/srv/irclogs.ubuntu.com/2009/08/24/#ubuntu-server.txt

leaf-sheepHelp. For some reason, my Ubuntu installation is unable to go beyond 33% of partitions formatting for 2TB HDD. I'm wondering if I did something wrong.  Maybe I'm supposed to set up RAID or something01:10
qman__leaf-sheep, RAID is only for multiple disk setups01:15
qman__and only in certain cases01:15
qman__what filesystem are you using?01:15
PhotoJimI'm googling, but I'm not aware of any issues with drives that size.01:15
qman__2TB is a lot of data, and would take a very long time to format in ext301:16
qman__how long did you let it set?01:16
PhotoJimit took me the better part of an hour to format a one terabyte drive, but that was on an older PIII server.01:17
qman__I would guess 2TB would take about two hours to format in ext3, based on my experience in setting up my RAID01:17
PhotoJimext3 should be fine.  max. vol. size depending on implementation is 2-16 TiB.  and a 2 TB drive would not be 2 TiB, it'd be 2 trillion bytes, significantly smaller.01:20
qman__yeah, it just takes a while to format the drive01:20
qman__I have a 3.3TB RAID array01:20
qman__in ext301:20
PhotoJimdepends on blocksize, apparently.  1 KiB blocksize caps at about 2 terabytes.01:21
qman__yeah, I know the limit of a default ext3 setup is ~8TB01:22
PhotoJimwith 4 KiB blocksize, which is the max. on most platforms.01:22
PhotoJimso that makes sense.01:22
PhotoJimso either it just needs more patience... or it's a bad drive or controller.01:23
qman__I need to decide on a new filesystem to use, my array is full and I need to upgrade01:23
qman__right now the choices are reiser and ext401:23
PhotoJimyou can't stick with ext3?01:24
qman__only to 8TB, but if I upgrade I don't think that'll be big enough01:24
PhotoJimext4 is still a bit new for me. and reiser's future is in some doubt due to Herr Reiser's incarceration.01:24
leaf-sheepqman__: EXT4.01:24
PhotoJimahh.01:24
qman__I trust ext301:25
qman__I don't trust XFS01:25
qman__the others are up in the air01:25
giovanixfs is relatively unstable on a regular basis01:25
giovaniext4 is the future for ubuntu01:26
giovanialthough you may want to be aware of some options that ensure secure journaling01:26
giovaniwhich aren't default in ubuntu afaik01:26
leaf-sheepIt's not just formatting.  See, when I started the installation process... to the point of formatting and setting up disks to my likings, it'll start right away at 33% and idling -- but I can't be certain of background activities for 2TB is a large HDD.01:26
giovanileaf-sheep: you can go to the console01:26
giovaniand look at activity01:26
giovanivia iostat, etc01:26
PhotoJimlooks like ZFS is an option too01:27
qman__leaf-sheep, the progress bar doesn't show the formatting process01:27
giovanior, if you're physically at the machine, obviously looking at the HD/CD activity will tell you if something's going on01:27
qman__it's divided up into how many partitions you have01:27
qman__so if you have a /boot, /, and swap01:27
leaf-sheepgiovani: Console? I came in here because I know people in here maintain servers all times (lot of HDDS).01:27
giovaniZFS support in linux isn't significant01:27
qman__so it's logical it would sit there on a large partition01:27
leaf-sheepI'm setting this up for HTPC.01:28
giovanileaf-sheep: understood -- but you can switch into the console during installation and check for yourself if it's active01:28
qman__...one of my lines didn't show up01:28
giovanisince you were unclear if it was actively writing to the disk01:28
qman__if you have a /boot, /, and swap01:28
qman__ /boot is 33%, / is the next 33%, swap is the final 33%01:29
giovaniqman__: depending on the disk order, no?01:29
qman__even if /boot is a few megs, / is almost 2TB, and swap is a gig01:29
qman__yes01:29
leaf-sheep100MB boot, Encryption --> LVM --> [2GB swap, 10GB root, Remaining for home]01:29
qman__oh, you're using LVM01:29
qman__that's why01:29
giovaniand encryption :)01:29
qman__it'll probably take about two hours to do the LVM01:30
leaf-sheepEncryption, indeed. ;)01:30
qman__then a while for the encryption01:30
giovaninah, it shouldn't take that long01:30
giovaniI just did a new 1.5TB drive on LVM01:30
giovanitook 10-15 min01:30
qman__wow01:30
qman__that's quick01:30
qman__but yeah, the process is generally slow, just let it do its thing01:30
giovaniand ... why speculate01:30
qman__if it's not done in a few hours, then something's wrong01:30
giovanijust check yourself if there's disk io01:30
giovanithere's no need to wait and guess01:30
leaf-sheepOh I'm installing Ubuntu Minimal from USB -- Would that cause issues?01:31
giovaninot during disk partitioning01:31
qman__no01:31
PhotoJimshouldn't.01:31
giovaniwhy are we still speculating?01:31
leaf-sheepThere are no official minimal usb other than UNR.01:31
giovanileaf-sheep: please switch into the console and run iostat01:32
giovanithis is will answer your question01:32
leaf-sheepIs it possible to obtain "Release file" for my local apt-mirror?  Getting base packages from official us.archive.ubuntu.com is long. I set up apt-mirror because I'm sick of waiting for packages and get failed installation every time.01:32
qman__I usually skip networking during the install to speed things up01:33
leaf-sheepgiovani: I'm getting jaunty usb. Somehow I ended up with karmic version.01:33
qman__then update later01:33
giovanileaf-sheep: sure ... set up your sources.list -- and it'll work01:33
giovanileaf-sheep: that's not good -- karmic is not stable at all01:33
leaf-sheepgiovani: I know. I clicked at the bottom and I assumed it was Jaunty. :<01:34
qman__but yeah, setting up 2TB that way is a slow process, and the progress bar does not indicate how far along each step is, just to which step you're at01:34
leaf-sheepYeah, but to start off at 33% right away?01:35
qman__normal01:35
qman__your 100MB boot partition takes a split second01:35
giovanileaf-sheep: have you not been listening to what qman__ has been explaining?01:35
qman__also01:35
qman__I suggest you up that to about 256MB01:35
qman__you'll run out of room for kernel updates01:36
qman__just my opinion though01:36
giovani100MB is standard, and fine, imo01:36
giovaniwhy would you need more than 3-4 back kernels?01:36
qman__you don't, but it keeps them automatically01:36
giovanisure01:36
qman__it's just an annoyance01:36
giovanibut by that logic, presuming you upgrade to every offered one ... you'll run out in short order anyway01:36
PhotoJimI agree to make it bigger, you won't miss 156 MB of disk space and it saves hassles if you don't punctually delete old kernels.01:37
PhotoJimnot critical.  but convenient.01:37
giovaniheh01:37
giovanibut then he'll just run out later01:37
giovanisame process, different timing01:37
PhotoJimsignificantly later.01:37
qman__yeah, but you don't have to clean out the old kernels as often01:37
giovani1.5 times longer01:37
PhotoJim2.5.01:37
giovanino, 2.5 total01:37
leaf-sheepgiovani: I'm putting it on usb... almost done.01:37
giovani1.5 longer01:37
PhotoJim256/100 = 2.56 actually.01:37
giovanianyway01:37
PhotoJim3 hours is 3 times as long as 1 hour, not 2 times as long.01:38
leaf-sheepqman__: I checked my laptop kernels where I kept them. It's in total of 46MB.  3 or 4 kernels there.01:38
giovaniPhotoJim: but it's 2 times longER01:38
giovani3 times AS lon01:38
giovanilong*01:38
PhotoJim"times" = multiplication.01:38
giovaniyes01:39
PhotoJimby definition.01:39
giovanilongER01:39
giovaniimplies in addition to01:39
PhotoJimyou're using it wrong.01:39
qman__I'ce got only one kernel on my router01:39
PhotoJim256% as much time, but 156% additional, if you must.01:39
qman__ /boot is using 24M01:39
qman__like I said, 100M is enough, it's just my preference to use 25601:40
qman__won't miss that extra space and updates are less annoying that way01:40
PhotoJimmy /boot hasn't been cleaned out in awhile, 64 MB01:40
PhotoJimthat's only 5 kernels.01:40
PhotoJimoldest April 1/09.01:41
leaf-sheepgiovani: What did you say about iostat? I'm at install prompt.  Do you mean for me to start a VT in boot process afterward?01:41
giovanileaf-sheep: I meant to go into the console during the installer, since you're curious what it's doing01:42
giovaniyou can do a ps aux01:42
giovanior if you have iostat you can run that01:42
giovaniand both will make it clear what the installer is doing, if it's doing anything, or if it's hung01:42
leaf-sheepConsole? That's CTRL + ALT + F[1-6] we're talking?01:42
qman__just alt01:42
qman__control is only necessary if you're in X01:42
giovanialt-f2 or f3, i forget which is which01:42
giovaniin the installer01:42
leaf-sheepOkay. I'll set up everything right to the 33% part.01:42
giovanithis lack of experimentation and hand-holding will get old quickly01:43
leaf-sheepgiovani: Meaning I can set up /etc/apt/sources.list to my localmirror although I tried different mirror which lacks Ubuntu Release File (something) for verification?01:44
leaf-sheepI guess not.  Now it's getting all packages from server... again.01:45
leaf-sheepWe'll sit tight. Please don't go anywhere. I'm frustrated and would love to get this done with. I have been trying this all night (last night) to this morning.  Fell asleep. Woke up and I'm at it again. :)01:46
HellMindhow tf, i must port forward with UFW , I HATE it :(01:54
qman__heh01:55
qman__port forwarding with iptables takes four lines per port forward01:56
qman__I've got a nice loop in my script that reads from a file01:56
jdstrandHellMind: ufw does not support port forwarding with the command line interface. Please read the man page for what it supports. You may use iptables-restore style rules in /etc/ufw/before.rules to achieve anything iptables can do. See https://help.ubuntu.com/9.04/serverguide/C/firewall.html for details01:56
HellMindI hate that01:57
