[00:12] <psi-jack> Is there an equivalent to linux-igd for ubuntu 9.04?
 #debian guys are punks
[00:18] <clusty> well they are more knowledgeable than ubuntu ppl
[00:18] <clusty> probalem is that they think debian>> ubuntu and look down at us
[00:19] <KillMeNow> keep up the flattery, i'm sure it'll help
[00:19] <psi-jack> clusty: Sometimes.
[00:19] <clusty> i know that ass kissing works awesome
[00:19] <clusty> and i do it as much as my lungs can handle :D
[00:20] <clusty> KillMeNow, btw, still no luck with DNS-ing
[00:20] <clusty> KillMeNow, part 1 of the guide you gave me: http://www.cahilig.org/how-setup-lan-dns-server-using-bind9-under-debian-and-ubuntu-linux
[00:20] <clusty> KillMeNow, thing is I want my main machine to be called "algorithmica" so I substitued all over the zone files
[00:21] <clusty> and it still cannot find my domain called debian.lan
[00:21] <clusty> pfff need to fight another day with this issue
[00:21] <psi-jack> Okay..
[00:21] <psi-jack> Odd..
[00:21] <clusty> thing is it seems all jibberish to me (the zone files)
[00:21] <clusty> they do not make a whole lotta sense
[00:22] <clusty> ohh also my net is : 192.168.0.xxx so i changed it accordingly
[00:23] <psi-jack> So, packages.ubuntu.com says 9.04 (Jaunty) has linux-igd in universe, I checked my apt.sources, and universe was enabled by default, but it's not there.
[00:23]  * psi-jack snaps his fingers..
[00:23] <psi-jack> ahhh, I forgot, it's eBox 1.2, from 8.04.2
[00:24] <KillMeNow> http://www.cahilig.org/debian-and-ubuntu-ddns-bind9-and-dhcp
[00:24] <KillMeNow> that is the one i sent i do believe
[00:24] <KillMeNow> you wanted to hvae a local DHCP server push updates to DNS
[00:24] <KillMeNow> just like Microsoft does with their DHCP to DNS
[00:25] <clusty> KillMeNow, well they said in first sentence that this is building on the link i sent you
[00:25] <psi-jack> Crap!
[00:25] <KillMeNow> gotcha
[00:25] <clusty> KillMeNow, that is a minimal check that the system works
[00:25] <psi-jack> linux-igd isn't even available for 8.04-hardy
[00:26] <KillMeNow> yea, so you set up your DNS server and it's not working?
[00:26] <clusty> KillMeNow, correct :(
[00:26] <uvirtbot`> New bug: #414986 in open-iscsi (main) "open-iscsi causes FTBFS for anything that Build-Depends on it" [High,Triaged] https://launchpad.net/bugs/414986
[00:26] <clusty> KillMeNow, i must be doing somethign seriously wrong
[00:27] <clusty> KillMeNow, any difference since i am running 8.04?
[00:28] <KillMeNow> not particularly
[00:28] <clusty> KillMeNow, thanks for help. will try tomorrow with a fresh head
[00:29] <clusty> will screw up the whole office network so ppl will hate me :D
[00:30] <KillMeNow> rightous
[00:30] <KillMeNow> hate is gud
[00:31] <KillMeNow> biggest thing is, debian.lan is the domain name they are using
[00:31] <clusty> tomorrow is hate thy sys admin day :D
[00:31] <KillMeNow> if you have a internal domain name, and other machines are using this box to resolve, then you need to put that domain name in to the zone
[00:31] <clusty> KillMeNow, there is no domain really
[00:31] <clusty> KillMeNow, another example suggested dyn.example.com
[00:32] <clusty> which was used till now
[00:32] <KillMeNow> it sets up the reverse zone as well as the main zone
[00:32] <KillMeNow> yea, but is that the name of the internal domain you're using?
[00:32] <clusty> probably i screwed up the zone file
[00:32] <clusty> well you swamped me :D
[00:33] <clusty> i did not spcify any domain before
[00:33] <KillMeNow> well that is why they are using debian.lan
[00:33] <KillMeNow> it can be any name
[00:33] <KillMeNow> it could be anything.local
[00:34] <KillMeNow> as long as you specify that is the zone it is authoriative for
[00:34] <clusty> i figured as much
[00:34] <clusty> another thing: i could not check the validity of zone files i created
[00:34] <KillMeNow> so if your work domain is say:  prince.corp
[00:35] <KillMeNow> your DNS server had better have a prince.corp zone file
[00:35] <clusty> they gave some tool, which is missing some files
[00:35] <KillMeNow> validity?
[00:35] <KillMeNow> you mean that the configuration is correct?
[00:35] <clusty> they say to do a : named-checkzone convergence.lan /etc/bind/zones/db.convergence.lan
[00:35] <clusty> but i am missing those files
[00:35] <KillMeNow> then you named it in your named.conf.local
[00:36] <KillMeNow> did you copy / paste from the website?
[00:36] <clusty> yeap :D
[00:36] <clusty> apart from zone files
[00:36] <clusty> which i doctored
[00:36] <clusty> to fit my main machine name and ip class
[00:38] <KillMeNow> http://tldp.org/HOWTO/DNS-HOWTO-5.html
[00:38] <KillMeNow> brush up on how DNS works
[00:38] <KillMeNow> http://www.google.com/cse?cx=017644269519104757279%3Agm62gtzaoky&q=Bind9&sa=go
[00:39] <KillMeNow> if you want a bunch of stuff on DNS and Bind9
[00:41] <clusty> KillMeNow, thnaks. you're the man
[00:41] <clusty> ...or woman :d
[00:41] <KillMeNow> man
[00:41] <clusty> thoguht so
[00:42] <clusty> linux gals are a rare and precious comodity
[00:42] <clusty> :D
[00:42] <KillMeNow> fraid so
[00:42] <Kamilion> but gaining.
[00:43] <KillMeNow> yes, now if i could only meet one IRL
[00:43] <Kamilion> unfortunately, most of them are in the older-than-young-adult category.
[00:44] <Kamilion> Technically, my grandmother's a linux gal, as her desktop email-station runs 8.10 ;)
[00:46] <clusty> actually one GF was a linuxoid
[00:46] <clusty> not even fat and zitty :D
[00:47] <clusty> and not even computer science, but bio
[00:47] <clusty> :d
[00:47] <clusty> miracle really
[00:47] <HellMind> where should I store a pid file?
[00:47] <clusty> ...and then she left to save the rain forest
[00:47]  * clusty sighs
[00:47] <clusty> HellMind, /var/run ?
[00:47] <clusty> is that not the standard spot?
[00:49] <HellMind> yep :D
[00:49] <HellMind> ty
[01:36] <HellMind> who want to see my init script ?
[01:39] <HellMind> just see it http://pastebin.com/m13bab642
[01:43] <KillMeNow> very nice
[01:43] <HellMind> I know, why ppl dont do thing like that :(
[02:53] <Q-FUNK> Howdy!  Would anyone be available to comment on bug #194140 ?
[02:53] <uvirtbot`> Launchpad bug 194140 in cyrus-sasl2 "Dependency cycle prevents upgrade of libsasl2-2" [Low,Incomplete] https://launchpad.net/bugs/194140
[03:00] <psi-jack> Alrighty then.
[03:00] <psi-jack> Time to setup the ldap client. ;)
[03:59] <psi-jack> !find ldapsearch
[04:56] <psi-jack> !find psql
[04:56] <psi-jack> Ugh
[06:19] <jmarsden> psi-jack: You'd probably get more useful results using   apt-cache search psql
[06:21] <chrisellis> Hey guys... I've tried several times to make a sub domain and i can't get it to work
[06:21] <firecrotch> chrisellis: I can help!
[06:22] <chrisellis> firecrotch: awesome
[06:22] <chrisellis> what i did was create an A record and pointing to my IP address and then created a virtual server with that name
[06:23] <chrisellis> firecrotch: is that how you do i t?
[06:23] <firecrotch> chrisellis: you're on the right track
[06:24] <chrisellis> what am i doing wrong ?
[06:24] <firecrotch> chrisellis: you created the new virtual server in /etc/apache2/sites-available?
[06:24] <chrisellis> yes
[06:24] <firecrotch> chrisellis: Did you then run sudo a2ensite thenameofthefile ?
[06:24] <chrisellis> wait no i created the .conf file in sites-enabled
[06:25] <firecrotch> Ok, can you pastebin that file and your 000-default file?
[06:25] <chrisellis> i have a default-ssl file and my primary longhornpcrepair.com.cof
[06:25] <chrisellis> conf
[06:26] <firecrotch> chrisellis: do you get an error when you restart apache?
[06:26] <chrisellis> oh wait
[06:26] <chrisellis> i never restarted it
[06:26] <chrisellis> woops
[06:27] <firecrotch> chrisellis: that *might* help ;)
[06:27] <chrisellis> k let me restart it
[06:27] <chrisellis> k restarted it
[06:28] <firecrotch> chrisellis: does your subdomain work now?
[06:28] <chrisellis> im not sure i can't check it
[06:28] <chrisellis> http://swot.wwmcd.org
[06:28] <firecrotch> cannot find server
[06:29] <chrisellis> hmm
[06:29] <firecrotch> chrisellis: I did  dig swot.wwmcd.org  and got no answer
[06:30] <chrisellis> mmk
[06:30] <chrisellis> is wwmcd.org still working
[06:31] <chrisellis> firecrotch: here is my .conf file - http://pastebin.com/m31386711
[06:31] <firecrotch> chrisellis: the main domain does work, albeit slowly
[06:32] <chrisellis> thats not good
[06:32] <firecrotch> Seems to me that your DNS isn't updated
[06:32] <chrisellis> do i need to restart bind?
[06:33] <firecrotch> Yup
[06:34] <chrisellis> k
[06:34] <chrisellis> restarted it
[06:35] <jmarsden> It works now, although only one "Singing Woman" is listed and the site name is plural "women" :)
[06:35] <chrisellis> haha yeah
[06:35] <chrisellis> I am just starting on the site
[06:35] <chrisellis> fake content
[06:35] <chrisellis> and let me just make sure that wwmcd.org is still working
[06:36] <firecrotch> wwmcd.org is still working, and much faster now
[06:37] <chrisellis> great
[06:37] <chrisellis> so it was just a restart issue
[06:37] <chrisellis> i keep forgetting to restart my servers when i add stuff i will have to make a mental note
[06:38] <chrisellis> thank you much
[06:39] <jmarsden> You usually don't need to restart bind,   sudo rndc reload wwwmcd.org    would probably have been enough in this case.
[06:39] <chrisellis> what does that do?
[06:39] <jmarsden> man rndc.  rnddc is a tool for sending commands to named
[06:40] <jmarsden> actually it lets you do all sorts of things to your DNS server except restart it :)
[06:41] <chrisellis> ahh
[06:41] <chrisellis> alright
[06:41] <chrisellis> I'm still learning how this all works
[06:43] <chrisellis> is there a script out there where i could just say the name of the domain and the directory and it creates all the files for me
[06:43] <firecrotch> chrisellis: I used to have one that I wrote, let me see if I have a copy somewhere
[06:44] <chrisellis> awesome
[06:44] <jmarsden> Well, I have some of those that do that for me and my needs... there can't really be a generic one because what you need for each new zone is up to you and ho wyou set up security for each zone, who can query it, etc etc.
