/srv/irclogs.ubuntu.com/2009/10/13/#ubuntu-server.txt

uvirtbot	New bug: #410379 in tomcat6 (universe) "Tomcat security configuration error prevents proper logging when used with Sun's JVM" [Low,Triaged] https://launchpad.net/bugs/410379	00:32
sgrover	help with Apache virtual host issue? http://pastie.org/652283	00:57
sgrover	The "standard" suggestions for vhost problems don't seem to apply - the server already has functional vhosts, the new one refuses to work...	00:58
uvirtbot	New bug: #448656 in mysql-dfsg-5.1 (main) "CPU information is inaccessible for MySQL" [Low,Incomplete] https://launchpad.net/bugs/448656	01:01
Nattgew	transmission-daemon keeps giving me a 401 unauthorized error... I edit the settings.json but every time I restart the daemon that file gets rewritten	01:13
wizardslovak	hello people	01:22
wizardslovak	does ubuntu server support sata to pci cards?	01:22
=== freeflyi2g is now known as freeflying
sgrover	Resolved my problem. Server name "projects" so setting up a vhost with a server name of "projects.myserver.com" resolves to something different than you might be expecting... sighs...	01:31
slampoud	I've downloaded the image from http://cdimage.ubuntu.com/ubuntu-server/daily/current/karmic-server-amd64.iso , verified md5 sums, burned install CDs, and had them fail their internal md5 checks several times yesterday and today. This happened using two different CD burners, and media known to be OK, so it may be worth verifying that the ISO bits are actually OK.	02:06
uvirtbot	New bug: #450008 in mysql-dfsg-5.0 (main) "mysql server crashes while installing for the second time" [Undecided,New] https://launchpad.net/bugs/450008	02:45
uvirtbot	New bug: #450007 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: sub-processo post-installation script retornou estado de sa?da de erro 1" [Undecided,New] https://launchpad.net/bugs/450007	02:46
aubre	hello, I've been on holiday but I will be back at work , I've seen Jono's call for testing Eucalyptus and I will be doing my part	03:05
aubre	I have one front-end and two nodes, they are working currently	03:05
=== SyL is now known as Guest74631
maxagaz	if i need to run a command after all services of a server are started, i just have to put it in /etc/rc.local before "exit 0", right ?	05:24
jtaji	maxagaz: thats right	05:31
mushroomblue	anyone alive that can answer a hopefully-simple http question?	06:07
Jeeves_	mushroomblue: Ask the question and you will find out	06:09
mushroomblue	anyone know why ssh/http connection attempts would die when reaching my internal web server?	06:10
mushroomblue	like, I look in wireshark, and see syn requests that have my home IP as the source.	06:10
mushroomblue	they travel through the router, and seemingly through the switch.	06:10
mushroomblue	wireshark is showing a SYN request.	06:10
mushroomblue	but the system itself doesn't ACK.	06:10
Jeeves_	A firewall? :)	06:11
mushroomblue	ufw is configured to allow ports 80, 22, and 443	06:11
mushroomblue	though I disabled ufw just to check.	06:11
mushroomblue	and iptables -L isn't showing anything wrong.	06:13
mushroomblue	according to the firewall, everything's pretty goatse'd.	06:13
uvirtbot	New bug: #450093 in mysql-dfsg-5.1 (main) "Root password prompt failing" [Undecided,New] https://launchpad.net/bugs/450093	06:16
ssm	mushroomblue: anything in the web server's kernel log?	06:16
mushroomblue	lemme look.	06:16
mushroomblue	nothing that I can tell.	06:18
mushroomblue	looks like UFW blocked an internal IP once or twice, but that's about it.	06:18
ssm	is it pingable either way?	06:18
ssm	from or to the server?	06:19
mushroomblue	I can connect to the box any other way than externally.	06:22
mushroomblue	on another box inside the firewall, it connects on ports 22 and 80	06:22
mushroomblue	I can see the traffic being sent to the box in wireshark.	06:22
mushroomblue	at least, SYN packets.	06:23
mushroomblue	so, the only things I can think of it being are something stoopid in the router's access control list, or something with the switch.	06:23
mushroomblue	the first, I think I've been able to rule out. nat translations are showing the connection being routed to the proper internal IP	06:24
mushroomblue	a switch shouldn't be causing these problems, should it?	06:24
ssm	or a wrong arp entry, if you've recently moved the IP address	06:24
ssm	I've had a piece of network equipment randomly overwrite the target MAC address, making the system reachable only if it was running in promisquos mode. as in "Why is the internet working only when I run tcpdump?"....	06:25
mushroomblue	right.	06:26
_bubsy	who ever use openfire ?	07:18
artillerytx	Hey guys is SFTP enabled by default in an install ?	07:33
livetoday	running (sudo) apt-get <anything> gives me a segfault. can this be fixed? is it a known issue?	07:40
cemc	hey. can I run an ubuntu 9.04 desktop 32bit with 12gb ram AND actually use the 12gb ram ?	07:43
KurtKraut	livetoday, are you sure there isn't a hardware failure, like in RAM?	07:48
livetoday	how would i identify such? the failure seems isolated to this one program, and occurs whenever it is run	07:51
twb	artificialexit: sftp is enabled by default within openssh; I think openssh-server is probably not installed by default.	07:58