jdstrandHellMind: patches are welcome01:57
HellMindmy patch will be rm -fr ufw02:00
jdstrandHellMind: you are free to use any firewall application you wish. if ufw does not suit your needs, try another listed in https://help.ubuntu.com/9.04/serverguide/C/firewall.html02:01
HellMindIm using 8.0402:02
jdstrandhttps://help.ubuntu.com/8.04/serverguide/C/firewall.html02:02
HellMindstop pasting that02:03
jdstrand*8.04*02:03
HellMindits the same doc -_-02:03
oh_noesis it possible to create a VM with two virtual hard disks in python-vm-builder?02:04
uvirtbotNew bug: #293548 in gvfs (main) "can't save file in samba share (dup-of: 286828)" [Low,Fix released] https://launchpad.net/bugs/29354803:08
rosaHi there, I have a ubuntu domain member with samba and is working fine for a while but lost the connection...the users can't see the samba folder and i need to restart the server to them can see again...04:18
rosasomebody know what can be the problem?04:18
rosahi, somebody know if a have a domain member server which lost the connection with the domain server every 5 hours, what could be the problem?04:35
jmarsdenrosa: I'm not at all an expert on SAMBA domain stuff, but look at the samba log files for clues.  If necessary, turn up samba logging so you get more info in the logs to work from.04:58
rosai am not sure if the problem is that but i am getting this error: winbindd: Exceeding 200 client connections, no idle connection found04:59
jmarsdenOK, sounds like you need to configure samba to allow more simultaneous winbindd client connections :)05:00
leaf-sheepI wonder if Ubuntu-Server.iso would benefit me more for pure XBMC edition -- with occasional samba and cups sharing, even its being a torrentbox?05:04
jmarsdenleaf-sheep: https://help.ubuntu.com/community/ServerFaq#What%27s%20the%20difference%20between%20desktop%20and%20server?05:05
leaf-sheepjmarsden: I'm looking for something of minimal disc with at least all packages for ubuntu-minimal with it.  Minimal disc itself retrieve packages from the Internet.05:07
leaf-sheepjmarsden: I'm wondering if Server edition is what I'm looking for... as I'm sick of failed attempts and having to retrieve all packages from Internet more than 10 times. :|05:08
jmarsdenCan't you do a minimal install from the "normal" Desktop install CD?05:08
leaf-sheepjmarsden: HPTC does not have cdrom. I'm doing this from Ubuntu and by Desktop install CD, it'll install full ubuntu-desktop.05:09
PhotoJimAlternate CD, I think, not Desktop.05:10
leaf-sheepPhotoJim: It still installs ubuntu-desktop.05:10
jmarsdenI'll play in a VM...05:10
ScottKBasic server install is a lot smaller than a desktop install05:10
leaf-sheepDoes Server edition installer supports LVM + Encryption?05:10
leaf-sheepLVM, yes. I know this for sure.05:11
PhotoJimleaf-sheep: I'm reasonably sure it has the option of doing a very basic installation.  if you can't get Ubuntu to do that, I know you can do that with Debian.  so it would surprise me that you couldn't with Ubuntu.05:12
rosajmarsden, do you know how i can do that?05:14
leaf-sheepPhotoJim: I'm confidently sure that alternative disk is same as desktop disk minus the GUI, and plus the lvm + encryption.  That's all. I use it many times -- but yeah, they should prompt tasksel by default (and that's in minimal disc).05:14
leaf-sheepI think I'll remaster one in the future for ubuntu-minimal as default packages instead of ubuntu-desktop in the future for USB.05:14
PhotoJimleaf-sheep: alright.  can't say I've done it, so I'll defer to your experience.05:15
* leaf-sheep says future twice... Silly me. :<05:15
* leaf-sheep gets server edition because he's certain that ubuntu-minimal is installed by default.05:16
twbThe alternative CD ought to be identical to the desktop CD in the set of packages installed.05:20
twbThe difference is chiefly debian-installer vs. ubiquity + live CD05:21
jmarsdenrosa: No... try googling that error message05:21
twbHowever the differences between ubuntu-server and alternative are the set of packages cached on the CD (so they don't have to be downloaded), and the tasksel and locale packages installed by default.  See the preseed/ directory on the server CD.05:21
twbThere's no fundamental reason why you couldn't install either desktop or server using e.g. the mini.iso05:22
jmarsdenrosa: Maybe try the ideas in http://magazine.redhat.com/2008/06/02/tips-and-tricks-i-get-the-error-winbindd-exceeding-200-client-connections-no-idle-connection-found/05:22
jmarsdenLooks like the 200 is a compiled in value, see http://fixunix.com/samba/348340-samba-winbindd-exceeding-200-client-connections-no-idle-connection-found.html for some discussion.05:26
leaf-sheeptwb: Slow network. I'm trying to install a HTPC from laptop (bridged).05:26
twbleaf-sheep: HTPC?05:26
leaf-sheepIt takes awhile to get a base installation.  (Need a long cable to my room).05:26
leaf-sheeptwb: Yes. Home Theater PC>05:27
=== johe__ is now known as johe
rosathanks, the weid is i dont have 200 users...that mean connectios? but still i think i dont more than 200 connetions05:28
jmarsdenSee the RedHat article for how to get it to list the connections...05:29
rosathanks i will check it05:34
rosal05:48
cemccan I somehow refresh the list in /dev/disk/by-label ?06:40
jmarsdenWell, a reboot will most likely do that :)06:41
jmarsdenProbably umount and the mount of the volumes concerned would also do it.06:41
rosahi somebody know where i can configurate it ?WINBINDD_MAX_SIMULTANEOUS_CLIENTS ?07:12
rosasombody here?07:24
uvirtbotNew bug: #343738 in vsftpd (main) "vsftpd max username length too small" [Medium,Fix released] https://launchpad.net/bugs/34373808:13
johe|workgood morning08:13
sorenttx: Any idea what might be causing this? http://launchpadlibrarian.net/30714354/buildlog_ubuntu-karmic-i386.eucalyptus_1.6%7Ebzr452-0ubuntu2_FAILEDTOBUILD.txt.gz08:17
ttxsoren: looking08:18
sorenIt's during the java build, where it errs out with a:08:18
soren      [ERROR] Unexpected internal compiler error08:18
sorenjava.lang.StackOverflowError08:18
ttxsoren: strange, it built on lpia08:18
ttxeven stranger, the GWT stuff in compiled arch:all08:19
sorenhm?08:19
* ttx compares build logs, just a sec08:19
ttxsoren: that's strange... This should behave the same whatever the arch, it's some java compile and even the JARs used are arch:all08:23
ttxsoren: so apart from a i386-specific openjdk-6 issue...08:23
* soren is tempted to just retry the build08:24
ttxsoren: that idea crossed my mind as well :)08:25
sorenbut first, I'll see if I can reproduce it locally.08:25
ttxsoren: could you reproduce it ...08:25
ttxyou read my mind08:25
ttxsoren: hmm. http://extjs.com/forum/showthread.php?t=7387508:25
ttxsoren: If you can reproduce it locally, I'll PPA this fix in GWT so that you can confirm it fixes the issue: http://code.google.com/p/google-web-toolkit/source/detail?r=526208:29
sorenttx: So... Do I need to patch gwt or can I just pass the greater stack size during the eucalyptus build?08:29
* soren tries it locally now.08:29
ttxThe first solution is the fix, the second solution is the dirty workaround08:29
* soren nods08:30
ttxthe fact that the error triggers only on i386 tends to prove you're at the trigger limit anyway08:30
ttxsince there is probably nothing arch-specific tere08:30
ttxthere08:30
ttxsoren: let me rephrase, the second solution is not a dirty workaround. It's perfectly acceptable08:35
ttxsoren: current GWT uses more stack than it should. Increase stack size to make it compile is perfectly ok.08:35
ttxsoren: not sure you have easy access to JVM parameters in the build though... so fixing GWT so that it's leaner might be a better solution.08:36
sorenttx: Well, there's an ant xml snippet in that extjs thread.. I just don't know where to put it.08:37
sorenttx: Could you try sticking that gwt patch in your ppa?08:37
ttxsure, I'm on it08:37
sorenI could not reproduce it locally, by the way.08:37
* soren tries it again, just for kicks.08:38
ttxheh, sounds like retrying the build might work, then :)08:38
ttxsoren: could you file a quick bug against GWT, so that I reference the fix ?08:39
sorensure.08:39
ttxsoren: Is there any point in PPAing it, if you can't test the fix locally ?08:41
sorenbug #41802208:42
uvirtbotLaunchpad bug 418022 in gwt "GWT builds use too much stack space" [Undecided,New] https://launchpad.net/bugs/41802208:42
sorenttx: Well... I could try uploading it to my ppa to test it.08:43
ttxok08:43
sorenttx: To be honest, at this point, I don't see any particular reason to be so careful.08:43
sorenttx: Just upload it, I'll retry the build, and we'll see how it goes.08:43
ttxok08:43
sorenWe've got plenty of time to fix stuff .08:44
sorenIt succeeded again locally, it seems.08:44
sorenYup, just finished.08:44
sorenttx: Ok, it seems only axis2c and rampart are missing MIRs.08:45
sorenI'll see if I can get someone to file it for me. I'd like to get crackin' on the Elasticfox thing.08:46
* twb wonders when -server became -devel08:46
twbor -motu or whatever08:46
sorentwb: It always was :)08:46
sorentwb: Up until a couple of years ago, it was /only/ about server development.08:47
twbHa08:47
ttxtwb: we just don't use the channel as much as we should.08:48
sorentwb: We've just not been very good at using it for development stuff.08:48
sorenHeh :)08:48
ttxsoren: your fix is in.08:53
kworkyes use it for development then i can scam off all the knowledege08:55
maswanUse it for development to fix all my pet issues, even better! ;)08:55
kworkso any services use upstart with karmic ?08:56
roxy09hi there, i want to upgrade my version 8.04 to 9.xx..is possible to do easy or i need to install and configurate everything again?08:58
twbroxy09: upgrading in-place is a well-supported model.08:59
twbUnlike those RHEL idiots...08:59
roxy09jaja09:00
