/srv/irclogs.ubuntu.com/2009/11/20/#ubuntu-server.txt

qman__	ah, got it all working	00:12
qman__	turns out the main problem I was having was a typo in my root qdisc	00:12
qman__	had handle 1: instead of handle 1:0	00:12
qman__	mucked everything up	00:12
=== erichammond1 is now known as erichammond
glauber	hi guys. I have 2 servers and a shared sas storage. I'd like to create a cluster between both servers to have some VMs and put its disk in the sas storage using a clustered FS. Should I use ubuntu+Xen+ ... ? Does UEC apply to my case? (I'm new to cluster stuff, sorry if I'm doing conceptual mistakes).	00:17
smcquay	Does UEC work?	00:44
smcquay	I've had horrible luck trying to install a private cloud. Currently stuck on step 4 of 7 on the UEC CDInstall instructions. It fails trying to discover nodes with some pythonic error that yields very little on google. Does anyone know what to do for this error: Failed to resolve service 'x07' of type '_eucalyptus._tcp' in domain 'local': Timeout reached ??	00:46
glauber	smcquay, I guess UEC is not for my case. just 2 xen dom0 in a cluster would solve my case, I guess	00:48
smcquay	glauber: that sounds reasonable	00:49
glauber	smcquay I was trying debian, but I could not get ocfs to work..	01:12
oh_noes	I put dir,syncdir in my / mount options in /etc/fstab ... is this enough to turn off Write Caching on the root partition?	01:15
oh_noes	I still get "Assuming Drive Write Cache" when 8.04.3 boots.	01:16
=== freeflyi1g is now known as freeflying
maxagaz	hi	01:53
maxagaz	how to change the home folder path ?	01:53
maxagaz	for a given user	01:53
oh_noes	vi /etc/passwd	01:56
maxagaz	ok, it has to be done manually	01:57
maxagaz	some people think ftp should die, but what can replace it ?	01:58
owh	ssh	02:07
twb	maxagaz: SFTP (for rw) and HTTP (for ro)	02:35
maxagaz	owh, ssh looks too dangerous	02:54
owh	maxagaz: Too dangerous for what?	02:55
maxagaz	owh, to dangerous to give someone rw access to one directory only	02:55
maxagaz	owh, but i probably don't understand it enough	02:56
maxagaz	owh, is possible to restrain the access to one directory ?	02:56
maxagaz	and its subdirs	02:56
twb	maxagaz: ssh receives far more security scrutiny than a typical FTP daemon	02:57
owh	maxagaz: That statement makes no sense. ssh is a mechanism to transport information across the Internet in an encrypted fashion. SFTP uses ssh to transport FTP commands across the net. You don't need to give shell access to a user.	02:57
twb	maxagaz: locking it down is very well understood, because openssh is widely used	02:57
twb	And as owh says, you can hand out SFTP access without giving full shell access.	02:57
maxagaz	twb, interesting, i didn't know that...	02:58
xperia2	hello to all. i am having trouble installing the newest postfixadmin from sourceforge.	03:04
xperia2	get downloaded it with	03:04
xperia2	sudo wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin_2.3_all.deb?use_mirror=garr	03:04
xperia2	and wanted to install it with	03:04
xperia2	dpkg -i postfixadmin_2.3_all.deb	03:04
xperia2	bit it stop with the error message	03:04
xperia2	dpkg: Error ....	03:04
xperia2	anybody know how to install the newest postfixadmin ?	03:05
owh	xperia2: Is this package specific to your version of Ubuntu?	03:05
xperia2	it is not a specific version for ubuntu. i am following this wiki help article here	03:07
xperia2	https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto#Enhanced%20Mail%20Services	03:07
xperia2	that advice me to do this	03:07
xperia2	normally it should work as written in the wiki page	03:07
xperia2	too pitiy that this package is not in the ubuntu repositorys. it would be great to have this in the reps for upgrading later the system full	03:11
owh	Have you lodged a packaging request for it?	03:11
twb	xperia2: installing third-party packages is very strongly discouraged.	03:12
xperia2	never heared about this how to do it ! do you have a link or similar ?	03:13