alex_joni	cemc: surely not	08:13
livetoday	KurtKraut, how would i identify such? the failure seems isolated to this one program, and occurs whenever it is run.	09:23
KurtKraut	livetoday, have you rebooted since the problem appeared?	09:23
livetoday	KurtKraut, no. i haven't rebooted this month.	09:24
KurtKraut	livetoday, is aptitude working? Try aptitude update	09:25
livetoday	aptitude doesn't work either: it says that it gets a sigsegv, then closes with a segfault	09:26
livetoday	KurtKraut^	09:26
twb	cemc: IIRC what the kernel does is access 4GiB at a time, and then "page" between 4GiB areas of RAM. If it works at all, it will be a filthy bodge.	09:26
KurtKraut	livetoday, are you running Jaunty?	09:26
livetoday	KurtKraut, yes	09:26
twb	cemc: fortunately, your CPU probably supports x86-64 (amd64), so you can just install that.	09:26
KurtKraut	livetoday, was your system up to date?	09:27
livetoday	KurtKraut, pretty sure it was. i login via ssh regularly, and do an apt-get update && apt-get upgrade whenever informed that there are package updates available.	09:28
KurtKraut	livetoday, please tell me the output of md5sum /usr/bin/apt-get	09:28
livetoday	KurtKraut, 92759f1b80a768406e1ad6e87d057cfe	09:29
KurtKraut	livetoday, this is the expected output. Your problem requires further investigation. Please, post all the details you already provided me in ubuntuforums.org	09:30
KurtKraut	livetoday, in my experience, wierd segfaults or kernel panics are associated with hardware failure (hard disk or RAM)	09:30
livetoday	KurtKraut, would expect a reboot, or a reinstall to be useful?	09:32
KurtKraut	livetoday, to determine if there is a hardware problem? Yes. If there is one, the effects would be wider and more evident.	09:33
KurtKraut	livetoday, but no matter what is causing this, reboot wouldn't fix it.	09:33
livetoday	KurtKraut, diagnostically, would either step be useful?	09:34
KurtKraut	livetoday, I would start with a RAM test.	09:35
livetoday	KurtKraut, there's one built in, that can be selected in the boot-loader, yes?	09:35
KurtKraut	livetoday, yes.	09:37
livetoday	KurtKraut, guess i'm rebooting then. thanks for your assistance	09:38
StrangeCharm	KurtKraut, i'm livetoday's. it does appear to be the ram. memtest is throwing errors like nobody's business.	09:41
KurtKraut	StrangeCharm, several output with red background?	09:41
StrangeCharm	KurtKraut, several dozens of thousands of errors	09:42
KurtKraut	StrangeCharm, lol. I knew it! :D	09:43
KurtKraut	StrangeCharm, you can abort the RAM check. You already know it may be damaged.	09:43
StrangeCharm	KurtKraut, it does come as something of a surprise to see ram this broken	09:43
StrangeCharm	KurtKraut, yes, but the only solution i know of is purchasing new ram, which is never fun	09:44
jmarsden	StrangeCharm: I'd say you just found your problem. Replace your RAM and retest. Worst case, you could try removing half of the RAM modules in the machine and test again, you might find you can determine which RAM module(s) have the problem and then use only know good ones...	09:44
KurtKraut	StrangeCharm, you may try to remove, clean them and put it back.	09:44
StrangeCharm	KurtKraut, you mean, clean the pins?	09:46
StrangeCharm	rather, the contacts	09:46
KurtKraut	StrangeCharm, exactly	09:46
StrangeCharm	how does ram get damaged like this?	09:46
KurtKraut	StrangeCharm, the procedure jmarsden recomended is also important.	09:46
StrangeCharm	as a more general question, in terms of how to avoid it in future	09:46
KurtKraut	StrangeCharm, usage, oxidation, umidity, excessive heat etc.	09:47
StrangeCharm	KurtKraut, jmarsden i'm already starting	09:47
KurtKraut	StrangeCharm, this is one of the reasons datacenters have such controlled climate/enviroment	09:47
StrangeCharm	well, i have a dormroom in a humid region, and a fan...	09:48
StrangeCharm	my budget contends much better with downtime and ram replacements, than data-center-like control	09:49
StrangeCharm	good news: one of the dimms is not generating a large number of errors immediately	09:53
StrangeCharm	KurtKraut, jmarsden, cleaning both dimms, and changing the slots in use seems to have completely eradicated the memory problem: memtest isn't givint me any more errors	10:19
KurtKraut	StrangeCharm, I'm glad to hear that.	10:19
StrangeCharm	if i use ubuntu to set up an encrypted softraid5 of n disks, and i suffer a catastrophic hardware failure which destroys all system hardware except but n-1 disks, will i be able to construct a new system and recover that data?	11:35
=== baffle_ is now known as baffle
=== georg is now known as kwork
uvirtbot	New bug: #377356 in openssh (main) "ssh-askpass has no Option to save the Passphrase to a keyring" [Low,Incomplete] https://launchpad.net/bugs/377356	12:31
myeggo	hello, this is my logrotate configuration: http://pastebin.com/m7020dffa - but it still stores the log weekly, someone could give me a link or any idea about how to make it working? thanks in advance	13:15
myeggo	i am being ignored in every channels :/	13:16
uvirtbot	New bug: #450309 in qemu-kvm (main) "assertion failure when using i82551 network card emulation" [Undecided,New] https://launchpad.net/bugs/450309	13:21