[06:45] <chrisellis> I just set up all my domains pretty standard
[06:45] <firecrotch> chrisellis: Unfortunately, I don't see the script on my server anywhere, and my backup drive is at work
[06:46] <chrisellis> oh alright
[06:46] <firecrotch> chrisellis: You could write your own :)
[06:46] <chrisellis> firecrotch: true.. I would have to figure out how
[06:46] <chrisellis> i would love to create a php file that has a gui to it
[06:46] <chrisellis> or i mean that can give it a gui
[06:48] <firecrotch> chrisellis: I don't think that will be possible, since you have to use sudo for a lot of the stuff
[06:48] <firecrotch> chrisellis: nor would it be a good idea
[06:48] <chrisellis> yeah
[06:48] <chrisellis> well make it https and only on local network
[06:49] <firecrotch> chrisellis: I remember my script prompting me for the domain name and the directory to use
[06:49] <chrisellis> oh thats cool
[06:51] <firecrotch> chrisellis: I've always found this guide useful for bash scripting: http://www.freeos.com/guides/lsst/
[06:51] <chrisellis> awesome i will look into it
[06:52] <firecrotch> basically, I created a template for my apache configs, and used sed to put the domain name and directory into the file
[06:53] <jmarsden> I did the same for DNS...  See http://pastebin.com/f9acf6b0 and http://pastebin.com/f6446090a for a script and template for DNS setup for new zones... just DNS, not web server setup, because DNS and web servers are separate machines in my case at work :)
[06:55] <chrisellis> pretty fancy
[06:56] <jmarsden> Not compared to some of the larger scripts I use :)
[07:00] <chrisellis> I'm just getting into this linux is very fun
[07:00] <chrisellis> let me use some punctuation... I'm just getting into linux, It is very fun
[07:00] <ball> chrisellis: Linux is useful, but the people are fun ;-)
[07:00] <chrisellis> yes
[07:01] <chrisellis> finally set up my own server and its been a challenge and very fun
[07:01] <chrisellis> i can't wait to buy another and set it up
[07:03] <ball> I'll be right back
[07:03] <chrisellis> is there an advantage to getting one of those servers at a server farm ?
[07:04] <jmarsden> Reliability, and less noise from server fans in your bedroom or living room or office :)
[07:04] <jmarsden> BTw the script for DNS is at http://pastebin.com/f6f861a36
[07:04] <jmarsden> Apparently I posted the template file twice earlier :)
[07:06] <ball> chrisellis: what will you use your Ubuntu server for?
[07:06] <chrisellis> ball: the one i have now is for my websites and my clients websites
[07:07] <chrisellis> mostly all my sites a php and mysql
[07:07] <ball> Are you using virtualisation?
[07:08] <ball> ...or do they all live within one OS instance?
[07:08] <chrisellis> I'm using virtual servers
[07:08] <ball> What are you using as a hypervisor?  KVM?
[07:09] <chrisellis> apache2
[07:09] <ball> apache2 is not a hypervisor
[07:09] <jmarsden> I think chrisellis is confusing cirtual hosts and virtualization :)
[07:09] <ball> Ah, okay.
[07:09] <chrisellis> haha yeah
[07:09] <chrisellis> im a noob
[07:10] <jmarsden> chrisellis: Virtualization is running multiple OSes "inside" another one.  With tools like KVM or virtualbox or vmware server
[07:10] <chrisellis> oo
[07:10] <chrisellis> no i just have ubuntu running on a dell poweredge 1750
[07:12] <chrisellis> and just ssh into it ?
[07:12] <ball> It's a while since I looked at Dell Servers... is that a tower or rack mount?
[07:13] <qman__> you're running a single OS, using apache virtualhosts
[07:13] <chrisellis> its a rack
[07:13] <chrisellis> k i am running one OS
[07:13] <ball> I used to work with a 1U PowerEdge and that thing was *loud*
[07:13] <chrisellis> haha yeah
[07:13] <ball> ...it was adequate though.
[07:13] <chrisellis> its a 1u
[07:14] <chrisellis> and its in the closet cause its sooo loud
[07:14] <chrisellis> don't worry there is an air condition vent in there
[07:14] <chrisellis> i want to get a poweredge 6650
[07:14] <qman__> those cooling systems are designed to deal with much worse than just a closet :)
[07:15] <qman__> I've got two servers in my closet, though they're towers, not rackmounts
[07:15] <ball> I would like a server with a matched pair of Shanghai chips in it, but short of winning the lottery, that's unlikely to happen.
[07:16] <chrisellis> who makes the best servers?
[07:16] <qman__> one's an athlon 64 3500+, the other's a sempron 64
[07:17] <chrisellis> I've just been looking at dells cause i live in austin and they are easy to find
[07:17] <jmarsden> chrisellis: "Best" at any price?  And you have the space and power and cooling?  IBM zSeries mainframes, probably :) But "best" is very subjective.
[07:17] <chrisellis> or round rock i mean
[07:17] <ball> chrisellis: IBM and HP seem to make some credible gear.  Sun make some that's probably good for certain applications.
[07:17] <ball> ...I wouldn't mind trying a Lenovo server.
[07:17] <ball> jmarsden: pSeries ftw ;-)
[07:18] <chrisellis> isn't lenovo basically IBM
[07:18] <ball> chrisellis: sort of.
[07:18] <qman__> dpm
[07:18] <qman__> don't know about their servers
[07:18] <qman__> lenovo bought IBM's division for laptops and such though
[07:18] <chrisellis> yeah
[07:18] <qman__> but IBM still makes servers, so not sure about them
[07:18] <jmarsden> No, Lenovo bought IBM PC designs... the IBM zSeries and pSeries stuff are much bigger machines using non-Intel noj-AMD CPUs and are very much *not* PC's at all...
[07:19] <ball> HP probably sell Itanium boxen... does anyone else?
[07:19] <chrisellis> all the servers i'm looking at are quad Xeon processors
[07:19] <ball> chrisellis: Nehalem?
[07:19] <chrisellis> ball: Is that a brand?
[07:19] <qman__> nehalem is also known as i7
[07:19] <twb> chrisellis: nehalem is an Intel product name
[07:20] <ball> chrisellis: *some* quad core Xeons are Nehalem chips
[07:20] <chrisellis> let me check
[07:20] <qman__> it's intel's latest and greatest processors
[07:20] <ball> it's a development codename.
[07:20] <jmarsden> Nehalem is the "code name" for a recent series of Intel CPUs.
[07:20] <qman__> they're fast, and they're expensive
[07:20] <twb> FSVO greatest ;-)
[07:20] <ball> Supposedly they have some nice power management features.
[07:20] <twb> It's not like Intel make particularly great chips to begin with, I guess
[07:20] <chrisellis> I'm not sure ... its a dell poweredge 6650
[07:20] <ball> twb: any thoughts on Shanghai?
[07:20] <chrisellis> it doesn't say in the manual
[07:21] <twb> ball: I don't track that shit closely
[07:21] <ball> chrisellis: don't buy it if you can't find out.
[07:21] <ball> twb: any thoughts on Istambul? ;-)
[07:21] <twb> ball: I don't track that shit closely
[07:21] <qman__> I can't afford any of that stuff, all my servers are desktop hardware
[07:22] <twb> qman__: my gear is fucking Pentium IIIs in compaq cases
[07:22] <ball> chrisellis: If you know you'll be scaling up, consider a blade chassis
[07:22] <qman__> my shell server is a 200MHz K6
[07:22] <jetsaredim> is there a guide for setting up raid under ubuntu?
[07:22] <ball> ...perhaps once you get past three x86 boxen
[07:22] <twb> That's the work machines, of course.
[07:22] <chrisellis> ball: well this server is only $150
[07:22] <ball> qman__: I have a 450 MHz K6-2+ box here.
[07:22] <chrisellis> and for my uses i think it would be perfect
[07:22] <twb> At home I run everything off an Asus 500gP
[07:22] <ball> chrisellis: ah well, then you're not going to be all that fussy
[07:22] <ball> brb
[07:22] <qman__> you get four or five SSH sessions going, and it starts to lag
[07:22] <chrisellis> yeah
[07:23] <twb> Not because I'm poor, but for the challenge
[07:23] <qman__> perfect for personal use, not useful for much else
[07:24] <jmarsden> jetsaredim: See https://help.ubuntu.com/9.04/serverguide/C/advanced-installation.html for software RAID
[07:24] <chrisellis> I know that the 6650 chips have hyper-threading
[07:25] <qman__> HT means they're either pretty old, or the new nehalems
[07:25] <chrisellis> i dont think the 6650's are new
[07:25] <chrisellis> maybe 2006-2007
[07:25] <chrisellis> but again its only $150.00
[07:25] <qman__> that's not bad
[07:26] <chrisellis> yeah quad 2.2GHZ 3x73GB 10K
[07:26] <twb> I wasn't impressed by HT in the P4s
[07:26] <qman__> that's a nice machine for so little
[07:26] <qman__> probably eats up a lot of power though
[07:27] <chrisellis> its got 2x900 Watt Power supplies
[07:27] <twb> Gimme SATA's larger capacities for most shit, though
[07:27] <firecrotch> P4 HT was crap
[07:27] <twb> firecrotch: is nehalem's any better?
[07:27] <chrisellis> so hearing that they are 2 900watt power supplies i bet that things loud as crap
[07:27] <qman__> HT isn't useful on one core
[07:27] <qman__> but when you throw in 4+, it begins to show worth
[07:27] <firecrotch> twb: it's lightyears beyond P4's
[07:27] <qman__> but only in certain applications
[07:27] <twb> qman__: why?
[07:28] <twb> qman__: my understanding of HT was that the number of cores wasn't relevant
[07:28] <qman__> HT doubles your cores effectively
[07:28] <twb> qman__: bullshit
[07:28] <soren> qman__: Err.. It really, really doesn't.
[07:28] <qman__> but on the original P4 implementation, the way it worked, a runaway process would still hang your box
[07:29] <twb> http://en.wikipedia.org/wiki/Simultaneous_multithreading
[07:29] <chrisellis> so in theory 1 HT processor is 2 ?
[07:29] <qman__> well, it doesn't double them without consequence
[07:29] <twb> chrisellis: FSVO theory = marketing
[07:29] <qman__> it provides more cores at reduced performance per core
[07:29] <qman__> to the software
[07:29] <qman__> so it really depends on what software you run
[07:29] <qman__> but the new HT is far more useful than the original
[07:29] <jetsaredim> in what package would i be able to find mkraid?
[07:29]  * ball nods
[07:30] <ball> Hyperthreading is snake oil, at least on x86]
[07:30] <twb> "RMI, a Cupertino-based startup, is the first MIPS vendor to provide a processor SOC based on 8 cores, each of which runs 4 threads."
[07:30] <twb> 32 threads on a soc?  I'd like to see Intel do that
[07:30] <soren> jetsaredim: mkraid?
[07:31] <ball> soren!
[07:31] <qman__> jetsaredim, you probably shouldn't be using mkraid, you should use mdadm instead
[07:31] <chrisellis> If i already have a server thats a dual 2.8 would there be a point in running another server or just replacing that one
[07:31] <jetsaredim> qman__: ok
[07:31] <chrisellis> i mean for my needs at least
[07:31] <ball> chrisellis: look at your utilisation
[07:31] <qman__> that depends on your needs
[07:32] <qman__> if what you have is doing the job with a little performance to spare, I wouldn't bother upgrading it
[07:32] <ball> Look at your upgrade path *before* the load becomes very high and the users start to suffer.
[07:32] <twb> ball: if ANYTHING works, leave that thing the fuck alone :-)
[07:32] <qman__> web servers are an interesting thing
[07:32] <chrisellis> i just don't want to pass up a great deal like this
[07:32] <qman__> because it depends entirely on the nature of your sites
[07:33] <qman__> if you're using complex scripts and SSL, you need a lot of CPU power
[07:33] <ball> twb: Right, but if it's a production server you'll want another machine anyway.