twb	Because they are not subject to the same quality control as official Ubuntu packages.	03:13
xperia2	twb: i understand but from my side of view this package should be in the repositority as it is very helpfull	03:14
xperia2	the only possibility at the moment to use it is installing it as external package	03:15
twb	xperia2: the alternative would be to learn how to manage postfix directly.	03:15
twb	But as owh says, you can also file a Request for Package bug.	03:16
qman__	xperia2, that tutorial refers to a version that is considerably out of date	03:17
owh	xperia2: You could download the source and compile it from source, but since you didn't tell us what the actual error is, there is little we can do from here. As twb says, it's strongly discouraged to install external software - to the point where we probably won't give you actual support.	03:17
qman__	did you check universe/multiverse to see if it's been packaged?	03:17
twb	http://hpaste.org/fastcgi/hpaste.fcgi/view?id=12449#a12449	03:18
twb	Not nearly as bad as webmin's third-party .deb, but it's still clear that they don't really know what they're doing.	03:18
=== MarwolTuk_ is now known as MarwolTuk
twb	qman__: I did; it hasn't. It's a PHP/MySQL web app for managing postfix/main.cf, so it's hardly surprising that nobody wants to package it.	03:19
qman__	ah	03:19
xperia2	well postfix looks really very helpfull especially when it comes to mysql backed postfix solution.	03:30
xperia2	http://postfixadmin.sourceforge.net/	03:30
xperia2	have installed now the older version as i need it.	03:30
xperia2	will look to create a package request for this application if nobody till yet has created	03:30
xperia2	first however i need to update the wiki page as the version is heavy outdated	03:31
twb	I have hosts with heterogeneous disk sizes.	03:38
twb	I wish to lvextend /dev/mapper/foo-bar on all these hosts, to use up all remaining PFree	03:39
twb	Can I specify --size in terms of pfree?	03:39
twb	Ah, --extents 100%FREE	03:41
maxagaz	twb, how to make restriction with ssh so that a user can only browse its folder ?	03:47
twb	maxagaz: talk to #openssh	03:48
maxagaz	twb, ok	03:48
twb	maxagaz: it should mostly be covered by the sshd_config manpage	03:48
xperia2	okay gug is now allso filled up at launchpad !	04:07
xperia2	https://bugs.launchpad.net/ubuntu/+bug/485645	04:07
uvirtbot	Launchpad bug 485645 in ubuntu "[needs-packaging] postfixadmin" [Undecided,New]	04:07
xperia2	:-)	04:10
spirits-sight	OK, I have two user account I would like them to control the directory that are connect to their domain, how would I do this?	05:04
qman__	I can't get my traffic shaping to work right--upload throttling is working, but download throttling isn't. Here's my script: http://pastebin.com/m42db8842	05:50
qman__	output of tc show commands indicate no packets are being sent to the 1:10 class	05:51
maxagaz	how to allow a user to browse only his folder ?	06:19
twb	maxagaz: in what?	06:26
maxagaz	twb, in his home folder	06:28
twb	maxagaz: I mean, in what service?	06:28
maxagaz	twb, i'm still on my ssh problem, but it seems it's not a ssh problem	06:28
twb	maxagaz: in SFTP, then? Or full ssh?	06:29
twb	maxagaz: did you ask the #openssh people about it?	06:29
maxagaz	twb, i just want to allow this user to scp or ssh to his folder but I don't want him to see anything else	06:29
twb	So you do want to allow full SSH, not just SFTP	06:30
maxagaz	twb, i don't really understand sftp	06:38
maxagaz	twb, do i have to install something else than openssh-server to do sftp ?	06:38
twb	openssh-server includes sftp	06:39
maxagaz	twb, actually i need someone to send some files on my server regularly, that's all	06:40
maxagaz	so, sftp looks the good solution if it allows this only	06:40
twb	maxagaz: do you need normal ssh to work, too?	06:40
maxagaz	no	06:41
twb	That is, does any user (including yourself) need to ssh into the box?	06:41
maxagaz	not those users	06:41
