/srv/irclogs.ubuntu.com/2009/08/21/#ubuntu-server.txt

clusty	i would say it's some hardware issue more like	00:00
jerrcs	ugh	00:00
clusty	_jmedina, i've been trying all sorts of howto's	00:02
clusty	_jmedina, one query that does work: ldapsearch -xLLL -b "dc=debian,dc=lan" uid=john sn givenName cn	00:02
_jmedina	clusty: do you already have data on your directory?	00:02
_jmedina	:)	00:02
_jmedina	dc=debian=dc=lan?	00:02
_jmedina	which one is your search base?	00:02
_jmedina	vlazar@algorithmica:~/ldap$ ldapadd -x -W -D "cn=admin,dc=debuntu,dc=local" -f people_group.ldif	00:03
clusty	_jmedina, that is what i want now	00:03
clusty	the ldif's have all the data there	00:03
_jmedina	:)	00:03
clusty	_jmedina, the one i showed you now worked	00:03
_jmedina	you cannot do that	00:03
_jmedina	Configurar un servidor Controlador de Dominio con Samba y OpenLDAP en Ubuntu Server Hardy 8.04	00:04
clusty	_jmedina, well followign this howto :D http://www.debuntu.org/ldap-server-and-linux-ldap-clients	00:04
_jmedina	that is the topic for my howto	00:04
_jmedina	in spanish	00:04
_jmedina	http://tuxjm.net/docs/cursos/Samba+OpenLDAP+PAM+NSS-4Ubuntu/html/	00:04
clusty	_jmedina, that will give me mala de teta, but i will figure it out :D	00:05
_jmedina	clusty: if you defined dc=debian,dc=lan at configure time you cannot add entries with another search base	00:05
_jmedina	clusty: could you paste your people.ldif file?	00:06
clusty	_jmedina, at install i defined the domain: debian.lan	00:06
clusty	_jmedina, and org: algorithmica	00:06
clusty	_jmedina, from what i read that will create dc=debian,dc=lan	00:06
clusty	?	00:06
_jmedina	yeap	00:06
clusty	so what is cn ?	00:06
clusty	stands for common nanme	00:07
clusty	but what is IT :D	00:07
_jmedina	culd you paste your ldfi file?	00:07
clusty	http://pastebin.com/m3e125484	00:08
clusty	looks fishy	00:08
clusty	:(	00:08
_jmedina	again	00:09
_jmedina	dn: ou=Group, dc=debuntu, dc=local	00:09
_jmedina	you need to change that to dc=debian,dc=lan"	00:09
clusty	did that	00:09
clusty	no effect	00:09
_jmedina	and the same for the ldapadd command	00:09
_jmedina	ldapadd -x -W -D "cn=admin,dc=debian,dc=lan" -f people_group.ldif	00:10
clusty	vlazar@algorithmica:~/ldap$ ldapadd -x -W -D "cn=admin,dc=debuntu,dc=lan" -f people_group.ldif	00:10
clusty	Enter LDAP Password:	00:10
clusty	ldap_bind: Invalid credentials (49)	00:10
_jmedina	of you can reconfigure slapd and define another search base	00:10
_jmedina	:)	00:10
_jmedina	please read my comments	00:11
_jmedina	I told you to change the base search for cn=admin...	00:11
clusty	i am very sorry, i understand if you get mad	00:11
_jmedina	you dont have a cn=admin,dc=debuntu,dc=lan in your directory	00:11
clusty	i am lost badly :D	00:11
_jmedina	invalid credentials in your case means unknown user :)	00:11
clusty	ldapadd -x -W -D "cn=admin,dc=debuntu,dc=lan" -f people_group.ldif	00:13
clusty	samed as yours	00:13
clusty	also changed the file	00:13
clusty	dn: ou=People, dc=debuntu, dc=lan	00:13
clusty	what am i missing?	00:13
_jmedina	I dont know	00:13
_jmedina	I would start over...	00:14
_jmedina	dpkg-reconfigure -plow slapd	00:14
clusty	_jmedina, ok doing now	00:14
_jmedina	and read my document	00:14
_jmedina	I added so post instalations checklists...	00:14
LiraNuna	when I auth against my mail server with anything but LOGIN and PLAIN, it fails even though postfix shows it supported them	00:15
clusty	_jmedina, will do	00:15
LiraNuna	I'm using saslauthd and pam.d/smtp to perform the auth	00:16
_jmedina	LiraNuna: what about logs?	00:16
LiraNuna	_jmedina, "authentication failure"	00:16
_jmedina	thats all?	00:16
LiraNuna	yep	00:17
LiraNuna	it works great when I use PLAIN or LOGIN	00:17
LiraNuna	_jmedina, Aug 20 16:06:54 train postfix/smtpd[13284]: warning: localhost[127.0.0.1]: SASL DIGEST-MD5 authentication failed: authentication failure	00:17
LiraNuna	that's about it	00:17
Psi-Jack	Alright. dhcpd3-server, is it capable of running a primary and secondary server?	00:18
_jmedina	Psi-Jack yeap	00:18
Psi-Jack	Sweet.. How? LOL	00:18
_jmedina	is not that hard	00:18
_jmedina	man dhcpd.conf	00:19
_jmedina	that is the first place to ask...	00:19
_jmedina	check the DHCP FAILOVER section	00:19
Psi-Jack	Gotcha.	00:20
* _jmedina looks at his TODOcument list and see dhcp slave at 50 %...		00:21
Psi-Jack	Cool. now I just need to figure out how to use eBox's hooks to tie that in. ;)	00:21
clusty	_jmedina, worked. i am blind had a typo	00:26
_jmedina	:)	00:27
clusty	_jmedina, new problem: http://pastebin.com/m5e6a5e91	00:27
_jmedina	hard to catch typos at this hours	00:27
clusty	can you tell what is wrong with the second part of the ldif?	00:28
_jmedina	probably you have spaces at the end of your ldif file	00:28
_jmedina	or a hidden character	00:29
clusty	_jmedina, you're the man :D	00:44
clusty	_jmedina, imported all the damn data	00:44
_jmedina	clusty: ?	00:44
_jmedina	how?	00:44
clusty	_jmedina, tweaking the ldifs to match my conf	00:44
_jmedina	:)	00:45
clusty	and compu pasted around to fix the file issue	00:45
clusty	start getting the hang of this slowly	00:45
clusty	_jmedina, reading your guide about the client side of ldap	01:05
clusty	_jmedina, the server address you set to 127.0.0.1, but this is localhost. don't i need to specify the IP of the server?	01:05
giovani	heh	01:05
LiraNuna	how can I provide smtp auth using mysql database without storing them in CLEAR TEXT?	01:18
troytroy	hi folks	01:18
LiraNuna	I tried using saslauthd but it only supports AUTH PLAIN and AUTH LOGIN	01:19
LiraNuna	I tried auxprop sql and it requires clear password in the database	01:19
KillMeNow	you can encrypt them in the mysql database	01:19
LiraNuna	KillMeNow, they are already encrypted	01:19
KillMeNow	then the initial transmission can be doing over TLS or SSL	01:19
LiraNuna	using PLAIN and LOGIN ?	01:19
troytroy	pls how do i configure bind9 to respond to queries from intranet clients	01:19
KillMeNow	they are encrypted in my database	01:20
LiraNuna	KillMeNow, same here - I got AUTH LOGIN and AUTH PLAIN working, but AUTH MD5-* doesn't work	01:20
KillMeNow	you will need to create different "views" for your Bind9 install Troy	01:20
troytroy	queries from the server to outsider using server works but clients on the intranet seem not to be able to query with the server	01:20
KillMeNow	let me finish typing out this email and I'll check my setup again	01:20
LiraNuna	troytroy, sounds like network configuration problem, do you set the bind9 server as a DNS server in your intranet router?	01:21
troytroy	LiraNuna yes pls	01:21
KillMeNow	forwarders Troy	01:22
troytroy	actually yes	01:22
KillMeNow	if you're using your Bind server as the resolver, if the bind server doesn't have the zone file, it will need to forward the query to an upstream dns resolver	01:22
troytroy	yes i have opendns servers configured as the forwarders	01:23
troytroy	actually queries from intranet client for other intranets clients dont return	01:23
troytroy	but if i do the queries in the server everything seems fine	01:24
_jmedina	clusty I mean openldap client utilities, not a linux client	01:27
troytroy	so any clues what could be going wrong	01:28
troytroy	http://ubuntu.pastebin.com/m22cbd670	01:28
KillMeNow	so you're doing a query for other intranet clients ?	01:29
troytroy	thats a firewall script kindly check if that is the course for block dns queries	01:29
troytroy	KillMeNow yes pls	01:29
KillMeNow	LiraNuna... i'm running saslauthd and courier	01:29
KillMeNow	are those other intranet clients in the zone file for your domain?	01:30
LiraNuna	KillMeNow, I took your solution, I made TLS mandatory for login, and only supported logins are PLAIN and LOGIN	01:30
_jmedina	KillMeNow: you can configure postfix sasl client wth courier authdaemon, bypassing cyrus sasl saslauthd	01:30
LiraNuna	that way I'm forcing encryption and everyone's happy	01:30
KillMeNow	i think i found the same issue you did, and finally just require TLS to secure the password transmission	01:30
LiraNuna	KillMeNow, smtp auth is such a mess	01:31
KillMeNow	i just looked at my configs and it's same as you... PLAIN and LOGIN	01:31
LiraNuna	yeah, I guess it's best of both worlds :/	01:31
_jmedina	# cat /etc/postfix/sasl/smtpd.conf	01:31
_jmedina	pwcheck_method: authdaemond	01:31
_jmedina	log_level: 3	01:31
_jmedina	mech_list: plain login	01:31
_jmedina	authdaemond_path:/var/run/courier/authdaemon/socket	01:31
