[00:57] <sgrover> help with Apache virtual host issue?  http://pastie.org/652283
[00:58] <sgrover> The "standard" suggestions for vhost problems don't seem to apply - the server already has functional vhosts, the new one refuses to work...
[01:13] <Nattgew> transmission-daemon keeps giving me a 401 unauthorized error... I edit the settings.json but every time I restart the daemon that file gets rewritten
[01:22] <wizardslovak> hello people
[01:22] <wizardslovak> does ubuntu server support sata to pci cards?
[01:31] <sgrover> Resolved my problem.  Server name "projects"  so setting up a vhost with a server name of "projects.myserver.com" resolves to something different than you might be expecting... sighs...
[02:06] <slampoud> I've downloaded the image from http://cdimage.ubuntu.com/ubuntu-server/daily/current/karmic-server-amd64.iso , verified md5 sums, burned install CDs, and had them fail their internal md5 checks several times yesterday and today. This happened using two different CD burners, and media known to be OK, so it may be worth verifying that the ISO bits are actually OK.
[03:05] <aubre> hello, I've been on holiday but I will be back at work , I've seen Jono's call for testing Eucalyptus and I will be doing my part
[03:05] <aubre> I have one front-end and two nodes, they are working currently
[05:24] <maxagaz> if i need to run a command after all services of a server are started, i just have to put it in /etc/rc.local before "exit 0", right ?
[05:31] <jtaji> maxagaz: thats right
[06:07] <mushroomblue> anyone alive that can answer a hopefully-simple http question?
[06:09] <Jeeves_> mushroomblue: Ask the question and you will find out
[06:10] <mushroomblue> anyone know why ssh/http connection attempts would die when reaching my internal web server?
[06:10] <mushroomblue>  like, I look in wireshark, and see syn requests that have my home IP as the source.
[06:10] <mushroomblue> they travel through the router, and seemingly through the switch.
[06:10] <mushroomblue> wireshark is showing a SYN request.
[06:10] <mushroomblue> but the system itself doesn't ACK.
[06:11] <Jeeves_> A firewall? :)
[06:11] <mushroomblue> ufw is configured to allow ports 80, 22, and 443
[06:11] <mushroomblue> though I disabled ufw just to check.
[06:13] <mushroomblue> and iptables -L isn't showing anything wrong.
[06:13] <mushroomblue> according to the firewall, everything's pretty goatse'd.
[06:16] <ssm> mushroomblue: anything in the web server's kernel log?
[06:16] <mushroomblue> lemme look.
[06:18] <mushroomblue> nothing that I can tell.
[06:18] <mushroomblue> looks like UFW blocked an internal IP once or twice, but that's about it.
[06:18] <ssm> is it pingable either way?
[06:19] <ssm> from or to the server?
[06:22] <mushroomblue> I can connect to the box any other way than externally.
[06:22] <mushroomblue> on another box inside the firewall, it connects on ports 22 and 80
[06:22] <mushroomblue> I can see the traffic being sent to the box in wireshark.
[06:23] <mushroomblue> at least, SYN packets.
[06:23] <mushroomblue> so, the only things I can think of it being are something stoopid in the router's access control list, or something with the switch.
[06:24] <mushroomblue> the first, I think I've been able to rule out. nat translations are showing the connection being routed to the proper internal IP
[06:24] <mushroomblue> a switch shouldn't be causing these problems, should it?
[06:24] <ssm> or a wrong arp entry, if you've recently moved the IP address
[06:25] <ssm> I've had a piece of network equipment randomly overwrite the target MAC address, making the system reachable only if it was running in promisquos mode.  as in "Why is the internet working only when I run tcpdump?"....
[06:26] <mushroomblue> right.
[07:18] <_bubsy> who ever use openfire ?
[07:33] <artillerytx> Hey guys is SFTP enabled by default in an install ?
[07:40] <livetoday> running (sudo) apt-get <anything> gives me a segfault. can this be fixed? is it a known issue?
[07:43] <cemc> hey. can I run an ubuntu 9.04 desktop 32bit with 12gb ram AND actually use the 12gb ram ?
[07:48] <KurtKraut> livetoday, are you sure there isn't a hardware failure, like in RAM?
[07:51] <livetoday> how would i identify such? the failure seems isolated to this one program, and occurs whenever it is run
[07:58] <twb> artificialexit: sftp is enabled by default within openssh; I think openssh-server is probably not installed by default.
[08:13] <alex_joni> cemc: surely not
[09:23] <livetoday> KurtKraut, how would i identify such? the failure seems isolated to this one program, and occurs whenever it is run.
[09:23] <KurtKraut> livetoday, have you rebooted since the problem appeared?
[09:24] <livetoday> KurtKraut, no. i haven't rebooted this month.