maxagaz	i need to ssh into the box	06:41
twb	OK	06:41
maxagaz	but some users (all belonging to the same group) can only send files to the server	06:42
qman__	I tackled that situation by creating a jail for those users with jailkit	06:42
twb	You need to write a Match block in your sshd_config, which has ForceCommand internal-sftp and ChrootDirectory /srv/pub or /home/fred or similar	06:42
maxagaz	I put them in: /opt/my_special_users/	06:43
twb	qman__: openssh-server handles the jailing internally -- and best of all, requires no libraries or anything inside the chroot	06:43
maxagaz	i mean their home folder	06:43
qman__	nice	06:43
twb	qman__: apparently this is a relatively recent development in openssh-server	06:43
qman__	yeah, it certainly didn't exist when I was addressing it	06:43
qman__	hence the somewhat complex jailkit setup	06:44
qman__	ah	06:46
qman__	it was added circa april 2008	06:46
qman__	last time I did it was in 2007	06:46
maxagaz	twb, i'm in the sshd_config file, can you please teach me how to do this for the group ? i'm not sure to understand...	06:46
twb	maxagaz: you want (at the bottom of the file) something like (untested): Match User fred \n ForceCommand internal-sftp \n ChrootDirectory /srv/pub	06:46
twb	qman__: if your sshd_config mentions internal-sftp, you should have it.	06:47
maxagaz	twb, what if I want to do it with two users ? Just add another block ? Nothing tells ssh when the block ends ?	06:55
twb	As sshd_config says, the match block ends at the end of the file, or at the start of a new Match block	06:55
twb	It looks like you can say "Match User alice, bob" or something, but I haven't checked.	06:56
twb	Obviously you will test this before placing it in production...	06:57
kaushal	hi	06:58
kaushal	i get Nov 19 22:55:22 host0104 kernel: [19938.001554] program smartctl is using a deprecated SCSI ioctl, please convert it to SG_IO	06:58
kaushal	Nov 19 22:55:22 host0104 kernel: [19938.002814] 3w-9xxx: scsi0: ERROR: (0x03:0x0101): Invalid command opcode:opcode=0x80.	06:58
kaushal	on ubuntu hardy server	06:58
kaushal	Any clue ?	06:59
twb	kaushal: safe to ignore, I think	06:59
qman__	kaushal, if you're not experiencing any problems, the errors are safe to ignore	07:00
qman__	make sure that smartctl is doing what you want	07:00
kaushal	ok	07:00
kaushal	but the system is unstable	07:01
kaushal	qman__: how do i use smartctl to fix the above issue ?	07:01
qman__	the first error is regarding smartctl; if smartctl is working properly, it can be safely ignored	07:02
qman__	the second is likely an error with the configuration or drivers of your 3-ware RAID controller, or the hardware is failing	07:02
qman__	the thing about the second error is, if everything works, it can be ignored	07:03
qman__	but if there's a problem, it might point you in the right direction	07:03
twb	Oh sorry, I only looked at the first message	07:03
kaushal	smartctl -a -d ata /dev/sda	07:04
kaushal	Smartctl: Device Read Identity Failed (not an ATA/ATAPI device)	07:04
qman__	that one's pretty self explanatory, /dev/sda is not an ata device, you need a different -d option	07:05
qman__	usually omitting the -d option will let it autodetect the correct one	07:06
qman__	but it doesn't always work, check the manual for the other options	07:06
twb	-d ata is for SATA drives	07:07
twb	But since you're using 3-ware, you probably need something vendor-specific like -d 3ware	07:07
kaushal	03:03.0 RAID bus controller: 3ware Inc 9xxx-series SATA-RAID	07:11
twb	kaushal: the error means smartd CAN'T talk SATA to the drives in your hardware raid	07:12
kaushal	bit confused here	07:19
maxagaz	twb, thanks a lot	07:20
kaushal	what needs to be done exactly to sort out this issue ?	07:20
twb	kaushal: read the smartd manpage?	07:21
kaushal	yeah	07:21
twb	Find out which -d you need	07:22
twb	18:07 <twb> But since you're using 3-ware, you probably need something vendor-specific like -d 3ware	07:22
kaushal	Device: AMCC 9500S-4LP DISK Version: 2.08	07:22