_jmedina	that is from jaunty server	01:31
LiraNuna	thanks for the clarification, KillMeNow	01:31
LiraNuna	_jmedina, yeah, plain and login	01:31
LiraNuna	over TLS	01:31
_jmedina	this way postfix comunicates directly to authdaemon..	01:31
_jmedina	yes	01:31
_jmedina	what is wrong with that?	01:32
LiraNuna	nothing	01:32
_jmedina	if you need strong auth and encryption use kerberos	01:32
LiraNuna	before that I didn't have TLS	01:32
KillMeNow	there is supposed to be a MD5 crypt that should work but doesn't	01:32
LiraNuna	so I couldn't use cram-md5 or crypt-md5	01:32
troytroy	KillMeNow http://ubuntu.pastebin.com/m153b7093	01:32
troytroy	that is my named.local.options file	01:32
LiraNuna	thank you both, KillMeNow and _jmedina, finally got that thing sorted out :/	01:32
LiraNuna	hehe, even google has that	01:33
LiraNuna	AUTH LOGIN	01:33
LiraNuna	530 5.7.0 Must issue a STARTTLS command first. m6sm194510wag.21	01:33
LiraNuna	^ google	01:33
uvirtbot	LiraNuna: Error: "google" is not a valid command.	01:33
KillMeNow	i'm trying to remember my bind here... 0.0.0.0/0 gives recursion to anyone?	01:33
_jmedina	XD	01:34
troytroy	yep	01:34
_jmedina	KillMeNow: yeap, openrelay	01:34
_jmedina	I never use recursion, everything is controlled by allow query	01:34
KillMeNow	yea, that's not necessarilly a good thing if it's public facing at all	01:34
_jmedina	I use allow query globally, allowing only localhost and trusted subnets	01:34
_jmedina	and then I allow-query any for each external zone	01:35
KillMeNow	but anyways, Troy... if your internal clients hit the dns server, and it doesn't have any of your intranet clients in the domain zone file, it will try to forward the query to opendns	01:35
KillMeNow	so do you have either your intranet zone file clients appending dynamically or statically?	01:35
troytroy	KillMeNow there is a domain zone file	01:35
troytroy	KillMeNow the problem is queries on the server work perfectly	01:36
KillMeNow	ok so follow my logic here... lets say your domain is xyz.com	01:36
KillMeNow	and it's internal	01:36
KillMeNow	forget outside	01:36
troytroy	but it seems not to work from outside the server	01:36
KillMeNow	if you have client A, that tries to resolve client B, but client B doesn't have a host record in teh zone file that the bind server is authoritative for it's going to bomb	01:37
troytroy	KillMeNow hmm there are zone files and reverse zone files	01:38
troytroy	all working perfectly when queried in the server	01:38
KillMeNow	ok, so which is it? you said "<troytroy> actually queries from intranet client for other intranets clients dont return"	01:38
troytroy	e.g host clientA server get a hit when run from the server	01:39
KillMeNow	ok, so when you try to resolve from the bind server it resolves?	01:39
troytroy	but lets say nslookup clientA server return unknown	01:39
troytroy	its like the server is rejecting queries from the intranet clients	01:40
troytroy	yes	01:40
KillMeNow	and client A has the bind server as it's resolver? /etc/resolv.conf	01:40
troytroy	yes	01:41
KillMeNow	have you checked using netstat -nap \| grep 53 to verify that the service is up?	01:42
KillMeNow	otherwise, do a iptables --flush	01:42
KillMeNow	take IPtables out of the equation and see if it then resolves from client A	01:42
KillMeNow	if it does after you flushed your iptables, then the problem is your iptables rules	01:42
troytroy	its up and running	01:43
KillMeNow	UDP or TCP or both?	01:43
troytroy	http://ubuntu.pastebin.com/d36aedd3b	01:43
troytroy	bot	01:43
troytroy	both	01:43
KillMeNow	ok	01:43
KillMeNow	so dump your iptables and try from client A again	01:43
troytroy	ok	01:45
troytroy	same error bro	01:45
KillMeNow	check your /var/log/messages	01:46
troytroy	ok	01:46
troytroy	nothn pertaing to the nameserver ther	01:49
troytroy	kindly check my "iptables -S" for me	01:50
KillMeNow	hold on, did you flush your iptables?	01:51
troytroy	KillMeNow http://ubuntu.pastebin.com/d14541343	01:51
KillMeNow	prior to running the query from client A?	01:51
troytroy	yes	01:51
troytroy	yes	01:51
KillMeNow	then we can deduce that it's not your iptables yet	01:51
KillMeNow	if you do a iptables -L	01:51
KillMeNow	you should see nothing	01:51
troytroy	yep	01:51
troytroy	just run the script again to enable remote ssh logon	01:52
KillMeNow	well, i'm not seeing a UDP port for 53	01:52
KillMeNow	only tcp	01:52
troytroy	ok let me add that	01:52
KillMeNow	also i'm seeing anything coming in to eth1 to be sent to the DROP bucket	01:53
KillMeNow	you know, i use IPKungfu for doing all my firewall scripts	01:54
KillMeNow	makes life MUCH easier	01:54
troytroy	ok i am trying to setup a wireless hotspot box	01:54
KillMeNow	www.linuxkungfu.org	01:54
KillMeNow	ok, then why not use DD-WRT?	01:55
KillMeNow	or something similar?	01:55
troytroy	so eth1 is hooked to switch with access points attached	01:55
KillMeNow	ahh	01:55
KillMeNow	ok	01:55
troytroy	everything is setup fine just this nameresolution error	01:56
KillMeNow	anyways, point is... if you flushed your iptables and ran the query from client A, then you can deduce there is something borked in your config	01:56
troytroy	ok	01:56
KillMeNow	i'm off work now, so i'm gonna go home	01:57
troytroy	checked /var/log/syslog no errors with respect to nameserver config	01:57
troytroy	thanks very much	01:57
troytroy	ur assistance is very much appreciated	01:57
KillMeNow	well, it's working from local	01:57
KillMeNow	so if you run a dig @localhost hostname	01:58
KillMeNow	you should get some type of return	01:58
KillMeNow	bind can be really tricky	01:58
KillMeNow	have fun	01:58
PhotoJim	any reason why update-grub wouldn't put new kernels in the list?	02:16
PhotoJim	mine has the latest as 2.6.28-11 in /boot/grub/menu.lst but there are about 3 updated kernels since then. manually running update-grub doesn't create the entries either.	02:17
giovani	I still will neve3r get why people quit a few seconds/minutes after asking a question during off-hours	02:22
clusty_	giovani, who quit?	02:23
giovani	oh, that's my error -- I mistook Psi-Jack_ for PhotoJim	02:24
giovani	my comment stilly applies in the general sense though :)	02:24
giovani	PhotoJim: can you ls -lah /boot for us?	02:25
troytroy	hi giovani	02:27
PhotoJim	giovani: I actually figured it out. I had to edit the # kopt=blahblah line to include my rootdelay=70 line (needs a delay due to RAID issues) and then re-invoke update-grub. once I did that, the problem disappeared.	02:27
PhotoJim	giovani: thanks for offering though :)	02:27
troytroy	been battling with bind9 configuration for 12 hours now	02:27
troytroy	it just refuses to respond to queries from clients in the intranet	02:28
giovani	PhotoJim: how does that relate to update-grub not detecting your newer kernels?	02:29
PhotoJim	giovani: good question. I'm not entirely sure. I think the first update-grub just updated the menu.lst configuration options but didn't include the new kernels. the second invokation added the new kernels.	02:30
giovani	hmm, that seems unlikely	02:30
giovani	but alright	02:30
PhotoJim	giovani: my first attempt had me have a kopt line without the preceding # (I thought it needed to be uncommented).	02:31
PhotoJim	giovani: I don't really know for certain. I just know that it worked this past time.	02:31
qman__	the first try probably failed because it was completely uncommented	02:46
qman__	update-grub takes one-#-in lines	02:46
PhotoJim	that sounds right	02:46
PhotoJim	and when I corrected it, that let it work properly	02:46
uvirtbot	New bug: #416750 in samba (main) "package samba-common 2:3.2.3-1ubuntu3.5 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/416750	02:55
faileas	odd question, but has anyone here set up pygopherd? i'm trying to get it to use a hostname i specify instead of the hostname of the system, and i can't seem to get it to.	02:58
twb	You're running a GOPHER server?	02:58
faileas	well, in theory. in practice, its not quite working ;p	02:58
twb	Cool.	02:58
faileas	i DID say it was an odd question didn't i? ;p	02:59
ball	YAY FOR GOPHER!	02:59
* faileas is running IRC (with qwebirc) and web right now. gopher looks like fun, but its rather hard to get help with it ;p		02:59
faileas	gopher://lupinenet.co.cc	03:06
faileas	the issue is i set the hostname to be lupinenet.co.cc in the config file. it seems to be picking up the computer's hostname instead	03:06