[09:25] <KurtKraut> livetoday, is aptitude working? Try aptitude update
[09:26] <livetoday> aptitude doesn't work either: it says that it gets a sigsegv, then closes with a segfault
[09:26] <livetoday> KurtKraut^
[09:26] <twb> cemc: IIRC what the kernel does is access 4GiB at a time, and then "page" between 4GiB areas of RAM.  If it works at all, it will be a filthy bodge.
[09:26] <KurtKraut> livetoday, are you running Jaunty?
[09:26] <livetoday> KurtKraut, yes
[09:26] <twb> cemc: fortunately, your CPU probably supports x86-64 (amd64), so you can just install that.
[09:27] <KurtKraut> livetoday, was your system up to date?
[09:28] <livetoday> KurtKraut, pretty sure it was. i login via ssh regularly, and do an apt-get update && apt-get upgrade whenever informed that there are package updates available.
[09:28] <KurtKraut> livetoday, please tell me the output of md5sum /usr/bin/apt-get
[09:29] <livetoday> KurtKraut, 92759f1b80a768406e1ad6e87d057cfe
[09:30] <KurtKraut> livetoday, this is the expected output. Your problem requires further investigation. Please, post all the details you already provided me in ubuntuforums.org
[09:30] <KurtKraut> livetoday, in my experience, wierd segfaults or kernel panics are associated with hardware failure (hard disk or RAM)
[09:32] <livetoday> KurtKraut, would expect a reboot, or a reinstall to be useful?
[09:33] <KurtKraut> livetoday, to determine if there is a hardware problem? Yes. If there is one, the effects would be wider and more evident.
[09:33] <KurtKraut> livetoday, but no matter what is causing this, reboot wouldn't fix it.
[09:34] <livetoday> KurtKraut, diagnostically, would either step be useful?
[09:35] <KurtKraut> livetoday, I would start with a RAM test.
[09:35] <livetoday> KurtKraut, there's one built in, that can be selected in the boot-loader, yes?
[09:37] <KurtKraut> livetoday, yes.
[09:38] <livetoday> KurtKraut, guess i'm rebooting then. thanks for your assistance
[09:41] <StrangeCharm> KurtKraut, i'm livetoday's. it does appear to be the ram. memtest is throwing errors like nobody's business.
[09:41] <KurtKraut> StrangeCharm, several output with red background?
[09:42] <StrangeCharm> KurtKraut, several dozens of thousands of errors
[09:43] <KurtKraut> StrangeCharm, lol. I knew it! :D
[09:43] <KurtKraut> StrangeCharm, you can abort the RAM check. You already know it may be damaged.
[09:43] <StrangeCharm> KurtKraut, it does come as something of a surprise to see ram this broken
[09:44] <StrangeCharm> KurtKraut, yes, but the only solution i know of is purchasing new ram, which is never fun
[09:44] <jmarsden> StrangeCharm: I'd say you just found your problem.  Replace your RAM and retest.  Worst case, you could try removing half of the RAM modules in the machine and test again, you might find you can determine which RAM module(s) have the problem and then use only know good ones...
[09:44] <KurtKraut> StrangeCharm, you may try to remove, clean them and put it back.
[09:46] <StrangeCharm> KurtKraut, you mean, clean the pins?
[09:46] <StrangeCharm> rather, the contacts
[09:46] <KurtKraut> StrangeCharm, exactly
[09:46] <StrangeCharm> how does ram get damaged like this?
[09:46] <KurtKraut> StrangeCharm, the procedure jmarsden recomended is also important.
[09:46] <StrangeCharm> as a more general question, in terms of how to avoid it in future
[09:47] <KurtKraut> StrangeCharm, usage, oxidation, umidity, excessive heat etc.
[09:47] <StrangeCharm> KurtKraut, jmarsden i'm already starting
[09:47] <KurtKraut> StrangeCharm, this is one of the reasons datacenters have such controlled climate/enviroment
[09:48] <StrangeCharm> well, i have a dormroom in a humid region, and a fan...
[09:49] <StrangeCharm> my budget contends much better with downtime and ram replacements, than data-center-like control
[09:53] <StrangeCharm> good news: one of the dimms is not generating a large number of errors immediately
[10:19] <StrangeCharm> KurtKraut, jmarsden, cleaning both dimms, and changing the slots in use seems to have completely eradicated the memory problem: memtest isn't givint me any more errors
[10:19] <KurtKraut> StrangeCharm, I'm glad to hear that.
[11:35] <StrangeCharm> if i use ubuntu to set up an encrypted softraid5 of n disks, and i suffer a catastrophic hardware failure which destroys all system hardware except but n-1 disks, will i be able to construct a new system and recover that data?
