server/10:33
jeeves_Mosshttp://www.ericstockwell.com/10:33
jeeves_Mossnot using postfix though10:33
LiraNunaoh10:34
LiraNunaI don't know how to configure/use any other mail server10:34
jeeves_Mossit's not using a local server, it's just connecting to gmail's SMTP10:35
Jeeves_Does gmail's SMTP include ads in your sent messages yet?10:36
jeeves_MossJeeves_, no.10:38
Jeeves_Hmm10:41
henkjangoogle smtp servers annoy your mxservers first with 20 seconds ads before delivering mail? :)10:42
Jeeves_:)10:46
Jeeves_Ads in you logs :)10:46
=== freeflyi2g is now known as freeflying
=== freeflyi2g is now known as freeflying
* jpds hugs lamont.11:57
lamontjpds: what did I do?11:59
jpdslamont: new nmap :)12:00
jpdsThanks for that.12:01
lamontah, yeah... finally got my head above water long enough to upload that last night12:02
acalvohi12:14
acalvowhat could it mean if running a ping based on the hostname or a route command takes so long to show results?12:14
alexmacalvo: dns problems?12:15
acalvoyes, could it be, because a ping based on the ip works without problems12:15
acalvobut I cannot access my external lan12:15
acalvoso I've thought that maybe there was some other error12:15
alexmthe dns query going to root servers currently unavailable for you could explain that delay i guess12:20
acalvomakes sense12:27
acalvobut I don't understand why it's giving this errors12:27
acalvosince I'm cloning a current network, with new servers12:27
acalvothe only thing I've change is the ip range12:27
acalvoand static ips12:27
acalvoand it won't allow me access the external lan12:28
acalvosounds like a firewall problem12:28
acalvobut I've rechecked it more than 20 times12:28
acalvoand seems fine12:28
Faust-Cacalvo, in situations like that i would really look at firewall logs again12:34
Faust-Cacalvo, for instance im in a similar situation youre in12:34
Faust-Cmy firewall rules allow VLAN to VLAN, any protocol, however you must explicitly allow certain services (ports), at least w/ pfsense anyways12:35
Faust-Cbrb12:35
acalvoI know12:35
acalvoand I've already checked them12:35
acalvoand firewall logs doesn't even show any package coming form this lan12:36
acalvoI'm starting to wonder if could be something related to VMWares ESXi12:36
embixhi there12:42
embixis it possible to use the "old-fashioned" slapd.conf instead cn=config with ubuntu server 9.04?12:44
roxyHi there...somebody know how i can backup my ldap data?12:53
embixldif dump?12:53
alexmacalvo: sorry, i have no experience with vmware esxi13:00
acalvoaleks: don't worry, thank you!!!ç13:01
alexmtry tracerouting or ping -R to see where the packets disappear13:01
alexmand maybe etherape or any other graphical network monitor will help too, just in case you forgot something13:02
acalvoalexm: the bad thing is that now I cannot install anything, since I don't have internet13:03
Jeeves_kees: You awake?14:03
clustyhey15:10
clustyI would like to be able to address all PC's from the local network by hostname rather then IP15:12
clustyi managed to do this ages ago: for each PC to advertise his hostname when asking for a dhcp address15:12
clustyany clues how to go about it?15:13
Guest11311Good day, is this the right place to inquire about troubleshooting mailman configuration on Ubuntu?15:14
pmatulisclusty: investigate dnsmasq15:14
clustypmatulis, so the solution is on the server side or client side?15:15
pmatulisclusty: server15:15
clustypmatulis, i remember having modified just the dhcp client conf before15:15
sorenclusty: Just because the dhcp client tells the dhcp server its hostname doesn't mean that the dhcp server will pass it on to the DNS server.15:18