kaushal	please try adding '-d 3ware,N'	07:22
kaushal	you may also need to change device to /dev/twaN or /dev/tweN	07:22
kaushal	when i run smartctl -a -d scsi /dev/sda	07:22
twb	kaushal: and did you try that?	07:23
kaushal	smartctl -a -d 3ware,0 /dev/sda	07:23
kaushal	WARNING - NO DEVICE FOUND ON 3WARE CONTROLLER (disk 0)	07:24
twb	I'm not familiar with 3ware, so the only other thing I can suggest is you contact your hardware vendor and ask them.	07:24
kaushal	twb: so i have to use smartctl to fix the issue? am i understanding you correctly ?	07:26
qman__	kaushal, you haven't said what the issue is	07:26
kaushal	the issue is the machine gets freezed and becomes unstable	07:27
twb	kaushal: well, nothing you do in smartctl will fix that	07:27
qman__	yeah	07:27
twb	smartctl/smartd just reports hardware errors in your disks	07:27
kaushal	understood	07:28
kaushal	Thanks	07:28
qman__	since you have another error regarding your 3ware controller, that's one thing that could be causing the problem	07:28
kaushal	so i have to run the smartctl to look for hardware errors on my disk	07:29
qman__	check for driver conflicts, misconfiguration, or hardware failure	07:29
magatz	Hi all i've got a question/problem using ecryptfs with dovect maildir on my home (encrypted filesuystem)	07:31
twb	I hate hardware raid for that reason	07:31
magatz	specifically, everything works correctly when i am logged via ssh into the server	07:31
magatz	but i log-off maildrop doesn't uses may ~/Maildir but the /var/mail maildir	07:32
magatz	i think the problem comes from the home encrypted filesystem that is not mounted when i logoff from the server	07:33
qman__	that's correct	07:33
magatz	any hint?	07:33
qman__	it can't access ~/Maildir when it's encrypted and not mounted	07:33
qman__	however, I don't know what you need to do to work around that	07:34
qman__	probably set it up to store your mail in a temporary folder while logged off, then move it when you log on	07:34
magatz	ok, but how can i keep it mounted when i'm logging off	07:34
qman__	or something like that	07:34
magatz	already works this way, but it's a pain in a multi-user environment....	07:35
magatz	I'd like to keep the home filesystem always mounted	07:36
qman__	that's outside my knowledge and a quick google isn't helping, sorry	07:37
magatz	thanks anyway :)	07:37
maxagaz	twb, where is the doc you were referring about for the Match block ?	07:43
twb	maxagaz: man sshd_config	07:45
maxagaz	twb, thanks	07:46
kaushal	qman__: shall i pastebin the observation ?	07:51
dayo	how do i lock the account of a user on an nfs server? i'm using openldap to authenticate them.	07:53
kaushal	twb: shall i pastebin the observation ?	07:53
maxagaz	twb, it seems i can't do it on hardy => http://www.debian-administration.org/articles/590	07:57
maxagaz	twb, how should i update openssh-server on a production machine ?	07:58
twb	maxagaz: unless it's in hardy-backports, you shoudln't	08:03
maxagaz	Unbuntu-Package search looks to be down...	08:04
maxagaz	twb, unfortunately, it's not... 1:4.7p1-8ubuntu1	08:09
twb	Since 4.7 doesn't have this feature, you'll have to make a chroot environment and run a second ssh daemon in there -- super sucky	08:11
twb	So it might be reasonable to add intrepid entries to your sources.list and write some pins into apt.conf, though that's a bit of a hassle	08:12
a_ok	Ubuntu 8.04 hans after saying Activating Swap [OK], No messages in log and not telling what it is doing. Any idea whats going on here?	08:49
twb	I'd say it's hanging immediately after activating swap.	08:51
a_ok	twb: it seems that activating swap is the last action of S35mountall.sh i doubt it hangs there	08:58
twb	a_ok: so what is the next script after that?	09:00
maxagaz	how to sort by size with ls ?	09:04
\sh	maxagaz, man ls ; ls -S	09:06
a_ok	S36mountall-bootclean.sh	09:13
a_ok	twb: I think this might be the problem script	09:13
twb	a_ok: so put set -x at the top of it and try again	09:15