[13:15] <myeggo> hello, this is my logrotate configuration: http://pastebin.com/m7020dffa - but it still stores the log weekly, someone could give me a link or any idea about how to make it working? thanks in advance
[13:16] <myeggo> i am being ignored in every channels :/
[14:26] <ttx> kirkland: howdy -- I have a merge to 925 in my PPA
[14:27] <ttx> kirkland: I wait for upstream ack to upload that
[14:27] <VousDeux> Does anyone know if thereis some way to monitor for a specific error condition and automatically execute a bash script in response to the error?
[14:29] <bogeyd6> VousDeux you could set a cron job every minute
[14:30] <bogeyd6> or you could use a nagios solution
[14:31] <VousDeux> I'm trying to avoid the every minute thing if possible...I'll look into the nagios solution...thanks for your suggestion.
[14:34] <VousDeux> nagios looks like a very good possibility...thanks again.
[14:34] <bogeyd6> yw
[14:34] <kirkland> ttx: that sounds fair
[14:34] <kirkland> ttx: hopefully the last upload?
[14:35] <ttx> kirkland: well, I want to prevent the "hey, 926 is so much better"
[14:35] <kirkland> ttx: :-)  inevitable
[14:55] <pn> afternoon all
[14:56] <pn> can anyone comment on 'the best' way to set up identity management on ubuntu server? Perhaps using openldap or freeipa?
[14:58] <_ruben> !best
[14:59] <pn> *sigh*
[14:59] <mushroomblue> outside of wireshark, is there a way to see if Apache is actually receiving connection attempts from the outside world?
[15:00] <pn> actually, I'd argue one of the things that differentiates something like ubuntu server from something like centos is the 'best' or most popular way of doing certain things: like file systems or package management - or in this case authentication
[15:00] <pn> thanks for the lecture just the same
[15:00] <Pici> mushroomblue: see files in /var/log/apache2/
[15:00] <mushroomblue> I'll check. thanks.
[15:02] <clusty> hey
[15:03] <clusty> something really weird is going on. my resolv.conf gets overwritten constantly with some default values. any clues what service could cause that?
[15:08] <Jeeves_> clusty: network manager or dhclient
[15:08] <VousDeux> ...or openvpn
[15:09] <clusty> the machine is a local DNS and router box
[15:10] <clusty> i put the machine itself in the resolv conf cause i can never resolve local dns from the router itself
[15:10] <clusty> grrr
[15:10] <clusty> guess i need more digging
[15:21] <ttx> mathiaz: would you consider CIDR addressing that doesn't specify the right beginning for a segment: broken or acceptable ?
[15:21] <ttx> i.e. : 192.168.0.230/30 = 192.168.0.228 - 192.168.0.231
[15:22] <ttx> kirkland: Looking in the code to implement it myself, I discovered that euca kinda supports CIDR addressing for publicIP already
[15:24] <mathiaz> ttx: hm - acceptable. I wouldn't do it personally - because it makes my brain hurt
[15:25] <acalvo> a shot in the dark: does anyone know how to do a simple redirection with postfix? recipient_bcc_maps does not work, neither does modifing /etc/aliases
[15:25] <VousDeux> I'm trying to follow the steps from the server guide for ldap and samba, but sldap-populate fails. I can do a ldapsearch on my active directory server just fine, so I'm not sure why sldap-populate fails...is there another way to accomplish what sldap-populate does?
[15:25] <ttx> mathiaz: have a look at bug 438565 then, and let me know if we should consider the current CIDR support in eucalyptus broken or usable
[15:26] <acalvo> VousDeux: mmm well, what's the output?
[15:26] <VousDeux> I suspect that maybe my password is too complex and the sldap-populate script may not be reading it properly, but I would prefer not to have to change my password.
[15:26] <acalvo> I remember having some problems but they were related to incorrect credentials
[15:27] <acalvo> you can create a script that execs the smbldap-populate, and store in a variable the password, so you know the password is ok
[15:27]  * ahasenack can't figure out "ufw delete"
[15:27] <ahasenack> how do I delete this rule?
[15:27] <ahasenack> 0.0.0.0 5901/tcp           ALLOW       187.5.57.143
[15:28] <VousDeux> It says  LdapErr: DSID-0C090B38 a bunch of times...'Error in attribute conversion operation' From what I have gathered it seems to be an authentication problem, but I can authenticate manually with no problem.
[15:28] <acalvo> VousDeux: what version of smbldap-tools are you using?
[15:29] <acalvo> I think 0.9.6 was broken
[15:29] <ahasenack> I used "ufw allow proto tcp from 187.5.57.143 to 0.0.0.0 port 6001" to add it, just replacing "allow" with "delete" doesn't work
[15:29] <acalvo> it was better to use 0.9.5
[15:29] <acalvo> (correct me if I'm wrong with the version control)
[15:29] <ahasenack> VousDeux: are you trying to use smbldap-populate against an AD machine?
[15:29] <VousDeux> ahasenack, yes...AD.