faileas	hmm	03:08
faileas	never mind. looks like my ISP blocked port 70 too	03:09
faileas	so linking is of little use ;p	03:09
twb	curl: (1) Protocol gopher not supported or disabled in libcurl	03:19
twb	Sadness	03:19
ball	hello mathiaz	03:23
=== macrocosm_ is now known as macrocosm
psi-jack	Okay. So, if you're primary focus on making an ubuntu 9.04 server was to make it a router, would you use ufw, firestarter, or something else?	04:50
psi-jack	What I'm looking for, is preferably easy maintenance, possibly web interface for it, and presently, not eBox.	04:50
faileas	psi-jack: take a look at untangle	04:51
psi-jack	I just did.	04:51
psi-jack	Fracking thing just crashed the system.	04:52
faileas	hmm	04:52
psi-jack	Uses Java crap, too.	04:52
psi-jack	DNS was minimal. IPs to Names, that's it. That's not DNS, that's only 1 100th of DNS.	04:52
faileas	thats cause routers don't handle dns, you need a DNS server seperate from the router	04:53
faileas	(softwarewise, stuff like BIND or unbound)	04:53
psi-jack	Well, if the router is handling everything, why /not/ have it also handle DNS? I mean, really.	04:53
faileas	no no	04:53
faileas	you use the same hardware, and add a DNS server	04:53
psi-jack	Right.	04:53
psi-jack	Untangle, didn't really offer such a capability.,	04:54
psi-jack	They locked it down far too much.	04:54
faileas	untangle is ubuntu with their own custom stuff ;p	04:54
faileas	hmm	04:54
psi-jack	No, actually, it's Debian.	04:55
psi-jack	But, still.	04:55
psi-jack	They locked it down so you couldn't really manage it, except through their own interfaces.	04:55
psi-jack	SO anyway.	04:55
psi-jack	I may just write my own interfaces.	04:55
faileas	and if its any good share em ;p. its something potentially useful	04:56
psi-jack	but, I want to know, for now, what would be the better option for firewall stuff to handle NAT and port forwarding.	04:56
psi-jack	ufw, to me, seemed very.... Desktop-based, not really server-based at all..	04:56
ycy	for your safety, please remain seated or firmly grip the handrail at all times	04:56
faileas	ya	04:56
faileas	i think most hardcore server uses would prolly use iptables straight up, and not worry about the front end	04:57
twb	ufw is handy for setting up iptables-restore rules while still providing a stupid thing (ufw(8)) that you can hand to ill-educated customers who want to shoot themselves in the foot.	04:57
twb	As opposed to a straightforward #!/usr/sbin/iptables-restore script in /etc/network/if-pre-up.d/	04:58
psi-jack	Heh	04:58
psi-jack	True that.	04:58
psi-jack	I mean, yeah, it provides a means to use iptables restore stuff in segments.	04:58
twb	iptables-persistent entered sid recently, which is just an init script that runs iptables-restore on /etc/iptables/foo	04:59
twb	psi-jack: well, I HOPE it essentially cats them -- you can't meaningfully cat iptables-restore scripts. And I really, REALLY hope ufw doesn't turn into like 1000 individual iptables -A rules	05:00
roxy__	hi somebody know how i can recover the information when the superblock is broken?	05:05
twb	roxy__: carefully?	05:16
twb	roxy__: which filesystem?	05:16
roxy__	xfs	05:16
twb	Ahaha	05:17
twb	I believe the recovery process for XFS is "bend over"	05:18
psi-jack	Not exactly.	05:18
psi-jack	XFS is a fine filesystem.	05:18
roxy__	so, how i can recover?	05:19
psi-jack	Lemme read back	05:19
psi-jack	okay. superblock is broken? What told you that?	05:20
roxy__	when i try to mount	05:22
twb	XFS is fine up unless you have no write barrier support, or run an old (read: tested) kernel, or happen to lose power unexpectedly.	05:22
roxy__	i try to use xfs_repair but can't find the superblock	05:22
psi-jack	I see.. Are you sure it's XFS?	05:22
psi-jack	twb: I've had no problems for years.	05:22
twb	psi-jack: how fortunate for you	05:23
twb	# file -sL /dev/puck/root --> Linux rev 1.0 ext3 filesystem data (needs journal recovery) (large files)	05:23
roxy__	yes	05:23
twb	roxy__: file -sL on the device should confirm that it's XFS	05:23
roxy__	yes, i got /dev/internal/homes: SGI XFS filesystem data (blksz 4096, inosz 256, v2 dirs)	05:24
psi-jack	roxy__: Okay, cool, run xfs_check on /dev/internal/homes	05:26
roxy__	i did and i got can't seek in filesystem at bb 181578224	05:26
roxy__	can't read block 0 for directory inode 119914522	05:27
roxy__	no . entry for directory 119914522	05:27
psi-jack	Okay. xfs_repair then	05:27
roxy__	i did, but said can't not find superblock	05:28
psi-jack	Okay, xfs_repair -d	05:29
psi-jack	if that works, immediately reboot after it's done.	05:30
roxy__	couldn't verify primary superblock - bad magic number !!!	05:30
roxy__	attempting to find secondary superblock.	05:31
psi-jack	Okay. Is it still goinf?	05:31
roxy__	yes	05:34
chrislabeard	If my server when i ssh into says there are 16 updates don't i just do apt-get update	05:34
psi-jack	Okay, good start then.	05:35
psi-jack	roxy__: Just remember, when it finishes, you'll /need/ to reboot immediately, else you will cause further damage.	05:35
psi-jack	roxy__: Was this your / filesystem that got damaged?	05:36
twb	chrislabeard: it only lists 16 updates because it has done an "apt-get update" itself	05:36
roxy__	but still doesn find	05:36
roxy__	no	05:36
roxy__	the info, data	05:36
chrislabeard	twb: ahhh	05:36
chrislabeard	okay	05:36
psi-jack	roxy__: Eh?	05:36
twb	chrislabeard: see /etc/cron.daily/apt	05:36
chrislabeard	twb: yeah well it says 19 packages can be updated	05:36
chrislabeard	38 updates are security updates	05:36
roxy__	sorry i missunderstand your question...yes, i am checking the damage partition	05:37
Psi-Jack__	Okay, is it still running the repair on it and not just dying immediately?	05:38
jmarsden	chrislabeard: If you want to actually upgrade your machine to include those updated packages, do sudo apt-get upgrade	05:41
chrislabeard	jmarsden: is it bad to upgrade all those packages	05:42
roxy__	yes still is lookinf for the superblock but doesn't find	05:42
roxy__	unable to verify superblock, continuing...	05:42
jmarsden	chrislabeard: Define bad :) Usually it is 100% fine to upgrade them, unless you set your machine to look in strange nonstandard places for updates.	05:42
chrislabeard	k cool	05:43
* ball worries about updates too		05:43
Psi-Jack__	roxy__: Okay, tell me about how this came to be, and how you created this xfs drive.	05:43
jmarsden	ball: In the last year, have you had an update from an official Ubuntu repository break anything important? Or is your worry mostly unfounded?	05:44
roxy__	i didn was ceated time ago for somebody else...one of the disk was corrupt and i take off but no was in raid with this one	05:45
ball	jmarsden: I've had so many things break it's difficult to know what causes what. If I had more experience with Ubuntu I'd be in a better position to judge.	05:46
Psi-Jack__	roxy__: Lets try this again, in English please.	05:46
Psi-Jack__	So, It /was/ in a raid, and now is not, and it was corrupted?	05:46
ball	istr an update to Jaunty that went badly, but it worked better when I installed from a CD	05:46
jmarsden	ball: Hmm, OK. I only worry about updates from strange sources like PPAs or unofficial other repos... can't think of anything I have broken with a 'normal' update...	05:47
* ball nods		05:47
ball	I've found a few Ubuntu bugs, but I don't think any of them were in the Server variant	05:48
jmarsden	I've probably created a one or two Ubuntu bugs (minor packaging bugs) and then fixed them :)	05:49
Psi-Jack__	roxy__: I don't want to wait 5+ minutes for each answer to each of my questions I ask you, if that's how it's going to be, I'll be bored and non-responsive.	05:49
roxy__	im so sorry ..	05:50
roxy__	i just some user come here for a problem	05:50
roxy__	still dont get superblock	05:51
roxy__	i have a LVM with 3 disk on raid and 1 more individual, the disk alone was corrupted	05:52
Psi-Jack__	roxy__: Okay. So, what drive is this XFS filesystem on?	05:53
ball	roxy__: that's what they call "Sod's Law"	05:53
roxy__	all of them	05:53
Psi-Jack__	roxy__: So, it's part of a raid array?	05:53
roxy__	yes	05:54
* ball is confused		05:54
Psi-Jack__	What type?	05:54
ball	"1 more individual" != RAID, surely?	05:54
roxy__	raid 1	05:55
ball	roxy__: you had a three disk RAID-1 array?	05:55
roxy__	2 disk in raid 1	05:55
roxy__	sorry 3 disk	05:55
Psi-Jack__	So a mirror raid? I see. And you mentioned LVM as well?	05:55