[07:33] <qman__> if you're just serving static pages, not so much
[07:33] <chrisellis> right now i am using 0.00, 0.00, 0.00 cpu load average and 1.97GB Real memory
[07:33] <jmarsden> chrisellis: There will almost always be a better deal in a few months.... available general purpose computers get better, faster and cheaper over time.
[07:33] <qman__> it is a great deal, but if you don't need it, you'll just be increasing your electric bill for no good reason
[07:33] <jetsaredim> qman__: will mdadm automatically save the setup for next boot?
[07:34] <ball> chrisellis: do you have another machine synced with that, to take over when that one fails?
[07:34] <jmarsden> If you have 0 load avg you do not need more cores :)
[07:34] <chrisellis> no thats why i kinda want to get another one
[07:34] <qman__> jetsaredim, you have to save the mdadm.conf and set up your fstab
[07:34] <qman__> the howto should go through that, if it's the one I think it is
[07:35] <qman__> you can always manually reassemble an array
[07:36] <jetsaredim> not sure which howto you might be talking about?
[07:36] <qman__> http://tldp.org/HOWTO/Software-RAID-HOWTO.html
[07:36] <jetsaredim> yea
[07:36] <chrisellis> But what you said about the power bill ... 2x900watt power supplies plus whatever that 1750 is doing ... might kill me
[07:37] <qman__> yeah, it's a good deal if you need the CPU power, but it's going to be pretty costly to run
[07:37] <qman__> AMD's biggest marketing ploy is that opterons are more power efficient than xeons
[07:38] <ball> chrisellis: just because you have 900W PSUs, doesn't mean your server is going to be burning 900 Watts.
[07:38] <chrisellis> ball: oh well thats good to know
[07:38] <qman__> yeah
[07:38] <qman__> that's just the max capacity
[07:38] <qman__> and also, it's likely that they're redundant
[07:38] <ball> chrisellis: but choose your CPU and disk drives with care.
[07:38] <qman__> meaning that the machine is not designed to use more than 900 watts
[07:38] <qman__> however, it could still be pretty expensive to run
[07:39] <qman__> look into the TDP of the processors
[07:39] <jetsaredim> qman__: trying to figure out how to specify that a given drive is a spare in a raid 5 setup
[07:39] <ball> ...and make sure they can do Cool-n-Quiet (AMD) or SpeedStep (Intel)
[07:39] <ball> ...that those things are enabled too.
[07:40] <ball> ...and 15k drives may be fast, but they also run hot.
[07:40] <ball> Alright, I really am going to bed now.
[07:40] <ball> Goodnight everyone.
[07:41] <ball> I shall dream of a new server, with 2.5" disk drives and stone cold microprocessors.
[07:41] <twb> 2.5 so they fail faster?
[07:41] <qman__> jetsaredim, http://prefetch.net/blog/index.php/2007/03/11/adding-a-hot-spare-to-an-md-device/
[07:42] <qman__> yeah, I am not a fan of 2.5" hard drives
[07:42] <chrisellis> alright talk to you later
[07:44] <qman__> too slow and too fragile
[07:46] <soren> qman__: You know that many SAS drives are 2.5", right?
[07:47] <qman__> nope, though fast and fragile isn't much better
[07:48] <qman__> I like my nice, cool 3.5" SATA drives
[07:49] <twb> I think what I like most about my 3.5" SATA drives is their commoditory nature (i.e. cost per byte).
[07:50] <qman__> yeah
[07:51] <qman__> RAID a bunch of them together, and you have a reasonably fast filesystem
[07:51] <firecrotch> I'll stick with my 5.25" drives, tyvm
[07:52] <jetsaredim> just got 5x wd black 750G for 65 per
[07:55] <twb> AUD 0.11 / megabyte for 1.5TB seagate sata 3.5
[07:56] <jetsaredim> $0.0866 for the wd drives - they were the deal of the day last week one day
[08:00] <twb> Nothing that good on msy.com.au, as at 2009-07-23
[08:00] <twb> Probably I should take a new snapshot
[08:00] <jetsaredim> yea - it was a daily deal last week on newegg
[08:01] <jetsaredim> how does one re-activate a "stopped" md device?
[08:02] <qman__> probably mdadm --assemble
[08:02] <jetsaredim> not identified in config file
[08:06] <qman__> without a config set up you'd have to specify the devices to use
[08:08] <qman__> syntax would be
[08:09] <qman__> mdadm --assemble /dev/md? /dev/sd? /dev/sd? /dev/sd?
[08:09] <qman__> replacing ? with the appropriate devices, of course
[08:09] <jetsaredim> hrm
[08:09] <jetsaredim> device or resource busy
[08:11] <jetsaredim> i'll just reinstall again
[08:11] <jetsaredim> just setting it up again
[08:12] <jetsaredim> so when saving the config
[08:12] <jetsaredim> would be something like mdadm --detail --scan --verbose > /etc/mdadm.conf
[08:12] <qman__> yes
[08:12] <jetsaredim> but maybe /etc/mdadm/mdadm.conf
[08:12] <qman__> I can't remember exactly but that's the idea
[08:12] <qman__> yes, the second is the correct file
[08:12] <jetsaredim> should it be appended or overwritten?
[08:13] <qman__> appended
[08:13] <jetsaredim> ok cool
[08:13] <jetsaredim> thanks for the assistance
[08:14] <qman__> no problem, sorry you have to start over
[08:14] <jetsaredim> i'm just starting out with it
[08:14] <jetsaredim> have an existing file server running on a hodgepodge of ide disks
[08:14] <jetsaredim> and upgrading to a new system i just built using the 5x 750 wd black drives
[08:14] <jetsaredim> trying to setup raid 5
[08:15] <jetsaredim> for media/backups/fault tolerance/etc
[08:15] <qman__> yeah
[08:15] <jetsaredim> lots of mp3s, tv shows, my kids dvds
[08:15] <jetsaredim> digital pics etc
[08:15] <qman__> I did pretty much the same thing with mine, took a few days to get it set up the way I wanted
[08:15] <jetsaredim> yea
[08:15] <jetsaredim> took me about a month to find the right parts i wanted
[08:15] <qman__> but it's worth the effort
[08:16] <jetsaredim> so it's not like i'm in any huge rush
[08:16] <qman__> and in the event of a system crash, you can still reassemble the array from a live CD
[08:16] <jetsaredim> yea
[08:16] <jetsaredim> well
[08:16] <jetsaredim> i was going to use 4 active drives and have the 5th for spare
[08:16] <jetsaredim> since i got them so relatively cheap
[08:16] <qman__> I started mine with 6 disks, and added 2 later
[08:17] <jetsaredim> ah
[08:17] <qman__> it's almost full again though, I'm going to have to get bigger disks and make a new array
[08:17] <jetsaredim> only 6 sata connectors at the moment on the mobo
[08:17] <jetsaredim> my case has enough bays for 11 drives
[08:17] <jetsaredim> so i'm set for expansion
[08:18] <jetsaredim> oddly enough the case was the one thing i had when i started the project
[08:18] <jetsaredim> heh
[08:18] <qman__> I've got room for 4 more, so I figure once 2TB drives get reliable and down in price, I'll create a new array with four of those, move the data, then add more 2TB disks
[08:18] <jetsaredim> yea
[08:18] <jetsaredim> though
[08:19] <jetsaredim> with the higher capacity disks there is greater likelihood of fault
[08:19] <qman__> yeah, I'd do raid 6 with them
[08:19] <jetsaredim> ah
[08:19] <qman__> right now I have raid 5, using 500GB disks
[08:19] <jetsaredim> sounds like fun
[08:19] <qman__> so I've got about 3.3TB of space
[08:20] <jetsaredim> that would be enough to tide me over for a while
[08:20] <qman__> one thing I didn't realize when I started
[08:20] <qman__> is that I already had enough data to fill more than half of it
[08:20] <jetsaredim> heh
[08:20] <qman__> once I got all my stuff off the various desktops around
[08:20] <jetsaredim> I'm getting there
[08:21] <jetsaredim> i have a 500G drive that's completely full
[08:21] <jetsaredim> plus a bunch of stuff on other random places
[08:21] <jetsaredim> i'd say i have about 100 movies
[08:22] <jetsaredim> plus about 400G of tv shows
[08:22] <jetsaredim> i need to go through them and get rid of some
[08:22] <qman__> I have about 300GB left
[08:22] <qman__> I can probably clean up about 150GB of unnecessary stuff
[08:23] <qman__> but at the rate things are going I'll be full by next year
[08:23] <jetsaredim> yea
[08:23] <jetsaredim> it goes fast
[08:23] <jetsaredim> especially if you use it
[08:24] <jetsaredim> anyway well - thanks again
[08:24] <qman__> yeah, no problem
[08:24] <jetsaredim> i may come back with more questions at some point tomorrow when i try again
[08:24] <qman__> that linux raid howto is the best resource for it
[08:24] <qman__> despite how old it is
[08:24] <jetsaredim> maybe i'll give karmic a go
[08:24] <jetsaredim> actually - i found something from the forums that's decent
[08:25] <qman__> cool
[08:26] <jetsaredim> ok later
[08:41] <uvirtbot`> New bug: #415224 in samba (main) "package samba 2:3.3.2-1ubuntu3.1 failed to install/upgrade: subprocess post-installation script returned error exit status 139" [Undecided,New] https://launchpad.net/bugs/415224
[08:53] <acalvo> anyone here using postfix+dovecot (and LDAP as backend)?
[08:54] <stochastic> can anyone tell me how to prevent my external USB drive from Auto-mounting when I plug it in?
[08:58] <negge> my /var/mail/<user> has stopped growing since about 6 months back. Has there been an update to the system that changes the location of the mail file or what is going on? I doubt cron haven't had anything to say for that long.
[09:12] <CopyWriter> hello all
[09:15] <CopyWriter> today's question :) - i installed 2 network cards into a ubuntu server lts 8:04, configured the eth0 with dhcp and connected it to my adsl modem (can ping google, did updates etc) configured eth1 with static 192.168.1.1 that plugs into a wireless router, other clients will connect to the wireless network fine, but get no internet
[09:15] <CopyWriter> oh and eth1 also has a dhcp server configured on it also
[09:15] <CopyWriter> so it handles assigning addresses
[09:16] <CopyWriter> disabled dhcp on the wireless router, but then the clients couldn't connect to it
[09:16] <CopyWriter> when i open a browser it just stays at connecting and then nada
[09:18] <CopyWriter> i'm thinking to just plug the router into a lan port on the wireless router, but then that would entirely defeat the purpose of having the server act as a firewall
[09:18] <CopyWriter> !dhcp
[09:18] <stefan____> what is the gateway for the wireless router
[09:18] <stefan____> ?
[09:19] <stefan____> must be eth1s  ip address
[09:19] <CopyWriter> 192.168.1.1
[09:19] <stefan____> and that is the ip of the eth1 nic card ?
[09:19] <CopyWriter> yep
[09:20] <stefan____> do you have your 804 server configured as a router ?
[09:20] <CopyWriter> i'm not sure
[09:20] <CopyWriter> i don't think so
[09:20] <stefan____> that is way it is not working
[09:20] <CopyWriter> how do i do that
[09:20] <stefan____> http://unixfoo.blogspot.com/2008/02/how-to-configure-linux-machine-as.html
[09:20] <CopyWriter> i knew it was something i was missing
[09:21] <stefan____> enable ip_forward
[09:22] <CopyWriter> thanks stefan
[09:22] <stefan____> no probs CopyWriter
[09:23] <CopyWriter> i'll try that at the office, i woke up early to research the problem it's 4:22 now, will most likely still have time to get some shut eye before work
[09:23] <stefan____> it is good you woke up early then :)
[10:26] <acalvo> is it possible that the openssh server has some kind of timeout session?