[15:30] <acalvo> VousDeux: well, AFAIK smbldap was made to emulate an AD
[15:30] <ahasenack> VousDeux: why? That's unlikely to work, you need at least the unix related schema
[15:30] <acalvo> so the default config for an AD should work with samba
[15:30] <VousDeux> ...still trying to figure out how to check version...
[15:30] <ahasenack> VousDeux: you already have a "samba" server with ldap in that AD machine, it's called windows
[15:31] <VousDeux> Looks like smbldap-tools is version 0.9.4-1
[15:31] <acalvo> ahasenack: that's unlikely to work also...
[15:32] <acalvo> VousDeux: https://gna.org/projects/smbldap-tools/
[15:33] <VousDeux> I'm trying to convert/migrate from Active Directory.
[15:34] <VousDeux> I want to shut the Windows Server down.
[15:34] <acalvo> oh, OK
[15:34] <VousDeux> I'm trying virtualize my server environment, but I want to use Linux as a server instead of Windows.
[15:35] <VousDeux> I just can't seem to figure out why sldap-populate fails.
[15:36] <VousDeux> I've repeated the steps from the  Server Guide three times.
[15:36] <acalvo> but, you have to run that against the samba-ldap server
[15:36] <acalvo> not the AD server
[15:36] <VousDeux> ...each time I purged the installation of both LDAP and Samba and started from scratch.
[15:37] <VousDeux> Isn't is supposed to populate the samba-ldap from existing ad?
[15:37] <VousDeux> ...cause that's what I need to do.
[15:38] <ahasenack> VousDeux: it will work only against openldap, or at least something other than AD
[15:41] <VousDeux> I don't understand how I am supposed to get the LDAP data from AD to samba/ldap then.
[15:43] <acalvo> VousDeux: you've several options
[15:43] <acalvo> dump all your AD tree
[15:44] <acalvo> maybe use the openldap as slave and wait until it finish the replication routine
[15:45] <VousDeux> I'm not trying to populate AD, I'm trying to populate ldap-samba by reading from AD.
[15:46] <VousDeux> Hmmm...that slave option rings a bell... maybe.
[15:48] <wizardslovak> hello people
[15:48] <wizardslovak> when i want to find word in "nano" editor
[15:48] <wizardslovak> how do i do that?
[15:48] <acalvo> wizardslovak: #ubuntu
[15:49] <wizardslovak> no i am in #ubuntu-server
[15:49] <zer0her0> anyone running ubuntu server on EC2?
[15:50] <VousDeux> it looks to e like sldap-populate is trying to execute as user root instead of admin.
[15:51] <\sh> VousDeux, you need to merge the data...we did that in the past, reading AD users/groups and pushing them into LDAP via shell script
[15:52] <wizardslovak> is there a shortcut to find word in nano editor?
[15:52] <\sh> wizardslovak, #ubuntu is the right channel to ask
[15:52] <wizardslovak> why if ubuntu-server uses too
[15:53] <kwork> wizardslovak, ctrl + w
[15:53] <VousDeux> Okay, so  if I can't use the documents from the Server  Guide to figure this out, what document should I use. I'm sure you guys are offering very good suggestions, but I have no idea what you are talking about. Where can I learn more?
[15:54] <wizardslovak> thank you
[15:56] <kirkland> ttx: i think CIDR is better than nothing, but a human readable range would be ideal
[15:56] <VousDeux> Hmmm....it also looks like sldap-populate is reading AD and finding OUs that were not defined...like Builtin. The document and config files only asked for Users, Groups, and Machines.
[15:57] <ttx> kirkland: hmm
[15:57] <VousDeux> Maybe that's the whole problem.
[15:57] <magellan> Hello
[15:58] <detrate> hello
[15:59] <\sh> kirkland, CIDR is human readable for admins ;)
[16:00] <magellan> I'm looking for someone that successfully setup network interface bonding on Ubuntu 9.04... as I'm not able to get it working :(
[16:00] <kirkland> \sh: that's "admin readable", then, not "human readable"
[16:02] <magellan> I seems that everything works fine, if I disconnect the active interface cable the active interface change, but no traffic is able to transit through the backup interface.
[16:02] <Daviey> meeting?
[16:09] <magellan> No one familiar with bonding ?
[16:23] <VousDeux> I'm trying to learn how to use Ubuntu Server, but I can't seem to find the beginning of the documentation. I started with the Server Guide Introduction, but now I'm having problems following along with the steps and it seems like there is something else I should already know. Where is the beginning of the documentation?
[16:23] <saltybeagle> zul: greetings.. ashnazg and I are some php-pear fellows
[16:23] <zul> saltybeagle: hi!
[16:23] <saltybeagle> zul: so the package doesn't use the phar at all?
[16:24] <zul> saltybeagle: im working on it right now, i just downloaded the phar file from pear.php.net and doing a rebuilding test
[16:24] <saltybeagle> zul: ah, ok.