sorenclusty: It just so happens that dnsmasq is a combined dhcp and dns server.15:18
sorenclusty: Your other option is avahi.15:19
clustythanks15:19
clustyi am trying to figure out how did i set up the dns thing now15:19
Guest11311Would anyone be willing to help me resolving mailman configuration issues?15:23
Steve[mbp]morning everyone15:24
clustyGuest11311, that is unproductive15:24
clustyGuest11311, say what's hurting15:24
clustyGuest11311, to quote the guidelines: "don't ask if you can ask. just ask"15:24
clustyor similar :D15:24
clustysoren, could you give me a hand on how to set up the whole thing with bind and dnsd ?15:26
clustysoren, there will be a lot of unhappy people if i screw this one up15:27
Guest11311I've finished installing and configuring mailman as per https://help.ubuntu.com/community/Mailman, however the web interface reports no mailing lists running and says "Error:  you are not authorized to create new mailing lists" whenever I try to create one through the web interface instead of the command line.15:28
Jeeves_soren: Do you know why Ubuntu hasn't built a new kernel yet after the null-pointer bug?15:29
mathiazzul: hey - could you write up a MIR for squid-langpack?15:37
mathiazzul: https://bugs.launchpad.net/bugs/39647215:37
uvirtbot`Launchpad bug 396472 in squid "Please merge squid (2.7.STABLE6-2)(main) from debian unstable(main)" [Undecided,Fix released]15:37
zulmathiaz, sure15:37
sorenclusty: I could, but I'm confident teh intarwebz is a better ressource for this than I am. I've not done anything like that in almost 10 years.15:54
clustysoren, ok. will dig in. the whole DNS thing is still a bit scary. I guess i might as well read about it now :D15:55
sorenclusty: Back then it was a bit of a hack. IIRC, I periodically went through the leases file and turned it into bind db entries. I'm sure there's better ways of doing it now.15:59
uvirtbot`New bug: #414865 in samba (main) "mount.cifs does not handle umlauts in usernames correctly" [Undecided,New] https://launchpad.net/bugs/41486516:17
sorenumlauts in usernames? *sigh* Who would do that anyway?16:19
clustyze germanz16:19
clusty:D16:19
sorenProbably :)16:19
Jeeves_16:29 < Jeeves_> soren: Do you know why Ubuntu hasn't built a new kernel yet after the null-pointer bug?16:33
sorenJeeves_: No clue.16:33
Jeeves_hmm16:38
mathiazttx: did you advocate http://revu.ubuntuwire.com/p/libopendrim?16:42
mathiazttx: it seems so16:42
ttxmathiaz: looking16:42
ttxyes16:42
mathiazttx: ok - I'll upload the package then16:42
embix1trouble with open ldap: "ldap_add: Server is unwilling to perform, additional info: no global superior knowledge" I have a fresh ldap, he doesnt like me to extend the tree16:57
=== embix1 is now known as embix
jmedinaembix: how are you adding the data?18:00
jmedinaldif?18:00
zulmathiaz:can you update the seeds for mysql 5.118:01
embixjup18:08
embixthe main problem is to setup the database in the cn=config way18:08
embixthe slapd is not yet responsible for the suffix given in the .ldif18:09
keesJeeves_: am now18:23
Jeeves_kees: Hi18:29
Jeeves_You're security-guru, right? :)18:29
embixproblem solved, the dn was wrong...18:32
mathiazzul: no need. mysql-server is already seeded in server-ship18:36
zulcool18:36
keesJeeves_: I do security work, yeah.18:36
jdstrandkees is being modest :)18:36
* kees worries if he thinks he's a guru, he'll have to sit on a mountain-top and meditate. :)18:37
Jeeves_kees: Any clue on a new kernel for ubuntu due to the null-pointer bug published last week?18:37
jdstrandit is probably good if one doesn't think of oneself as a guru... but that won't stop us from thinking so ;)18:38