uvirtbot	New bug: #447585 in eucalyptus "Cached image not being flushed from the cache on deregister in some cases" [Low,In progress] https://launchpad.net/bugs/447585	14:02
=== sommer_ is now known as sommer
ttx	kirkland: howdy -- I have a merge to 925 in my PPA	14:26
ttx	kirkland: I wait for upstream ack to upload that	14:27
VousDeux	Does anyone know if thereis some way to monitor for a specific error condition and automatically execute a bash script in response to the error?	14:27
bogeyd6	VousDeux you could set a cron job every minute	14:29
bogeyd6	or you could use a nagios solution	14:30
VousDeux	I'm trying to avoid the every minute thing if possible...I'll look into the nagios solution...thanks for your suggestion.	14:31
uvirtbot	New bug: #422000 in postfix (main) "package postfix 2.5.5-1.1 failed to install/upgrade: subprocess pre-installation script returned error exit status 1" [Low,Incomplete] https://launchpad.net/bugs/422000	14:32
VousDeux	nagios looks like a very good possibility...thanks again.	14:34
bogeyd6	yw	14:34
kirkland	ttx: that sounds fair	14:34
kirkland	ttx: hopefully the last upload?	14:34
ttx	kirkland: well, I want to prevent the "hey, 926 is so much better"	14:35
kirkland	ttx: :-) inevitable	14:35
uvirtbot	New bug: #438565 in eucalyptus (main) "Eucalyptus Public IPs should be submitted in CIDR notation" [Wishlist,Triaged] https://launchpad.net/bugs/438565	14:41
pn	afternoon all	14:55
pn	can anyone comment on 'the best' way to set up identity management on ubuntu server? Perhaps using openldap or freeipa?	14:56
_ruben	!best	14:58
ubottu	Usually, there is no single "best" application to perform a given task. It's up to you to choose, depending on your preferences, features you require, and other factors. Do NOT take polls in the channel. If you insist on getting people's opinions, ask BestBot in #ubuntu-bots.	14:58
pn	sigh	14:59
mushroomblue	outside of wireshark, is there a way to see if Apache is actually receiving connection attempts from the outside world?	14:59
pn	actually, I'd argue one of the things that differentiates something like ubuntu server from something like centos is the 'best' or most popular way of doing certain things: like file systems or package management - or in this case authentication	15:00
pn	thanks for the lecture just the same	15:00
Pici	mushroomblue: see files in /var/log/apache2/	15:00
mushroomblue	I'll check. thanks.	15:00
clusty	hey	15:02
clusty	something really weird is going on. my resolv.conf gets overwritten constantly with some default values. any clues what service could cause that?	15:03
Jeeves_	clusty: network manager or dhclient	15:08
VousDeux	...or openvpn	15:08
clusty	the machine is a local DNS and router box	15:09
clusty	i put the machine itself in the resolv conf cause i can never resolve local dns from the router itself	15:10
clusty	grrr	15:10
clusty	guess i need more digging	15:10
ttx	mathiaz: would you consider CIDR addressing that doesn't specify the right beginning for a segment: broken or acceptable ?	15:21
ttx	i.e. : 192.168.0.230/30 = 192.168.0.228 - 192.168.0.231	15:21
ttx	kirkland: Looking in the code to implement it myself, I discovered that euca kinda supports CIDR addressing for publicIP already	15:22
mathiaz	ttx: hm - acceptable. I wouldn't do it personally - because it makes my brain hurt	15:24
acalvo	a shot in the dark: does anyone know how to do a simple redirection with postfix? recipient_bcc_maps does not work, neither does modifing /etc/aliases	15:25
VousDeux	I'm trying to follow the steps from the server guide for ldap and samba, but sldap-populate fails. I can do a ldapsearch on my active directory server just fine, so I'm not sure why sldap-populate fails...is there another way to accomplish what sldap-populate does?	15:25
ttx	mathiaz: have a look at bug 438565 then, and let me know if we should consider the current CIDR support in eucalyptus broken or usable	15:25
uvirtbot	Launchpad bug 438565 in eucalyptus "Eucalyptus Public IPs should be submitted in CIDR notation" [Wishlist,Triaged] https://launchpad.net/bugs/438565	15:25
acalvo	VousDeux: mmm well, what's the output?	15:26
VousDeux	I suspect that maybe my password is too complex and the sldap-populate script may not be reading it properly, but I would prefer not to have to change my password.	15:26
acalvo	I remember having some problems but they were related to incorrect credentials	15:26
acalvo	you can create a script that execs the smbldap-populate, and store in a variable the password, so you know the password is ok	15:27
* ahasenack can't figure out "ufw delete"		15:27
ahasenack	how do I delete this rule?	15:27
ahasenack	0.0.0.0 5901/tcp ALLOW 187.5.57.143	15:27
VousDeux	It says LdapErr: DSID-0C090B38 a bunch of times...'Error in attribute conversion operation' From what I have gathered it seems to be an authentication problem, but I can authenticate manually with no problem.	15:28
acalvo	VousDeux: what version of smbldap-tools are you using?	15:28
acalvo	I think 0.9.6 was broken	15:29
ahasenack	I used "ufw allow proto tcp from 187.5.57.143 to 0.0.0.0 port 6001" to add it, just replacing "allow" with "delete" doesn't work	15:29