[10:26] <acalvo> I'm finding that if I ssh one server and do not run any command for a large period (say 15min) it gets blocked
[10:26] <acalvo> maybe the connection was killed?
[10:35] <_ruben> most likely a connection tracking issue of one routers/firewalls in between
[10:36] <acalvo> _ruben: but it does not makes sense
[10:36] <_ruben> why not?
[10:36] <acalvo> since if I log in thru ssh and starting working, it does not get killed the connection
[10:36] <acalvo> only after a period
[10:37] <_ruben> so you're experiencing a timeout somewhere, a fairly common one is a busted connection tracking along the way
[10:38] <acalvo> oh, I see
[10:38] <acalvo> maybe you're right
[11:04] <andol> ttx: Regarding bug #334374, aside from having ldap-auth-config as an explicit Recommend, do you agree with the change otherwise?
[11:05] <ttx> andol: I was wondering what was the best way to fix it, given that other related bug. Wanted to ping mathiaz/dendrobates about it since they authored the original design
[11:06] <andol> ttx: Thinking of bug #11:36 < acalvo> _ruben: but it does not makes sense
[11:06] <andol> ohh, bad paste there, sorry
[11:07] <andol> ttx: Thinking of bug #306054 I assume?
[11:07] <ttx> yes
[11:07] <ttx> both are about the current design not allowing some specific setups
[11:08] <ttx> Downgrading a depends to a recommends would fix it, I'm just unsure which depend should be converted :)
[11:08] <ttx> Your solution would not fix 306054.
[11:08] <andol> ttx: Yeah, been thinking about that one too, but haven't really used ldap-auth{config,client} enough to have an an actual opinon on those.
[11:10] <andol> ttx: No, it wouldn't. Nevertheless I don't think ldap-auth-config should be a hard dependency to libnss-ldap. You can very well use that lib without any extra configuration utility.
[11:11] <ttx> true, the design was done at a time where recommends would not get installed, so it needs to be salted with some recommends to allow better flexibility.
[11:12] <andol> ttx: Which is basically the solution I suggest, especially if we add -auth-config as an explicit recommend. I belive that's a good change, no matter what.
[11:12] <andol> ttx: Still, I guess there is no hurry, if we anyway should solve the whole situation.
[11:13] <ttx> andol: ok
[11:14] <andol> ttx: So, what's the plan now? Try getting some input from matiaz and/or dendrobates?
[11:14] <ttx> andol: yes, I'll ask them to have a look and comment, then if they are ok with your debdiff, I'll uplaod it
[11:15] <ttx> upload it, even
[11:15] <andol> ttx: Does that mean I should add a new debdiff, with auth-recommends listed under Recommends as well?
[11:16] <ttx> andol: doesn't hurt to prepare it, yes :)
[11:17] <andol> ttx: Being a rather easy change I'll create a new one when I get off from work.
[11:17] <andol> Work is by the way something I probably should return to now.
[11:18] <ttx> andol: makes sense :)
[11:40] <sebrock> I just installed a vncserver on a headless ubuntu 9.04 server
[11:41] <sebrock> When I connect to it all I see is the X11 desktop, I cannot start a terminal or anything... how do I do that?
[11:41] <_ruben> install the desktop edition instead? :)
[11:42] <sebrock> uh nope no good
[11:42] <sebrock> I want to keep the installs at a minimum
[11:42] <sebrock> got the mouse ans everything, just no terminal
[11:43] <sebrock> so I can't start anything really
[11:43] <_ruben> perhaps you have no terminal program installed
[11:43] <ogra> install a minimal window manager
[11:44] <sebrock> Should it really be necessary to install a window manager?
[11:44] <ogra> openbox or fluxbox
[11:44] <sebrock> vncserver acts as a window manager
[11:44] <ogra> huh ?
[11:44] <_ruben> vncserver a wm??
[11:44] <sebrock> it installs X11 libs
[11:44] <ogra> vnc server acts as an X server
[11:44] <_ruben> its an X server, not a wm
[11:45] <sebrock> I heard a wm should not be needed
[11:46] <ogra> why do you use vnc at all ? as i understand you you just want to be able to run a terminal, using ssh should provide you with that
[11:46] <ogra> you just add useless overhead
[11:47] <dorvan83> hi to all
[11:47] <sebrock> ogra, it's for a mytht-backend
[11:48] <dorvan83> i have a problem with /dev/random.... seems doesn't work...
[11:48] <sebrock> Last time X-forward did not work very well with the initil setup
[11:49] <_ruben> dorvan83: you probably lack entropy .. which is a nasty problem .. i run into it every now and then on mostly idle systems
[11:51] <dorvan83> _ruben: yes i this this too, but entropy pool in kernel is 4096 and i'm trying different keygen executebles, have problem to generate a 1024 key from /dev/random
[11:52] <_ruben> dorvan83: its total size is probably 4096, yet empty (so 4096 of nothingness)
[11:52] <dorvan83> _ruben: but if i launch a dd if=/dev/random of=/root/text.txt and after some time i stop it..
[11:52] <dorvan83> _ruben:  the results from dd statistics is zero
[11:52] <_ruben> which indicates lack of entropy
[11:53] <_ruben> there are some tricks to increase entropy to be found on the 'net, but i never found one that actualy worked well
[11:53] <dorvan83> _ruben:  but if i make the same with "urandom" dd print something
[11:53] <_ruben> because urandom is less "secure" than random
[11:54] <dorvan83> _ruben: i'm using ubuntu server 9.04 in which way i can solve this, to try?
[11:57] <dorvan83> _ruben: some doc on the net suggest to remove rando and make an alis to urandom named random
[11:57] <_ruben> http://stupefydeveloper.blogspot.com/2007/12/random-vs-urandom.html .. little post on the differences between random and urandom .. as for increasing entropy itself, google, tho like i said, i dont recall ever being able to increase the entropy on a "problematic" box
[11:57] <dorvan83> _ruben: but sound stupid...
[11:57] <_ruben> that'd work as a temp work around
[11:58] <_ruben> and it depends on how much you care about "real" randomness
[11:58] <_ruben> if a certain box lacks enough entropy for a given task, i run the task on another box which does have enough entropy .. when possible that is
[12:12] <MatBoy> _ruben: do you still live ?
[12:15] <sebrock> yup, vncserver should start twm, so it includes a wm
[12:17] <sebrock> I see it should also start a terminal by default
[12:35] <sebrock> FYI all I had to do was to add the full path to xterm in the xstartup file
[12:35] <sebrock> works now
[12:40] <garymc> Hi people, do i need an antivirus software on my ubuntu server? if so which one and does it cost anything?
[12:43] <pmatulis> garymc: no a/v s/w necessary
[12:49] <garymc> s/w?
[12:50] <pmatulis> software
[12:51] <garymc> ahh :S
[12:51] <pmatulis> garymc: what kind of server are you talking about anyway?
[12:51] <ivoks> ttx: here?
[12:51] <ttx> ivoks: yes
[12:51] <garymc> im using an LTSP setup
[12:51] <pmatulis> ok, an LTSP server
[12:51] <ivoks> ttx: regarding the corosync sync
[12:51] <garymc> ive got 3 servers, trying to use two of them right now
[12:52] <garymc> Im gonna put Astlinux on one of them
[12:52] <ttx> ivoks: yes
[12:52] <ivoks> ttx: my laptop died couple of days ago, so it's kind of pain to do anythnig now using my phone
[12:52] <garymc> and try to link it through so each ltsp user has a phone too
[12:52] <ttx> hehe
[12:53] <ivoks> ttx: so, i'll be finishing my vacation tomorrow and should be able to fix those things  day after tomottow
[12:53] <ivoks> tomorrow
[12:53] <ttx> ivoks: works for me, I'm mostly concerned by the NBS
[12:53] <ivoks> nbs?
[12:53] <ttx> the library transition
[12:53] <ivoks> ah.
[12:53] <ivoks> rhcs will need rebuild
[12:54] <ivoks> acctualy, new version
[12:54] <ivoks> and
[12:54] <ivoks> but we need to sync corosync first
[12:54] <ivoks> then we will sync openais
[12:54] <ivoks> and new pacemaker and new rhcs
[12:55] <ivoks> corosync is first step
[12:55] <ivoks> openais second
[12:56] <ivoks> everything except rhcs is in the ppa i mentioned in the bug
[12:56] <ivoks> i couldn't finish rhcs cause my thinpad died... £%$&*£"!
[12:57] <ivoks> ... and i won't be at the meeting today for the same reason...
[12:58] <ttx> ivoks: There is no laptop reparirman on your beach ?
[12:58] <ivoks> no :/
[12:58] <garymc> pmatulis: do you know if i can do this?
[12:59] <garymc> pmatulis: setup a separate server with astlinux on ubuntu then link it to my ltsp clients and giv them a phone each?
[12:59] <pmatulis> garymc: best ask on #ltsp
[12:59] <ivoks> ttx: oh, and we can't sync from experimental since that version isn't there yet
[12:59] <ttx> it is now
[13:00] <ttx> ivoks: since Aug 15
[13:00] <ivoks> eh... i couldn't know that :/
[13:00] <ivoks> does it has all my changes?
[13:01] <ivoks> have
[13:01] <ivoks> i hate lenovo :/
[13:02] <_ruben> MatBoy: nah :)
[13:02] <ivoks> anyway, i'll be back in 48 hours... take care
[13:53] <dorvan83> ivoks: i'm using your last released packages on launchpad for ubuntu for corosync and pacemaker. Yesterday night sdake of #linux-cluster have bypassed an issue with corosync-keygen binary, but there are other problems with system entropy.
[13:55] <ttx> dorvan83: he is no longer in-channel. You should send an email to him.
[13:55] <dorvan83> ah, ok
[13:55] <dorvan83> where i can get it?
[13:55] <dorvan83> from whois command?
[13:57] <dorvan83> i can't see
[13:57] <dorvan83> ttx: have you suggestion for increase system entropy?
[13:58] <dorvan83> i found this:http://ubuntumagnet.com/2007/11/creating-more-entropy-linux-kernel-virtualized-environment
[14:00] <ttx> dorvan83: see pm
[14:03] <dorvan83> ttx: pm?
[14:05] <ttx> dorvan83: I just sent you the email address by Private Message (pm)
[14:07] <dorvan83> ooppss sorry... that pm aaaaaaaaaaaaahhhhh
[14:08] <dorvan83> ttx: thanks, sorry but i'm in remote console on irssi.
[14:10] <smoser> soren, would it make sense to allow the user to provide the ssh host keys for a new instance (in user-data or something).. they could run ssh-keygen the system that started the instance and send them over to the new instance, rather than trying to verify by scraping console output (which sometimes doesn't work)
[14:11] <soren> smoser: i thought about it, but I think it's a bad idea. The user-data is not protected, so if someone finds a way to query your meta-data, they get your ssh host private key, and that would be bad news.
[14:12] <smoser> this is true
[14:12] <smoser> obviously, that info (the private key) is also in /etc/ssh
[14:12] <smoser> but there it is file system permissions protected
[14:13] <smoser> i think you might have mentioned before the possibility of locking up (via iptables) the user data
[14:14] <smoser> after it is used.  perhaps crawl it, store it in /var/run/ec2-user data with secure filesystem permissions and then deny access to 169.254.169.254:80
[14:15] <smoser> soren, ^ (no hurry, just so you see it)
[14:16] <soren> smoser: Hm. Interesting idea. That could work, I guess.
[16:01] <rayno_b> Hi there, I need to forward port 3840 to a specific IP address on the network (this should happen from internal).  Can someone here please assist me to get that to work?