keesJeeves_: yeah, it's building now, should publish later today.18:38
Jeeves_Coolio18:38
keesJeeves_: most ubuntu installs will be safe, though, due to /proc/sys/vm/mmap_min_addr being above 018:38
Jeeves_I'm mostly interested in the server-stuff18:39
keesJeeves_: just check your /proc/sys/vm/mmap_min_addr value.  Dapper doesn't have it, which makes it vulnerable, which is why we're trying to get the kernels out asap18:41
Jeeves_ah ok18:42
albatrossAnyone who can spare a moment? I', having trouble with chmod...19:33
embixwhat is the problem?19:34
albatrossWhen i upload files via ftp they automaticly get chmod 60019:34
KillMeNowchmod is pretty simple19:34
albatrossi want then to be 75519:34
KillMeNowvsftpd?19:34
albatrossyes19:34
KillMeNowit's in the vsftpd config19:35
embixusually it depends on the ftp config19:35
albatrossok? Hav'nt found any info in the config-file.19:35
albatrossKnow what corrections have to be done?19:36
KillMeNowhttp://vsftpd.beasts.org/vsftpd_conf.html19:36
embixwhat ftp server do you use19:36
embix?19:36
pmatulisalbatross: yes, search for chown_upload_mode19:37
pmatulisthat seems to be for anonymous uploads however19:37
albatrosshmm.. have disabled anon19:38
KillMeNowchmod_enable     When enabled, allows use of the SITE CHMOD command. NOTE! This only applies to local users. Anonymous users never get to use SITE CHMOD19:38
albatrossok19:38
albatrossgood.19:38
albatrossfound it19:38
albatrosstnx19:38
KamilionWhere does debian-installer load storage controller modules from when Detect Disks asks for modules and 'none of the above' is selected?19:42
pmatulisKamilion: try #ubuntu-installer19:56
KamilionThanks.19:58
HellMindchroot can be used as a virtualization method?20:32
dorvan83hi to all!20:38
dorvan83one question... in a default kernel of ubuntu server for an amd64 arch what is the default dimension of entropy pool? is possibible increase it?20:39
dorvan83possible*20:40
dorvan83also, anyone here is the maintainer of high-availability for ubuntu-server?20:42
giovanidorvan83: if you want higher entropy, you probably just want to use a TRNG20:47
dorvan83giovani: i had problem with a software, corrected by developers adding a input from keyboard to incrase the entropy because on ubuntu-server seems to have a little entropy (PRNG) than other distros (redhat and novell for example)20:52
giovanidorvan83: I highly doubt that the RNG code is different between Ubuntu and RedHat)20:52
dorvan83yes, me also.20:52
giovaniyou can provide more entropy to the linux kernel prng by typing and accessing things on disk20:53
giovanidisk i/o, and keyboard/mouse input are the three main sources of random data for the /dev/random device20:53
dorvan83but seems the pool can be set lower?20:53
giovaniwhat do you mean "set lower"?20:53
dorvan83512-409620:54
HellMindguys Is there a way chrrot with the minimal necesary files?20:54
HellMindI mean with the minimun environmental files20:54
giovanidorvan83: what does that number represent?20:54
giovaniHellMind: yes, you copy them20:54
giovaniwhat's "necessary" depends on your individual needs20:55
HellMindbut how do I know which files ar needed?20:55
HellMindI want to run a quake3 server20:55
giovanithat depends on your needs20:55
giovaniI have no idea what quake3 needs20:55
giovaniI told you the other day to use ldd to find out what libraries the binary might be calling20:55
giovaniother than that ... it's not easy20:55
dorvan83giovani: the entropy pool size20:55
HellMindbut its only a gameserver20:55
HellMindahhhhhhhhhhhhhhhh20:56
HellMindgiovani now I understand :D20:56
giovaniHellMind: what does that have to do with this?20:56