roxy09sorry haha (in english)09:00
roxy09what is the command to upgrade to the last version?09:00
\shroxy09: do-release-upgrade ?09:00
mattttwb: it's possible on RHEL, just not commonly done :)09:00
roxy09thanks :)09:01
twbmattt: it's not SUPPORTED on RHEL09:01
kworkroxy09, just did it few days ago from 8.04 to 8.10 and then to 9.04 worked like a charm :)09:01
kworkthou one thing confuzed me, is 9.04 lts ?09:02
\shkwork: nope09:02
leaf-sheep!lts | kwork09:02
ubottukwork: LTS means Long Term Support. LTS versions of Ubuntu will be supported for 3 years on the desktop, and 5 years on the server. The current LTS version of Ubuntu is !Hardy (Hardy Heron 8.04).  The next LTS release is scheduled to be 10.0409:02
kworkah okey then no confuzion09:02
roxy09my problem is i am not sure if the bugs that have 8.04 is solved in the 9.04 or i will have more problems with this version?09:04
kworkyou need to consult launchpad on that09:04
kworkfind your bug id and see where its fixed09:04
kworkor whats the bug status09:04
roxy09i have samba bugs09:04
kworkim not bug database09:04
roxy09i need to install the vesrion 3.409:05
kworksearch the db09:05
kwork!llaunchpad09:05
ubottuSorry, I don't know anything about llaunchpad09:05
kwork!launchpad09:05
ubottuLaunchpad is a collection of development services for Open Source projects. It's Ubuntu's bug tracker, and much more; see https://launchpad.net/09:05
kwork!bug tracker09:05
kwork!bug09:05
ubottuIf you find a bug in Ubuntu or any of its derivatives, please file a bug using the command « ubuntu-bug <package> » If that fails, you can report bugs manually at https://bugs.launchpad.net/ubuntu/+filebug - Bugs in/wishes for the bots can be filed at http://bugs.launchpad.net/ubuntu-bots09:05
roxy09dont stress!!! i asked u before u said that...09:06
kworkno stress here yet :P09:09
roxy09somebody know how i can replicate and configurate ldap server?09:26
roxy09i mean condigurate a ldap backup server09:27
twbroxy09: "configure"09:45
roxy09yes09:46
roxy09somebody know how i can configure a ldap backup server?09:51
roxy09hi i try to change the version to 8.04 to 9.04 but i cant, somebody know the command...i try before with do-release-upgrade09:58
roxy09somebody know why i can upgrade my version, when i do old me i have the last version but still i have the 8.0410:12
\shdo-release-upgrade -d10:13
\shbrb10:13
AlexC_morning,10:19
AlexC_SSH has suddenly stopped/crashed on a Lenny server of mine, of which is 200 miles physically away from me. I have zero access to this server now, as even the Dell Remote Access Controller has given up (given XML parse errors). Is there any way you can think of that I can purposely crash this server to get it to restart?10:20
AlexC_sorry it's non-ubuntu, thought there would be someone with a clever idea, though no worries if it's off-topic I'll leave it10:20
twbAlexC_: call your colo guy and get him to kick it10:21
AlexC_see, thing is - the keys to the server are also sitting to my left :P10:22
twbAlexC_: even the power cable?10:22
roxy09thanks sh, do you know how long take it?10:22
AlexC_twb, true, true - that'd work10:22
twbAlexC_: or maybe serial cable to a box they have that you CAN ssh into and run screen /dev/ttyS0 on10:23
roxy09also, if i do that what happen with my kubuntu ?10:23
AlexC_twb, will have to see if they can do that. I'm not even sure if our guy will be in the area today, if not - any sane way of crashing it?10:24
twbAlexC_: is it running PHP?10:25
AlexC_twb, yes, though scripts are running as their own user - and the downside to me being security concious, there are no exploits that I could use to bring it down10:26
twbAlexC_: none you know of, anyway10:26
AlexC_;)10:26
maswanroxy09: do-release-upgrade is roughly the same as the graphical upgrade, and the time depends mostly on the number of packages you have installed10:28
twbAnd the number of updates, and the speed of the mirror10:29
roxy09:) thanks a lot mates!10:32
roxy09meanwhitle...i am having another problem with amavis is using a lot of CPU, somebody know about that?10:35
twbIsn't that amavis' job?10:39
roxy09yes, but 99% od the CPU and stop the job of the mail services10:43
sorenttx: ..rebuilding eucalyptus on i386.10:48
sorenttx: \o/11:03
roxy09hi somebody know what devecop does?11:35
Alblasco1702Hallo roxy09 did you mean dovecot?11:37
roxy09yes11:38
roxy09i am upgrading ubuntu, should keep the conf files or let upgrade the files?11:38
Alblasco1702dovecot is a IMAP server11:38
Alblasco1702roxy09 i make a backup from my configuration files en then let the files upgrade but that's up to you11:40
roxy09hi i am getting error with spammassasin...when i do restart show me doesn find some files, i try to reinstall but still the problem, show me cant find some lib with perl11:53
roxy09hi there, i am having problme to retsart my spamassasin aplication, i got the error:  Can't locate MLDBM/Sync.pm12:39
kworkinstall the lib ?12:40
kworkor perl module even12:40
roxy09which one...i try to instal MLDBM but said i have the last one12:44
kworkhttp://cpansearch.perl.org/src/CHAMAS/MLDBM-Sync-0.30/Sync.pm12:46
=== mrchrisadams_ is now known as mrchrisadams
roxy09hi i got some problem with amavis-new is ussing s lot of CPU, somebody know about this problem?13:31
leaf-sheepgiovani, qman__ PhotoJim: Yoohoo. It's just me and installer's lack of feedback. I tried it again and watch few shows. Came back and it was done. Lulz. ;313:48
roxy09:S I cahnge my version to ubuntu 9.04 and now samba doesn't run...13:59
kworkyou should really get people to upgrade your box who knows what they are doing :P14:00
kworkand on the subject i upgraded from 8.04 to 8.10 -> 9.04 and my samba works just fine14:00
roxy09thanks !!!14:04
Sky[x]#samba ? :D14:05
uvirtbotNew bug: #418117 in postfix (main) "package postfix 2.5.5-1.1 failed to install/upgrade: subprocess post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/41811714:06
ivokscould someone look at 416970?14:17
ivoksbut 41697014:17
ivokslol... bug 41697014:17
uvirtbotLaunchpad bug 416970 in openais "Please sync openais 1.0.0-3 (main) from Debian experimental" [Undecided,New] https://launchpad.net/bugs/41697014:17
roxy09im getting this error: final write to client failed: Broken pipe14:19
roxy09somebody know about that?14:19
=== bogeyd6_ is now known as bogeyd6
garymcHi. Anyone know how I replace a faulty hard drive? Im using HP proliant G3 with 6 hotswap scsi drives in each. One gone faulty15:12
Faust-Cgarymc, are you using mdadm?15:12
garymci wouldnt know?15:12
Faust-Cwell unless youre using some kind of raid i don't know what to tell you15:12
garymchow would i know. what is mdadm15:13
garymc?15:13
Faust-Cmdadm is linux's built in software raid15:13
ballgarymc: on a machine like that you should have someone to hand who knows about these things.15:13
ballAre you responsible for the care and feeding of this beast?15:13
garymcyep, would should could, cant afford them15:13
garymcso trial and error for me15:14
Faust-Cgarymc, well normally i would agree w/ the "trail and error" method15:14
ball...I hope it's nothing mission-critical then.15:14
Faust-Cbut its very hard to help someone whom is not familiar w/ the system in question15:14
Faust-Cbut if its not mission critical ill try to help15:15
garymccool15:15
garymcit aint mission critical yet15:15
ZerosanHello15:15
garymcso need to know how to do it for when it is15:16
garymcsee my hard disk was displaying a red light on the bay. so normally means some sort of fault15:16
garymcI took it out put another in its place system didnt work15:17
garymcso replaced the faulty disk back in the bay restarted the server15:17
ballThe the machine continue to run when you pulled the drive?15:17
garymcNo i shut it down first15:17
Faust-Cgarymc, do you know if you are using any kind of raid or LVM15:17
garymcwhen i restarted it said press F1 to recover hard disk, i did and now no light showing a fault15:17
ZerosanCan someone help me with scanner sharing using sane? I'm using 9.04 and the scanner can already be found in the network, but when I try to access it using xsane or scanimage as a client, I always get the message that the Access has been denied.15:18
ballgarymc: when you powered it back up, did the RAID controller tell you it was rebuilding the array?15:18
garymcIm using RAID 515:18
garymcball: no it never15:18
garymcBall: it said recover hard disk data or something15:18
ballgarymc: when you power on, do you see a message to the effect of "hit F8 for RAID configuration"?15:18
Faust-CZerosan, is the scanner setup to allow remote connections15:18
ball(may be some other key than F8)15:18
garymcyes15:19
ZerosanFaust-C: yes it is, .... wait15:19
garymci do15:19
Faust-CZerosan, also check the logs and see what they say15:19
ballgarymc: did you press that key?15:19
garymcwith new hard drive in?15:19
Zerosancat /var/log/syslog | grep sane says that access to my client has been granted15:19
Zerosan"cat /var/log/syslog | grep sane"15:19
garymci did with new hard drive in and it said there where no configured logical drive did i want to create one15:20
ballgarymc: yes, power down the system, insert the new hard disk, power the system on and hit that key to enter the RAID Array setup program15:20
garymcok i did that and (ABOVE) is what it said15:20
ZerosanFaust-C: "cat /var/log/syslog | grep sane" tells me that the access has been granted to my client15:20
ballgarymc: you may have lost all the data on your array then, unless someone set it up to use software RAID for some reason.15:20
garymcI then shut down server and put faulty one back in. I thought maybe that would have killed the whole system15:20
Faust-CZerosan, hmm and you still cant scan15:21
garymconce i put old faulty drive in it worked fine after data recovery15:21