[16:01] <PhotoJim_> there are lots of ways of doing that.
[16:02] <PhotoJim_> I use shorewall.  /etc/shorewall/rules has the configuration.
[16:02] <rayno_b> If I use webmin could I do this with ip tables?
[16:02] <PhotoJim_> DNAT   net loc:192.168.222.13 tcp 5050
[16:02] <PhotoJim_> DNAT   net loc:192.168.222.13 udp 5050
[16:02] <PhotoJim_> that forwards port 5050 from my router's external IP (my router is an Ubuntu box) to that private IP on my LAN (my Slingbox in this case).
[16:03] <giovani> rayno_b: your ubuntu box is the firewall/router?
[16:03] <rayno_b> no
[16:03] <PhotoJim_> iptables can do it, but I'm not experienced in doing that.  and I don't use webmin . my router has no GUI.  better performance that way.
[16:03] <PhotoJim_> ahh.  you have to do this on your router.
[16:03] <giovani> rayno_b: then this isn't an ubuntu question -- this is a question for your router/firewall company
[16:03] <rayno_b> but is there any way to do this on this ubuntu machine that is currently getting the request?
[16:04] <giovani> rayno_b: no ...
[16:04] <giovani> you need to open the port at the router/firewall
[16:04] <rayno_b> look, the port is open.
[16:04] <giovani> the entire function of that device is to stop random traffic from entering your network -- so that's where the exception has to be made
[16:04] <giovani> rayno_b: on the router/firewall? or on the server? there's a big difference
[16:05] <rayno_b> Giovani - I know.  The port is only going to be used in the local lan, not from external to internal.
[16:05] <PhotoJim_> why do you want to do local port forwarding?
[16:05] <giovani> rayno_b: then there's nothing you need to do -- the port is open
[16:05] <rayno_b> but
[16:05] <PhotoJim_> port forwarding is usually done as a kludge to get around NAT.  local IPs don't need to work around it.
[16:05] <rayno_b> If the request comes to the ubuntu box on port 3840, I want that request to be processed by another machine on the network.
[16:05] <PhotoJim_> can you not direct the request to the proper machine?
[16:06] <rayno_b> You would think - That's what I would have done, but I'm not the admin of this network.  The network admin insists that I do it this way.
[16:06] <giovani> rayno_b: there's no good solution to this
[16:06] <PhotoJim_> this is a really dumb way to do it.  no offense. :)
[16:06] <giovani> you need to do it the right way
[16:06] <giovani> which is to send the client to the correct server
[16:07] <giovani> also, what protocol are you using on this port?
[16:07] <rayno_b> I'm using tcp
[16:07] <giovani> no
[16:07] <giovani> I meant application protocol
[16:08] <rayno_b> It's an http address
[16:08] <giovani> well, you can issue an http redirect
[16:08] <giovani> it's far cleaner than any kind of weird port-tunneling you want to do
[16:09] <rayno_b> okay...  but say I insist on doing this weird tunneling thing.  can you just help me to get it working please?  I understand it's not the right thing to do.
[16:09] <giovani> an HTTP 301 reply will ensure the client sends their traffic (for the entire session) to that new server
[16:10] <giovani> rayno_b: nope, sorry, I can't help do something so silly
[16:10] <giovani> maybe someone else will
[16:10] <rayno_b> can I explain the network admin's point of view.
[16:11] <giovani> well you've also decided not to use my perfectly valid solution
[16:11] <giovani> for some unknown reason
[16:11] <rayno_b> giovani - ok, can you help me with the HTTP 301 reply?
[16:11] <giovani> sure, set up a webserver, and configure it that way
[16:11] <giovani> lighttpd will do
[16:12] <giovani> it's still serious overkill
[16:12] <giovani> but at least it'll make sure you're not duplicating tons of traffic for no good reason
[16:12] <rayno_b> okay, i'll try that.  thank you.
[16:13] <PhotoJim_> that seems the most elegant solution.
[16:13] <giovani> PhotoJim: it still makes me cringe :)
[16:14] <rayno_b> you wouldn't do it?
[16:14] <giovani> rayno_b: I'd talk to the network admin
[16:14] <giovani> I don't know why this is the network admin's decision anyway
[16:14] <rayno_b> okay
[16:14] <giovani> you don't need his permission to tell clients to access the server directly
[16:14] <giovani> http://redmine.lighttpd.net/projects/1/wiki/Docs:ModRedirect
[16:15] <pmatulis> rayno_b: give giovani the admin's telephone number
[16:15] <giovani> there's the (pretty good) documentation on mod_redirect (which you'd need to use lighttpd here)
[16:15] <giovani> just make sure to set the url.redirect-code to 301
[16:15] <rayno_b> the thing is, the server sends 'n url link to the clients in their mailboxes and this contains the wrong address at the moment.
[16:15] <giovani> so fix it?
[16:16] <rayno_b> the dns name on other ports should point to the ubuntu server.  it's just this one single port that's the problem.
[16:16] <PhotoJim> yeah, that's a good point.  can you change it to give the correct address?
[16:16] <giovani> rayno_b: I don't follow you -- ports aren't related to domain names
[16:17] <giovani> domain names map to ip addresses -- you can't specify which ports are accessible when using a given name to resolve the ip
[16:17] <rayno_b> I know I know.
[16:17] <rayno_b> This is a special case.
[16:18] <rayno_b> From outside, the address somename.dyndns.org maps to the router that comes into the client's network.
[16:18] <rayno_b> From inside, the network administrator has mapped that name (somename.dyndns.org) to the ubuntu server that I'm administrating.
[16:18] <rayno_b> Because all ports on that name should go to the ubuntu server, except for this one port 3840 which should go back to another address.
[16:19] <giovani> so use a different name ...
[16:19] <giovani> for the right server
[16:19] <giovani> and send that one out in the emails
[16:22] <PhotoJim> sounds to me like the optimal solution is to just give the Ubuntu server the public IP, and have it port forward that one port.
[16:22] <PhotoJim> using a router to forward all ports to a single machine means the router isn't really routing.
[16:22] <PhotoJim> it's superfluous.
[16:25] <rayno_b> Okay, will talk to the network admin.
[16:25] <rayno_b> I have another question which is not related to my current topic...  Do you mind?
[16:26] <giovani> rayno_b: as long as it's an ubuntu question, sure
[16:28] <rayno_b> I've been trying to understand traffic shaping, but I have no clue how to get this right.  At the moment, I use an ubuntu server as gateway to the internet.  How can I control that one user cannot simply use all available bandwidth to the internet?  And maybe always allow mail traffic to be able to flow through, etc.?
[16:29] <rayno_b> I'll be right back
[16:32] <rayno_b> Right, I'm back.
[16:39] <rayno_b> Giovani - Can you or PhotoJim help with this?
[16:42] <giovani> rayno_b: honestly, it's a reasonably complex topic
[16:43] <giovani> there are a number of howtos on traffic queueing in linux -- but I wouldn't advise taking it on
[16:44] <rayno_b> I must say, I've been very much unsuccessfull so far in what I've been trying.
[16:44] <rayno_b> But everytime someone on the network now downloads something, the internet is unusable to anyone else.
[16:46] <giovani> downloads something over http? or with something abusive like bittorrent?
[16:46] <rayno_b> just straight forward download
[16:46] <giovani> so over http then
[16:46] <giovani> that shouldn't be happening
[16:46] <rayno_b> remember, we're in africa.  download speeds are really slow.
[16:47] <giovani> alright, well then it sounds like you may need traffic shaping
[16:47] <giovani> but it's not a simple task
[16:47] <giovani> so I'm not sure what to offer you
[16:49] <rayno_b> Are you prepared to help me set it up?
[17:00] <Sam-I-Am> mathiaz: yo
[17:00] <mathiaz> Sam-I-Am: hi
[17:01] <mathiaz> Sam-I-Am: what is the subject of your email?
[17:01] <Sam-I-Am> looking...
[17:02] <Daviey> nijaba & kirkland: Let me know when you have 5 mins to chat about ubuntu-server-tips
[17:02] <kirkland> Daviey: i'm working a hard math problem at the moment
[17:02] <nijaba> Daviey: I'm free now (well, let me grab a coffee first)
[17:03] <nijaba> kirkland: well, since I know you do not have kids, I  guess it is not a school relted pb ;)
[17:03] <Sam-I-Am> its on pkg-openldap-devel, cc'd you... 'enable nss-slapd to be built'
[17:04] <Sam-I-Am> and steve...
[17:04] <Sam-I-Am> since i'm kinda new to this i wasnt sure where i should run it by you guys, submit a bug/patch, or whatever...
[17:04] <Sam-I-Am> s/where/whether
[17:05] <mathiaz> Sam-I-Am: submitting a patch is always a good idea
[17:05] <Sam-I-Am> also added a patch to fix test058's failing issue
[17:05] <Sam-I-Am> sure, so just submit a bug and attach the udiff?
[17:05] <Daviey> kirkland: heh, ok.. ping me and nijaba when you are free :)
[17:06] <Sam-I-Am> and patches which patch the build mechanism are ok too?
[17:06] <mathiaz> Sam-I-Am: sure
[17:06] <mathiaz> Sam-I-Am: what's your patch about test58?
[17:06] <mathiaz> Sam-I-Am: I'd also suggest to file the patches in the upstream bug tracker
[17:08] <nijaba> Daviey: from what I have gathered so far, you should just add a file starting with a number inside /etc/update-motd.d/ which contains the command to be executed to display tips.  Once there the command will be executed at login to display the tip.  kirkland will confirm, but I am quite sure that's all there is to it
[17:08] <kirkland> nijaba: Daviey: right...  or a symlink to a file
[17:08] <mathiaz> Sam-I-Am: test58 randomly fails - try to rebuild the package and the build may succeed
[17:08] <kirkland> Daviey: do you have a binary that just plucks and prints one random tip?
[17:08] <Sam-I-Am> mathiaz: the patch for test058 was from hyc... it got committed to openldap CVS
[17:09] <mathiaz> Sam-I-Am: part of 2.4.18 then?
[17:09] <Sam-I-Am> mathiaz: so i added it to the build for 2.4.17 ... and it seems to reduce or eliminate the random failures that arent already caught
[17:09] <Sam-I-Am> it will be
[17:09] <Sam-I-Am> which means it becomes moot if 2.4.18 makes it into karmic
[17:10] <nijaba> kirkland: /usr/bin/ubuntu-server-tip
[17:10] <mathiaz> Sam-I-Am: that's ok - we backport patches from upstream if they're relevant
[17:10] <Sam-I-Am> yeah, this was a minor one that just cleaned up builds... along with my nssov patch which clear out the temporary build files leftover in the nssov tree
[17:11] <mathiaz> Sam-I-Am: this seems like a good candidate to send to upstream
[17:11] <nijaba> kirkland: so I guess a ln -s /usr/bin/ubuntu-server-tip /etc/update-motd.d/60_ubuntu-server-tip should be it?
[17:11] <mathiaz> Sam-I-Am: so I'd file a bug in ITS too
[17:11] <Sam-I-Am> mathiaz: the nssov patch?
[17:11] <mathiaz> Sam-I-Am: yes - if you modify the Makefile to add a clean target it would be beneficial to upstream too
[17:11] <kirkland> nijaba: Daviey: yeah, that should do it ;-)
[17:12] <Sam-I-Am> that was the question i had in my email... whether i should patch debian/rules to manually purge the files... or patch the nssov makefile to include a 'clean' rule and then debian/rules to call it
[17:12] <mathiaz> Sam-I-Am: I didn't pay too much attention to your patch as I don't build package more than once in the same tree
[17:12] <mathiaz> Sam-I-Am: patch the nssov Makefile
[17:12] <mathiaz> Sam-I-Am: and submit the patch to upstream
[17:13] <Sam-I-Am> ok... and what about calling it during build cleanup?