HellMindsorry man20:56
giovanidorvan83: dorvan83 that's set in the same place in every distro20:57
giovani/proc/sys/kernel/random/poolsize20:57
giovaniit's set to 4096 by default in Ubuntu Server 9.0420:57
giovanibut you can't modify it without recompiling iirc20:57
HellMindgiovani ldd q3ded ->   not a dynamic executable20:58
giovaniHellMind: then it20:58
giovaniit's self-contained20:58
HellMindthen what I need :S?20:58
giovaniI don't know -- I've told you that20:58
giovanithere's no way for us to know what you'll need20:58
dorvan83giovani: ah great. i don't know the kernel parameter name. thanks20:58
giovanithere are tons of factors20:58
dorvan83solved20:58
HellMindgiovani but how can I know20:59
giovanidorvan83: it's not editable -- this is compiled into the kernel, and not Ubuntu-specific20:59
giovaniHellMind: I don't know -- I have no clue what you need20:59
HellMind-_-20:59
HellMindgiovani how can I run the q3ded chrooted to see some error or check if itsworks?21:01
giovaniHellMind: we've already explained how to use chroot21:02
HellMindI know but I want a way to debug it21:02
giovanidebug what?21:03
giovaniI don't know how to debug quake3 ... that's specific to quake321:03
HellMindI wanto to start quake3 chrooted without a bash21:03
giovaniHellMind: we've been over how to do that21:04
HellMindI found start-stop-daemon can chroot21:05
HellMindchroot $CHROOT /start $1 ?21:05
Psi-Jack_Ubuntu-9.04-server still comes with syslog standard, eh? Not syslog-ng or another alternative?21:08
pmatulisPsi-Jack_: that's right21:09
Psi-Jack_What's a good logger that supports sending to a remote server?21:11
Psi-Jack_syslog-ng is one I know, but anyone have any other recs?21:11
pmatulisPsi-Jack_: sysklog, the normal one21:11
Psi-Jack_I want filtering abilities like syslog-ng has, sysklogd only filters strictly by the very basic log event types.21:12
giovaniso use syslog-ng :)21:12
Psi-Jack_Hmmm.. What about rsyslog? That's one I've not heard of before, but has a lot on it's plate up front.21:13
pmatulisPsi-Jack_: go for rsyslog then21:14
giovaniI've only used rsyslog for ssl stuff21:14
pmatulisPsi-Jack_: it's the default in ubuntu starting next october21:14
giovanisince it does it out of the box21:14
Psi-Jack_rsyslog is?21:15
pmatulisPsi-Jack_: yes21:15
Psi-Jack_Cool beans. That tells me right away, it's good. ;)21:15
pmatulisPsi-Jack_: yes, lots of filtering capabilities21:15
pmatulisPsi-Jack_: it also doesn't have the dual-license stuff like syslog-ng21:15
Psi-Jack_Heck, more than that, filtering, logging to sql, tcp, ssl, etc, and even a php log event viewer.21:16
HellMindgiovani let say I want to run pwd in a chrooted environment using the less libs files as possible21:16
pmatulisPsi-Jack_: yes21:16
giovaniyeah, uh, a php anything isn't a plus21:16
Psi-Jack_Heh21:16
nick125Hahah21:16
Psi-Jack_I was soo dreading the idea of using splunk.21:17
Psi-Jack_This may be the better alternative. ;)21:17
giovaniwhy?21:17
giovanisplunk is an awesome tool21:17
giovaniI'm just about to roll it out at work21:17
Psi-Jack_EEh.. It's... Alright. but, for what I want, all I /need/ is a log viewer. Not a burden of excessiveness.21:17
giovanioh ... well splunk isn't a "log viewer"21:18
giovaniso don't discredit it21:18
Psi-Jack_yeah.21:18
giovaniit's just not appropriate for the job you need21:18
Psi-Jack_Well, they also lied while calling it marketting, too. So21:18
giovani?21:18
Psi-Jack_It's Free! .... but has a 500mb/day limit.21:18
* nick125 has come to the conclusion that there isn't such a thing as a simple open source CRM..21:18
giovaninick125: nope, they all suck21:18