Faust-Cfunny part is i was working w/ a client the other day that had a scanner that works flawlessly w/ linux15:21
ZerosanFaust-C: yes, what bothers me is the fact that there is no group with the name "scanner"15:21
Faust-CZerosan, maybe create that group and try it that way15:22
ZerosanFaust-C: I'll do that now, brb15:22
Faust-CZerosan, i havent had much luck w/ linux and network scanners/printers15:22
ballgarymc: Assuming your data is backed up, I'd wipe that box and start from scratch.15:22
Faust-Ckk report back success or failure15:22
garymclol15:22
Faust-Cgarymc, no seriously15:22
Faust-Cthat way you can set it up correctly15:23
garymcball: What would i do when im using the sytem for real and a hard drive goes?15:23
garymcsetup the raid?15:23
Faust-Cwell raid will be setup before hand15:23
Faust-Cthen when hdd dies you will know how to use mdadm to replace the drive15:23
garymcyes its setup, so why would i start from scratch?15:23
ballgarymc: I would run tests before you put it into production15:23
Faust-Cgarymc, because you need to be able to fix it w/o any help15:23
ballFaust-C: Is mdadm just for software RAID though?15:23
garymcball: thats the plan15:24
ZerosanFaust-C: I just created the group: "scanner" and added the user: "saned" to it. Still, no go | getting the message "access denied"15:24
ballgarymc: I'd try using the RAID array setup program to build an array.  How large are your drives?15:24
Faust-Cball, yes, depending on the raid card it would be better to use built in raid and not fake raid15:24
Faust-CZerosan, what is the make/model of the scanner in question15:24
garymcball: I have 146gb and 72gb drives15:25
ZerosanFaust-C: Doesn't matter so much, scanning works flawlessy when I try scanimage as SU on the server15:25
ballFaust-C: he's using SCSI and an HP ProLiant I think, so odds are good it's a real RAID controller15:25
garymc72Gb seem to go faulty15:25
garymcbut now its showing ok?15:25
ballgarymc: how many of the 146 Gbyte drives do you have?15:25
ZerosanFaust-C: but not over the network or as a normal user15:25
Faust-CZerosan, hmm odd15:25
ZerosanFaust-C: yup15:25
garymconly one in this sytem15:25
Faust-Cball oh yeah didnt think of that15:25
ballgarymc: how many of the 72 Gbyte?15:26
Faust-CZerosan, .... man i cant think of what would cause it not to work15:26
garymcball: 515:26
Faust-Clogin and back out w/ user you just added to scanner group15:26
ballgarymc: will your RAID controller let you build a RAID 1+0 array?15:26
ZerosanFaust-C: k, wait15:26
Faust-Cand if al else fails submit help request to forum15:26
garymcyes, but i heard that wasnt best for my system?15:27
garymcnot that thats true though15:27
Faust-Cgarymc, raid 10 is general purpose imo15:27
ZerosanFaust-C: I restarted saned, now it works, hehe | thanks for the help15:27
Faust-Clol ok15:27
Faust-CZerosan, if you could document your success for others15:27
garymcso you think I should run all my servers on RAID 1+015:28
Zerosanor not xD15:28
Faust-Ci, at least, would greatly appreciate it15:28
ZerosanFaust-C: didn't work.... *sob*15:28
ZerosanFaust-C: Only difference now is that I can see the list in xsane, but when I select one scanner and press okay, still getting access denied15:28
ballgarymc: That depends on the machine in question.  If your data fits on a 72 Gbyte disk, you could just mirror three of those.15:28
Faust-CZerosan, heh15:29
ball...or mirror two and have a third as a hot standby15:29
garymcyeah, like a backup drive?15:29
giovanixsane, on a serveR?15:29
Zerosangiovani: no, sane on a server | xsane on the client15:29
giovaniah15:29
Zerosangiovani: to be precise saned15:30
giovaniscan-to-server saves everyone's lives :)15:30
ballgarymc: not a backup drive, but a drive that the server can use in the event that one of the other drives fails15:30
garymcwhats the diff between RAID 5 and RAID 1+015:30
Zerosanright now it only hurts :P15:30
ball(backups are something else)15:30
Zerosangiovani: do you know how to make it work properly?15:30
garymcball: ok im not sure how I would do that15:30
_rubengarymc: a lot of performance15:30
ballRAID 5 requires three drives.  RAID 1+0 requires 4, but is slightly faster.15:30
giovanigarymc: massive difference -- google has lots of answers -- it's not simple to explain quickly15:30
garymcbut sounds like thats what I should do15:31
ball...and arguably a little more resiliant.15:31
ballgarymc: do you have a manual for your RAID controller?15:31
garymcnope15:31
giovaniRAID10 is less efficient with space15:31
garymcI bought the servers second hand15:31
_rubenraid5 is nice for bulkstorage (fileserver) .. raid10 is good for performance (virtual machines/database/etc)15:31
ballgarymc: how large is your data set?15:31
garymcnot so large yet15:31
giovaniRAID5 'wastes' 1/Nth of the space you have -- where N is the number of disks15:31
giovaniRAID10 'wastes' half of the space you have15:32
ballgiovani: it's not wasted ;-)15:32
giovaniball: hence the ''15:32
ballIt's used to save your ass ;-)15:32
_rubenraid5 'wastes' your performance as well ;)15:32
giovaniI thought that was very clear15:32
_ruben(when writing, not when reading)15:32
garymcinfact i think its the other way around with disk space15:32
Zerosanwhy not use the word "reduces" instead of waste?15:32
garymclol15:32
ballHow about "uses"15:32
giovanigarymc: no ... it's not the other way around15:32
garymcRAID 5 i have less space than with RAID 1+015:33
giovanifalse15:33
Zerosanor "takes up"15:33
ballgarymc: if you're on 72 Gbyte drives, space is probably a non-issue for you15:33
ball...or you would be upgrading to larger disks.15:33
Zerosannow, does anyone have expierence with saned on ubuntu-server 9.04?15:33
giovaniif you have 3 1TB drives in RAID5, 1TB will be used for parity, and 2TB will be usable15:33
ball(which might be an idea anyway)15:33
garymcyes, well I got someone picking up 6 146gb scsi right now15:33
giovaniif you use 4 1TB drives in RAID10, 2TB will be used for mirroring, 2TB will be usable15:34
garymcwhich i will use for my asterisk server15:34
garymcthats another story15:34
garymc:)15:34
ballgarymc: Also be aware that every disk you put in the server adds to the heat inside the case.15:34
garymcahh right ok15:34
ball...so use the minimum number that gives you the reliability and performance that you need.15:34
garymci got them in an air conditionded room15:34
giovanihonestly15:34
giovanithere are plenty of studies15:34
ballgarymc: that doesn't matter ;-)15:35
giovanithat show that slightly hotter temps don't affect drives longevity15:35
garymcno?15:35
giovaniso if the server was properly cooled with 2 drives, adding 4 more drives won't be a problem15:35
giovanithis obsession with super-cooling servers is wasteful15:35
garymcnot my electricity so not too bothered15:35
garymcanyway I need to change or check a faulty disk drive15:35
giovaniwell is the cooling auto-adjusted?15:36
garymcwhats the best way to go about it?15:36
ballgiovani: heat is the enemy of reliability though, not just for disk drives but for RAM and processors too.15:36
giovaniball: that's a concept that's been taken beyond reality15:36
ballgiovani: not the way I do it.15:36
giovaniyes, in extreme temperatures, longevity/reliability are issues15:36
garymcgiovani: if you mean my Air con then yes, it keeps the room and 16 degrees15:36
garymc*at15:36
giovanibut the suggestion that adding a few drives will in any significant way affect their longevity, is false15:36
ball16C seems excessively cold15:37
ballAnyway15:37
ballgarymc: build a RAID array using the utility on the RAID controller card.15:37
giovani16C is FAR below standard15:37
garymcwell.... not a prob right now15:37
_rubengarymc: find out the type of raid controller and then go find a linux managment tool for it15:37
giovaniI would not recommend wasting energy that way15:37
ballgarymc: then test that array.15:37
giovani22-23C is standard in most DCs15:38
garymcis a raid array like create a new logical drive? etc?15:38
giovaniand even that is often not required15:38
ball23C sounds about right15:38
giovani72F is standard here15:38
ballgarymc: some RAID controllers refer to it that way15:38
garymcyeah i can set it to 23C15:38
* ball breaks out the xcalc to do F->C15:38
giovanithe issue has more to do with airflow management15:38
giovaniand less to do with temperature15:38
garymcright ok15:38
giovanigoogle runs their datacenter about 10-15 degrees hotter than "standard"15:38
giovanibecause they know how to manage airflow15:39
garymcso build an array using RAID 1+015:39
ballgiovani: 72F ~= 22C15:39
ball...so that sounds good.15:39
ballgarymc: try RAID 1 with three disk drives, if it will let you.15:39
garymcI wonder how big googles data centre is15:39
garymcok15:39
ballgarymc: they have several15:39
garymcwhat about sparE?15:39
giovaniheh, 'several'15:40
giovanithey have dozens15:40
ballgarymc: RAID 1 with three disk drives writes the same data to three drives.  Up to two drives can fail before you lose all your data15:40
garymcyep they are worth alot of dosh now15:40
ballgiovani: dozens == several15:40
garymcand if one drive fails?15:40
giovanithen you replace it15:41
ballgarymc: if one drive fails the array controller should notify you of that15:41
garymchow?15:41
giovaniby taking out the old one15:41
giovaniand putting in a new one15:41
* giovani smacks head15:41
ball...you replace it and tell the RAID controller to rebuild the array15:41
garymcwball: when the system bootS?15:41
ballgarymc: ideally you should run software that talks to the RAID controller and asks it about the health of the array.15:41
garymcso a drive fails, while system is up. I see red light on drive15:41
garymcok so what software can i download in ubuntu server?15:42
garymcand run in the gui?15:42
giovanithere is no gui15:42
giovaniif your raid controller supports hotswap15:42