[17:14] <Sam-I-Am> i originally just added the clean target to 'all' which solved it, but felt a bit clunky
[17:14] <mathiaz> Sam-I-Am: the clean target in the rules doesn't clean up the build
[17:14] <mathiaz> Sam-I-Am: the clean target in the rules doesn't clean up the build tree
[17:14] <Sam-I-Am> what does then?
[17:14] <mathiaz> Sam-I-Am: hm - well it does: rm -rf $(builddir) $(builddir_notls) $(installdir)
[17:15] <mathiaz> Sam-I-Am: however it's not done from a Makefile target
[17:15] <Sam-I-Am> ah, right
[17:15] <mathiaz> Sam-I-Am: It doesn't use make clean
[17:15] <Sam-I-Am> nssov gets built in the regular source tree, not build iirc
[17:15] <Sam-I-Am> which explains where the leftovers come from
[17:15] <mathiaz> Sam-I-Am: right - so may be modifying the nssov to be build in the build tree?
[17:16] <Sam-I-Am> sounds like a better plan
[17:16] <Sam-I-Am> now that i see how its working :)
[17:16] <mathiaz> Sam-I-Am: and while you're working on this, the latest version of slapd in ubuntu doesn't load the nssov
[17:16] <Sam-I-Am> figure its also pertinent for building things like smbk5pwd
[17:16] <Daviey> kirkland: sorry, went AFK.. Something nijaba mentioned about it being 160 chars or less.. I was thinking of adding a "-s" switch to /usr/bin/ubuntu-server-tip that returns a tip less than 160 chars, as this might be more suitable for MOTD?  What do you think?
[17:16] <Sam-I-Am> which would also be a nice thing to integrate...
[17:16] <mathiaz> Sam-I-Am: I haven't tracked down the reason why the nssov shared library is not loaded correctly
[17:17] <Daviey> kirkland: That obv breaks your symlink, unless -s is default behaviour
[17:17] <Sam-I-Am> mathiaz: hmm... i'll look into it
[17:17] <mathiaz> Sam-I-Am: that would be very helpful
[17:17] <mathiaz> Sam-I-Am: take the latest version of slapd in karmic and try to load the slapd overlay
[17:17] <Daviey> kirkland: i guess if user = root, it could default to -s ?
[17:17] <mathiaz> Sam-I-Am: take the latest version of slapd in karmic and try to load the nssov overlay
[17:18] <Sam-I-Am> k... looking at that now...
[17:19] <mathiaz> Sam-I-Am: smbk5pwd is also interesting however it's build for heimdal
[17:19] <Sam-I-Am> yeah, that was another question
[17:19] <mathiaz> Sam-I-Am: so the overlay needs to be ported to support MIT kerberos
[17:19] <Sam-I-Am> with samba4 integrating heimdal, whats the plans with MIT?
[17:19] <Sam-I-Am> or are they orthogonal
[17:19] <mathiaz> Sam-I-Am: MIT is the supported version of kerberso in ubuntu
[17:19] <Sam-I-Am> yeah...
[17:20] <mathiaz> Sam-I-Am: ie MIT kerberos is in main while heimdal is in universe
[17:20] <mathiaz> Sam-I-Am: so the smbkrb5pwd needs to be ported to MIT
[17:20] <Sam-I-Am> i saw something on the server pages about getting heimdal into main (which i think it was a long time ago)
[17:20] <mathiaz> Sam-I-Am: there is someone from redhat working on adding support for MIT kerberos to samba4
[17:20] <nijaba> Daviey: ln -s is what you would do from the command line to add the symlink.  The script ubuntu-server-tip can have whatever you want in it
[17:20] <Sam-I-Am> mathiaz: ah, cool
[17:20] <mathiaz> Sam-I-Am: that must have been a long time ago
[17:21] <mathiaz> Sam-I-Am: the current plan is to stick with MIT kerberos in main and have heimdal in universe
[17:21] <Daviey> nijaba: sure, but just wanted to clarify that the MOTD should be <160 chars.. and if so, should i make this the default behaviour if ran as root?  As update-motd no doubt runs as root.
[17:21] <Daviey> Can't think of a cleaner way, i'm sure update-motd doesn't introduce any enviroment variables?
[17:22] <nijaba> Daviey: ah, ok... in that case add a real file 60_ubuntu-server-tip in update-motd.d that contains a call to /usr/bin/ubuntu-server-tip and all the options you want
[17:22] <Daviey> The reason i'm suggesting this, as i think the user should be able to run further ubuntu-server-tip on demand
[17:22] <Sam-I-Am> the thing about heimdal is it'll set your smb password automatically when you change your kerberos password... so patching smbk5pwd might take a bit more work
[17:23] <Sam-I-Am> since i think it lets heimdal handle some of the footwork automagically
[17:23] <Daviey> nijaba: I was pondering the idea of a --submit option, so people could easily send a tip via the command line :)
[17:23] <mathiaz> Sam-I-Am: does heimdal use the EXT OP to change the ldap password?
[17:24] <Sam-I-Am> mathiaz: not for samba.. it just writes the NT hash
[17:24] <nijaba> Daviey: that would be cool!  I guess it could just use the standard bug reporting interface...
[17:24] <Sam-I-Am> i dont think theres an exop for md4
[17:24] <Sam-I-Am> it would be nice if it was all exop...
[17:24] <nijaba> Daviey: ie: ubuntu-bug command
[17:25] <nijaba> Daviey: err.... no
[17:25] <Daviey> nijaba: well i was thinking this.. using ubuntu-bug, but it is my understanding that; only works for ubuntu packages, not projects (not a long term issue once it is included), they also *require* a LP account.. and i don't know if this is a good or bad thing for making suggestions
[17:26] <nijaba> Daviey: yes, that's what I was just looking at.  Might be simpler to have an email sent to some generic address
[17:26] <Daviey> nijaba: but we don't install a smtp server on base :/
[17:26] <nijaba> Daviey: for example the ubuntu-server-tip team ml
[17:27] <Daviey> nijaba: that is a good idea, then there can be discussion per thread on the validity of the command.
[17:28] <psi-jack> Hmm interesting.
[17:28] <nijaba> Daviey: well...  if smtp is not configured (ie no smtp-mta available) maybe we could just tell the person to send an email to the list?
[17:29] <nijaba> Daviey: we need something simple..
[17:29] <psi-jack> I have ldaps:/// in my etc/default/slapd, and it's listening to 636, but tls is failing.
[17:31] <nijaba> Daviey: btw, there is a tip about iotop and another about iftop, but none are in main, which, in the principle, breaks rule #3 on https://wiki.ubuntu.com/server-tips
[17:32] <nijaba> Daviey: I do however find the tip useful, so I am wondering if we should request an exception
[17:32] <Sam-I-Am> psi-jack: 636 is not tls, its ssl
[17:32] <Sam-I-Am> tls uses 389
[17:33] <Clusty> hey
[17:33] <Daviey> nijaba: hmm.. do you think we should generally review rule #3 ?
[17:33] <Sam-I-Am> in fact, you should probably not be using ssl unless one of your clients doesnt speak tls
[17:33] <Clusty> i wanted to give out static IP addresses to certain MACs and dynamic tot he rest
[17:33] <Daviey> nijaba: I mean, if the server admin is happy to use universe stuff - then it's enabled in sources.list.. and if they try and run the command, they'll get command-not-found telling them how to install it?
[17:34] <VSpike> If I'm connected with ssh to my server and am partway through a long backup script, and if I now discover I have to leave and shutdown my client machine....
[17:34] <Clusty> unfortunately google gives me just how to configure static addresses from the client side
[17:34] <nijaba> Daviey: yep, I think it is quite important that we do not advise people to use stuff not in main.  but that can be discussed for utilities
[17:34] <VSpike> Is there anyway, given that I didn't use nohup or screen, to prevent the backup from stopping?
[17:34] <nijaba> Daviey: I would be much more concern for long standing deamons to tell you the truth
[17:34] <Sam-I-Am> VSpike: use nohup? :)
[17:34] <Clusty> VSpike, if i am not mistaking you can do some magic, to give a process a new parent
[17:35] <VSpike> I do not like that Sam-I-Am ;)
[17:35] <Daviey> nijaba: yeah, i can see that point..
[17:35] <Clusty> VSpike, not sure thoiugh
[17:35] <Clusty> VSpike, consider running all in a VNC ?
[17:35] <Daviey> nijaba: TBH, i actually forgot about the rules on the wiki page.. not purposely disobeyed them :(
[17:35] <VSpike> Clusty: I have heard of such things, I agree
[17:35] <nijaba> Daviey: hey, no prob, we are still in early stages here
[17:35] <VSpike> Clusty: it sounds quite voodoo
[17:36] <Clusty> VSpike, i know it's possible. but i would not know where to start
[17:36] <VSpike> I guess I'll just kill the backup, start screen, restart the process and check it later
[17:36] <Daviey> nijaba: "Ubuntu Enterprise Cloud" tip does sail close to the wind.. :/
[17:36] <VSpike> I would rather not, but if there is no other way then c'est la vie
[17:37] <nijaba> Daviey: why is that?  will be in main in karmic
[17:37] <Daviey> "Tips are not advertisement, but information. No paid services or product can be referred to here, except if an exception is granted during a server community meeting."
[17:37] <Clusty> VSpike, so you are running backups from a ssh?
[17:37] <Clusty> and want to be protected against net stops?
[17:37] <VSpike> Clusty: yes, running a script on the server to backup to NAS using tar/ssh/dd
[17:38] <Daviey> nijaba: Links to a page that is largely advertisment for Canonical
[17:38] <VSpike> Clusty: It's a one-off hack at the moment, just to get one backup
[17:38] <Clusty> VSpike, the right thing to do is to cron the task
[17:38] <VSpike> Agreed
[17:38] <Clusty> since anyways you prolly want to do it weekly....
[17:38] <VSpike> I need to put some logging and error handling in the script and so on
[17:38] <VSpike> Clusty: quite
[17:38] <nijaba> Daviey: Well, agreed, the cloud pages are pushing our services around it
[17:38] <VSpike> this is just a first cut "get a backup" script
[17:38] <Clusty> VSpike, till then screen is a quick hack
[17:39] <VSpike> Yep :)
[17:39] <Clusty> VSpike, there is backup-manager
[17:39] <VSpike> oh? don't know it
[17:39] <Clusty> it';s a decent proggie
[17:39] <Clusty> it supports incremental tars
[17:39] <Clusty> so i do daily incremental
[17:39] <Clusty> and weekly full backups
[17:39] <VSpike> I need that elsewhere
[17:39] <Clusty> and it autodeletes olb backups
[17:39] <Clusty> old*
[17:39] <nijaba> Daviey: http://www.ubuntu.com/products/whatisubuntu/serveredition/cloud/uec would be better, I think.  I just need to setup a short url for it :P
[17:40] <VSpike> Clusty: http://pastebin.com/f6f8f0061
[17:40] <VSpike> Clusty: ^ current script :)
[17:40] <Clusty> you're the man :D
[17:40] <VSpike> The destination is a WD Mybook World Edition with hacks applied to enable ssh access etc
[17:40] <Clusty> sed-master
[17:40] <Clusty> :D
[17:40] <VSpike> heh
[17:40] <Daviey> nijaba: I'm not happy with using tinyurl.com etc either.. one of the tips has that short url
[17:41] <Clusty> so any1 can help me with my DHCP issue?
[17:41] <Clusty> is it even possible?
[17:41] <nijaba> Daviey: yep, that's not great.