acalvo	it was better to use 0.9.5	15:29
acalvo	(correct me if I'm wrong with the version control)	15:29
ahasenack	VousDeux: are you trying to use smbldap-populate against an AD machine?	15:29
VousDeux	ahasenack, yes...AD.	15:29
acalvo	VousDeux: well, AFAIK smbldap was made to emulate an AD	15:30
ahasenack	VousDeux: why? That's unlikely to work, you need at least the unix related schema	15:30
acalvo	so the default config for an AD should work with samba	15:30
VousDeux	...still trying to figure out how to check version...	15:30
ahasenack	VousDeux: you already have a "samba" server with ldap in that AD machine, it's called windows	15:30
VousDeux	Looks like smbldap-tools is version 0.9.4-1	15:31
acalvo	ahasenack: that's unlikely to work also...	15:31
acalvo	VousDeux: https://gna.org/projects/smbldap-tools/	15:32
VousDeux	I'm trying to convert/migrate from Active Directory.	15:33
VousDeux	I want to shut the Windows Server down.	15:34
acalvo	oh, OK	15:34
VousDeux	I'm trying virtualize my server environment, but I want to use Linux as a server instead of Windows.	15:34
VousDeux	I just can't seem to figure out why sldap-populate fails.	15:35
VousDeux	I've repeated the steps from the Server Guide three times.	15:36
acalvo	but, you have to run that against the samba-ldap server	15:36
acalvo	not the AD server	15:36
VousDeux	...each time I purged the installation of both LDAP and Samba and started from scratch.	15:36
VousDeux	Isn't is supposed to populate the samba-ldap from existing ad?	15:37
VousDeux	...cause that's what I need to do.	15:37
ahasenack	VousDeux: it will work only against openldap, or at least something other than AD	15:38
VousDeux	I don't understand how I am supposed to get the LDAP data from AD to samba/ldap then.	15:41
acalvo	VousDeux: you've several options	15:43
acalvo	dump all your AD tree	15:43
acalvo	maybe use the openldap as slave and wait until it finish the replication routine	15:44
VousDeux	I'm not trying to populate AD, I'm trying to populate ldap-samba by reading from AD.	15:45
VousDeux	Hmmm...that slave option rings a bell... maybe.	15:46
wizardslovak	hello people	15:48
wizardslovak	when i want to find word in "nano" editor	15:48
wizardslovak	how do i do that?	15:48
acalvo	wizardslovak: #ubuntu	15:48
wizardslovak	no i am in #ubuntu-server	15:49
zer0her0	anyone running ubuntu server on EC2?	15:49
VousDeux	it looks to e like sldap-populate is trying to execute as user root instead of admin.	15:50
\sh	VousDeux, you need to merge the data...we did that in the past, reading AD users/groups and pushing them into LDAP via shell script	15:51
wizardslovak	is there a shortcut to find word in nano editor?	15:52
\sh	wizardslovak, #ubuntu is the right channel to ask	15:52
wizardslovak	why if ubuntu-server uses too	15:52
kwork	wizardslovak, ctrl + w	15:53
VousDeux	Okay, so if I can't use the documents from the Server Guide to figure this out, what document should I use. I'm sure you guys are offering very good suggestions, but I have no idea what you are talking about. Where can I learn more?	15:53
wizardslovak	thank you	15:54
kirkland	ttx: i think CIDR is better than nothing, but a human readable range would be ideal	15:56
VousDeux	Hmmm....it also looks like sldap-populate is reading AD and finding OUs that were not defined...like Builtin. The document and config files only asked for Users, Groups, and Machines.	15:56
ttx	kirkland: hmm	15:57
VousDeux	Maybe that's the whole problem.	15:57
magellan	Hello	15:57
detrate	hello	15:58
\sh	kirkland, CIDR is human readable for admins ;)	15:59
magellan	I'm looking for someone that successfully setup network interface bonding on Ubuntu 9.04... as I'm not able to get it working :(	16:00
kirkland	\sh: that's "admin readable", then, not "human readable"	16:00
magellan	I seems that everything works fine, if I disconnect the active interface cable the active interface change, but no traffic is able to transit through the backup interface.	16:02
Daviey	meeting?	16:02
magellan	No one familiar with bonding ?	16:09
=== dendrobates is now known as dendro-afk
VousDeux	I'm trying to learn how to use Ubuntu Server, but I can't seem to find the beginning of the documentation. I started with the Server Guide Introduction, but now I'm having problems following along with the steps and it seems like there is something else I should already know. Where is the beginning of the documentation?	16:23
saltybeagle	zul: greetings.. ashnazg and I are some php-pear fellows	16:23
zul	saltybeagle: hi!	16:23
saltybeagle	zul: so the package doesn't use the phar at all?	16:23
zul	saltybeagle: im working on it right now, i just downloaded the phar file from pear.php.net and doing a rebuilding test	16:24
saltybeagle	zul: ah, ok.	16:24
zul	saltybeagle: no since our buildds dont have a network connection they use the one with the tarball	16:24
saltybeagle	zul: let us know if you need anything. Other pear guys are in #pear on efnet	16:24
zul	saltybeagle: ah i thought you guys might be on oftc but there was no one there ;)	16:25
saltybeagle	zul: yah,, efnet for historical reasons. :-)	16:25
zul	saltybeagle: ill pop by later to let you guys know	16:25