roxy__	yes	05:55
ball	Ah, two mirrored disks and a third on its own (as a standby?)	05:55
roxy__	and one lv is corrupt	05:56
roxy__	thhe format xfs was done for each lv	05:56
Psi-Jack__	WHat type of LVM is on the partition?	05:56
roxy__	lvm2	05:57
Psi-Jack__	Linear or Striped?	05:57
=== chrislabeard is now known as chrisLAbeard
roxy__	i am not sure, how can know that?	05:57
Psi-Jack__	Well, First of all.	06:03
Psi-Jack__	vgdisplay -v shows your volumes, correct?	06:03
roxy__	that show me the VG and the LVs, but I just have one LV with problem and the rest are ok	06:05
Psi-Jack__	Okay. Fine, but does it show the volume that's not okay?	06:06
roxy__	everything is in the array od disk with raid 1	06:06
roxy__	no	06:07
Psi-Jack__	Okay then, there's your problem!	06:07
roxy__	show me is ok	06:07
Psi-Jack__	The LVM for it isn't okay, hence why the XFS has no superblock, cause lvm hasn't activated it.	06:08
rags	I installed mediawiki on ubuntu using aptitude, but when I open http:/localhost/mediawiki I get a download...intially I thught php was't parsing, but I just tested with phpinfo() and it worked	06:09
rags	I've also added the alias mediawiki in /etc/mediawiki1.10/apache.conf	06:09
roxy__	so? what i can do?	06:09
rags	Wht can be the problem? wht are the possible problems?	06:10
Psi-Jack__	roxy__: First of all, vgchange -a y to activate the volumes, all of them.	06:12
roxy__	i did	06:14
Psi-Jack__	Now, does lvdisplay -v show your faulty volume?	06:14
roxy__	still the problem	06:16
Psi-Jack__	Not showing up?	06:17
roxy__	no	06:17
Psi-Jack__	Okay. What's the /dev/* for the drive with issues?	06:18
roxy__	all are active but i can read one of the lv	06:18
roxy__	dev/internat/homes where internal is the VG and homes the LV	06:19
Psi-Jack__	No	06:19
Psi-Jack__	The ACTUAL device for the hard disk itself, not the mapped name from LVM.	06:19
Psi-Jack__	Like /dev/sda	06:20
chrisLAbeard	This is probly a really stupid question ... if i am using everydns name servers as slaves do i need to add a slave record to bind	06:20
Psi-Jack__	chrisLAbeard: No, That's for actual slave dns servers.	06:21
chrisLAbeard	Psi-Jack__: alright ... in my masterzone longhornpc.com i have them listed there as NS	06:22
chrisLAbeard	and told that record to allow transfers to the name servers Ip address	06:22
Psi-Jack__	roxy__: Here.. Use this website. I apologize, but your responses are just too slow for me to not be falling asleep for. http://www.linuxjournal.com/article/8874	06:24
Psi-Jack__	You need to recover the raid, then lvm, THEN you can get to the XFS properly.	06:25
roxy__	that is teh lv	06:25
roxy__	is /dev/md1	06:26
roxy__	the raid is working is just this lv that have the problem	06:27
Psi-Jack__	Yeah, and yet, I ASKED for the actual device node, not the md#, not the lv name, the DEVICE node.	06:29
Psi-Jack__	So, next time you ask for help, and are asked specific questions, answer them. I'm done for now.	06:29
Psi-Jack__	I need sleep.	06:29
Psi-Jack__	Use the website I referred you to.	06:29
roxy__	Yes i can see that...thanks	06:34
twb	8.04 appears to have apparmour turned on and in "enforce" mode by default. Is that still the case in current releases?	06:36
quizme	hi, i'm trying to set up mod_proxy for a web site.	06:45
quizme	http://cardinaleducation.thirdreplicator.com/	06:46
quizme	on port 11000	06:46
quizme	http://pastie.org/590782	06:48
quizme	that's my apache conf file	06:48
cef	twb: think so.. it only enforces for apps that have profiles afaik	06:58
twb	#Apparmor on OFTC is helping me	06:58
twb	see https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles	06:58
LiraNuna	where does postfix run chrooted?	07:28
LiraNuna	/var/run/postfix doesn't seem to be it	07:29
jmarsden	LiraNuna: /var/spool/postfix I think... but it doesn't chroot by default, at least as far as I can tell. Read the /etc/init.d/postfix init script for the details.	07:33
LiraNuna	jmarsden, thanks that's exactly it	07:34
LiraNuna	and it does chroot for me ...	07:34
LiraNuna	and I don't remember configuring it not to	07:35
jmarsden	OK. i read the sxcript and it seems to check for the chroot field in /etc/postfix/master.cf, and that is not set to y in my (very default) config here.	07:35
LiraNuna	thanks for the path, that's exactly it	07:35
jmarsden	OK... and I misread the script, - means yes in that colum of the config file, so it does chroot by default :)	07:37
LiraNuna	yeah, I had a few annoyances to understand it does chroot by default	07:37
LiraNuna	like can't use mysql socket, must use tcp	07:37
jmarsden	OK... well, you could probably put a socket under /var/spool/postfix somewhere and make it work if you really need to :)	07:39
jmarsden	I think mysql can listen on multiple sockets at the same time... not sure though.	07:40
sbeattie	twb: you're welcome, glad I could help (over in #apparmor)	07:49
twb	sbeattie: heh	07:49
ivoks	ttx: i've uploaded corosync with requested changes and explained why we can't just sync from debian :)	08:40
ttx	ivoks: will have a look... but not before Monday. Ping mathiaz or zul about it if you need it faster.	08:41
ivoks	ok	08:41
ivoks	will do, since we need it asap	08:42
ivoks	we need to build other tools on top of corosync	08:42
ttx	yes, that's why I warned you :)	08:42
johe\|work	good morning	08:48
acalvo	once CSR is only valid for the computer that generates it? or it is valid for more than one computer?	08:50
eolo999	hi, i'm trying to setup unattended dist-upgrades with cron-apt. I'm only worried about what happens to packages configuration files. Example: i have my personal configuration of postfix and don't want an update modify it. I can be sure configuration files are not touched?	09:15
_ruben	well .. dont do unattended upgrades then	09:18
imchrislabeard	what are the advantages of having a mail server?	09:20
_ruben	being able to send and receive mail perhaps?	09:21
eolo999	_ruben: just looking for an apt-get option which by default leaves configuration files untouched without prompting	09:21
imchrislabeard	as opposed to like using gmail apps	09:22
_ruben	imchrislabeard: having full control over it	09:22
imchrislabeard	i can set up email for a subdomain can't i	09:22
_ruben	imchrislabeard: i can, not sure if you can ;)	09:23
imchrislabeard	haha	09:23
imchrislabeard	_ruben: i would have to create a mail.sub.example.com	09:23
imchrislabeard	mx record	09:24
imchrislabeard	in my example.com hosts file	09:24
eolo999	more precisely i would like to hav apt-get "hold" configurations...	09:26
eolo999	*have	09:26
_ruben	imchrislabeard: you'd create a mx record for sub.example.com pointing to whatever mailserver you want to use for it, eg: mail.sub.example.com	09:26
_ruben	and configure said mailserver to accept mail for sub.example.com	09:27
imchrislabeard	what is the best mailserver	09:29
imchrislabeard	in your opinion	09:30
Boohbah	postfix	09:32
Boohbah	+ courier-imap	09:32
_ruben	postfix (+ dovecot for pop3/imap/sasl)	09:37
ivoks	dovecot-postfix :)	09:38
eolo999	i found a 'dpkg' option which is called 'confold'. so is there a way to pass arguments to dpkg itself?	09:53
johe\|work	so good morning,	10:04
\sh	maswan: moins...do you have btw iscsi storage running unter ubuntu/debian somehow?	10:06
maswan	\sh: nope, no iscsi	10:12
maswan	\sh: we prefer internal storage to external. :)	10:13
Jeeves_	\sh: We have	10:27
\sh	Jeeves_: cool...how do you mount your iscsi devices automatically, I hope you have bond and vlan setups which comes up very late during boot up sequence	10:38
Jeeves_	\sh: We don't	10:39
Jeeves_	that doesn't work too well	10:39
\sh	Jeeves_: well..that's one of my problems...somehow /etc/init.d/open-iscsi is called for every ifup but it doesn't work...I have to setup the iscsi device as _netdev in fstab with 0 0 , and then call mount -a -O _netdev in /etc/rc.local that's the only way I got that setup running	10:41
_ruben	wonder why hooking into ifup wouldnt work	10:43
\sh	_ruben: I need to investigate, but looks like that open-isci starttargets should be called, I wonder why it doesn't work	10:45
\sh	in /etc/rc.S/S25open-iscsi that's where the open-iscsi stuff is started and tries for the first time to login into the iscsi portal (in my case a msa2012i)	10:46
imchrislabeard	what is a zombie process ?	11:24
qman__	one with an affinity for brains ;)	11:25
qman__	http://en.wikipedia.org/wiki/Zombie_process	11:25