twb	a_ok: be sure to boot without usplash, if you have that installed	09:15
a_ok	twb: well its a production server so not reboting it anytime soon what does set -x do btw?	09:19
twb	It turns on tracing	09:20
a_ok	twb: are there servers using usplash?	09:21
twb	a_ok: stupid ones, yes	09:21
twb	There are lots of stupid people in this channel, so I have to check	09:21
twb	Even my boss makes me put gnome on servers, "because customers are used to Microsoft TS and SBS, which has a local display"	09:22
a_ok	twb: wtf you should fire your boss	09:30
a_ok	unless your run it for thinclient stuff	09:31
twb	Why would it matter if the server serves thinclients?	09:31
a_ok	does it not need to run X with gnome libs etc?	09:32
twb	Oh, right. It needs it installed, but not running on the server.	09:32
Gorlist	Morning, quick question	09:32
Gorlist	I restarted fail2ban	09:33
Gorlist	but it failed because the .sock was still present	09:33
Gorlist	so I removed the /var/run/fail2ban directory and now getting "	09:33
Gorlist	start-stop-daemon: Unable to set gid to 0 (Operation not permitted)" when I try to restart	09:33
twb	Gorlist: you're not running it as root	09:34
Gorlist	just launch under sudo?	09:34
Gorlist	right its running, thanks	09:34
twb	http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/	09:34
twb	-m recent is more elegant than that userspace fail2ban crap	09:35
Gorlist	right, will read through it	09:35
Gorlist	thanks	09:35
twb	Better, of course, is to remove password-based authentication from ssh	09:35
twb	That article isn't really up with best practices, but it's the least worst I could find on short notice. Check up with #netfilter if you decide to go with iptables	09:36
Gorlist	its not ssh	09:36
Gorlist	im having problems with ftp and mail	09:36
twb	It should work for other services, too	09:37
Gorlist	will take a look, use to use denyhosts but decided to try fail2ban this time around	09:38
twb	Of course, FTP is a stupid protocol and requires an extra bit of magic -- but SFTP (rw) or HTTP (ro) is a better idea anyway	09:38
Jeeves_	Who should I bother about the -virtual kernel config?	09:46
twb	Is there an #ubuntu-kernel?	09:55
twb	Jeeves_: plan B is launchpad	09:56
Jeeves_	twb: I'm trying #ubuntu-virt now, but they all seem to be asleep :)	09:57
magatz	hi, any suggestion on how turn-off encrypted home directory, on 9.10?	10:16
magatz	this feature is giving me a lot of problem with nfs and dovecot	10:17
* twb boggles		10:20
twb	It's on by default?	10:20
magatz	i've installed it on 9.04 and after upgrade to 9.10 stilll there	10:20
magatz	yes in on by default	10:20
twb	Good grief	10:20
twb	I'm glad I stick to LTS	10:21
twb	(And Debian, for my own stuff ;-)	10:21
Jeeves_	It's not on by default, afaik?	10:21
maswan	I got asked a question about it, I don't remember which was the default choice though..	10:22
twb	maswan: ah, so it probably isn't the default	10:22
teddymills	9.10 server with sshd..is like 5 to 7 seconds from grub to login	10:46
magatz	found! here the link: http://ubuntu-ky.ubuntuforums.org/showthread.php?t=1134121	10:55
\sh	maswan, the default is "no"...	11:02
\sh	maswan, btw...didn't you had some strange syslog entries like diskio.c: don't know how to handle 9 request somehow?	11:02
\sh	(HP + SmartArrray)	11:02
maswan	https://bugs.launchpad.net/ubuntu/+source/linux/+bug/413070	11:03
uvirtbot	Launchpad bug 413070 in linux "karmic cciss: error messages on working device" [Undecided,New]	11:03
\sh	hmmm...since jaunty I have now the message I pasted above...I wonder what that is	11:05
\sh	and karmic does it still	11:05
maswan	Ah, seems to be a different one then. I haven't seen that.	11:06
incorrect	i am building some http cache servers using varnish, I am debating about not creating any swap	11:07
incorrect	there used to be a performance hit if you built a system with no cache	11:08
incorrect	err swap	11:08