[16:24] <zul> saltybeagle: no since our buildds dont have a network connection they use the one with the tarball
[16:24] <saltybeagle> zul: let us know if you need anything. Other pear guys are in #pear on efnet
[16:25] <zul> saltybeagle: ah i thought you guys might be on oftc but there was no one there ;)
[16:25] <saltybeagle> zul: yah,, efnet for historical reasons.  :-)
[16:25] <zul> saltybeagle: ill pop by later to let you guys know
[16:26] <detrate> anyone here have experience with NFS?
[16:26] <saltybeagle> zul: excellent.. we've got at least 3 or 4 ubuntu users in there at any moment, if you need any testers ofr anything
[16:26] <zul> saltybeagle: cool thanks
[16:26] <mushroomblue> ugh.
[16:26] <mushroomblue> I have an issue.
[16:27] <mushroomblue> I have webservers plugged into two different switches, on two different internet connections.
[16:27] <mushroomblue> ssh and apache will only respond if one of the interfaces is completely disabled.
[17:06] <ttx> nurmi: about bug 438565
[17:06] <ttx> nurmi: I didn't realiaz that there was some CIDR support in eucalyptus already
[17:07] <ttx> realize, even
[17:08] <ttx> mathiaz: would you consider writing up the minutes ? What's your current load average ?
[17:08] <nurmi> ttx: well, there is, but it probably should not be considered as stable enough at this point
[17:08] <ttx> mathiaz: I think I can do it, but I may be late in doing so
[17:08] <nurmi> ttx: I believe that a 'range' would be more solid
[17:09] <ttx> nurmi: if implemented server-side, yes
[17:09] <ttx> because anything that translates into 254 IP addresses into a shell variable gives me creeps
[17:09] <nurmi> ttx: I can quickly add range parsing to the CC
[17:11] <ttx> could you comment on that bug ? I think range is more readable (and also more correct, since current CIDR translates to network - 2 addresses)
[17:11] <nurmi> ttx: however, i'm going to restrict any one range specification to the last octet
[17:12] <ttx> nurmi: works for me
[17:12] <nurmi> ttx: i can comment on that bug now detailing 'the plan'
[17:12] <nurmi> ttx: i think we need a similar bug/commentary from your side on the plan for the upstart scripts
[17:13] <ttx> nurmi: that would be perfect, and allow kirkland to ack that it would look better than half-CIDR
[17:13] <nurmi> ttx: nod
[17:13] <ttx> nurmi: sure, once it's posted as a bug :)
[17:13] <ttx> (if not already)
[17:13] <nurmi> ttx: there are a few bugs that are related
[17:13] <ttx> posted as multiple bugs, then
[17:13] <nurmi> ttx: yes
[17:14] <nurmi> ttx: plus, some issues pointed out in email reports
[17:15] <ttx> nurmi: btw I hit and fixed bug 449530, was preventing any email sending
[17:15] <nurmi> ttx: I did see that, good catch
[17:16] <ttx> nurmi: it also resulted in a borked user list in the web UI
[17:16] <ttx> i.e. after a failed email send, the user list would be returned empty
[17:16] <ttx> even if you fixed the missing JARs, the user list would stay borked
[17:16] <ttx> but I couldn't reproduce it on a fixed setup
[17:17] <ttx> (just so that you know about it)
[17:17] <nurmi> ttx: okay, good to know - i'll file a bug against eucalyptus about that issue
[17:18] <ttx> nurmi: to reproduce, remove the two JARs, attempt and fail to "apply", then log in as admin and look at the user list
[17:18] <wizardslovak> does anyone using clamav ?
[17:18] <nurmi> ttx: thank you
[17:33] <davmor2> Hey guys good news current docs have worked successfully twice on the trot now.  I'd say that was pretty stable and testable :)
[17:33] <VousDeux> Okay, so I change all of my samba-ldap config options to only use the openldap server, but when I try smbldap-populate it returns several error lines that all say "failed to add entry: modifications require authentication." Does mean that it is failing to read the password from /etc/ldapscripts/ldapscripts.passwd?
[17:34] <wizardslovak> how do i move to some line in nano editor?
[17:57] <Kaelten> Hi, I have an init script that's trying to run a script on a mount and it doesn't work during startup, is it possible the mount doesn't exist at that point?
[18:02] <smoser> it is definitely possible
[18:02] <Kaelten> hrm, I just added some echo statements and that doesn't seem to be it :/
[18:02] <Bilge> Where are ufw rules stored?