cemc	is there a way to monitor hardware of an ibm eserver from linux? like temperature, fan speed ?	12:33
cemc	from ubuntu*	12:33
ewook	smnp?	12:34
maswan	ipmi?	12:34
giovani	cemc: sure ... if the sensors are available locally on the machine -- you can do anything you want with them	12:37
jdstrand	Psi-Jack__: the ufw cli command is focused on host-based firewalls. it will work fine on a server. the ufw framework supports anything iptables can	13:55
jdstrand	Psi-Jack__: and it works just fine on servers	13:55
Psi-Jack__	Yeah..	13:55
jdstrand	oh, I said that :)	13:55
Psi-Jack__	but still, it's not as convenient as straight up iptables commands, iptable-save, iptables-restore.	13:56
jdstrand	Psi-Jack__: I would have to completly disagree	13:57
jdstrand	Psi-Jack__: ufw allow OpenSSH ; ufw enable	13:57
jdstrand	Psi-Jack__: with two commands you have a completely configured firewall	13:58
Psi-Jack__	Okay, show me a ufw command to port forward.	13:58
Psi-Jack__	Show me a ufw command to trigger a block if too many connections come into a single port a second.	13:58
jdstrand	Psi-Jack__: ah, but that is not what you said! 'host-based' implicitly means 'non-routing'	13:58
Psi-Jack__	Show me a ufw command to enable NAT. :)	13:58
Psi-Jack__	Precisely!	13:59
jdstrand	Psi-Jack__: ufw does have a limit command	13:59
jdstrand	but the timeout is currently not configurable	13:59
Psi-Jack__	So, you see..	14:00
Psi-Jack__	For over simplicity for HOST-based, it's less useful than simply defining your rules in iptables directly and saving and restoring, like Gentoo, for example, uses.	14:00
jdstrand	Psi-Jack__: I said that initially. your statement was a blanket statement, mine was a precise statement	14:00
_ruben	the use of ufw doesnt require knowledge of iptables	14:01
jdstrand	Psi-Jack__: if you are comfortable setting up your own iptables firewall, ufw won't get in your way and you can write your script	14:01
jdstrand	Psi-Jack__: if you want to quickly setup a host-based firewall, ufw is hard to beat	14:01
=== ivoks_ is now known as ivoks
jdstrand	Psi-Jack__: if you want to combine host-based rules and NAT, forwarding, etc-- ufw can help	14:02
ivoks	first my laptop died, and now there's no electricity in my area... i just can't work anymore :/	14:03
Psi-Jack__	I dunno.. I'm thinking about ripping gentoo's iptables script and modifying it to work with ubuntu personally. heh	14:03
ivoks	zul: are you here?	14:04
zul	ivoks: yeap	14:04
ivoks	zul: could you plese look at the only open bug for corosync	14:05
ivoks	?	14:05
zul	bug numbe?	14:05
ivoks	my cell phone battery is low...	14:05
jdstrand	Psi-Jack__: not everyone knows iptables like the back of their hand. not to mention a complicated iptables script is hard to audit. ufw helps make sure you get things right, is easy to read and allows you to do all the complicated stuff. I'm in no way telling you what to use, of course.	14:05
ivoks	don't know (i'm ircing over nokia)	14:05
ivoks	it's the only one	14:06
jdstrand	there was a time when iptables had an restore init script, but it was ripped out cause it caused too many problems. maybe gentoo's is better (I don't know)	14:06
ivoks	sync request from ppa	14:06
jdstrand	s/an/a/	14:06
zul	ivoks: k just need to up load it right?	14:06
ivoks	rightt, from ubuntu-ha-maintainers ppa	14:07
zul	gotcha	14:07
ivoks	ok, will be back as soon as possible	14:07
zul	ivoks: corosync (1.0.0-4ubuntu2) karmic; urgency=low	14:07
zul	<-- this one right?	14:07
ivoks	yes	14:08
zul	k	14:08
zul	gimme a sec and ill do it	14:08
ivoks	i don't have it; battery very low	14:08
ivoks	:)	14:08
zul	sheesh doing it now :)	14:08
ivoks	there's no bug report, but we'll need openais sync too	14:09
ivoks	zul: thank you!	14:11
zul	ivoks: its...um...	14:11
=== Nightlurs is now known as Nightlurker
Psi-Jack_	jdstrand, It is. It actually works.	14:35
Psi-Jack_	jdstrand, See, all it really does, is use the standard iptables commands to save and restore. Done right, it's really simple.	14:36
Psi-Jack_	Done wrong, obviously, will result in bad anomolies.	14:36
kpettit	Good morning. Can anybody recommend a good script/app for doing some basic QOS? Basically I'm trying to make SIP traffic a priority	15:01
giovani	kpettit: yeah, QoS in linux isn't a simple "script"/"app"	15:04
kpettit	I understand, I've done it before. But it's been a few years so I'm trying to see what's out there.	15:05
uvirtbot	New bug: #416958 in openssh (main) "GSSAPI Cascading Credentials support" [Undecided,New] https://launchpad.net/bugs/416958	15:05
ivoks	RoAkSoAx: you were saying?	15:08
RoAkSoAx	ivoks, could you please endorse my MOTU Application: http://wiki.ubuntu.com/4nDr3s/MOTUApplication ?Thanks :)	15:08
ivoks	sure	15:12
RoAkSoAx	ivoks, thanks :)	15:22
=== _jmedina is now known as jmedina
ivoks	nice...	15:40
ivoks	nokia is diching s90	15:40
ivoks	s60, lol	15:40
jmedina	hi ivoks	15:42
ivoks	hi	15:42
ivoks	zul: it's me again :)	16:11
zul	ivoks: with more battery power?	16:12
ivoks	whole power plant :)	16:12
ivoks	zul: bug 416970	16:13
uvirtbot	Launchpad bug 416970 in openais "Please sync openais 1.0.0-3 (main) from Debian experimental" [Undecided,New] https://launchpad.net/bugs/416970	16:13
ivoks	if it's not so hard...	16:13
ivoks	:)	16:13
zul	ivoks: if the ubuntu changes can be dropped just subscribe ubuntu-archive and they can sync it from debian	16:14
ivoks	ok	16:15
zul	next? :)	16:15
ivoks	that's all :)	16:15
ivoks	next time - beers on me :)	16:15
ball	bears on me... GET THEM OFF!	16:20
ball	:-o	16:20
johe_	:-)	16:20
=== johe_ is now known as johe
Psi-Jack_	Curious. Anyone here use firestarter?	16:30
jmedina	firestarter requieres a GUI, ubuntu doesnt support GUIs	16:31
jmedina	I consider firestarter a personal desktop firewall	16:32
Psi-Jack_	Heh	16:32
Psi-Jack_	They consider it useful for desktops and servers.	16:32
Psi-Jack_	And it doesn't /require/ a GUI, it just has one, if I see this right.	16:32
* jmedina used firestarter 6 years ago, then used my own script, and now shorewall installed on about 30 servers		16:33
Psi-Jack_	They have a client/server interface for it, which would make anything able to work with it/	16:33
jmedina	well firestarter wont fit my requierements	16:33
pmatulis	"ubuntu doesn't support GUIs" -- huh?	16:33
jmedina	ubuntu server	16:33
Psi-Jack_	So you use shorewall, eh?	16:33
jmedina	yeap	16:33
jmedina	been working with shorewall team for a few years	16:34
Psi-Jack_	Ahhh	16:34
Psi-Jack_	Cool. So, is there's a quickstart guide to shorewall?	16:34
Psi-Jack_	Everytime I look into it, it looks even more painful to use than just straight iptables.	16:34
jmedina	psi sure	16:34
jmedina	there are quickstart guides for single interface, two interfaces, three interfaces, multiisp	16:35
Psi-Jack_	And this is usually on my router, where if it's not routing, I'm using links for browsing which makes it worse	16:35
Psi-Jack_	I need multi-interface with ip-masquerading, at theminimum.	16:35
jmedina	I dont know any other firewall configuration with that extensive documentation	16:35
abta	perhaps you also could take a look on "firehol"	16:35
abta	but shorewall is also very good ;)	16:35
jmedina	Psi-Jack just take a look at shorewall.net and the documentation section	16:36
Psi-Jack_	Will so.	16:36
Psi-Jack_	do	16:36
jmedina	they document almost everything, with a active developent, I think last year shorewall was promoted to the best supported open source proyecto or something	16:37
Psi-Jack_	Just trying to figure out whichversion comes with ubuntu 9.04 package repos	16:37
jmedina	it is easy to install by hand	16:38
jmedina	or you can use shorewall packages, shorewall debian maintainer is part of the shorewall core team	16:38
Psi-Jack_	heh	16:39
Psi-Jack_	I'm not seeing a simple quickstart guide.	16:46
Psi-Jack_	Well okaaay now, Ubuntu only comes with shorewall 4.0	16:49
jmedina	Psi-Jack in the front page "Getting started with shorewall" then New to Shorewall? Download the current Stable version (see above) then select the QuickStart Guide that most closely matches your environment and follow the step by step instructions.	16:49
jmedina	:)	16:49
jmedina	you need to read quickstart guides	16:50
Psi-Jack_	Ahh there is it	16:50
Psi-Jack_	it is	16:50
jmedina	I have my own quickstart guide in spanish, which I use for every firewall implementation	16:50
Psi-Jack_	hehe	16:50
jmedina	Psi-Jack, read the quickstart guides	16:51