[17:41] <Daviey> (especially as i heard tinyurl are in difficulty atm)
[17:41] <nijaba> Daviey: tell me which url and I'll find a way to get a short url on ubuntu.com for it
[17:41] <Daviey> but it's also a third party that could potentially redirect that url to anywhere.. perhaps RHEL website :)
[17:42] <VSpike> Clusty / Sam-I-Am : thanks for the help - backup running anew in screen.  Gotta dash!
[17:42] <VSpike> Clusty: will check out backup-manager
[17:42] <Sam-I-Am> Clusty: as long as the mac addresses are different, dhcp should hand out whatever IPs are configured
[17:43] <nijaba> Daviey: https://help.ubuntu.com/9.04/serverguide/C/etckeeper.html, I guess
[17:43] <Clusty> Sam-I-Am, i want to give a certain mac a certain address
[17:43] <Sam-I-Am> sure
[17:43] <Sam-I-Am> thats handled on the dhcp server
[17:43] <Daviey> nijaba: http://tinyurl.com/etckeeper
[17:43] <Daviey> yeah
[17:44] <Clusty> Sam-I-Am, any place i can start reading?
[17:44] <Clusty> Sam-I-Am, the server gives now dynamic to all
[17:44] <Sam-I-Am> the default dhcpd.conf file includes examples of how to configure a static IP for a MAC
[17:45] <Daviey> nijaba: Is a redirect from ubuntu.com/$NAME a good long term solution.. i imagine that many more tips will have urls..
[17:45] <Daviey> struggling to think of something better tbh..
[17:46] <nijaba> Daviey: I am writing a proposal to our webmaster as we speak.  Something like ubuntu.com/go/$name
[17:46] <Daviey> nijaba: that would make sense, especially if they can create/update urls regulary on demand.
[17:47] <nijaba> yep
[17:48] <Daviey> nijaba: It also has the added benefit that a url that is on someones installation can be quickly resolved, if the real link turns bad..
[17:48] <Clusty> Sam-I-Am, http://pastebin.com/m8bd587f
[17:49] <Sam-I-Am> thats the example
[17:49] <Clusty> this is the closest thing
[17:49] <psi-jack> Okay. So ldapsearch -x -Z works for me, presently, but ldapsearch -x -ZZ fails with just this error: ldap_start_tls: Connect error (-11)
[17:49] <Sam-I-Am> if you're using dns, you can use the hostname... otherwise, put the IP in there
[17:49] <Clusty> but how do i tell it i want to give 192.168.0.201 ?
[17:49] <Sam-I-Am> after fixed-address
[17:49] <Sam-I-Am> fixed-address <ip>
[17:50] <Sam-I-Am> psi-jack: does the cert hostname match how you're connecting?
[17:51] <psi-jack> Hmm. Well I'd thought. but apparently not. I added -h ldap.mydomain.tld and ZZ worked.
[17:51] <Sam-I-Am> yeah, so you can set that in ldap.conf
[17:51] <Sam-I-Am> under URI
[17:51]  * psi-jack nods.
[17:52] <psi-jack> Got it. Finally working.
[17:52] <Sam-I-Am> yay
[17:52] <psi-jack> But, okay, so I wanted to create an SSL cert that was *.mydomain.tld
[17:52] <psi-jack> And that one, failed, because the cn didn't match.
[17:53] <Sam-I-Am> that should work fine
[17:53] <Clusty> Sam-I-Am, thanks. worked
[17:54] <Sam-I-Am> hmm @ installing slapd on karmic and it not asking me for a default admin password
[17:55] <psi-jack> Okay, NOW * worked.
[17:56] <psi-jack> Poifect.
[18:23] <clusty> hey
[18:23] <clusty> i am trying to get NIS running
[18:23] <clusty> unfortunately this nis thing does not start
[18:24] <clusty> it tries to bind to the yp server
[18:24] <clusty> and it chokes (after a few attempts)
[18:24] <clusty> https://help.ubuntu.com/community/SettingUpNISHowTo
[18:25] <clusty> served as how-to guide
[18:31] <Sam-I-Am> mathiaz: think i figured out the nssov problem... its compiled with the wrong libdir
[18:34] <clusty> there seems to be some problem with this:  if [ "`ypwhich 2>/dev/null`" != "" ]
[18:35] <clusty> i cannot do ypwhich
[18:35] <Sam-I-Am> yp?
[18:35] <clusty> NIS
[18:35] <clusty> i am trying to get nis running
[18:36] <clusty> Sam-I-Am, ypwhich is supposed to tell me the domain name of the NIS
[18:36] <Sam-I-Am> what uses yp/nis anymore?
[18:37] <clusty> Sam-I-Am, that would be me :D
[18:37] <clusty> you know a better way to have centralized user management?
[18:37] <Sam-I-Am> any uh.. reason?
[18:37] <Sam-I-Am> try ldap
[18:37] <clusty> besides ldap
[18:38] <Sam-I-Am> nis is a dinosaur
[18:38] <clusty> that feels overkill
[18:38] <clusty> really?
[18:38] <Sam-I-Am> its insecure and broken
[18:38] <clusty> ldap felt complicated
[18:38] <Sam-I-Am> your other choice is AD heh
[18:38] <clusty> AD?
[18:38] <Sam-I-Am> ldap is not bad
[18:38] <Sam-I-Am> active directory :)
[18:38] <clusty> is that not some windoze thing?
[18:38] <Sam-I-Am> it is
[18:38] <Sam-I-Am> so theres your choices...
[18:39] <clusty> then billy can go suck a lemon
[18:39] <clusty> won't promote M$ junk
[18:39] <Sam-I-Am> ldap or... AD... which is basically microsoftified ldap
[18:39] <clusty> debian fellas were not very outraged by the idea of having NIS
[18:39] <clusty> and NIS+ipsec seemed a decently securized variant
[18:40] <Sam-I-Am> i guess, but openldap is really the way to go
[18:40] <Sam-I-Am> if nis worked, we'd have documentation for configuring it in ubuntu heh
[18:41] <clusty> https://help.ubuntu.com/community/SettingUpNISHowTo
[18:41] <clusty> seems very straight forward
[18:41] <clusty> if it only did not choke
[18:43] <Sam-I-Am> https://help.ubuntu.com/9.04/serverguide/C/network-authentication.html
[18:43] <Sam-I-Am> pretty straightforward
[18:46] <clusty> Sam-I-Am, yaiks. this is serious work :D
[18:46] <clusty> compared with nis
[18:49] <psi-jack> !find pam_ldap.conf
[18:50] <jtimberman> ldap is the way to go for single sign on, as it will work with a lot of other places you might also need authn. I would not bother with NIS.
[18:50] <nick125> I thought pam_ldap.conf was just a symlink to another file in Debian/Ubuntu...
[18:51] <psi-jack> Well, if it is, it's not been set properly.
[18:51] <Sam-I-Am> psi-jack: its just /etc/ldap.conf
[18:54] <psi-jack> My problem is ldapscripts aren't working.
[18:54] <psi-jack> ldappasswd, fails, cause it tries to use SASL for some aweful reason, no matter what.
[18:54] <psi-jack> Even though the ubuntu setup uses -x everywhere I can see.
[18:55] <psi-jack> Otherwise, authentication is fully functional so far that I can tell.
[19:05] <dmclain> Anyone here familiar with /etc/sysctl.conf?
[19:05] <dmclain> Im wondering : Whats the equivalent of kern.maxproc for Ubuntu in /etc/sysctl.conf?  I didn't see a default in there for it, but I think I need to set it higher than the default for the box.
[19:07] <psi-jack> dmclain: sysctl.conf is not different per distributions.
[19:07] <psi-jack> It's a standard thing.
[19:07] <dmclain> ah, excellent.  Thanks for taking the time :-)
[19:09] <sbeattie> dmclain: that said, 'sysctl -a | grep maxproc' doesn't find anything on karmic, so I'm not sure what you're trying to set.
[19:09] <psi-jack> True that.
[19:10] <psi-jack> Nothing in /proc for maxproc, either.
[19:11] <clusty> pffff
[19:11] <clusty> i love it when the debian guys jump at your juggular
[19:11] <clusty> i love it when the debian guys jump at your juggular
[19:11] <clusty> when you mention ubuntu
[19:11] <clusty> i feel like lining them all and bitchslapping them silly
[19:11] <psi-jack> clusty: I love it when people complain about debian.. NOT
[19:12] <clusty> psi-jack, even though my question is more linux rather then distro specific
[19:12] <psi-jack> clusty: Point?
[19:12] <clusty> psi-jack, debian ppl are knowledgeable, but damn snobs
[19:12] <psi-jack> General linux, ##linux
[19:12] <clusty> most of them
[19:13] <psi-jack> clusty: Funny. Most Debian people I meet, don't know jack crap.
[19:13] <clusty> psi-jack, i mean irc ppl
[19:13] <psi-jack> Most of the time, in fact, they hide behind their ego.
[19:13] <psi-jack> clusty: So do I.
[19:13] <clusty> #ubuntu is not very usefull
[19:13] <clusty> most questions are quite basic
[19:14] <psi-jack> This is why ##linux exists.
[19:14] <clusty> and is also insanely large traffic
[19:14] <clusty> this is best really. cause it'sa bit more customized
[19:14] <clusty> best of both worlds. ppl know their shitr generally
[19:15] <clusty> and replies are ubuntu specific
[19:15] <clusty> such as conf file location ...
[19:15] <psi-jack> How many questions do you have that are ubuntu-specific that cannot be resolved without being distribution-specific?
[19:15] <psi-jack> Conf file location /etc
[19:15] <psi-jack> Simple
[19:15] <clusty> anyways back to debian, i would rather them be a bit more understanding
[19:16] <psi-jack> Why do you think Ian Murdock isn't with them anymore?
[19:16] <psi-jack> Or even supporting them?
[19:16] <clusty> who is he?
[19:16] <clusty> sorry for asking :D
[19:16] <psi-jack> The founder of Debian.
[19:16] <clusty> i know stallman, which i don't particularilyl like
[19:16] <clusty> but respect still
[19:17] <psi-jack> Heh
[19:17] <psi-jack> I wish there was a TurnKey for just making an authentication box and/or a router box.
[19:17] <clusty> most starters of trends end up dissociating themselves from their creations
[19:17] <clusty> psi-jack, there is
[19:17] <psi-jack> clusty: Erm?
[19:17] <clusty> there are routing distros
[19:17] <clusty> like entangle
[19:17] <psi-jack> Like?
[19:17] <clusty> or something like that
[19:18] <psi-jack> Untangle?
[19:18] <clusty> that one :D
[19:18] <clusty> might have to cough up some cash if you want really fancy stuff
[19:19] <clusty> like balancing and smart filters
[19:19] <clusty> spam
[19:19] <psi-jack> Bleh
[19:19]  * psi-jack turns back on Untangle right away.
[19:19] <psi-jack> Next!
[19:19] <clusty> :D
[19:19] <psi-jack> Hell, eBox is better
[19:20] <clusty> it's fine
[19:20] <clusty> only antivir/load balance are paid
[19:20] <psi-jack> Yeah, which are standard Linux features.
[19:21] <clusty> load balanciong is hard
[19:21] <clusty> you cna always implement it yourself
[19:21] <clusty> but you loose the fancy GUI thing
[19:21] <clusty> or whatever
[19:22] <psi-jack> Hmm. Dunno.. So far it looks okay.. Without the load balancing part, it has QoS
[19:22] <psi-jack> And tailored QoS at that, not just basics like wondershaper gives
[19:24] <psi-jack> It's Debian-based I see?
[19:26] <psi-jack> Might toss this on my spare server to test it out, so I have a backup router just in case.