[18:05] <jpds> Bilge: iptables -L
[18:05] <jpds> Bilge: Or /etc/ufw/*.rules
[18:05] <Kaelten> I just have this init script http://paste.wowace.com/wa9b6pqiretn70sx/
[18:05] <Kaelten> works fine when I run it manually
[18:06] <Kaelten> and it's getting called during boot
[18:06] <Kaelten> but it doesn't seem to work :/
[18:11] <VousDeux> It seems like all of this documentation is purposfully designed to fail so that us newbies are left scratching our head and searching for days on end trying to find solutions for errors.
[18:13] <VousDeux> It just seems like no matter how carefully I try to follow the steps I end up spending days and days trying to figure out why it didn't work.
[18:15] <mushroomblue> VousDeux: if you'd like, I could /msg you some urls that were helpful.
[18:15] <VousDeux> I would appreciate that very much...thank you.
[18:16] <VousDeux> I don't mind reading, it's just that I seem to have a very difficult time trying to to figure out what I should be reading. :)
[18:19] <arooni> we're trying to track down performance issues on our server.  we cant scale beyond 20-30 requests/per/second.  we're running a scaling test now.  our stack is apache/mod_rails/rails/mysql.  on ubuntu 8.10 64bit server.  any suggestions on WHERE to look and track down our errors?
[18:21] <mushroomblue> VousDeux: don't worry. the official documentation is focused on teaching you LDAP while setting up a server, and it makes it a chore to read/understand.
[18:21] <mushroomblue> not to mention, the SSL section is completely broken.
[18:24] <VousDeux> Ahhh...that explains it...I sure wish I could find the beginning of the documetation I should read to learn all of this stuff. It just seems like I'm forever searching for a document to learn how to do something, but every document I find assumes I should already know something else, so I end up in an endless circle of trying to find a document to explain the other document.
[18:30] <mushroomblue> VousDeux: yeah. I experienced that hell back in June.
[18:32] <HexGhost> hello
[18:33] <HexGhost> im migrating my company's current mail server from freebsd to ubuntu and im wondering what suggestions anyone has for backing up a mail server
[18:33] <HexGhost> right now i make a weekly tarball but that isn't very optimal
[18:34] <oroz> can someone help me turn off "Emulate3Buttons"?
[18:46] <Bilge> jpds: the /etc/ufw/*.rules seem to have nothing to do with the rules that I've set up
[18:53] <VousDeux> Should I be concerned that after running 'dpkg-reconfigure slapd' there is no /etc/ldap/slapd.conf?
[18:53] <ahasenack> VousDeux: ubuntu uses /etc/ldap/slapd.d by default since jaunty or so
[18:54] <VousDeux> ahhh...thanks
[18:54] <VousDeux> vi /etc/ldap/slapd.d
[18:54] <VousDeux> oops
[18:54] <ahasenack> VousDeux: it's a bit more complicated than that
[18:56] <VousDeux> Oh for pete's sake.
[18:57] <iarp> lol
[18:58] <VousDeux> So, basically, there are no accurate, up-to-date instructions for how to install and configure ldap/samba???
[18:58] <ahasenack> the server guide talks about slapd.d usage
[18:58] <ahasenack> don't know about samba, but since smbldap-tools uses just ldap commands, the config backend doesn't matter
[19:03] <hydrozen> Hi. I just installed Ubuntu 8.04 LTS on amazon using the latest AMI. I can login as root using the key I generated, but I can't seem to login using any other accounts that I created. It says "Permission denied (publickey)." Any ideas what I need to change? Is it in the SSH configuration?
[19:06] <ilowe> hydrozen: That's either because you don't have the right key installed on your client, or because the user on the server is not configured to allow logins with that key
[19:06] <ilowe> hydrozen: you would need to add the key to authorized_keys for each account that should support logins
[19:06] <hydrozen> ilowe: what would I need to check on the server?
[19:06] <hydrozen> ilowe: yes I did that. and i checked the permissions they seem fine too.
[19:07] <ilowe> hydrozen: so those users have a .ssh/authorized_keys? chmod'd to 600?
[19:07] <ilowe> hydrozen: double check for differences between those users and root (if root is working for you)
[19:07] <ilowe> hydrozen: and you are logging in as the same user on the client-side, right?
[19:08] <hydrozen> -rw------- 1 patrick patrick  668 2009-10-13 17:56 authorized_keys
[19:08] <hydrozen> ilowe: yes, same username on my mac and on the server
[19:10] <ilowe> hydrozen: OK, and the authorized_keys file is the same as for root?
[19:11] <hydrozen> ilowe: naw. For root im using a key that i generated using the amazon tools. For my personal account I generated a key myself using ssh-keygen.
[19:11] <ilowe> hydrozen: OK, fair enough
[19:11] <ilowe> hydrozen: hmmm, and this is all out of the box?