nick125I mean, all I want to do is have a client database and a way to put "notes" on the account for appointments. THATS IT.21:19
giovanithen pay someone to write something that simple21:19
giovanithe problem with CRMs is ... no business is the same21:20
giovaniand trying to create a universal client-management tool is impossible21:20
nick125Yeah, that's what I've found out.21:20
Psi-Jack_Whoah, rsyslog even support snmp?21:20
nick125If I wasn't so lazy^Wbusy, I'd write something in Django....21:21
psteynHi guys.  I get this error in a command line php script: Fatal error: Allowed memory size of 67108864 bytes exhausted.  So, I then changed the memory_limit to 128M in all the php.ini files I found in /etc/php5/*21:28
psteynBut it STILL gives me that same error as if the memory limit wasn't changed.  I then ran php -i | grep memory and it reported 128M, then I tried again and still got the same error21:28
psteynI have no idea what to do now, please help21:28
giovanipsteyn: when you got the error after making the change, did it still report 67108864 bytes? or a new, higher number?21:29
psteyngiovani: still the same number21:30
giovanipsteyn: you sure the same php process isn't still running?21:30
psteynwhich is what makes it so weird21:30
giovanips aux | grep php21:30
psteynI've restarted apache anyway, but as I said it's a command line php script, so once it's done it's done21:30
giovanirun ps aux | grep php anyway, please21:31
psteynsure, sec21:32
psteyn# ps -aef | grep php21:33
psteynroot     22761 22750  0 22:28 pts/2    00:00:00 grep php21:33
giovaniare you absolutely positive that you only have one php installation?21:33
giovanior that you editing the *right* php.ini21:33
giovanisudo updatedb && locate php.ini21:34
psteyngiovani: dead sure21:35
giovaniso run the command above21:35
giovaniand pastebin the output21:35
giovanito make sure you don't have multiple php.inis21:36
psteyneven used php -c to the patch of the config, and did a  var_dump(ini_get('memory_limit')); in the same shell and it confirmed 128M21:36
psteyngiovani: I have multiple ones, one for cli one for apache, etc.  but I've increased all of them21:36
psteynlemme run that command anyway21:36
giovanithis sounds like a #php issue if you've really exhausted all normal troubleshooting21:36
giovanieither it's a per-process limit or something21:37
giovanior you've made an error21:37
psteynwhere can I see the per process limit21:41
psteynnah, I'm migrating this script from centos to ubuntu-server using default and up to date php from ubuntu server21:41
psteynno error with script21:42
giovaniI didn't mean an error with the script21:42
giovanianyway, hit up #php21:42
psteyngiovani: already there...they are also stumpped so far21:43
psteynrofl, one if its include files have: ./update_cache.php:ini_set('memory_limit','64M');21:46
psteyn:)21:46
psteynthanks anyway dude21:46
psteyncheers21:47
clustyhey21:51
clustyi am trying to get DNS resolved forthe local network also21:51
clustymy problem is that the DNS request gets forwarded to my ISP, which responds with the standard domain not found page (ip address of the place where the page is stored)21:52
clustycan some1 help me fix this? I could post my bind and dhcp config files21:53
giovaniclusty: I'm unclear on what your problem is -- try restating it21:53
clustygiovani, so. i say for example: ping 192.168.0.12821:53
sgsaxclusty: your ISP has no idea what 192.168.x.x is, that's a private subnet21:54
clustyhttp://pastebin.com/m39317b1521:54
clustysorry my bad21:55
clustyping algo0121:55
clustyshould reply: 192.168.0.12821:55