giovaniyou replace the drive, while the system is on15:43
garymchmmm?15:43
giovaniunless you *want* to take the system offline15:43
ballgarymc: You *may* be able to ask the RAID controller to rebuild the array without bringing the server down.15:43
garymcok just to let you know Im running LTSP15:43
garymchmm ok15:43
ball...if not, then you'll have to reboot, hit that key to get into the software on the RAID card and then rebuild the array that way15:44
giovaniif your raid controller supports hotswap (all decent ones do)15:44
ball(which shouldn't take long on a 72 Gbyte disk)15:44
giovaniyou don't take the system offline15:44
ballgiovani: right, I'm allowing for a possible lack of Linux tools for his RAID controller)15:44
garymcrebuild mean create new logical drive?15:45
ballgarymc: no.15:45
garymccos I will try that now15:45
garymcahh ok15:45
giovaniball: well then I'd ask/investigate the controller, rather than assuming15:45
ballgiovani: we've asked already ;-)15:45
* ball asks again15:45
Steve[mbp]morning everyone!15:46
ballgarymc: when you power up your system, do you see a line of text that says "HP SmartArray" something-or-other?15:46
garymcyes15:46
ballgarymc: please type here the entirity of that line.15:46
garymcok ill be back in a sec with that15:46
ballgiovani: in fairness, I'm also not used to Linux, so I don't know how functional the available tools for a SmartArray controller are.15:47
ballAt a minimum I'd like them to tell me about the health of my array.15:48
ballIt would be *really* nice if I could also ask it to rebuild the array in the event of a drive failure.15:48
garymcright here we go15:48
garymcslot 0: HP SMART ARRAY 5i Controller ........... initializing15:49
ballgarymc: hopefully someone here knows about Linux tools for those.15:49
garymcok. Does the line give any indicatioins?15:49
ballgarymc: Yes, it tells us what your RAID controller is.15:50
ball(HP Smart Array 5i)15:50
ball^- you may want to write that down.15:50
uvirtbotball: Error: "-" is not a valid command.15:50
maswanball: You want hpacucli from the hp websites to manage arrays from the command line in the OS15:50
garymcball: is it any good?15:51
ruben23hi15:51
leaf-sheepHi alligators. :)  Is it possible to mirror from a website using rsync --no-parent (eg, getting all images on the said directory)?15:51
ballmaswan: good to know, thanks.15:52
Faust-Cleaf-sheep, look into using wget for that15:52
Faust-Cwget has a web spider feature iirc15:52
ballgarymc: I don't know, but I imagine it's adequate.15:52
leaf-sheepFaust-C: I already have some local files and when I run wget, I see that it overwrite the files instead of checking to see if it's same.15:53
Faust-Cleaf-sheep, iirc there are options to _not_ overwrite15:53
ruben23i have installed samba on my ubuntu desktop trying to access a windows workgroup..but get error when trying ot access windows pc on gui--stating unable to mount network location.15:53
pmatulisruben23: gvfs should handle that, shouldn't need samba15:55
ruben23pmatulis: whats that...?15:56
pmatulisruben23: Places (in the Panel)15:56
ruben23pmatulis: can you give guide on it how do i do it..15:57
pmatulisruben23: sure, Places > Connect to Server15:59
ruben23then..? thats all--->ill be able to connect to my windows client PC..?16:00
* pmatulis is taking the risk of getting swatted by the local server nazis16:00
leaf-sheepruben23: Try "network://" in the Nautilus address bar.  That may be all you need.16:08
gstwhat is Nautilus?16:10
ballGnome's file browser I think16:10
roxy10Hi there ..i can't to connect from my windows client to samba server, i got the error teh route form the machine doesn't found16:17
roxy10i update my version of ubuntu and i got this error, before was working ok, somebody know what could happen?16:18
garymcball: so what should I do. Do you know?16:19
roxy10i really need help is 1 am and i need to resolve this problem ...please help!16:19
ballgarymc: How far did you get?16:19
garymci never16:20
ballgarymc: do you have any document files (or other data that you want to keep) on this server now?16:20
garymcnot really no16:20
garymcbut it took me a while to setit all up16:20
ballgarymc: set up in terms of software?16:21
garymcyes... easily done again16:21
garymcare you suggesting re install using RAID 1+0?16:21
garymcnot RAID %?16:21
ballgarymc: okay.  Are you using a different computer to access IRC?16:21
garymc*516:21
garymcyes16:21
ballGood.  How many 72 Gbyte disks are in the machine now?16:22
garymc516:22
garymc+1 14616:22
garymci could put 2 more 146 in instead16:23
ballgarymc: save them for when your data outgrows the 72 Gbyte drives16:23
garymcright16:24
garymcso.......................16:25
ballgary: I'm thinking.16:25
garymccool16:26
ballDoes your RAID controller give you the option of using four disks to create a RAID 1+0 array?16:26
garymci go and check now16:27
ballThinking about it, if your data set is smaller than 72 Gbytes, I'd just shove two drives in there and mirror them.16:27
garymcyou dont want me to use 6?16:27
ball(RAID level 1)16:27
ballwhy use 6 if your data will fit on two?16:27
garymcwell im hoping my databse will become vast eventually16:27
garymcmy data?16:27
garymclike the OS?16:27
ballgarymc: Use two now and then upgrade as it expands.16:27
garymcwell since i got loads of hard drives does it not make sense to just bung them all in?16:28
ballRemove three 72 Gbyte disk drives and use the software on the RAID card to create one 72 Gbyte logical drive from a pair of 72 Gbyte physical drives (RAID-1)16:28
ballgarymc: no, that does not make sense.16:29
garymclol ok16:29
garymcso i just bought loads of drives for no reason?16:29
ballgarymc: spares == a good reason.16:29
garymcok16:30
ballYou may want to create a second RAID-1 pair to backup onto (in addition to the tape backups you'll hopefully be making)16:30
garymcyou mean i need tape driveS?16:30
ball...either way, by using two drives now, you're leaving some drive bays empty for when you outgrow that 72 Gbyte array16:30
ballgarymc: a tape drive is a sensible investment.16:30
jmarsdenball: Or set up RAID1 with a hot spare , if you really have plenty of drives available?16:30
garymci do have plenty of drives16:31
balljmarsden: I did think about that.16:31
garymcok16:31
balljmarsden: I like the thought that he could sustain two drives failing at once.16:31
garymcso if I have say 4 drives and two hot spares?16:31
ballgarymc: will your RAID controller let you create a RAID1 array with three disk drives?16:31
ballbrb16:32
ball(phone)16:32
garymchold on ill check16:32
garymcok16:32
roxy10I can browse form windows to samba server, somebody know how i can detect which is the problem?16:32
IvanCostaHi, guys.16:34
IvanCostaDoes someone know the difference of ECC memory buffer and unbuffered?16:35
jmarsdengarymc: I'd be looking to create a RAID1 array (two drives) plus a hot spare (third drive).  If you want another one for backup... duplicate that.  Now you have used 6 drives, which seems to be what you want to do anyway :)16:35
jmarsdenIvanCosta: Different technology.  Use the one your motherboard supports.  One has buffers on the modules, one does not...16:35
garymcBall: It will only let me create RAID 5 or RAID 0 with 3 drives in16:37
giovanigarymc: no, RAID5 requires 3+ drives16:37
giovaniRAID0 requires 2+ drives16:38
giovaniRAID1/RAID10 require 2+ drives in even increments; 2,4,6 etc16:38
garymcwhat does RAID 1+0 require?16:38
jmarsdengarymc: 4 drives16:38
IvanCostaJmarsden: If I used one by another, will break the machine?16:38
giovanierr, RAID1 is 2 drives only rather, RAID10 requires 4,6,8,etc16:38
garymcok so Bill is on the phone at the minute16:38
jmarsdenIvanCosta: Probably not, it just won't work... I think!  But don't deliberately put the wrong kind of RAm in a motherboard, that's just not wise...16:39
garymche was asking if my RAID array will let me create RAID 1 with 3 drives. The answer is no16:39
giovanigarymc: no, RAID1 only works with 2 drives16:39
jmarsdengarymc: OK.  You may be able to create ie RAID1 with 2 and then add a hot spare drive to it?16:40
giovanior just use RAID516:40
ballgiovani: usually.16:40
garymcso should I remove a drive and start again?16:40
garymcI only get 3 RAID options16:40
garymcRAID 5 - RAID 1+0 - RAID 016:40
jmarsdenDeselect one of the drives and pick RAID1.16:41
IvanCostaJmarsden: Yes, you right. But a only have buffered memory and it's very difficult to find unbuffered...16:41
ballgarymc: okay, so it looks as though your RAID controller wants to use three or four drives16:41
giovaniselecting RAID1+0 may have RAID1 as a suboption16:41
jmarsdenball: He has 3 selected... :)16:41
giovanilook into it16:41
ballgarymc: doe jmarsden's suggestion work if you select just two drives?16:41
balls/doe/does/16:42
garymcyes i can select RAID 1+0 and use one as a spare16:43
ballgarymc: that's strange.16:43
garymcso TWO as RAID 1+0 and 1 as a spare16:43
garymcit is?16:43
ballRAID 1+0 requires four drives (minimum).  Hoepfully they've just mislabelled RAID-1 by putting it under the same heading.16:44
ballIf it lets you pair two drives as RAID-1, with one spare... that's a sensible choice.16:44
garymcwell i cant find no choice for RAID 1, unless your abbreviating RAID 1+016:45
ballbtw, that phone call was my boss saying he'd plugged something into the hub.  Unfortunately he plugged it into a port that he should never touch.16:45
garymccos I cant find no RAID 116:45
garymcball: stupid bosses16:45
garymc:)16:45
giovanigarymc: it's not going to offer you RAID1 with an odd number of drives selected16:45
giovaniit shouldn't16:45
ballgarymc: I think HP have just (confusingly) lumped RAID 1 and RAID 1+0 into one menu option.16:45
giovanithis is so not an ubuntu issue though16:46