[19:12] <hydrozen> wait i think i know where i fucked up
[19:13] <hydrozen> err nope still doesnt work
[19:16] <hydrozen> ilowe: yeah pretty much out of the box... i dont get it
[19:17] <ilowe> hydrozen: crap, you're two releases behind me so I don't know if it's 8.04-specific; it sounds like you have all your ducks in a row
[19:17] <hydrozen> ilowe: hehe... I'll figure it out I guess... I'm sure it has to do with the SSH configuration
[19:17] <hydrozen> its prolly too secure for my needs
[19:18] <ilowe> hydrozen: I know I had to fiddle the order of passwords and so on at some point
[19:18] <ilowe> hydrozen: I mean in the global conf; but I haven't had to do it in a while (and I set up about 3-10 boxen a month)
[19:19] <hydrozen> the AMI might have some particular settings to make it more secure on amazon
[19:21] <VousDeux> Great...all the install/uninstall stuff with this slapd/samba and now my server won't shutdown again...just keeps coming back to this recovery menu.
[19:24] <VousDeux> Last time this happened I had to reinstall the server all over again...I'm getting sick of starting over before I can even really begin.
[19:47] <ruben23> hi any optimization on ubuntu networks
[19:47] <ruben23> or the sever itself
[19:51] <arooni> our load right now is 8.72  ... how do we find out WHY this is ?  i.e what specifically is causing a high load... should load always be below 1?
[19:55] <Jagged> arooni: top
[19:56] <Jagged> arooni: you can use < and > to change your sort until you get %cpu or cpu time
[19:56] <arooni> is load only based on cpu utializiation?
[19:58] <Jagged> http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages
[20:04] <jdstrand> ahasenack: re ufw delete> put delete 'before' the rule, not instead of 'allow'. eg: to delete 'ufw allow OpenSSH', use 'ufw delete allow OpenSSH'
[20:04] <ahasenack> jdstrand: got it, thanks
[20:05] <jdstrand> Bilge: re where ufw stores rules> rules added with the 'ufw' cli command are stored in either /var/lib/ufw/*rules or /lib/ufw/*.rules (depending on the version you are using). /etc/ufw/*.rules are for customization. see 'man ufw'
[20:07] <ahasenack> jdstrand: is there an ufw command to clear all rules so one can start fresh?
[20:08] <jdstrand> ahasenack: not at present. there is a wishlist bug on it and it will probably be in the next release of ufw. what version of Ubuntu are you using ufw on?
[20:08] <ahasenack> jdstrand: ok, thanks
[20:09] <jdstrand> ahasenack: what version  of Ubuntu are you using ufw on?
[20:09] <ahasenack> jdstrand: oh, all of them :P
[20:10] <ahasenack> jdstrand: hardy, intrepid, jaunty, karmic and even dapper if it's available there, didn't check yet
[20:10] <jdstrand> ahasenack: ok, the easiest thing to do to reset ufw is to do 'sudo ufw disable ; sudo cp /usr/share/ufw/user*.rules /valib/lib/ufw'
[20:10] <jdstrand> ahasenack: err, /var/lib/ufw
[20:10] <ahasenack> ok
[20:11] <jdstrand> ahasenack: if /var/lib/ufw doesn't exist, then put them in /lib/ufw
[20:11] <mushroomblue> arooni: load is based on cpu percentage required to do tasks, IIRC.
[20:11] <mushroomblue> arooni: and each number is a duration of time.
[20:11] <jdstrand> ahasenack: ufw 0.29-1 is the first release to put rules in /lib/ufw (that should be Ubuntu 9.10 only)
[20:12] <ahasenack> so karmic
[20:12] <mushroomblue> if your system load is at 8.xx, that means it's doing a ridiculous high load.
[20:12] <Jagged> mushroomblue: it also depends on the number of cores
[20:12] <mushroomblue> I suppose.
[20:12] <Jagged> a dual-quad core server should be able to handle a load of 8
[20:13] <mushroomblue> right. 1.00 == 100% of one CPU
[20:13] <mushroomblue> thanks.
[20:14] <mushroomblue> arooni: running something big that's constantly spanking your CPU?
[20:22] <Bilge> jdstrand: thanks! I am including them in my backup script now
[21:37] <VousDeux> It doesn't seem to matter how many different ways I try, the smbldap-populate fails.
[21:38] <VousDeux> It tells me 'modifications require authentication' and it looks like it is trying to authenticate as root. I tried using smbldap-populate -a admin, but I get the same errors.
[21:40] <VousDeux> On google I found where some others were seeing this, but the solution seems to be to modify the smb.conf, but this file doesn't exist and I dont know where it's supposed to be or what's supposed to be in it.
[21:41] <VousDeux> About the only thing I can think of that I have not tried is installing slapd and leaving the admin password blank.
[21:43] <VousDeux> I don't even know where smbldap-populate is getting the password from that it is trying to use, and I see no way to specify a password to be used for the modifications.
[22:01] <VousDeux> What am I missing...it's no fun to sit here for 12 hours and try to find an answer to why something in a tutorial didn't work...where should I be looking?