sgsaxif you want to resolve IPs on your private subnet, you need to have your own internal DNS solution21:55
clustysgsax, doing that21:55
clustysgsax, have my own bind and dhcpd21:55
giovaniclusty: cat /etc/resolv.conf21:55
clustysgsax, the machine is acting as a router and DNS21:55
Bilgederp21:56
jmedinahwat about search in resolv.conf?21:56
sgsaxclusty: the output in your pastebin looks correct to me21:56
clustynameserver 192.168.178.121:56
clustyooops21:56
clustyi should put resolve 192.168.0.1 first probably21:56
HellMindguys21:57
HellMindhelp on chrooting21:57
sgsaxyeah, because othwersie it will only get a request if the earlier ones timeout or error out21:57
giovaniheh21:57
HellMindgiovani I want to run ls in an tiny-as environment21:57
HellMindI tried to copy some libs21:57
clustygiovani, nameserver 192.168.0.121:57
clustynameserver 192.168.178.121:57
clustyny current resolv.conf21:57
HellMindbut its say bash not found, I copied bash libs too21:58
clustynow I am getting redirected to openDNS21:58
HellMindbut the same error21:58
HellMindI cant find this lib linux-vdso.so.121:58
sgsaxclusty: if you are running nscd, you'll need to restart it to flush the cache21:58
HellMindDo I need it?21:58
clustysgsax, i am running bind and dhcpd21:58
clustysgsax, i restart both?21:58
clustysgsax, do i also refresh algo01 ?21:58
sgsaxclusty: you shouldn't have to restart either21:58
jmedinaclusty: can you resolve your domain and hosts in dns server?21:58
clustyjmedina, did not understand the question21:59
sgsaxclusty: try "dig @192.168.0.1 algo01"21:59
sgsaxthat will force a query against your dns21:59
jmedinayou need the DNS prefix in your resolv.conf in order to resolve hosts using the short name21:59
clustysgsax, http://pastebin.com/m663cfb6f22:00
HellMindgiovani!22:00
jmedinasomething like "search mydomain.tld"22:00
clustyjmedina, i am a total noob when it comes to DNS. i copied from all the nets untill i got DNS working22:00
clustyjmedina, that was the disclaimer :D22:01
jmedinaclusty: try: "rndc querylog" on your dns server so you can debug client queryes22:01
clustyjmedina, does nothing22:01
jmedinaclusty: again, can you resolve algo01 hostname from your dns server?22:01
clustyjmedina, i am trying now from that mchine22:02
sgsaxclusty: if you don't add the line jmedina suggested, you'll need to include the fqdn of your host in your dig query22:02
jmedinasomething like "dig  @localhost algo01"22:02
clustyjmedina, there are just 2 linux machines: DNS box and algo0122:02
giovanisgsax: he'll need it either way22:02
jmedinaif not, try "dig  @localhost algo01.yourdomain.tld"22:02
giovanidig doesn't respect /etc/resolv.conf22:02
giovaniit issues a plain ol query as you write it22:02
sgsaxgiovani: ah, didn't realize that22:02
giovaninslookup will, however, respect the search line in /etc/resolv.conf22:02
clustyshould i post my DNS and bind configs?22:03
jmedinaclusty: you better post dig output22:03
clustyjmarsden, http://pastebin.com/m70f2c09922:04
clustyyour dig22:04
jmedinaalgorithmica <--- is that the server machine or client=22:04
jmedina?22:04
HellMindI need a chrooting guide of ubuntu-server without debootstrap22:04
sgsaxclusty: ok, so that says the server at 192.168.0.1 thinks the IP for algo01 is 67.215.65.13222:05
sgsaxyou are expecting the 192.168.x.x address instead?22:05
clustysgsax, that is openDNS22:05
clustyi think22:05
clustyyes22:05
clusty192.168.0.128 should be the answer22:05
sgsaxok, is your bind set up to be authoritative for that subnet?22:06
sgsaxor zone22:06
clustyhttp://pastebin.com/m446da65d22:06
clustydhcpd.conf22:06
sgsaxthis is not a dhcp issue22:07
sgsaxunless you are pushing out the wrong resolver info22:07