a_ok	incorrect: well I ran my linux box for years without swap and no performance issues at all, do note that when you run out of memory linux locks up instandly (way faster that is) compared to when you have a swap file	11:40
incorrect	there used to be issues with not having swap	11:41
incorrect	a box locking up is ok	11:41
a_ok	no its not lol	11:41
a_ok	incorrect: was it ubuntu speciffic?	11:41
incorrect	maybe kernel 2.2 days	11:42
a_ok	ow thats way back. linux memorymanagement is quite different now	11:43
incorrect	i just wanted to ask	11:47
dvrcoder	hi, question: after update my console is not 80x25 anymore. how do i get this back?	11:52
a_ok	dvrcoder: frame buffer?	11:56
dvrcoder	a_ok: i set vga=normal in menu.lst	11:56
dvrcoder	(and i'm still using the old grub)	11:56
dvrcoder	ah, i obviously did it wrong :D	11:58
epinky	dvrcoder: check the table here http://crunchbang.org/archives/2007/10/10/changing-bootup-and-console-screen-resolutions/	11:58
dvrcoder	epinky: thx	11:59
a_ok	dvrcoder: nothing to do with grup furtunately kernel params	11:59
qman__	no VGA line should make it 80x25, 640x480 makes it 80x30	11:59
qman__	I prefer 80x30, more lines, just as readable	12:00
a_ok	I prefere higher resolutions logfiles tend to have longer lines	12:01
qman__	well, I do too, but for my one box I actually have the console up with, I prefer the low res so I can read it without my glasses	12:01
a_ok	qman__: yeah it does depend on what monitor you have lol	12:02
qman__	all the other ones I just ssh from this desktop	12:02
dvrcoder	well right now it's at about 60 lines. i don't know, i just like good old 80x25 on the console (since i have the same over ssh)	12:02
qman__	dvrcoder, well, you can set the vga mode in the kopt= line, then run 'sudo update-grub' to apply it	12:02
qman__	that's for grub 1, no idea about grub 2	12:03
qman__	I also generally remove the 'quiet splash' from it too	12:03
qman__	that way when something goes wrong you can actually see what it is	12:03
qman__	but that's just personal preference	12:03
qman__	a_ok, it's a 17" CRT, plenty big enough, I just have very poor vision without my glasses ;)	12:05
a_ok	qman__: didn't know you had to do an update-grub when you adjust menu.lst	12:10
epinky	dvrcoder: try with "vga=ask" ?	12:10
twb	vga=normal is 80x25	12:11
twb	For grub2, you want to edit /etc/default/grub, particularly on x86-like systems to disable as fb there as it tells you to	12:12
qman__	a_ok, you don't if you just modify the actual boot lines, but in ubuntu, the proper way is to modify the kopt= line in the top section, then run update-grub	12:12
qman__	that also makes it stick for kernel updates and such	12:12
a_ok	hmm good to know, I'm more of a manual man myself that is probalby why I still have gentoo at home. Since ubuntu failed me once with an upgrade I never trusted it	12:16
twb	Personally, I prefer video=vesafb:1600x1200-32	12:18
twb	(Or uvesafb for widescreens, but that's a huge pain in the arse.)	12:18
dvrcoder	re	12:21
dvrcoder	btw, can i just unselect the pae kernel in aptitude if i don't need it?	12:22
twb	I don't see why not	12:23
Adrian1	Hello. Can you please help me install ebox ?	12:23
epinky	Adrian1: ebox server?	12:25
Adrian1	Ebox..... https://help.ubuntu.com/9.04/serverguide/C/ebox.html	12:25
Adrian1	That how to doesn't work.	12:26
uvirtbot	New bug: #485766 in lm-sensors (main) "lack of support for Fintek F71889F" [Undecided,New] https://launchpad.net/bugs/485766	12:26
epinky	Adrian1: I don't use ebox, but what Ubuntu version are you using?	12:29
Adrian1	8.01	12:30
Adrian1	Or smth like that.	12:30
Adrian1	8.10	12:32
Adrian1	invoke-rc.d: initscript ebox, action "apache" failed.	12:33
epinky	if it's 8.10 then bad news	12:33
epinky	Adrian: https://bugs.launchpad.net/ubuntu/+source/ebox/+bug/255368	12:34
uvirtbot	Launchpad bug 255368 in ebox "ebox: Depends: libapache-authcookie-perl but it is not installable " [Undecided,Fix released]	12:34
Adrian1	Well... I installed it, let's see if it works.	12:35