detrate	anyone here have experience with NFS?	16:26
saltybeagle	zul: excellent.. we've got at least 3 or 4 ubuntu users in there at any moment, if you need any testers ofr anything	16:26
zul	saltybeagle: cool thanks	16:26
mushroomblue	ugh.	16:26
mushroomblue	I have an issue.	16:26
mushroomblue	I have webservers plugged into two different switches, on two different internet connections.	16:27
mushroomblue	ssh and apache will only respond if one of the interfaces is completely disabled.	16:27
uvirtbot	New bug: #361819 in linux (universe) "Frequent random KVM host kernel OOPS " [Medium,Triaged] https://launchpad.net/bugs/361819	16:32
=== dendro-afk is now known as dendrobates
uvirtbot	New bug: #450463 in vm-builder (universe) "acpiphp module needs to be loaded on first boot" [Medium,Confirmed] https://launchpad.net/bugs/450463	16:56
ttx	nurmi: about bug 438565	17:06
uvirtbot	Launchpad bug 438565 in eucalyptus "Eucalyptus Public IPs should be submitted in CIDR or range notation" [Wishlist,Triaged] https://launchpad.net/bugs/438565	17:06
ttx	nurmi: I didn't realiaz that there was some CIDR support in eucalyptus already	17:06
ttx	realize, even	17:07
ttx	mathiaz: would you consider writing up the minutes ? What's your current load average ?	17:08
nurmi	ttx: well, there is, but it probably should not be considered as stable enough at this point	17:08
ttx	mathiaz: I think I can do it, but I may be late in doing so	17:08
nurmi	ttx: I believe that a 'range' would be more solid	17:08
ttx	nurmi: if implemented server-side, yes	17:09
ttx	because anything that translates into 254 IP addresses into a shell variable gives me creeps	17:09
nurmi	ttx: I can quickly add range parsing to the CC	17:09
ttx	could you comment on that bug ? I think range is more readable (and also more correct, since current CIDR translates to network - 2 addresses)	17:11
nurmi	ttx: however, i'm going to restrict any one range specification to the last octet	17:11
ttx	nurmi: works for me	17:12
uvirtbot	New bug: #449244 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 [modified: /var/lib/dpkg/info/mysql-server-5.0.list] failed to install/upgrade: subproces pre-installation script gaf een foutwaarde 1 terug" [Undecided,New] https://launchpad.net/bugs/449244	17:12
nurmi	ttx: i can comment on that bug now detailing 'the plan'	17:12
nurmi	ttx: i think we need a similar bug/commentary from your side on the plan for the upstart scripts	17:12
ttx	nurmi: that would be perfect, and allow kirkland to ack that it would look better than half-CIDR	17:13
nurmi	ttx: nod	17:13
ttx	nurmi: sure, once it's posted as a bug :)	17:13
ttx	(if not already)	17:13
nurmi	ttx: there are a few bugs that are related	17:13
ttx	posted as multiple bugs, then	17:13
nurmi	ttx: yes	17:13
nurmi	ttx: plus, some issues pointed out in email reports	17:14
ttx	nurmi: btw I hit and fixed bug 449530, was preventing any email sending	17:15
uvirtbot	Launchpad bug 449530 in eucalyptus "Missing JARs make user registration impossible" [High,Fix released] https://launchpad.net/bugs/449530	17:15
nurmi	ttx: I did see that, good catch	17:15
ttx	nurmi: it also resulted in a borked user list in the web UI	17:16
ttx	i.e. after a failed email send, the user list would be returned empty	17:16
ttx	even if you fixed the missing JARs, the user list would stay borked	17:16
ttx	but I couldn't reproduce it on a fixed setup	17:16
ttx	(just so that you know about it)	17:17
nurmi	ttx: okay, good to know - i'll file a bug against eucalyptus about that issue	17:17
ttx	nurmi: to reproduce, remove the two JARs, attempt and fail to "apply", then log in as admin and look at the user list	17:18
wizardslovak	does anyone using clamav ?	17:18
nurmi	ttx: thank you	17:18
=== Vog_ is now known as Vog
davmor2	Hey guys good news current docs have worked successfully twice on the trot now. I'd say that was pretty stable and testable :)	17:33
VousDeux	Okay, so I change all of my samba-ldap config options to only use the openldap server, but when I try smbldap-populate it returns several error lines that all say "failed to add entry: modifications require authentication." Does mean that it is failing to read the password from /etc/ldapscripts/ldapscripts.passwd?	17:33
wizardslovak	how do i move to some line in nano editor?	17:34
Kaelten	Hi, I have an init script that's trying to run a script on a mount and it doesn't work during startup, is it possible the mount doesn't exist at that point?	17:57
smoser	it is definitely possible	18:02
Kaelten	hrm, I just added some echo statements and that doesn't seem to be it :/	18:02
Bilge	Where are ufw rules stored?	18:02
jpds	Bilge: iptables -L	18:05
jpds	Bilge: Or /etc/ufw/*.rules	18:05
Kaelten	I just have this init script http://paste.wowace.com/wa9b6pqiretn70sx/	18:05
Kaelten	works fine when I run it manually	18:05
Kaelten	and it's getting called during boot	18:06
Kaelten	but it doesn't seem to work :/	18:06
VousDeux	It seems like all of this documentation is purposfully designed to fail so that us newbies are left scratching our head and searching for days on end trying to find solutions for errors.	18:11