jmedina	if you have problems please read the shorewall support guide	16:51
jmedina	http://shorewall.net/support.htm	16:51
Psi-Jack_	Well, that's cool. I could easily do the 3-NIC method, except that I only have 3 gigabit switch. ;)	16:51
Psi-Jack_	err, a , not 3	16:52
jmedina	I have a firewall with 6 interfaces	16:52
jmedina	3 WAN links, a DMZ and two separate lans	16:52
jmedina	it is really flexible	16:52
Psi-Jack_	heh	16:53
jmedina	and for more help you can search mail archives or contact shoewall developers and volunteers at #shorewall	16:53
Psi-Jack_	Yeah, I'm a hands on kinda man myself.	16:54
Psi-Jack_	I can't stand mailing lists.	16:54
* jmedina loves lurkin on lmailin lists..		16:55
jmedina	I learn more from mailing lists than other sources..	16:55
jmedina	reall problems	16:55
Psi-Jack_	GUess I'll just have to get me another gigabit switch. ;)	16:55
Psi-Jack_	So I can properly DMZ off my servers from my workstations, media stations, and house control servers.	16:56
giovani	Psi-Jack_: or just one with vlans ...	17:00
Psi-Jack_	Hmmm	17:00
Psi-Jack_	I suppose I could, but I prefer a physical DMZ zone, and have the router hand out the proper routing methods internally as well as externally.	17:01
Psi-Jack_	much more secure that way.	17:01
jmedina	and more physical space, more cables, more energy waste, more adminstration...	17:02
Psi-Jack_	heh	17:02
giovani	I don't know why VLANs changes routing ... but ok	17:03
* ball wonder if Psi-Jack_ is using DMZ to mean what it usually means.		17:03
giovani	granted, virtual security shouldn't be used in areas where security is a big concern -- it's unlikely your home DMZ is one of those	17:03
* ball doesn't use a DMZ		17:05
ball	...not entirely sure I believe in them.	17:05
giovani	I'm not entirely sure what "believing" in them entails	17:12
giovani	I'm not sure how separation of duties would ever be a bad thing security-wise	17:12
giovani	internet-facing systems shouldn't have the same trust level as non-internet facing systems	17:13
Psi-Jack__	ball: Yes, a seperated physical network for servers away from the personal workstations.	17:13
giovani	there's nothing "physical" about a DMZ	17:14
ball	Psi-Jack__: that's not a DMZ	17:14
ball	At least, not a definition of a DMZ that I've ever seen	17:14
giovani	ball: it's his real-world application of a DMZ	17:15
giovani	his servers will sit in a separate, firewalled/routed network	17:15
giovani	that's precisely what a DMZ amounts to	17:15
ball	That makes sense, but I've not seen "DMZ" used in that context. Fair enough though.	17:15
giovani	you haven't?	17:16
giovani	what context have you heard of DMZs in then?	17:16
Psi-Jack__	Yep.	17:17
ball	Servers that sit basically outside the Firewall, or at least behind just the first firewall with ports forwarded to them.	17:17
giovani	ball: that's precisely the same concept	17:18
Psi-Jack__	Seperate route, seperate physical hardware between them, a switch for the DMZ area, a switch for the rest of the network, both connected to one firewall (or more)	17:18
giovani	with more details provided	17:18
giovani	Psi-Jack_: no, there's nothing inherently physical about a DMZ	17:18
ball	Hmm... okay.	17:18
Psi-Jack__	giovani: Is a switch seperately connecting the DMZ server network not physical? :p	17:19
giovani	Psi-Jack__: that's not related to the definition of a DMZ	17:19
giovani	if you'd like to make it physical ... go ahead	17:19
giovani	but that's not required to achieve the concept of a DMZ	17:19
ball	Psi-Jack__: depends on the switch, presumably.	17:19
giovani	I've said this multiple times now	17:19
Psi-Jack__	ball: Okay, I'd like to see a switch made out of thin air. ;)	17:20
Psi-Jack__	Zero mass. ;)	17:20
giovani	...	17:20
Psi-Jack__	heh	17:21
=== ScottK2 is now known as ScottK
ball	Psi-Jack__: I was thinking more in terms of virtualisation, but a managed switch might be divisable into separate ethernets.	17:22
* Psi-Jack__ nods.		17:22
giovani	might be?	17:23
giovani	that's what vlans are	17:23
giovani	any modern, non-dumb switch does vlans	17:23
giovani	and yes, virtualized switches clearly accomplish this as well	17:23
* ball is tempted to buy a modern dumb switch		17:24
giovani	why?	17:24
ball	To replace a non-modern 100baseT hub.	17:25
ball	It has worked well for us, but we've run out of ports on it.	17:25
giovani	haha, hubs	17:25
ball	I suppose I could get one of these newfangled managed switches	17:25
ball	...but I'm wary of complexity	17:25
ball	Trying to keep things simple there.	17:25
giovani	it's only as complex as you make it	17:26
giovani	I've never seen a managed switch not work out of the box as a simple switch	17:26
* ball nods		17:26
ball	I suppose VLANs might be handy for things like VoIP, which I'd like to roll out eventually	17:27
ball	I'll need a PoE switch for that anyway	17:27
Psi-Jack__	Oh that reminds me!	17:27
ball	...so it may as well be physical	17:27
Psi-Jack__	I was going to look into that Zoom Skype device, to see if it was Linux capable. ;)	17:27
ball	Psi-Jack__: I don't know what that is. I was thinking more of Asterisk or FreeSwitch	17:29
ball	...and SIP phones on people's desks	17:29
Psi-Jack__	Heh. I have no need for that at home. ;)	17:29
giovani	ball: uh, VLANs are essential for any large office that wants to separate networks ... you're just not going to be able to use separate physical switches without a ton of waste, and not very much flexibility	17:29
giovani	you should be vlaning all different types of machines	17:30
giovani	printers, desktops, servers, phones, etc	17:30
ball	giovani: It's a small LAN.	17:30
jmedina	and games.	17:30
jmedina	:)	17:30
giovani	ball: even in a small office -- it'd be the right thing to do, although not nearly as necessary	17:31
* ball nods		17:31
jmedina	and porn servers	17:31
ball	Perhaps I'll find a switch that offers a few PoE ports	17:31
ball	...and a few that aren't.	17:31
giovani	yep, plenty of those exist	17:31
ball	I have a hell of a job finding a switch with the features I want anyway.	17:31
giovani	what features are those?	17:32
* ball thinks for a moment		17:32
ball	24 (or perhaps 32) port 100baseTX with at least one 1000baseT port.	17:32
giovani	uh	17:33
ball	Preferably two	17:33
giovani	I can name like 10 switches that meet that requirement	17:33
giovani	that's ... very common	17:33
ball	giovani: Ah good. Do any of them have 8 PoE ports?	17:33
jmedina	just ask your hardware store...	17:33
giovani	yep	17:33
giovani	ball: what's your budget?	17:33
jmedina	I use linkyss for PoE, they are afforable	17:34
ball	giovani: I'm not sure.	17:34
ball	jmedina: Our other network gear is Linksys, so that might work for us.	17:34
giovani	linksys makes crap switches	17:34
giovani	but, they are indeed cheap	17:34
giovani	I have one	17:34
ball	giovani: do HP make non-crap ones?	17:35
jmedina	giovani: yeap	17:35
* jmedina is fighting with a linksys print server right now :S		17:35
giovani	http://www.netgear.com/Products/Switches/SmartSwitches/FS726TP.aspx	17:35
giovani	so there's a 24 port 10/100 switch with 2 gigabit, and 12 of the 24 are PoE	17:35
ball	I don't think I can buy a managed switch from Netgear. I had some bad experiences with their routers.	17:36
ball	bad experiences.	17:36
giovani	well unless your budget is $1000+	17:36
giovani	you only have a few companies to choose from	17:36
giovani	netgear being the best of the bunch	17:36
ball	giovani: if $1,000 is what it costs for what we need, that's fair enough.	17:36
giovani	awesome	17:36
giovani	go cisco then	17:37
giovani	clearly netgear's switch at $250 street price is not going to compete with a $1500 cisco switch	17:37
ball	Only reason I mentioned HP was that we seem to be coalescing around HP gear, especially since we bought the HP server.	17:37
giovani	yeah, procurve switches are another option	17:38
giovani	they're a bit less than cisco	17:38
giovani	but not significantly so	17:38
ball	...and if I can give them one company to contract support from when I leave, that's a good thing	17:38
giovani	and you'll find far more people ready to work on, with experience on cisco	17:38
giovani	yeah, I'd not get focused on finding a single company to buy everything from	17:38
giovani	that usually leads to buying the wrong products	17:38
imchrislabeard	is there a security hole in php5 ?	17:40
giovani	one?	17:40
giovani	thousands	17:40
jmedina	:)	17:42