* giovani smacks head against wall very hard22:07
clustysgsax, sec lemme give you bind.conf22:07
clustynamed.conf22:07
* sgsax offers giovani ice and whiskey22:07
clustyas of22:07
jmedinaclusty: have fun, I have to go out and rescue a customer's server :S22:07
clustyjmarsden, :D22:08
clustysgsax, http://pastebin.com/m217a709722:08
clustynamed.conf22:08
* jmedina hopes jmarsden donest have IRC notifications enabled :)22:08
sgsaxclusty: I do see in your dhcpd.conf that you are handing out addresses from a general pool22:08
sgsaxthis means you also need proper dynamic dns setup locally22:08
clustyhttp://pastebin.com/m7e8542b22:09
sgsaxeither that or you have to issue specific IPs to known MACs22:09
clustynamed.conf.local22:09
clustysgsax, that is exactly what i do not want to do22:09
clustysgsax, i want dynamic ip's22:09
sgsaxthat's fine, but you need dynamic dns running internally22:09
clustysgsax, and still be able to address them by name. so far we have 3 machines and it bearable.22:10
clustysgsax, we just got 10 servers which makes it imposibble to track it properly unless DNS works on local net22:10
sgsaxyour external dynamic dns will always point your router22:10
KillMeNowclusty, it sounds like you want to dynamically update your local DNS resolver with new DHCP hostnames and such?22:10
clustysgsax, yes22:10
clustyKillMeNow, yes22:10
sgsaxso it will never be able to resolve your internal private subnet IPs22:10
clustyKillMeNow, i told dhcpd to dynamically ipdate local thing22:11
clustysgsax, ok. so forwarding dns requests does not work with dynamically updating local ones?22:11
clustysgsax, mutually exclusive?22:11
sgsaxcorrect22:11
clustysgsax, what do you suggest i do?22:12
sgsaxall the external dynamic dns server will do for you is get the new IP for your router when it changes22:12
clustysgsax, i think there is a small misudnerstanding22:12
clustysgsax, they are not accesible from outside22:13
KillMeNowhttp://www.cahilig.org/debian-and-ubuntu-ddns-bind9-and-dhcp22:13
sgsaxclusty: no I understand that22:13
clustysgsax, so there is nothing of sorts: whenever there is no "." in the request assume local net22:14
clustyelse forward to the ISP ?22:14
sgsaxclusty: not as far as the external dns is concerned, no22:14
sgsaxexternal dns knows nothing about any hosts behind your router22:14
sgsaxit see everything as coming from your router22:14
sgsaxthat's how NAT works22:14
sgsaxso you need ddns behind your router to take care of resolving all hosts behind the router22:15
giovaniclusty: no, you don't do it that way22:15
giovaniyou use a search domain in /etc/resolv.conf22:15
giovaniand then put the FQDNs in your local DNS22:15
sgsaxthe link from KillMeNow looks very thorough22:15
clustyit is22:16
clustyfeels nice and thorough22:16
sgsaxhave a go at that, see what it gets you22:16
LiraNuna" A. You can use "passwd" program for that purpose. Note that pam-mysql doesn't permit password change without the root privilege (pid=0). "22:21
LiraNunapwnguin ^22:21
clustysgsax, thanks a bunch. i might cleanup all the junk with that one22:23
uvirtbot`New bug: #415053 in bacula (universe) "install bacula" [Undecided,New] https://launchpad.net/bugs/41505322:26
pwnguinLiraNuna: well yea, that confirms your theory, but doesn't say much about why22:32
LiraNunayeah22:32
LiraNunanormal users /should/ be able to change their password, right?22:32
pwnguinusually, yes22:33
pwnguinjust another sign that this pam-mysql idea is not sane22:33
HellMind#debian guys are punks22:40
andolHellMind: Don't visit that channel then? :)22:41
howie what do i have to do to virtual host a second website on my server?22:41