kinnazyou can create raid1 with one hot spare16:46
kinnazso 3 drives :P16:46
giovaniindeed16:46
giovaniwe've mentioned this a number of times16:46
garymcok lets assume i have16:46
ballgiovani and kinnaz are right16:46
giovanigarymc: we've been hand-holding you this entire time16:46
giovaniI think it should stop16:46
giovanicall HP, use google, poke around the menus yourself16:46
giovaniwe don't know your server, this isn't ubuntu-related at all16:46
ball...or /msg me.  We are tying up the channel.16:47
ballThanks everyone for being so patient with us.16:47
garymcthanks16:47
garymcsorry16:47
kinnazno worries16:47
giovanianyone here running ext4 in production?16:53
sgsaxI hear it's stable16:54
kinnaztoo sceard yet16:54
kinnazill let you guys try it out :P16:54
giovaniheh, I've been running it in testin for a few weeks16:54
kinnazfor sake of the testing16:54
giovanibut was talking in #ubuntu+1 about how data=ordered might have severe consequences for power loss16:54
kinnaztry to poweroff the box16:54
giovanitesting*16:54
Sam-I-Ammathiaz: you around?16:54
kinnazgiovani, so have you tested it with powerloss ?16:55
giovanikinnaz: not yet16:55
giovaniI'll need to set up a new box for that16:55
giovaniit seems data-ordered is the issue to be concerned with, and can be changed16:55
kinnazi havent really dig into it, but is there noticebale performance increase ?16:56
mathiazSam-I-Am: hey16:56
Sam-I-Ammathiaz: fixed the nssov bug16:56
mathiazSam-I-Am: \o/16:56
giovanikinnaz: there may be some -- there's the potential for online-defrag, which is a huge deal to me16:56
mathiazSam-I-Am: what was the issue?16:56
giovanithe online-defrag code is still unofficial at this point though16:56
Sam-I-Ammathiaz: turns out it was calling an undefined symbol16:56
kinnazi think i havent ever defraded ext partision, if fsck doesnot do it16:57
mathiazSam-I-Am: which library is missing?16:57
kinnazdefraged16:57
Sam-I-Ammathiaz: gave output from ld_debug to hyc... he fixed it in HEAD... quanah is going to commit the fix to 2.4.18.16:57
mathiazSam-I-Am: and how did you debug it?16:57
Sam-I-Ammathiaz: it was just a bad function call... something that was apparently renamed16:57
Sam-I-Amwhich oddly translated to 'file not found' as far as slapd's module loader was concerned16:58
mathiazSam-I-Am: ok - so it was upstream, rather than the packaging16:58
Sam-I-Amyes16:58
mathiazSam-I-Am: great - thanks for taking this up to upstream, debugging it and reporting back16:58
Sam-I-Amso the question is... do we want to wait for the fix in 2.4.18 or want me to submit patches for 2.4.17?16:58
mathiazSam-I-Am: good question - we'll probably wait for 2.4.1816:59
mathiazSam-I-Am: 2.4.18 will have support for disconnected mode in the pcache overlay16:59
Sam-I-Amok16:59
mathiazSam-I-Am: which is something that was discussed at the last Ubuntu Developer Sumiit16:59
Sam-I-Amwhat should we do with the ubuntu bug report i filed?16:59
mathiazSam-I-Am: leave it open - I'll fix it with the upload of 2.4.1816:59
Sam-I-Amsure16:59
mathiazSam-I-Am: it's a bug in the current package and should be kept on track17:00
Sam-I-Amguess we're good then... however, i will get some patches going to fix the nssov build/cleanup17:00
mathiazSam-I-Am: if you could add a note to the bug stating that it was fixed upstream, with a link to the commit/ITS it would be helpful17:00
mathiazSam-I-Am: did you talk with upstream about this too?17:00
Sam-I-Amsure... not sure hyc got an its # yet, i'll ask17:00
Sam-I-Ammathiaz: well, the nssov makefile could use a  'clean17:01
Sam-I-Amer...17:01
mathiazSam-I-Am: ok - even if there isn't an ITS, a link to the upstream cvs commit could be helpful17:01
mathiazSam-I-Am: or at least a note that it has been fixed in 2.4.1817:01
Sam-I-Am'clean' target... but also since the deb build doesnt copy the contrib tree into the build die, it doesnt remove the temporary build files17:01
mathiazSam-I-Am: just to keep track of where things are and where to look for if needed17:01
Sam-I-Amso i was thinking about adding a clean target to nssov... then in debian/rules, rm the temp files.. or call make clean (if thats possible)17:02
Sam-I-Amsure17:02
mathiazSam-I-Am: isn't a clean target in the Makefile + rm in debian/rules redundant?17:03
mathiazSam-I-Am: I though the two options were:17:03
mathiazSam-I-Am: 1. add clean to nssov Makefile and call make clean in debian/rules17:03
Sam-I-Amyeah it would be... i just didnt know if it was good practice to call another makefile directly from rules17:03
mathiazSam-I-Am: 2. Add rm in debian/rules17:03
Sam-I-Amdepends on if we want to touch the nssov makefile or just debian/rules17:03
mathiazSam-I-Am: option 1. would be suited for inclusion in upstream source17:04
mathiazSam-I-Am: while option 2. would be debian specific17:04
Sam-I-Amyup17:04
Sam-I-Amyour choice... i've done both17:04
mathiazSam-I-Am: let's option 1 and ask upstream about their opinion - if they take the patch, then go for 1.17:04
Sam-I-Amwill do17:04
mathiazSam-I-Am: let's *try* option 1 and ask upstream about their opinion - if they take the patch, then go for 1.17:04
Sam-I-Amguess i'll file the its... dont see one yet17:11
Sam-I-Amhyc will just bless it17:11
roxy10hi i got his error with winbind ,Exceeding 200 client connections, no idle connection found ...somebody know about it?17:17
zklausHi there, I have kerberos problems and could use some help.17:23
zklausI am trying to auth against my universities kdc and the kinit succeeds.17:24
zklausBut I fail to find the configuration that allows me to login.17:24
zklausThe auth.log says attempting authentication...17:25
zklaussuccess17:25
zklausbut then: FAILED LOGIN.17:25
zklausAny ideas?17:25
roxy10somebody know what mean broken pipe?17:50
KillMeNowusually it means you're trying to Pipe something to another application17:51
KillMeNowyou can do it where email comes in and "pipes" it to say RT17:51
KillMeNowother wise google the error message17:51
KillMeNowcould mean something completely opposite than what i'm telling you17:51
slestakcjwatson: hiya man.  good weekend?17:55
zklausroxy10: What's the full command, that led to that?17:55
slestakcjwatson: got some interesting (to me at least) putty testing input17:55
cjwatsonslestak: ok ...17:56
slestakcjwatson: i am using your karmic package with 9.04.17:56
slestakcjwatson: i get visible artifacts when scrolling through text files with less, vi, and even when using my ERP system (ssh'd to aix, System Builder GUI toolkit)17:57
slestakthe artifacts only occur when I use compiz,17:57
slestakI disables all effects, and they have gone away17:58
slestaki am using an nvidia card with the binary nvidia driver17:58
slestakdoes not occur with gnome terminal17:59
slestakvim is the strangest, because whole lines can disappear or reappear as you use j-k to go up and down in a file17:59
slestakcan we refresh the package soon so I can get the Font Translation Selection patch included?18:01
slestaki should be able to do some comparisons to other jaunty machines.  I have another machine here that has an intel chipset, wonder if it shows the same issue.18:02
slestakits a netbook, so I do not use it nearly as much18:02
slestakcjwatson: i had to reset sth, sorry.  did i miss a post?18:08
cjwatsonslestak: the artifacts really sound like Somebody Else's Problem, perhaps compiz's; I don't use compiz so I have no idea what might be going on there18:10
cjwatsonslestak: I've got a refresh lying around on disk, planning to upload this week18:11
cjwatsonthanks for reminding me18:11
slestakI've since turned it off on my workstation.  i had it on bc I love gnome-do.  should I post it somewhere in launchpad (Maybe Answers?) in case someone else runs into the issue, or if someone can corroborate this on another Nvidia machine18:13
twint_Boa tarde18:14
twint_alguem pode me ajudar?18:15
KillMeNowsay what?18:15
guntbert!br | twint_18:15
ubottutwint_: Por favor, use #ubuntu-br para ajuda em português. Obrigado.18:15
twint_18:17
twint_like to know how to pop the apache and php and mysql18:17
kinnaz!lamp18:17
ubottuLAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)18:17
twint_what would lamp?18:18
twint_say what?18:19
twint_ 18:19
twint_I will investigate this link a Polco thank18:19
roxy10hi sorry, i lost the connection...my winbindd is show me this error. request location of privileged pipe18:21
twint_#ubuntu-br18:25
Sam-I-Ammathiaz: with all the recent problems reported on 17 by richton, quanah says 18 might not be ready by the feature freeze for karmic...18:37
mathiazSam-I-Am: right - I've emailed howard about that18:41
mathiazSam-I-Am: the question is when 2.4.18 could be released18:41
mathiazSam-I-Am: we could ask for a Feature Freeze Exception if 2.4.18 is released within the next two weeks18:41
Sam-I-Ammathiaz: ok... just figured id let you know18:50
Sam-I-Ammathiaz: got an ITS # for the nssov bug... updating ubuntu bug.18:50
mathiazSam-I-Am: thanks for your work on this.18:54
Sam-I-Amno problem18:54
Sam-I-Ami hang out in #openldap and #openldap-devel :)18:54
mathiazSam-I-Am: yeah - I should do the same - I'm on the mailing list18:54
=== Faust-C2 is now known as Faust-C
StefanWrayseeking info on cloning a hard drive with ubuntu server19:51
andresmujica1partimage, dd, dd_rescue, rsync19:53
SJrWith intel speed step, my CPU seems to only ever be running at 2.0 GHz instead of 2.83 GHz, how do I clock it up.19:55
=== Faust-C is now known as VirtualDisaster
PhotoJimSJr: put it under load?  it might just idle at the lower speed to conserve electricity, and step up when load demand requires it.20:08
SJrI don't think so PhotoJim it's still staying there20:16
SJroh there we go20:17
=== mdz_ is now known as mdz
Doonzhey guys was wondering if someone could help me set up my nic's to be static and not dhcp. i only have command line interface so i need some guidance20:46