VousDeux	It just seems like no matter how carefully I try to follow the steps I end up spending days and days trying to figure out why it didn't work.	18:13
mushroomblue	VousDeux: if you'd like, I could /msg you some urls that were helpful.	18:15
VousDeux	I would appreciate that very much...thank you.	18:15
VousDeux	I don't mind reading, it's just that I seem to have a very difficult time trying to to figure out what I should be reading. :)	18:16
uvirtbot	New bug: #450518 in samba (main) "Wine failed to install properly and won't run applications" [Undecided,New] https://launchpad.net/bugs/450518	18:17
arooni	we're trying to track down performance issues on our server. we cant scale beyond 20-30 requests/per/second. we're running a scaling test now. our stack is apache/mod_rails/rails/mysql. on ubuntu 8.10 64bit server. any suggestions on WHERE to look and track down our errors?	18:19
mushroomblue	VousDeux: don't worry. the official documentation is focused on teaching you LDAP while setting up a server, and it makes it a chore to read/understand.	18:21
mushroomblue	not to mention, the SSL section is completely broken.	18:21
VousDeux	Ahhh...that explains it...I sure wish I could find the beginning of the documetation I should read to learn all of this stuff. It just seems like I'm forever searching for a document to learn how to do something, but every document I find assumes I should already know something else, so I end up in an endless circle of trying to find a document to explain the other document.	18:24
uvirtbot	New bug: #446841 in image-store-proxy (main) "Unable to start images installed/registered via the image store" [High,Triaged] https://launchpad.net/bugs/446841	18:27
mushroomblue	VousDeux: yeah. I experienced that hell back in June.	18:30
HexGhost	hello	18:32
HexGhost	im migrating my company's current mail server from freebsd to ubuntu and im wondering what suggestions anyone has for backing up a mail server	18:33
HexGhost	right now i make a weekly tarball but that isn't very optimal	18:33
oroz	can someone help me turn off "Emulate3Buttons"?	18:34
uvirtbot	New bug: #450534 in samba (main) "package samba 2:3.3.2-1ubuntu3.2 failed to install/upgrade: il sottoprocesso post-installation script ha restituito un codice di errore 1" [Undecided,New] https://launchpad.net/bugs/450534	18:36
Bilge	jpds: the /etc/ufw/*.rules seem to have nothing to do with the rules that I've set up	18:46
uvirtbot	New bug: #347211 in authbind (main) "authbind unreasonably fails to address ports 512 through 1023" [Undecided,Fix released] https://launchpad.net/bugs/347211	18:46
VousDeux	Should I be concerned that after running 'dpkg-reconfigure slapd' there is no /etc/ldap/slapd.conf?	18:53
ahasenack	VousDeux: ubuntu uses /etc/ldap/slapd.d by default since jaunty or so	18:53
VousDeux	ahhh...thanks	18:54
VousDeux	vi /etc/ldap/slapd.d	18:54
VousDeux	oops	18:54
ahasenack	VousDeux: it's a bit more complicated than that	18:54
VousDeux	Oh for pete's sake.	18:56
iarp	lol	18:57
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
VousDeux	So, basically, there are no accurate, up-to-date instructions for how to install and configure ldap/samba???	18:58
ahasenack	the server guide talks about slapd.d usage	18:58
ahasenack	don't know about samba, but since smbldap-tools uses just ldap commands, the config backend doesn't matter	18:58
hydrozen	Hi. I just installed Ubuntu 8.04 LTS on amazon using the latest AMI. I can login as root using the key I generated, but I can't seem to login using any other accounts that I created. It says "Permission denied (publickey)." Any ideas what I need to change? Is it in the SSH configuration?	19:03
ilowe	hydrozen: That's either because you don't have the right key installed on your client, or because the user on the server is not configured to allow logins with that key	19:06
ilowe	hydrozen: you would need to add the key to authorized_keys for each account that should support logins	19:06
hydrozen	ilowe: what would I need to check on the server?	19:06
hydrozen	ilowe: yes I did that. and i checked the permissions they seem fine too.	19:06
ilowe	hydrozen: so those users have a .ssh/authorized_keys? chmod'd to 600?	19:07
ilowe	hydrozen: double check for differences between those users and root (if root is working for you)	19:07
ilowe	hydrozen: and you are logging in as the same user on the client-side, right?	19:07
hydrozen	-rw------- 1 patrick patrick 668 2009-10-13 17:56 authorized_keys	19:08
hydrozen	ilowe: yes, same username on my mac and on the server	19:08
ilowe	hydrozen: OK, and the authorized_keys file is the same as for root?	19:10
hydrozen	ilowe: naw. For root im using a key that i generated using the amazon tools. For my personal account I generated a key myself using ssh-keygen.	19:11
ilowe	hydrozen: OK, fair enough	19:11
ilowe	hydrozen: hmmm, and this is all out of the box?	19:11
hydrozen	wait i think i know where i fucked up	19:12
hydrozen	err nope still doesnt work	19:13
hydrozen	ilowe: yeah pretty much out of the box... i dont get it	19:16
ilowe	hydrozen: crap, you're two releases behind me so I don't know if it's 8.04-specific; it sounds like you have all your ducks in a row	19:17
hydrozen	ilowe: hehe... I'll figure it out I guess... I'm sure it has to do with the SSH configuration	19:17