HellMindI got ubuntu and debian22:42
HellMindit seems if you use debian you cant use any os -_-22:42
KillMeNowhttp://ubuntu-tutorials.com/2008/01/09/setting-up-name-based-virtual-hosting/22:43
KillMeNowit's for a bit older version, but still holds fairly true22:43
howieKillMeNow: ty ill take a look22:48
mathiazbdmurray: hey - I've tried to modify the multi-package-bug-fixed-released script you gave me to get a list of bugs nominated23:11
mathiazbdmurray: I'm using the following query:23:11
mathiazbdmurray: for task in target_package.searchTasks(order_by='-date_last_updated',status=['Fix Released'], omit_targeted=False):23:11
mathiazbdmurray: how can I check if a bug is nominated for a release?23:12
bdmurraymathiaz: nominated, not targetted correct?23:14
mathiazbdmurray: correct23:14
mathiazbdmurray: I'd like to a list of bug that have been nominated so that we can go through it and accept/decline them23:15
mathiazbdmurray: the advanced search page doesn't give all of them unfortunately23:15
mathiazbdmurray: next step is to use a script to gather such data23:16
quizmehi, how can i restart a process after reboot?23:20
KillMeNowlike this:  /etc/init.d/servicename restart23:21
KillMeNowso like:  /etc/init.d/apache2 restart23:21
KillMeNowwhat are you wanting to restart?23:21
bdmurraymathiaz: something like jaunty = ubuntu.getSeries(name_or_version='jaunty') and package.searchTasks(nominated_for=jaunty,status=['Fix Released'])23:23
quizmekillmenow: glassfish23:23
quizmekillmenow: it's a java app server to run my website23:23
bdmurraymathiaz: I'm pretty sure that will work23:23
KillMeNowahhh23:23
mathiazbdmurray: great thanks23:23
KillMeNowso you glassfish runs on tomcat?23:23
quizmekillmenow: i'm using apache23:23
quizmekillmenow: and doing a mod_proxy thing23:24
quizmekillmenow: not sure about tomcat23:24
KillMeNowok23:24
KillMeNowwell i've never used glassfish23:24
quizmei just want restart glass fish after the machine reboots23:24
quizmeso that my site doesn't go down23:24
bdmurraymathiaz: I'm more sure now that it'll work ;-)23:24
quizmeif u make an init.d script will it auto restart after reboot ?23:25
KillMeNowyea23:25
KillMeNowif there isn't one already23:25
KillMeNowthen you can either link it to the appropriate rc.d level or if you have chkconfig installed23:26
KillMeNowyou can do a chkconfig --list <servicename>23:26
KillMeNowand set the boot time start level23:26
mathiazbdmurray: is there a query to get the list of all supported distros?23:26
KillMeNowhttp://docs.sun.com/app/docs/doc/820-4341/abdeb?a=view23:26
KillMeNowtake a look at that, looks like Sun has a doc on automatic restart23:27
quizmekillmenow is there a simpler way besides init.d cuz i think i did it the simpler way last time23:27
quizmekillmenow: i now it's working on my old server i just don't know whwere i put that script.23:27
KillMeNowsorry, again i never used Glassfish23:30
KillMeNowbut if it is working on your old server, you can always try to do a locate23:30
bdmurraymathiaz: do you supported series?23:32
chris___hi - has anyone upgraded Hardy to apache 2.2.13?23:33
mathiazbdmurray: hm - right now I need to hardcode the list of supported series (dapper, hardy, intrepid, jaunty)23:33
mathiazbdmurray: I'd like to dynamically get that list from LP23:33
bdmurraymathiaz:23:33
bdmurrayfor s in ubuntu.series:    print s,s.active23:34
bdmurraymathiaz: I'm mostly just reading https://edge.launchpad.net/+apidoc/#distribution23:34
mathiazbdmurray: ok - thanks23:34
bdmurrayno problem23:34
quizmehow do i run a command after reboot ?23:36

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!