=== Faust-C is now known as VirtualDisaster
VirtualDisasterDoonz, if i point you to the proper doc will you use it?20:47
Doonzvery much so20:48
Doonzrather read then be babied20:48
VirtualDisasterDoonz, which version? 8.04 LTS or juanty20:48
Doonz9.0420:49
VirtualDisasterhttps://help.ubuntu.com/9.04/serverguide/C/index.html20:49
Doonzthanx20:49
VirtualDisasterit has a good article on setting static interfaces20:49
VirtualDisasteryw, and good luck20:49
StefanWrayanyone use clonezilla20:51
giovaniI've used it a few times, yeah20:52
StefanWraygiovani: i'm intending to use clonezilla live off a usb flash drive. any issues i should watch for?20:54
giovaninot that I know of20:55
giovanithat's how I've used it20:55
giovanibut I wouldn't necessarily remember everyhting20:56
giovanieverything*20:56
StefanWraygiovani: can you recommend best tutorial or instructions?20:57
giovaninope ...20:57
giovaniwhy would you need a tutorial?20:57
giovaniit's just formatting the usb stick, setting it bootable and copying files20:58
* FastZ is away: Away from keyboard20:58
StefanWrayok, so it's pretty straightforward then20:58
giovanishould be20:58
StefanWraythanks20:59
=== adrian__guest is now known as blackxored
trothigarHi, I'm having trouble installing jaunty x64 on virtual box on jaunty desktop (x64). It keeps freezing at 50% when scanning the mirrors.21:02
giovanitrothigar: do you have networking properly set up?21:03
trothigargiovani, a NATed Network adaptor should do the trick shouldn't it?21:04
giovanitrothigar: should ... if you have another NAT to the internet, it can get nasty, but often works21:05
trothigargiovani, hm i'm behind a router, so i do have double NATing as it were.21:06
giovaniyeah, try bridgin or something21:07
trothigargiovani, Surely the jaunty install should time out eventually?21:07
giovanicould be unrelated21:07
giovaniit should21:07
giovaniI'd switch into the console21:07
giovaniand check what it's doing while "frozen"21:07
trothigaris "Host interface" what they now call bridging?21:08
giovanimaybe21:09
giovanitry it out21:09
giovaniI don't use virtualbox21:09
Sam-I-Amsommer: you around?21:21
sommerSam-I-Am: yeppers21:31
Sam-I-Amsommer: so i hear you're the documentation gyu21:31
Sam-I-Amguy21:31
sommersure, I do what I can :)21:32
Sam-I-Amwell, i tend to set up a lot of openldap-samba-kerberos-dhcp-bind systems (infrastructure stuff) and wondered if i can help with either a) the server guide and/or b) wiki pages for various things21:33
sommerSam-I-Am: sure, all help is greatly appreciated21:33
Sam-I-Amso how would i suggest updats?21:33
sommerSam-I-Am: one thing that would be great is if you could review the openldap, kerberos, and ldap and kerberos sections of the server guide21:34
Sam-I-Amno problem21:34
=== Faust-C is now known as VirtualDisaster
Sam-I-Amone thing i noticed is no mention of sasl with openldap, yet the ldaputils stuff tries sasl by default... might be nice to have a basic setup21:35
sommerSam-I-Am: if you find any issues grammar, syntax, etc you can report them in LP21:35
Sam-I-Amso just report things as bugs?21:36
Sam-I-Amand suggested changes...21:36
sommerSam-I-Am: ya, I haven't done much with sasl, but if you have experience with that a new section would be great21:36
Sam-I-Amsure21:36
sommerthere's a quick guide to get the docbook xml source here: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase#Documentor%20resources21:37
Sam-I-Ami'm writing ground-up docs here at work, so they might apply well to the public21:37
sommerSam-I-Am: cool, any help would be awesome21:37
Sam-I-Amfigure why keep stuff internal :)21:37
Sam-I-Amespecially if i'm going through the pain of writing this so just about anyone can plug-n-chug21:38
mathiazSam-I-Am: I've been working on some script to integrate kerberos+openldap21:39
sommerheh, ya sometimes writing things up can be painful... but every time I refer back for a command I can't remember it all becomes worth it :-)21:39
mathiazSam-I-Am: https://code.launchpad.net/~mathiaz/openldap-dit/dynamic-backend21:39
sommermathiaz: sweetness :)21:40
mathiazSam-I-Am: have you integrated dhcp/dns to use openldap as the backend?21:40
Sam-I-Ami've integrated dhcp21:40
mathiazsommer: it probably won't make it in time for karmic though21:40
Sam-I-Amhowever, theres some caviats with that21:40
mathiazSam-I-Am: are you using isc dhcp?21:40
Sam-I-Amyes21:40
mathiazSam-I-Am: with the ldap patch?21:40
Sam-I-Amyes21:40
Sam-I-Ami'm also trying to package dhcp421:40
Sam-I-Amwith the ldap patch21:40
mathiazSam-I-Am: IIRC this patch is not in debian21:40
mathiazSam-I-Am: has the ldap patch been submitted to upstream?21:41
Sam-I-Amyeah, for a while now21:41
Sam-I-Amthey dont even put it in contrib21:41
mathiazSam-I-Am: IIRC there was some push back from the debian maintainer to not include the ldap patch21:42
Sam-I-Ami see a dhcp-server-ldap in debian21:42
mathiazSam-I-Am: where?21:42
Sam-I-Amhttp://packages.debian.org/lenny/dhcp3-server-ldap21:42
mathiazSam-I-Am: oh right - I remember now21:43
Sam-I-Amthe dhcp ldap schema is fairly well, formed, but in testing i've only found a few things that actually work in ldap... particularly host management, which is really what we want... although config would be a nice touch21:43
Sam-I-Amextra comma in there..21:43
mathiazSam-I-Am: right - my plan was to integrate dns+dhcp via a shared backend (openldap)21:44
mathiazSam-I-Am: and throw kerberos in the mix too21:44
Sam-I-Amyeah21:44
Sam-I-Ami havent deployed dns in ldap in production yet, but i have it in testing21:44
mathiazSam-I-Am: cool.21:44
Sam-I-Amyeah21:44
Sam-I-Ameverything in ldap!21:44
mathiazSam-I-Am: If you could document this in a wiki page (to start)21:45
Sam-I-Ambtw, i'm one of the dhcp maintainers :)21:45
mathiazSam-I-Am: then we can start on packaging all of this to create an OOTB experience21:45
Sam-I-Ami have several dozen wiki pages here at work... once i'm done documenting, i plan to post them publically somewhere once i clean up the company-specific hoopla21:45
Sam-I-Ambtw, speaking of OOTB, should probably put a post-install note for slapd on how to access cn=config with .17 :)21:46
Sam-I-Amsince it doesnt ask for a password anymore, it might confuse people who dont know about sasl external21:46
mathiazSam-I-Am: right - that's a good idea and can be documented after FeatureFreeze21:46
mathiazSam-I-Am: all the script I posted above use the new EXTERNAL method21:47
mathiazSam-I-Am: the missing part is that kerberos cannot used sasl EXTERNAL21:47
Sam-I-Ambecause you're using it for config?21:47
mathiazSam-I-Am: I should file a feature request with the upstream folks to support that21:47
mathiazSam-I-Am: when you run krb5_ldap_utils to create the realm you need to give a DN and a password21:48
mathiazSam-I-Am: is there another way to create a realms beside using krb5_ldap_utils?21:48
Sam-I-Amwell, to be honest i'm using heimdal here... i just call kadmin to generate a realm after editing krb5.conf21:49
mathiazSam-I-Am: another point I'd like to investigate is to see if the two users that the krb5kdc use could use SASL external to connect to the slapd daemon over ldapi21:49
Sam-I-Amyeah, ldapi is a bit limited right now21:50
mathiazSam-I-Am: right - does heimdal kadmin support SASL external?21:50
Sam-I-Amyes21:50
Sam-I-Ami'm almost sure heimdal only supports ldapi21:51
Sam-I-Amit of course comes in as root...21:53
Sam-I-Amyou can have other ldapi users and the proper authzregexp for them... but all the kerberos stuff runs as root21:53
mathiazSam-I-Am: right - support SASL EXTERNAL would mean running the different kdc under different accounts21:53
mathiazSam-I-Am: and then map this via AuthzMap to the correct dn21:53
Sam-I-Amyeh21:53
Sam-I-Ami'm still torn between mit and heimdal...21:54
mathiazSam-I-Am: IIUC this is not supported by heimdal?21:54
Sam-I-Amheimdal right now has the added benefit of updating samba hashes in ldap as it finds them21:54
Sam-I-Amheimdal supports ldapi and sasl external21:54
mathiazSam-I-Am: I'll post a feature request to the MIT folks as I'm in contact with the dev team21:54
Sam-I-Amdoes mit not support sasl external?21:55
Sam-I-Amits on my list of things to configure in the testbed...21:55
Sam-I-Ami design and plunk infrastructure systems down all the time and think in some cases heimdal or mit would better suit a particular customer21:56
juliushi21:56
Sam-I-Amhowdy21:56
juliushow can i close a bug reported by me on launchpad?21:56
Sam-I-Amjust say its been fixed and the maintainer will close it as needed...21:56
Sam-I-Ampost some detail about how it was fixed..21:56
Sam-I-Ami wonder if mit supports tls or just ssl...21:58
juliusso i as the owner cant close it?21:58
Sam-I-Ami... dont think so.21:58
juliusthx21:58
Sam-I-Ammathiaz: whats your priority on a dhcp4 package w/ ldap patch?21:59
Sam-I-Ami have dhcp4 built against sid/karmic with the patch... just not packaged yet since they more or less replaced the entire build internals21:59
Sam-I-Amprobably something for 10.0422:00
mathiazSam-I-Am: not a target for 9.1022:00
mathiazSam-I-Am: having ldap+krb5 integrated was a low priority target for 9.1022:00
mathiazSam-I-Am: but things haven't moved as quickly as expected22:01
Sam-I-Amthat seems to be a common case22:01
mathiazSam-I-Am: (mainly blocked on administration tools)22:01
Sam-I-Amif i could spend every day working on open source stuff i would... but it doesnt work that way22:01
mathiazSam-I-Am: well - you're *already* spending more time on open source stuff than most of the people :)22:01
Sam-I-Amthe best i can do is make my stuff as generic as possible, push docs back out, and get things patched22:02
mathiazSam-I-Am: that's one of the best approach22:02
Sam-I-Amand working closely with the upstream developers for what i use22:03