hydrozen	its prolly too secure for my needs	19:17
ilowe	hydrozen: I know I had to fiddle the order of passwords and so on at some point	19:18
ilowe	hydrozen: I mean in the global conf; but I haven't had to do it in a while (and I set up about 3-10 boxen a month)	19:18
hydrozen	the AMI might have some particular settings to make it more secure on amazon	19:19
VousDeux	Great...all the install/uninstall stuff with this slapd/samba and now my server won't shutdown again...just keeps coming back to this recovery menu.	19:21
uvirtbot	New bug: #450449 in eucalyptus (main) "fix whitespace in eucalyptus update-motd url" [Wishlist,Fix committed] https://launchpad.net/bugs/450449	19:22
VousDeux	Last time this happened I had to reinstall the server all over again...I'm getting sick of starting over before I can even really begin.	19:24
uvirtbot	New bug: #306369 in autofs (main) "autofs cannot mount remote directory path with space" [Low,Incomplete] https://launchpad.net/bugs/306369	19:37
ruben23	hi any optimization on ubuntu networks	19:47
ruben23	or the sever itself	19:47
arooni	our load right now is 8.72 ... how do we find out WHY this is ? i.e what specifically is causing a high load... should load always be below 1?	19:51
Jagged	arooni: top	19:55
Jagged	arooni: you can use < and > to change your sort until you get %cpu or cpu time	19:56
arooni	is load only based on cpu utializiation?	19:56
Jagged	http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages	19:58
jdstrand	ahasenack: re ufw delete> put delete 'before' the rule, not instead of 'allow'. eg: to delete 'ufw allow OpenSSH', use 'ufw delete allow OpenSSH'	20:04
ahasenack	jdstrand: got it, thanks	20:04
jdstrand	Bilge: re where ufw stores rules> rules added with the 'ufw' cli command are stored in either /var/lib/ufw/rules or /lib/ufw/.rules (depending on the version you are using). /etc/ufw/*.rules are for customization. see 'man ufw'	20:05
ahasenack	jdstrand: is there an ufw command to clear all rules so one can start fresh?	20:07
jdstrand	ahasenack: not at present. there is a wishlist bug on it and it will probably be in the next release of ufw. what version of Ubuntu are you using ufw on?	20:08
ahasenack	jdstrand: ok, thanks	20:08
jdstrand	ahasenack: what version of Ubuntu are you using ufw on?	20:09
ahasenack	jdstrand: oh, all of them :P	20:09
ahasenack	jdstrand: hardy, intrepid, jaunty, karmic and even dapper if it's available there, didn't check yet	20:10
jdstrand	ahasenack: ok, the easiest thing to do to reset ufw is to do 'sudo ufw disable ; sudo cp /usr/share/ufw/user*.rules /valib/lib/ufw'	20:10
jdstrand	ahasenack: err, /var/lib/ufw	20:10
ahasenack	ok	20:10
jdstrand	ahasenack: if /var/lib/ufw doesn't exist, then put them in /lib/ufw	20:11
mushroomblue	arooni: load is based on cpu percentage required to do tasks, IIRC.	20:11
mushroomblue	arooni: and each number is a duration of time.	20:11
jdstrand	ahasenack: ufw 0.29-1 is the first release to put rules in /lib/ufw (that should be Ubuntu 9.10 only)	20:11
uvirtbot	New bug: #449814 in samba (main) "amule" [Undecided,New] https://launchpad.net/bugs/449814	20:12
ahasenack	so karmic	20:12
mushroomblue	if your system load is at 8.xx, that means it's doing a ridiculous high load.	20:12
Jagged	mushroomblue: it also depends on the number of cores	20:12
mushroomblue	I suppose.	20:12
Jagged	a dual-quad core server should be able to handle a load of 8	20:12
mushroomblue	right. 1.00 == 100% of one CPU	20:13
mushroomblue	thanks.	20:13
mushroomblue	arooni: running something big that's constantly spanking your CPU?	20:14
Bilge	jdstrand: thanks! I am including them in my backup script now	20:22
uvirtbot	New bug: #436977 in eucalyptus "euca_rootwrap makes eucalyptus user equivalent to root" [Undecided,Confirmed] https://launchpad.net/bugs/436977	20:22
uvirtbot	New bug: #445105 in eucalyptus (main) "uses unsafe /tmp files" [High,Triaged] https://launchpad.net/bugs/445105	20:22
uvirtbot	New bug: #318495 in autofs (main) "Patches for documentation" [Wishlist,Incomplete] https://launchpad.net/bugs/318495	20:33
=== dendrobates is now known as dendro-afk
=== MenZa_ is now known as MenZa
uvirtbot	New bug: #317400 in openldap2.3 (main) "TLSCACertificateFile ignored" [Low,Incomplete] https://launchpad.net/bugs/317400	21:27
VousDeux	It doesn't seem to matter how many different ways I try, the smbldap-populate fails.	21:37
VousDeux	It tells me 'modifications require authentication' and it looks like it is trying to authenticate as root. I tried using smbldap-populate -a admin, but I get the same errors.	21:38
VousDeux	On google I found where some others were seeing this, but the solution seems to be to modify the smb.conf, but this file doesn't exist and I dont know where it's supposed to be or what's supposed to be in it.	21:40
VousDeux	About the only thing I can think of that I have not tried is installing slapd and leaving the admin password blank.	21:41
VousDeux	I don't even know where smbldap-populate is getting the password from that it is trying to use, and I see no way to specify a password to be used for the modifications.	21:43
=== dendro-afk is now known as dendrobates