ball	Now I have to consider L2 managed Vs. unmanaged.	17:43
genii	I can't find any good info on some linux-friendly wifi card based on ExpressCard 54mm type slot. Any suggestions?	17:50
jmedina	genii: if you fine one plase tell me	17:51
giovani	genii: I'd just google	17:51
jmedina	In fact I have never seen a express card here in mexico	17:51
jmedina	I just bought a new laptop and still includes pcmcia	17:51
genii	jmedina: My new laptop came with expresscard only :( . There seems so little info available on them as well (linux based)	17:52
giovani	there are very few expresscards on the market anyhow	17:52
giovani	so this isn't really a linux thing	17:52
jmedina	genii: we sell hardware and none supliers know about expresscard :)	17:53
giovani	given the lack of a real market	17:54
giovani	I'd choose USB over ExpressCard	17:54
uvirtbot	New bug: #417030 in samba (main) "instalacion interrumpida" [Undecided,New] https://launchpad.net/bugs/417030	17:56
Psi-Jack_	Okay, so there's a deb package for shorewall 4.4 available for Ubuntu, yes?	18:08
Psi-Jack_	Ah yes, cool I see it.	18:10
uvirtbot	New bug: #417045 in lsb (main) "lsb_release crashed with ImportError in <module>() (dup-of: 383697)" [Undecided,New] https://launchpad.net/bugs/417045	18:26
Psi-Jack_	jmedina, The ubuntu package, shorewall, won't automatically try starting it upon install, will it?	18:42
Psi-Jack_	The ones from the shorewall repository managed by Benjamin?	18:42
giovani	Psi-Jack_: probably, why?	18:44
Psi-Jack_	Cause I wouldn't want it to right off the bat. I'm installing this remotely.	18:44
giovani	why would it installing be a problem?	18:44
giovani	does it have default rules? that would be stupid	18:45
Psi-Jack_	I dunno. Good questions. ;)	18:45
Psi-Jack_	Better safe than sorry though, right?	18:45
giovani	don't use a crappy "firewall manager" then	18:45
* Psi-Jack_ grumbles.		18:45
giovani	well you should always have an out-of-band management system	18:45
Psi-Jack_	One thing I hate most, is people telling you what and what not to use when it's nothing to do with them. :p	18:45
Psi-Jack_	Not to mention, rude as heck.	18:46
giovani	hate it all you want	18:46
Psi-Jack_	Was about as bad as telling someone to throw their "junk" away, because it's totally unrealated to the question asked.	18:46
giovani	except that this is volunteer help	18:46
giovani	so it doesn't come with a shut-your-mouth the-customer-is-always-right attitude	18:47
Psi-Jack_	So fracking what? Common decency, common curtesy, common fracking sense.	18:47
giovani	if you want that, I'm sure canonical is willing to provide it	18:47
Psi-Jack_	I can help someone fix something, or help decide on something, and give all points of views rleated to it, without barking down them and saying do it this way only.	18:48
giovani	all I said was that if you're concerned about this problem, you shouldn't use it	18:49
giovani	I didn't say you can "only do it this way"	18:49
Psi-Jack_	No, you said, don't use a crappy firewall manager then. I asked one simple question. Does it start at install, cause a lot of packages for servers do try initially to startup right during installation of it.	18:50
Psi-Jack_	For firewalls, that's a very bad idea, but better safe, than sorry.	18:50
giovani	safe would be not using it, is what I'm saying	18:51
giovani	or safe would be having an out-of-band management tool	18:51
Psi-Jack_	Safe, would be knowingwhere you leap from and where you'll land.	18:51
Psi-Jack_	Not not doing it in the first place.	18:52
giovani	'knowing' with certainty isn't always possible	18:52
Psi-Jack_	Sure it is.	18:52
Psi-Jack_	It's /always/ possible.	18:52
luckyone	giovani: I ordered this, http://is.gd/2sada	18:52
PhotoJim	shorewall doesn't start automatically. you have to configure it first.	18:52
jmedina	Psi-Jack, no it is on the howto	18:52
luckyone	giovani: will be replacing my Atom based NAS box	18:52
Psi-Jack_	jmedina, Cool. So it just installs, but doesn't enable itself out of the install? Good.	18:53
PhotoJim	so make sure port 22 is open, so you can ssh in, before you enable it. and when you enable it, test it by starting a new ssh connection first.	18:53
giovani	luckyone: with?	18:53
luckyone	the link	18:53
giovani	ah, didn't see link	18:53
luckyone	;)	18:53
jmedina	Psi-Jack in the quickstart guide there is a WARNING: Note to Debian and Ubuntu Users	18:53
giovani	luckyone: definitely not $200	18:53
luckyone	yeah, 2x that much	18:54
Psi-Jack_	jmedina, Oh! Yep. Sure is!	18:54
luckyone	giovani: pretty sweet device though	18:54
luckyone	giovani: has access to ipkg repos	18:54
luckyone	giovani: very low power arch	18:54
luckyone	giovani: and I will repurpose my Atom box for a bedroom media center	18:55
jmedina	if you want to secure your system when shorewall is stopped and you still want to allow remote access check routestopped file	18:55
Psi-Jack_	Heh. Well, that's just great. Cause I'm looking into shorewall for setting up a routing and load balancing server for work as well, but all our servers are housed accross the country.	18:55
jmedina	Psi-Jack, when you are doing remote changes and if you are not sure about new rules (probably they can reject remote access) always use	18:56
Psi-Jack_	But, likely, those servers will be gentoo, and nothing starts default on gentoo.	18:56
jmedina	shorwall safe-restart	18:56
Psi-Jack_	Right.	18:56
jmedina	if you dont accept new changes, shorewall will go back to the previos configuration after 60 seconds	18:56
jmedina	just likce cisco	18:56
Psi-Jack_	jmedina, It's the initial install that bothers me, that tells me that it installs, runs and locks down the system right away.	18:56
jmedina	Psi-Jack o_O	18:57
jmedina	shorewall is not configured by default	18:57
jmedina	you need to creat your ruleset from scratch	18:57
Psi-Jack_	jmedina, Heh.	18:57
PhotoJim	Psi-Jack_: if you have console access, that's a backup too, in case you muck stuff up.	18:57
jmedina	you need to edit, zones, interfaces, policy, rules and probably shorewall.conf	18:58
Psi-Jack_	PhotoJim, We haven't got a KVM-IP switch yet. ;)	18:58
jmedina	you cant start shorewall without those files	18:58
PhotoJim	Psi-Jack_: get one. :) but it's not hard to get a basic shorewall configuration set up.	18:58
Psi-Jack_	jmarsden, Okay, So JUST installation with apt-get, won't initiate anything or try torun it? Thats all I was asking.	18:58
PhotoJim	Psi-Jack_: you have to specifically enable it. there is no harm to installing it.	18:58
PhotoJim	Psi-Jack_: there's a specific config setting that needs changing to permit to actually start.	18:59
Psi-Jack_	PhotoJim, That's.. Unfortunately.. Not up to me, but I'm sure I can convince mybosses we need it.	18:59
Psi-Jack_	PhotoJim, Perfect. That's what I wanted to make sure of. ;)	18:59
PhotoJim	Psi-Jack_: tell them it's really useful in case of failure. really quite essential unless you have techs with physical access.	18:59
PhotoJim	Psi-Jack_: NP.	18:59
Psi-Jack_	As is, I'm just using a very very basic ufw ruleset to enable NAT and ssh ports.	18:59
PhotoJim	gotta run an errand, bbl. feel free to PM if you have Qs.	18:59
Psi-Jack_	PhotoJim, That's it. We don't have physical access at all. It's housed in a tier-4 shop	19:00
Psi-Jack_	jmedina, Curious on another point for shorewall..	19:00
jmedina	Psi-Jack, if you want ask in #shorewall	19:01
Psi-Jack_	Good idea..	19:01
jmedina	I cant help, but this is not shorewalls channel	19:01
* Psi-Jack_ nods.		19:01
jdstrand	Psi-Jack_: I'll advise you to do 'ufw disable' before enabling shorewall (but I'm sure you know that, since you already enabled it :)	19:02
Psi-Jack_	Right. ;)	19:03
Psi-Jack_	jmedina, Okay, one thing you can help me with, I checked out the apt-sources deb lines,, but it still seems to only have 4.0, I'd have figured they'd be 4.4 at least, no?	19:05
jmedina	Psi-Jack, sorry I always use tar files	19:06
jmedina	I dont use debs	19:06
jmedina	you can use elcubano repos	19:06
Psi-Jack_	elcubano? heh	19:07
jmedina	he is the shorewall maintainer, a little busy these days	19:07
jmedina	jo jojo, wrong channel	19:07
jmedina	:)	19:07
jmedina	Psi-Jack, omache is shorewall developer	19:10
jmedina	he works as software architech at hp	19:11
jmedina	if you have more questions, use mailing lists, so he can help offline...	19:11
fly9	anyone hosting guests in ubuntu server with virtualbox?	19:38
fly9	i need help with bridged networking	19:39