Sam-I-Amit literally took 5 minutes to get the nssov patch from howard22:03
Sam-I-Amnow if only gnutls worked that quickly... :/22:04
Sam-I-Ami found a bug in that which essentially breaks typical certs with subjectaltname...22:04
Doonzheya all22:06
Sam-I-Amhowdy22:06
Doonzneed some help with dns on my server22:07
Doonzi set the 2 nics to static ip's22:07
Doonzbut now i cant resolve host names ie: cant ping google.com22:07
Sam-I-Amis there a default route?22:07
Doonzi changed my /etc/resolv.conf to show my isp dns servers22:08
DoonzSam-I-Am: sorry im new with this22:08
Sam-I-Amcan you ping those dns server IPs?22:08
Doonzhmm never thought of that22:08
Doonzone sec22:08
luxosbuenas22:09
luxoscomo van22:09
luxospregunta22:09
luxosquiero instlar una impresora en el servidor linux y quiero compartirla en la red22:09
mathiazSam-I-Am: well gnutls may be a bit buggy but it's the only option we have from a licensing point of view22:09
luxoscomo hago eso22:09
DoonzSam-I-Am: i cant ping the nameservers either22:09
mathiaz!es | luxos22:10
ubottuluxos: En la mayoría de canales Ubuntu se comunica en inglés. Para ayuda en Español, por favor entre en los canales #ubuntu-es o #kubuntu-es.22:10
Doonzi can only ping my router and other pcs on this network22:10
Sam-I-Amcan you get an ip of google.com from another machine and try to ping it from the machine in question?22:11
KillMeNowDoonz, did you check to make sure you have a good gateway set?22:11
Doonzthe gateway is set to 192.168.1.1 wich it is22:12
Doonzbut i cant ping outside of my network22:12
KillMeNowcan you ping outside from your gateway?22:12
Sam-I-Amare other machines using that gateway working?22:13
Doonzi cant ping everything from this laptop22:13
Doonzcan*22:13
KillMeNowwhat is your gateway?  is it a linux box or a little router?22:13
Doonzits a router22:13
Doonzbut i have my resolv.conf file set up with the ips of my isp dns servers22:13
Sam-I-Amsame as the laptop which works?22:13
KillMeNowrun a route command22:14
KillMeNowfrom the box that is having the issue22:14
KillMeNowcan you ping those?22:14
Sam-I-Amyou also mentioned something about having 2 nics or at least two IPs on this machine in question22:14
Sam-I-Amdepending on how those are configured you could have a problem22:15
Doonzhttp://pastebin.com/m59313df122:15
Doonzthats the output from route22:15
Doonzboth nics have different ip's22:15
KillMeNowanyone else seeing 2 gateways?22:15
KillMeNowdo a ifconfig please22:15
Doonzok22:16
Sam-I-Amyeah i'm seeing two22:16
Sam-I-Amyou shouldnt have two default gateways...22:16
Doonzhttp://pastebin.com/mebc428a22:16
* Doonz is a noob22:17
KillMeNowremove the gateway statement from one of your interfaces22:17
KillMeNowor set one statically22:17
Doonz...22:17
KillMeNowbut i guess you see the problem now22:17
DoonzNO I DONT22:17
Doonzbah sorry22:17
KillMeNowok give me the config for each of your eth interfaces...  are they DHCP or static?22:18
Doonzstatic22:18
Doonzhttp://pastebin.com/me4fae722:19
KillMeNowpick one of your interfaces to be the default and then edit your config and remove one of the gateway addresses22:20
KillMeNowthe whole gateway statement22:20
Doonzso un eth1 just romve the gateway part?22:20
KillMeNowyea i updated your pastebin22:20
Doonzok22:20
KillMeNowusing eth0 as the main interface22:20
KillMeNowwhat are you trying to do?  you trying to bind them together for better bandwidth?  like get 2 gbps by joining 2 nics?22:21
Doonzno22:21
KillMeNowok22:21
Doonzjust 2 seperate ips22:21
KillMeNowonce you ahve it edited, restart your network22:22
Doonzwant to keep media traffic on one nic and the rest on the other nic22:22
KillMeNowby issuing:  /etc/init.d/network restart22:22
Doonzhmm22:24
Doonzit doesnt like that command22:24
hggdhor 'service network restart'22:24
Doonz@server:/etc/init.d# service network restart22:24
Doonz$network: unrecognized service22:24
KillMeNowsorry22:25
KillMeNowuse networking22:25
KillMeNows/network/networking/22:25
Doonzoh ok22:25
hggdhyeah. Same mistake I made ;-)22:25
Doonzhehe22:26
KillMeNownah, i work in RHEL / Ubuntu22:26
KillMeNowget the two mixed up sometimes22:26
DoonzYAY22:26
Doonzthanx all good now22:26
KillMeNowcongrats22:26
Doonzbrb22:27
Doonzyaya22:28
Doonzwoohoo22:28
Doonzall good22:28
KillMeNowi'm glad22:29
Sam-I-Ammathiaz: so whats the idea for security regarding all this stuff talking to ldap... like dhcp, dns, etc... most of them don't support ldapi, and even if they did, they'd come in as the root user.  i dont think all of these services would need write access to the whole ldap tree.22:29
VirtualDisasterand you dont want to make dhcp/dns dependant on ldap22:43
VirtualDisasteruse ldap for auth and use radius for items like dhcp clients22:43
mathiazSam-I-Am: right. One of the idea in Ubuntu is to try to run most of daemons as non-root22:45
mathiazSam-I-Am: so given that goal, having the services running under their own account would solve the problem22:45
Sam-I-Amyes22:45
mathiazSam-I-Am: IIRC the dhcp server doesn't run as root22:46
Sam-I-Amnope22:46
Sam-I-Amnor does bind to some extent...22:46
Sam-I-Amthey do at one point or another22:46
Sam-I-Amreading through your todo...22:47
mathiazSam-I-Am: another idea wrt to security is to try to use SASL External + kerberos to authenticate and encrypt communication22:47
mathiazSam-I-Am: from my openldap-dit branch?22:47
Sam-I-Amyeah22:47
mathiazSam-I-Am: the first lines may no be relevant anymore - they're related to another DIT22:47
mathiazSam-I-Am: my branch is actually base on the trunk from the openldap-dit LP project22:48
mathiazSam-I-Am: which was started by andreas22:48
mathiazSam-I-Am: it's based on the Mandriva Directory Service22:48
Sam-I-Amah22:48
Sam-I-Amnoticed the heimdal branch question22:48
mathiazSam-I-Am: andreas used to work for Mandriva22:48
mathiazSam-I-Am: yes - heimdal was the choice then22:48
Sam-I-Ami store heimdal machine/service credentials in ou=computers with the samba machines22:49
Sam-I-Amand person creds in ou=people22:49
mathiazSam-I-Am: I've removed a lot of the original work to reduce the scope22:49
mathiazSam-I-Am: right - I moved everything under accounts22:49
Sam-I-Amyea, guess thats irrelevant now if we're using mit heh22:49
mathiazSam-I-Am: as from the kerberos perspective they're all principals22:50
Sam-I-Amyeah22:50
Sam-I-Ammit clients talk to heimdal kdcs just fine22:50
Sam-I-Amits just kadmin that doesnt work22:50
mathiazSam-I-Am: does heimdal make a difference between host principals, service principals and user principals?22:50
mathiazSam-I-Am: ie can it store them in different sub-trees?22:50
Sam-I-Amit only allows you to configure one place to store principals in the config file, but i usually use a script to add mine so they go into the appropriate locations... and the heimdal service account can read the entire ldap tree22:51
mathiazSam-I-Am: I haven't played enough with the DIT where all principals are stored in the same OU22:51
Sam-I-Amit'll work all in the same ou, it just looks messy22:51
mathiazSam-I-Am: right - that comes back to the issue of administration tools22:52
mathiazSam-I-Am: right - the DIT isn't supposed to be read by end users22:52
mathiazSam-I-Am: one of the design principles I follow is to have a shallow tree with as little hierarchy as possible22:52
Sam-I-Amwith heimdal, if your kerberos attributes are not in the same DN as your other user stuff, it wont also update your samba hash upon kerberos key change22:53
Sam-I-Ammine are pretty limited too... mostly nis-like with some extras for heimdal, dhcp, dns, and samba22:53
mathiazSam-I-Am: right - that would be covered by the krb5smb openldap overlay22:54
Sam-I-Amyes, which should probably get built along with nssov22:54
mathiazSam-I-Am: which would be responsible for maintaining all passwords in sync22:54
mathiazSam-I-Am: it doesn't support MIT kerberos though22:54
Sam-I-Amahh yes, another problem...22:54
Sam-I-Amas of a few months ago it didnt like compiling against gnutls either22:55
mathiazSam-I-Am: and I know that howard is working on updating a couple of IETF drafts wrt to password policies and kerberos schema22:55
Sam-I-Amyeah, thats cool22:55
mathiazSam-I-Am: so it may worth waiting a bit to see what comes out of this22:55
Sam-I-Amsomeone in openldap-devel sent me his diffs for building smbk5pwd within the ubuntu package, so that might be useful either way...22:56
mathiazSam-I-Am: oh cool.22:56
Sam-I-Ami think that was part of the reason i chose heimdal22:56
Sam-I-Amthat and its potential integration with samba4... although samba4 appears to run its own kdc22:56
mathiazSam-I-Am: yes - it makes sense.22:56
mathiazSam-I-Am: samba4 is being ported to MIT kerberos22:56
Sam-I-Amha22:57
mathiazSam-I-Am: they've started with heimdal but work is done to support MIT as well.22:57
Sam-I-Amwould be nice if it could just compile against one or the other... just like openldap and gnutls vs. openssl vs. moznss22:57
Sam-I-Amalthough that sort of thing makes the code a bit more complicated22:58
Sam-I-Amespecially if you have to work around implementation specific bugs... which are fairly common with openldap-gnutls22:58
Sam-I-Amalso, while i'm thinking about it, how does one get approved for the server team?23:00
mathiazSam-I-Am: hm - when I'll process pending the requests :D23:00
Sam-I-Amah, ok23:00
mathiazSam-I-Am: I haven't done that for a while23:01
Sam-I-Ami should be one of them23:01
Sam-I-Ami sure wish there were more hours in the day...23:04
Sam-I-Amso many interesting things to do, so little time23:04
Sam-I-Amalso saw your note about autofs... several schema for that :/23:04
Sam-I-Amdepending on what kind of compatibility you want23:04
Sam-I-Amtime to head home... bbl23:07

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!