[22:03] <genii> VousDeux: Have you consulted the main server guide?
[22:03] <VousDeux> Yes, that's the tutorial that's not working.
[22:03] <mushroomblue> hah. main server guide.
[22:04] <bogeyd6> vous your directory/file permissions are not correct for this database
[22:04] <bogeyd6> VousDeux make sure that the database
[22:04] <bogeyd6> directory and all files it contains are writable by
[22:04] <bogeyd6> slapd
[22:04] <VousDeux> I don't know where the database directory is.
[22:07] <bogeyd6> VousDeux /var/lib/ldap
[22:07] <VousDeux> Can you tell me how you found that?
[22:09] <bogeyd6> ill do you one better
[22:09] <bogeyd6> VousDeux https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html
[22:09] <bogeyd6> if you are using 9.04 for a server, shame on you :(
[22:09] <VousDeux> Oh, really????
[22:09] <VousDeux> Do tell, please.
[22:10] <VousDeux> What should I be using?
[22:11] <bogeyd6> Ubuntu 8.04.3 LTS
[22:11] <bogeyd6> VousDeux and i meant, https://help.ubuntu.com/8.04/serverguide/C/openldap-server.html
[22:11] <bogeyd6> copy and paste was broked
[22:12] <VousDeux> Okay, I thought I downloaded the current, stable release.
[22:13] <bogeyd6> 9.04 is current and stable
[22:13] <bogeyd6> but by the time you are settling in, support will end for it
[22:13] <VousDeux> What is LTS?
[22:13] <bogeyd6> VousDeux https://wiki.ubuntu.com/LTS specifically With the Long Term Support (LTS) version you get 3 years support on the desktop, and 5 years on the server.
[22:14] <bogeyd6> so they will release updates for 8.04 for 5 years
[22:15] <VousDeux> Okay...much for me to learn...I would have thought the newest version would have the best support.
[22:16] <bogeyd6> easy to misunderstand
[22:19] <bitprophet> remind me again, how long are the non LTS releases supported for? A year? Or only the ~6 months till the next release?
[22:19] <bitprophet> just an academic question, of course, I've been using 8.04 since it came out =)
[22:20] <mushroomblue> bah. 9.04 is fine if most of your enterprise is virtualized.
[22:21] <bitprophet> what's virtualization got to do with it?
[22:21] <mushroomblue> makes upgrading trivial.
[22:21] <bitprophet> not everyone has the time to constantly upgrade, nor to deal with breakage from setting up an OS that you haven't verified works for your apps or situation
[22:22] <mushroomblue> oh.
[22:22] <mushroomblue> I bill by the hour.
[22:22] <mushroomblue> :)
[22:22] <bitprophet> Ha
[22:23] <bitprophet> How does virtualizing make upgrading trivial, just the abiltiy to snapshot/clone/rollback? or is there some other angle I'm missing
[22:24] <mushroomblue> cloning and rolling back is enough.
[22:24] <mushroomblue> but I can clone the entire network.
[22:24] <mushroomblue> make changes, test, etc.
[22:25] <mushroomblue> it's made testing new updates trivial.
[22:26] <slibuntu> hello all, inexperienced admin here, wondering what is a good policy for permissions on users home folders?
[22:34] <maaku> eucalyptus devs: my node install fails to detect the cluster on the local network, giving an error code that seems to indicate it was pulling the preseed file from a self-assigned ip address.  would like to file a bug report, but not sure which information is relevant
[22:34] <maaku> forgot the mention: 9.10 beta UEC install
[22:35] <maaku> and both node and cluster/cloud controller are manually assigned static IPs, no DHCP server exists on the network
[22:37] <bogeyd6> bitprophet 18 months
[22:38] <bogeyd6> !permissions
[22:39] <bogeyd6> !home
[22:56] <blistov> Anyone know of a way to force a directory to force its subdirectories to inherit its permissions?  IE: like setgid/setuid, but for say... 775?
[22:58] <bitprophet> blistov: afaik only ACLs can do that
[22:58] <bitprophet> but I'm not an expert in that particular area
[22:59] <blistov> bitprophet: I expect you are correct, but I've been told there may be a way.
[22:59] <bitprophet> I know ACLS _can_ do it, for sure. just don't know if there's a non ACL method like sticky bit or whatever
[22:59] <blistov> sticky bit is what I'm investigating now.
[22:59] <bitprophet> I think that's largely for executing, though. can't recall.
[23:00] <bitprophet> also, umask, but only if you can control all your users and trust them not to override their own umasks
[23:00] <blistov> Right. But I can't trust them. And incidentally  "the Linux kernel ignores the sticky bit on files." according to chmod man
[23:02] <bitprophet> interesting.
[23:54] <captainkirk> hi folks.  I need advice on how to track down a memory leaking program on my 9.04 32bit system