Adrian1	Aaaa noap.	12:35
twb	wasn't ebox totally broken in 8.04 and/or 8.10?	12:36
twb	I remember someone saying that in here, though obviously I stay the hell away from web UIs	12:36
epinky	twb: you're right, it tells that here https://help.ubuntu.com/community/eBox	12:37
\sh	twb, /me is always saying that	13:18
=== david is now known as Guest21743
dvr	is there an irc channel with openldap support?	13:31
epinky	dvr: #openldap ?	13:32
dvr	epinky: oh cool, there really is :D	13:33
uvirtbot	New bug: #485807 in qemu-kvm (main) "XP guest installs but gives BSoD on reboot unless in safe mode" [Undecided,New] https://launchpad.net/bugs/485807	14:11
uvirtbot	New bug: #485820 in mysql-dfsg-5.0 (main) "deca" [Undecided,New] https://launchpad.net/bugs/485820	14:31
=== chuck_ is now known as zul
a_ok	what is the goal of /etc/init.d/bootclean	14:45
a_ok	?	14:45
a_ok	I thought that tmp could just be emptied instead of dicected and cleaned	14:46
uvirtbot	New bug: #485873 in logwatch (universe) "logwatch should report apparmor events" [Undecided,New] https://launchpad.net/bugs/485873	15:46
incorrect	is it possible to force a pxe install to always prompt for manual network config	15:56
uvirtbot	New bug: #485799 in postfix (main) "package postfix (not installed) failed to install/upgrade: sub-processo novo script pre-installation retornou estado de sa?da de erro 1" [Undecided,New] https://launchpad.net/bugs/485799	16:11
KurtKraut	Should I rely more on BIOS fan control or should I set up fancontrol daemon on Ubuntu?	16:13
LanceHaig_wrk	Key	17:42
LanceHaig_wrk	I am wondering if there is a patch and config management tool for multiple ubuntu servers?	17:42
kaushal	hi	17:43
LanceHaig_wrk	I have 100 that need to be managed and I can't seem tot find anything by searching the net	17:43
mushroomblue	so, when configuring a server to authenticate to LDAP, I disabled all other methods of authentication. I was able to auth as an LDAP user. after reboot, it's not authenticating, and not accepting system users. is there another way to log into this machine, other than chroot?	17:43
kaushal	anyone closing following my issue on ubuntu-server mailing list ?	17:43
mushroomblue	cos I'm 2000 miles away, and I don't want to lead a monkey through a chroot. especially because I'	17:44
mushroomblue	'm not sure what partition it is, etc.	17:44
kaushal	about 3w-9xxx: scsi0: ERROR	17:45
mushroomblue	nevermind. I forgot single user mode was an option.	17:51
kaushal	checking in again for my query ?	18:08
cyphermox	kaushal, running memtest86 for a couple of hours should tell you whether your memory is good for that server.	18:15
kaushal	cyphermox, so its sure shot a memory issue ?	18:17
kaushal	I mean sympton	18:17
cyphermox	kaushal, it's a common cause of lockups.	18:17
kaushal	ok	18:17
kaushal	can memtest86 run on 64bit architecture	18:17
kaushal	?	18:18
cyphermox	kaushal, you should check whether there are other errors in syslog, and perhaps post them up on in the mailing list thread, for the benefit of everyone in the thread	18:18
cyphermox	i think so, yes	18:18
kaushal	cyphermox, i have done it already	18:18
cyphermox	nothing other than the errors for 3w-9xxx?	18:19
kaushal	yeah	18:20
cyphermox	kaushal, or even including an excerpt of your syslog from say, that error message, up until the time you get a freeze, that could help.	18:21
kaushal	ok	18:22
=== MarwolTuk_ is now known as MarwolTuk
unique	why is my mail server rejecting all the emails telling them "Relaying denied [RCPT_TO]" im using sendmail and courier-imap	18:38
ivoks	kaushal: yes :)	18:40
teddymills	can i add mdadm to an existing single drive ubuntu-8041-server?	18:59
=== hggdh_ is now known as hggdh
=== MarwolTuk_ is now known as MarwolTuk
jerrcs	Hi guys.. I downloaded the ubuntu server iso ages ago, burned it on a cd.. now it's corrupt.. but it still boots.. just some files are missing.. anyway to do a netinstall from that same disc?	20:24