fly9	and vbox 3.04	19:39
PhotoJim	Psi-Jack_: yes, definitely arrange to get console access. in your situation it's really quite crucial.	20:02
loa	Yo! Have my ubuntu-server 8.4 that I upgraded to 8.10 and then to 9.04 yesterday. After the upgrades I can't get my virt systems to run again.	20:03
loa	Virsh complains that "error: failed to connect to the hypervisor"	20:03
loa	I have no idea what it can be, do anyone happen to perhaps know what might be wrong?	20:03
Psi-Jack_	PhotoJim, Heh yeah.. I also need to get MegaCLI working, cause we haven't had anything at all to watch over the fricken RAID stuff, all this time.	20:04
jmedina	loa: there is not xen support for jaunty	20:04
jmedina	you are on your own	20:04
loa	Im using kvm	20:04
jmedina	ohh	20:04
jmedina	then I dont know....	20:04
loa	it's wierd.. yes...	20:05
loa	I don't really know how this stuff works..	20:06
giovani	major version upgrades are rarely a good idea :)	20:06
loa	but what I understand is that libvirt is using qemu to sort out kvm machines right?	20:06
loa	anyhow the virt-machines that are set to auto-boot is on and working..	20:07
loa	but I can't manage it with either virsh or virt-manager	20:07
loa	giovani: well didn't really feel for reinstalling it either	20:07
loa	giovani: but I agree	20:07
giovani	loa: yep, but, this kind of breakage is pretty typical	20:08
loa	best solution would be to reinstall it aye?	20:08
loa	I'm using software raids.. I figure the installer don't find them automagically?	20:09
jmedina	backup, use test machine, test and prey	20:09
loa	jmedina: to late now isnt it :P	20:09
giovani	loa: you don't have backups?	20:09
loa	not on the system itself no	20:09
giovani	you just don't migrate production systems without extensive testing where I'm from	20:10
giovani	loa: what do you mean "on the system"?	20:10
loa	who said I'm working on Microsoft?	20:10
giovani	Microsoft? what?	20:10
giovani	you're not being clear	20:10
loa	it's not like its dangerous that my system is down	20:10
loa	just a hassel	20:10
loa	and no I don't have backups on the system as Im only using it as a kvm host	20:11
loa	so reinstalling just takes time..	20:11
loa	I just thought someone here might been into the same problem as I have and might have suggestions on stuff to check up	20:11
loa	when I start virsh it sais "Connecting to uri: qemu:///session	20:16
loa	halDeviceMonitorStartup: dbus_bus_get failed org.freedesktop.DBus.Error.FileNotFound: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory"	20:16
ehird_	I have an Ubuntu 6.06 installation - don't ask; no, I can't upgrade :-) - and there is no "twm", "icewm" or "squeak-vm" packages. It seems the repositories have been massively stripped down. Is there an archive of the full repositories?	20:34
_ruben	you're in luck .. ubuntu server doesnt have any window managers due to lack of X ;)	20:35
_ruben	and only 'main' is LTS, perhaps universe and multiverse get stripped, though doubt that	20:36
ehird_	_ruben: umm, ...,	20:36
ehird_	there is the x server	20:36
ehird_	i know this because i installed i	20:36
ehird_	t	20:36
_ruben	yeah .. but its not really supported (by the server team) .. as it pretty much turns your server into a desktop	20:37
ehird_	well, I installed Ubuntu Server because I didn't want the default environment	20:38
Psi-Jack_	Hmm, here's an issue I am having.	20:38
giovani	ehird_: you're mistaken -- the repositories are identical between server and desktop versions -- they're the exact same location	20:38
ehird_	i don't think i disputed that, i think _ruben did though saying it didn't have x	20:39
Psi-Jack_	I have an external USB 2.0 Seagate 500GB SSD drive, and it's got XFS on it, but often times, when I try to access it, it's inaccessable. This is after having not used it in a while, I ls /mnt where I have fstab keeping it mounted at boot time, and it shows up in red. Fixing it, I have to umount it then mount it again and it's fine, and the directory for it in /mnt is blue like a directory again.	20:39
giovani	ehird_: you said it seems the repositories have been stripped down -- this isn't the case	20:39
ehird_	giovani: I find it odd then that numerous packages are missing	20:39
giovani	ehird_: they're not missing	20:39
ehird_	or were twm, icewm and squeak really not in 6.06?	20:39
ehird_	hmm, oh	20:39
ehird_	universe is commented out by default	20:40
ehird_	how embarrassing :) sorry	20:40
giovani	it always has been	20:40
ehird_	thanks	20:40
giovani	twm has always been in universe	20:40
giovani	you'll probably want to switch to the non -server kernel	20:40
ehird_	hmm, why?	20:40
giovani	and then you won't be getting support from here (as you'll be running a desktop)	20:40
giovani	because you probably don't want any of the compiled options the server kernel has	20:40
ehird_	i don't need any more support :)	20:40
ehird_	I think I'll just reinstall from the alternate CD	20:41
ehird_	thanks	20:41
_ruben	and yes, by "does not have", i actually meant "does not support" :)	20:41
ehird_	ok, thanks :)	20:41
loa	oh well, going to sleep. Reinstalling the box tomorrow. Thanks for the help anyway giovani	20:47
pmatulis	_ruben: did you discover why your ssh connections were dropping?	20:58
_ruben	pmatulis: i dont recall any of my ssh conns to drop .. perhaps mixing me up with someone else? :)	20:59
pmatulis	_ruben: yeah, it was "ruben23", sorry	21:00
_ruben	no problem :)	21:00
_ruben	its what one gets for using firstname as nick ;)	21:01
ruben23	hi how do i change my date form IST to EDT...?	21:22
sgsax	ruben23: you just want to change the timezone?	21:24
guntbert	ruben23: https://help.ubuntu.com/community/UbuntuTime should help :-)	21:26
sgsax	ruben23: http://www.linuxsa.org.au/tips/time.html for the non-gui solution	21:34
guntbert	sgsax: ^^^ has the CLI instructions too :-)	21:37
sgsax	guntbert: heh, that's even easier :)	21:38
guntbert	sgsax: ;-)	21:39
Sam-I-Am	mathiaz: you around?	21:54
mathiaz	Sam-I-Am: yes	21:54
Sam-I-Am	been messing with ld_debug... missing symbol in nssov.so... which somehow becomes 'file not found' in openldap	21:54
mathiaz	Sam-I-Am: oh cool. I've looked at this but didn't go anywhere	21:56
Sam-I-Am	gonna see if hyc might know whats causing that... hopefully its not any of the ubuntu patches	21:56
Sam-I-Am	how long has it been fried?	21:56
mathiaz	Sam-I-Am: which symbol?	21:56
Sam-I-Am	ber_bvmatch	21:57
mathiaz	Sam-I-Am: I've seen similar error when libtld had been updated	21:57
mathiaz	Sam-I-Am: 2.4.15 was working correclty	21:57
Sam-I-Am	i know ltdl changed names in karmic	21:57
Sam-I-Am	kinda simplified versioning i think	21:57
mathiaz	Sam-I-Am: right	21:58
mathiaz	Sam-I-Am: there may be a new version too	21:58
Sam-I-Am	hyc claims nssov works in 17... might try compiling upstream in karmic and see if it still breaks	21:58
mathiaz	Sam-I-Am: what is strange though is that all other shared libraries load correctly	21:58
Sam-I-Am	yeah	21:58
mathiaz	Sam-I-Am: 17 saw the addition of pam. I though may be something is missing there.	21:59
Sam-I-Am	hmm...	21:59
mathiaz	Sam-I-Am: it may also be related the toolchain in Ubuntu	21:59
Sam-I-Am	true	21:59
mathiaz	Sam-I-Am: and the way the nssov is built	21:59
mathiaz	Sam-I-Am: I'd run the nssov-build patch by hyc	21:59
Sam-I-Am	well, compiling upstream might answer some of those questions	21:59
Sam-I-Am	yeah, will do	21:59
Sam-I-Am	just waiting for him to return	22:00
Sam-I-Am	meanwhie, i think i should finally file this as a bug	22:00
mathiaz	Sam-I-Am: I would definetly show the nssov-build patch to hyc - it may be an issue there	22:01
Sam-I-Am	yeah i was looking at that	22:01
Sam-I-Am	doesnt seem too intrusive though	22:02
=== ircd is now known as samferry
Sam-I-Am	you know, looking at ld_debug, theres quite a few undefined symbols... not just in nssov	22:13
unixbocx	hello	22:40
Sam-I-Am	mathiaz: filed bug 417163	22:46
uvirtbot	Launchpad bug 417163 in openldap "NSS overlay (nssov) fails to load" [Undecided,New] https://launchpad.net/bugs/417163	22:46
LiraNuna	I love pam.d	22:58
KillMeNow	why do you love pam.d?	23:01
* jmedina doesnt feel love for a directory		23:02
LiraNuna	KillMeNow, it's so easy to set up stuff	23:39
LiraNuna	and anything plugs into it	23:39
Psi-Jack__	Heh. bleh.	23:42
KillMeNow	gah! everyday around this time I'm ready for a nap	23:42
Psi-Jack__	Heh	23:43

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!