[19:27] <psi-jack> Still wondering how in the frack they do it under Windows.
[19:27] <clusty> psi-jack, it's debian i guess
[19:27] <clusty> psi-jack, you could actually install a package at some point
[19:27] <clusty> on top of an ubuntu
[19:28] <psi-jack> Using apt?
[19:28] <clusty> yes
[19:28] <clusty> but when i tried it failed
[19:28] <clusty> actually i never got the thing running
[19:28] <psi-jack> Oh nice!
[19:28] <clusty> cause i did nto want to dedicate a box for just routing
[19:28] <psi-jack> I already do.
[19:28] <psi-jack> routing, mail, and dns cachine.,
[19:28] <clusty> i will suggest the big chief buys a new box
[19:28] <psi-jack> caching
[19:29] <clusty> i did not do cahceing just yet
[19:29] <clusty> i am fighting with getting dns working for local pc-s
[19:29] <psi-jack> dns caching, not web caching.
[19:29] <clusty> i know
[19:29] <clusty> dnsmasq
[19:29] <clusty> or how is it called
[19:29] <psi-jack> No, bind.
[19:29] <giovani> bind is incredible bloat for a dns cache
[19:29] <clusty> i failed yesterday getting bind to like my local pc-s
[19:30] <clusty> i postponed the task for now
[19:30] <clusty> and wanna get central user management
[19:30] <clusty> guess there is not way around it
[19:30] <clusty> but using ldap
[19:30] <psi-jack> What I reaaaaly want, though, is a turnkey like this, for just authentication.
[19:30] <psi-jack> Like you just said, central user management.
[19:31] <clusty> i never set up such a thing, so it's a learnign 3experience
[19:31] <KillMeNow> i reaaaaally want Telekinesis and Omnipotence but that's not gonna happen anytime soon
[19:31] <clusty> i am a self taught sys admin
[19:31] <clusty> :D
[19:31] <psi-jack> It's a pain in the arse.
[19:31] <clusty> wonder are there ppl actually learning linux in school?
[19:31] <psi-jack> clusty: So am I, since before Linux 1.0.0 was released, I've been using Linux.
[19:31] <clusty> besides taking certifications
[19:31] <psi-jack> I've 0 certifications.
[19:32] <psi-jack> Just a lot of hands-on experience and know-how.
[19:32] <clusty> i sinstalled linux in 5th grade first D:
[19:32] <clusty> that was like 15 years ago
[19:32] <clusty> was damn strange toy, i did not know what it was good for
[19:32] <giovani> 15 years ago, linux 1.0 hadn't been released
[19:32] <clusty> think it was first slackware
[19:33] <clusty> 10 years
[19:33] <clusty> not 15
[19:33] <clusty> what is linux 1.0?
[19:33] <clusty> some homebew thing before distro concept?
[19:33] <clusty> :D
[19:33] <giovani> ...
[19:33] <giovani> the kernel version
[19:34] <clusty> ohh
[19:34] <clusty> holly molly
[19:34] <clusty> what about first slackware?
[19:34] <clusty> what kernel did that have?
[19:34] <clusty> lemme look
[19:34] <giovani> probably slightly before that
[19:35] <clusty> had the most god awful WM :D
[19:35] <clusty> anyways i started using linux full time in university
[19:35] <clusty> and that was debian
[19:36] <giovani> slackware 1?
[19:36] <giovani> highly doubt there was a window manager :)
[19:36] <clusty> there was a horrid TWM-like thing
[19:36] <clusty> can hardly call it WM :D
[19:37] <clusty> slackware 1 came in 1992
[19:37] <clusty> twm came in 1987
[19:38] <clusty> or so wiki says
[19:42] <psi-jack> Hmmm. I might look into zeroshell.
[19:52] <clusty> psi-jack, that is cool i hear
[19:53] <clusty> psi-jack, a lot of people are doing mlppp with it
[19:53] <psi-jack> mlppp?
[19:53] <clusty> psi-jack, multi link ppp
[19:53] <psi-jack> Ewww
[19:53] <clusty> psi-jack, you basically bind multiple DSL lines
[19:53] <clusty> awesome
[19:53] <clusty> :D
[19:53] <clusty> for a multitude of reasons:
[19:53] <psi-jack> sadism?
[19:53] <psi-jack> :p
[19:53] <clusty> 1 you get all the transfer rate in 1 conection
[19:54] <clusty> 2 you bypass DPI
[19:54] <clusty> in canada all DSL is screwed
[19:54] <clusty> all DSL traffic is throtelled
[19:54] <clusty> no torrents, no encrypted stuff
[19:55] <clusty> psi-jack, i am having ldap trouble
[19:55] <clusty> following this guide: https://help.ubuntu.com/9.04/serverguide/C/openldap-server.html
[19:55] <giovani> in canada, dsl owns you!
[19:55] <clusty> giovani, yeap.the EWUL bell is choking the life of the net
[19:55] <giovani> clusty: I don't know what "no encrypted stuff" means -- I assure you the major candian isps don't block ssl
[19:55] <clusty> they dont block
[19:56] <clusty> here is deal:
[19:56] <clusty> 80% of dsl goes through bell infrastructure
[19:56] <clusty> bell is slowing down every1 cause they claim their netowrk cant do full speed
[19:56] <clusty> so whatever DPI can't figure out it assumes it's not legitimate traffic
[19:57] <clusty> all SSL=torrents
[19:57] <clusty> in their mind
[19:57] <giovani> I don't believe that
[19:57] <giovani> it's easy enough to test
[19:57] <giovani> find an ssl webserver and do a speed test on it
[19:58] <clusty> i did test
[19:58] <clusty> there is a big fuss now about it
[19:58] <clusty> i mean ppl going to ottawa and screaming BELL GO HOME :D
[19:59] <clusty> anyways, i installed ldap set the admin password, but when i do a ldapsearch the thing rejects credentials
[20:00] <KillMeNow> which is why i'm praying that Net Neutrality laws come to life here in the US
[20:00] <giovani> clusty: probably doing the wrong auth, etc
[20:00] <clusty> giovani, me, the good little tool is doing copy paste from site
[20:00] <giovani> clusty: sasl or simple?
[20:01] <clusty> giovani, not clue what that is :D
[20:01] <clusty> ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
[20:01] <giovani> time to read more about ldap then
[20:01] <clusty> is what i am doing
[20:06] <clusty> giovani, so yes, that is sassl :D
[20:09] <mookatt> hi everyone, looking for advice --- i'm very much in need of generating pdf's of internal webpages on my dapper server and I can do this with firefox+commandline print extension.  I need gtk+ toolkit however.  How big of an issue is it to have gtk+ on my server?  Obviously it's overhead not needed and may present security issues, but I'm not seasoned enough to know exactly what caveats will creep up
[20:11] <Claw6> anybody may can help me with mysqldump ?
[20:12] <Claw6> i run it but nothing seems to happen
[20:12] <mookatt> what do you need to know?
[20:12] <Claw6> may im doing something wrong
[20:12] <mookatt> what command did you run?
[20:12] <Claw6> mysql -u root -p -h localhost db260642497  < dumpDB_.sql
[20:12] <Claw6> where will it be saved to ?
[20:13] <mookatt> try mysql -u root -p -h localhost db > dump.sql
[20:13] <mookatt> > instead of <
[20:15] <Claw6> mh... seems processing
[20:16] <Claw6> well i just copied that commandline from a website
[20:16] <Claw6> did not recognized that < was the wrong way
[20:17] <mookatt> the < typically means to read that file as input and the > means to put the result of the command to a file
[20:17] <mookatt> man mysqldump
[20:18] <KillMeNow> you can also "stream" in a sql dump file from within the mysql command line, just FYI
[20:18] <Claw6> where will the dumpDB_.sql will be stored to ?
[20:18] <Claw6> im realy new to unix
[20:18] <KillMeNow> in the directory you ran the mysqldump command
[20:18] <KillMeNow> if you don't explicitly state the path
[20:19] <KillMeNow> so if you're in /tmp
[20:19] <KillMeNow> and run mysqldump -u root -p --database > DBsql.sql
[20:19] <KillMeNow> you should find a DBsql.sql file in the /tmp dir
[20:20] <mookatt> anybody have any opinions on installing gtk+ toolkit on a dapper server?
[20:21] <clusty> well gonna run home. hopefully electricity is back up
[20:24] <Claw6> KillMeNow nope it does not appear there
[20:24] <Claw6> or its not even created
[20:25] <Claw6> should i get a echo out when its done?
[20:25] <KillMeNow> don't think so, don't remember getting one in the past
[20:25] <KillMeNow> ls -la
[20:26] <KillMeNow> mysqldump -u[user] -p[password] [databasename] > dumpfile.sql
[20:27] <KillMeNow> that is the command you should run
[20:27] <KillMeNow> you can do it like this:  mysqldump -u[user] -p[password] [databasename] > /path/to/dumpfile.sql
[20:27] <KillMeNow> if you want to explicitly state the path the archive should be dumped to
[20:28] <KillMeNow> if you leave the -p blank, it should prompt you for a password
[20:33] <Claw6> well after importing the db (it should overwrite an existing one) do i have to restart mysql or anything like that ?
[20:33] <KillMeNow> nope...  shouldn't need to
[20:34] <KillMeNow> however, if you accidentally imported a blank file, i think that *may* bork your old database
[20:34] <KillMeNow> I know I've accidentally taken a empty .sql DB backup before and over wrote the DB i was trying to backup
[20:35] <KillMeNow> thankfully i did have good backups stored elsewhere
[23:00] <psi-jack> Hmmm
[23:00] <psi-jack> Well, I'd tried zeroshell, and was not impressed.. At all.
[23:01] <psi-jack> Now, what I seriously would like, is like a distribution or "appliance" that uses gosa.
[23:01] <psi-jack> That... Would be utterly sweet.
[23:05] <Djannakhan> Hi,
[23:06] <Djannakhan> I've a issue with locale on a fresh new ubuntu server 9.04 install
[23:06] <Djannakhan> http://pastebin.ca/1534376
[23:06] <Djannakhan>  dpkg-reconfigure locales won't solve the issue
[23:06] <Djannakhan> (it gave the same issue)
[23:08] <sub> Djannakhan: Try installing the language pack - sudo apt-get install language-pack-en
[23:09] <Djannakhan> sub: it's allready installed (i've just run the command)
[23:10] <Djannakhan> http://pastebin.ca/1534383
[23:10] <Djannakhan> I still got the warning
[23:11] <Djannakhan> strange this file :  /var/lib/locales/supported.d/local does not exists on this server, while on other servers, it exists
[23:13] <sub> Ah hmm, have you tried manually running locale-gen ?
[23:14] <sub> I believe it's what's actually responsible for populating that directory/file
[23:15] <Djannakhan> sub: yes I did and it didn't change anything
[23:16] <Djannakhan> sub: I'll retry just now, as i've reinstalled the system this afternoon
[23:16] <Djannakhan> sub: still no change
[23:16] <Djannakhan> same warning on 'locale' command
[23:19] <sub> I don't know, I'd say you could try local-gen --purge but I'm not sure if that will really fix anything or somehow make it worse. You lost me =)
[23:20] <Djannakhan> ;)
[23:21] <Djannakhan> don't solve the problem either
[23:21] <Djannakhan> but what's strange is that en_US.ISO-8859-15  is not regenerated
[23:21] <Djannakhan> could this be the problem ? if I change the system local to en_US.ISO-8859-1, which is generated?
[23:24] <Djannakhan> Yes !
[23:25] <Djannakhan> I've changed to en_US.ISO-8859-1, then sudo  dpkg-reconfigure locales, 'locales' command still show the issue, but after a reboot it's gone !
[23:28] <sub> excellent