VousDeux	What am I missing...it's no fun to sit here for 12 hours and try to find an answer to why something in a tutorial didn't work...where should I be looking?	22:01
genii	VousDeux: Have you consulted the main server guide?	22:03
VousDeux	Yes, that's the tutorial that's not working.	22:03
mushroomblue	hah. main server guide.	22:03
bogeyd6	vous your directory/file permissions are not correct for this database	22:04
bogeyd6	VousDeux make sure that the database	22:04
bogeyd6	directory and all files it contains are writable by	22:04
bogeyd6	slapd	22:04
VousDeux	I don't know where the database directory is.	22:04
bogeyd6	VousDeux /var/lib/ldap	22:07
VousDeux	Can you tell me how you found that?	22:07
bogeyd6	ill do you one better	22:09
bogeyd6	VousDeux https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html	22:09
bogeyd6	if you are using 9.04 for a server, shame on you :(	22:09
VousDeux	Oh, really????	22:09
VousDeux	Do tell, please.	22:09
VousDeux	What should I be using?	22:10
bogeyd6	Ubuntu 8.04.3 LTS	22:11
uvirtbot	New bug: #450501 in apache2 (main) "ab crashed with SIGSEGV in main()" [Undecided,New] https://launchpad.net/bugs/450501	22:11
bogeyd6	VousDeux and i meant, https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html	22:11
bogeyd6	copy and paste was broked	22:11
VousDeux	Okay, I thought I downloaded the current, stable release.	22:12
bogeyd6	9.04 is current and stable	22:13
bogeyd6	but by the time you are settling in, support will end for it	22:13
VousDeux	What is LTS?	22:13
bogeyd6	VousDeux https://wiki.ubuntu.com/LTS specifically With the Long Term Support (LTS) version you get 3 years support on the desktop, and 5 years on the server.	22:13
bogeyd6	so they will release updates for 8.04 for 5 years	22:14
VousDeux	Okay...much for me to learn...I would have thought the newest version would have the best support.	22:15
bogeyd6	easy to misunderstand	22:16
bitprophet	remind me again, how long are the non LTS releases supported for? A year? Or only the ~6 months till the next release?	22:19
bitprophet	just an academic question, of course, I've been using 8.04 since it came out =)	22:19
mushroomblue	bah. 9.04 is fine if most of your enterprise is virtualized.	22:20
bitprophet	what's virtualization got to do with it?	22:21
mushroomblue	makes upgrading trivial.	22:21
bitprophet	not everyone has the time to constantly upgrade, nor to deal with breakage from setting up an OS that you haven't verified works for your apps or situation	22:21
mushroomblue	oh.	22:22
mushroomblue	I bill by the hour.	22:22
mushroomblue	:)	22:22
bitprophet	Ha	22:22
bitprophet	How does virtualizing make upgrading trivial, just the abiltiy to snapshot/clone/rollback? or is there some other angle I'm missing	22:23
mushroomblue	cloning and rolling back is enough.	22:24
mushroomblue	but I can clone the entire network.	22:24
mushroomblue	make changes, test, etc.	22:24
mushroomblue	it's made testing new updates trivial.	22:25
slibuntu	hello all, inexperienced admin here, wondering what is a good policy for permissions on users home folders?	22:26
=== slampoud_ is now known as slampoud
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
maaku	eucalyptus devs: my node install fails to detect the cluster on the local network, giving an error code that seems to indicate it was pulling the preseed file from a self-assigned ip address. would like to file a bug report, but not sure which information is relevant	22:34
maaku	forgot the mention: 9.10 beta UEC install	22:34
maaku	and both node and cluster/cloud controller are manually assigned static IPs, no DHCP server exists on the network	22:35
bogeyd6	bitprophet 18 months	22:37
bogeyd6	!permissions	22:38
ubottu	An explanation of what file permissions are and how they can be manipulated can be found at https://help.ubuntu.com/community/FilePermissions	22:39
bogeyd6	!home	22:39
ubottu	Your home directory is where all of your personal files are usually kept. For moving your home directory to a separate partition, please see: http://psychocats.net/ubuntu/separatehome	22:39
blistov	Anyone know of a way to force a directory to force its subdirectories to inherit its permissions? IE: like setgid/setuid, but for say... 775?	22:56
bitprophet	blistov: afaik only ACLs can do that	22:58
bitprophet	but I'm not an expert in that particular area	22:58
blistov	bitprophet: I expect you are correct, but I've been told there may be a way.	22:59
bitprophet	I know ACLS _can_ do it, for sure. just don't know if there's a non ACL method like sticky bit or whatever	22:59
blistov	sticky bit is what I'm investigating now.	22:59
bitprophet	I think that's largely for executing, though. can't recall.	22:59
bitprophet	also, umask, but only if you can control all your users and trust them not to override their own umasks	23:00
blistov	Right. But I can't trust them. And incidentally "the Linux kernel ignores the sticky bit on files." according to chmod man	23:00
bitprophet	interesting.	23:02
=== dendrobates is now known as dendro-afk
captainkirk	hi folks. I need advice on how to track down a memory leaking program on my 9.04 32bit system	23:54

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!