aberhow	ok, so i just installed, and the only package i choose on install was the openbsd ssh server	20:44
aberhow	on boot at the console the server starts	20:44
aberhow	then it restarts	20:44
aberhow	what's the deal?	20:44
KurtKraut	aberhow, the server is restarting by itself?	20:45
aberhow	yup, on boot it is	20:45
aberhow	or it seems that way	20:45
ziesemer	Anything mentioned in the log files?	20:47
aberhow	not other than the server is listening	20:50
aberhow	then a few seconds later after the restart it says the server is listening again	20:50
aberhow	on 22	20:50
ziesemer	Is it not listening on :22 the first time? If not, it sounds like it might be restarting to rebind to a new network interface.	20:50
aberhow	that could be it, the computer is set to dhcp	20:51
aberhow	i would thit it would have its ip by then though	20:52
ziesemer	dhclient should show up in your logs, too. Should be easy enough to check.	20:57
=== MarwolTuk_ is now known as MarwolTuk
=== MarwolTuk__ is now known as MarwolTuk
=== luis__lopez is now known as luis_lopez
ziesemer	OK, I think I have OpenLDAP all setup and working, as well as basic FreeRADIUS. Now the part I don't exactly understand: How are client certificates associated with a user account - or are they even?	21:19
ivoks	ziesemer: i might say lots of nonsense cause i haven't slept for quite a while	21:40
ziesemer	I know the feeling. :-)	21:40
ziesemer	So basically, I'm sure I could get FreeRADIUS to allow authentication using the same user/pass combinations as for local access, etc.	21:40
ziesemer	Client -> user/pass -> FreeRADIUS -> OpenLDAP	21:41
ivoks	ok	21:41
ziesemer	I'd like to use certificates instead. Client -> X509 cert -> FreeRADIUS -> OpenLDAP	21:41
ivoks	never played with that :/	21:41
ziesemer	Under Microsoft AD, for example, the public keys for any issued certs are stored with the user's entry in AD (LDAP). If it doesn't exist there or if the user isn't active, login denied.	21:42
ziesemer	Seems that FreeRADIUS will work the same. If the public key isn't in the CA or is revoked, access denied.	21:42
ziesemer	I was just wondering if it still ties into user authentication when moving from user/pass to certificates.	21:43
ziesemer	All I can seem to find online is a reference to the "named client" in the WPA_HOWTO at http://wiki.freeradius.org/WPA_HOWTO .	21:43
ziesemer	So I guess I'll just have to test, but an hoping / assuming that the cn (common name) passed in the certificate is still used to check against the username. (Is account still enabled, etc.?)	21:44
ivoks	http://www.howtoforge.com/wifi-authentication-accounting-with-freeradius-on-centos5	21:44
ivoks	something like that...?	21:46
ivoks	this is for sure something to test and explore	21:48
ivoks	i never tried it	21:48
ziesemer	I'll experiment and post back.	21:48
ivoks	a write up would be great	21:48
ziesemer	Will probably end up becoming a blog entry at blogger.ziesemer.com .	21:48
ivoks	great	21:48
ziesemer	Thanks! Get some sleep!!	21:49
epinky	ziesemer: http://zone.ni.com/cms/images/devzone/tut/8021X.png	21:49
ivoks	note that freeradius is built without openssl in ubuntu and debian	21:49
ivoks	at least last time i checked :)	21:49
ziesemer	epinky: OK. I'm looking at the image, and don't see how it applies.	21:50
ziesemer	If I'm authenticating with a certificate rather than a user/pass, (how) does FreeRADIUS determine and authorize the username, beyond just validating that the client certificate is valid?	21:50
ivoks	right	21:51
ivoks	--without-openssl \	21:51
ivoks	--without-rlm_eap_tls \	21:51
ivoks	--without-rlm_eap_ttls \	21:51
ivoks	:)	21:51
epinky	ziesemer: http://www.interlinknetworks.com/whitepapers/Intro_802_1X_for_Wireless_LAN_clip_image002.jpg	21:51
ziesemer	epinky: Another good image, but I'm not seeing the relevance to the question. (?)	21:52
epinky	ziesemer: then sry, I can't help you :(	21:53
ziesemer	k, thx	21:53
ziesemer	http://freeradius.org/doc/EAPTLS.pdf may be my answer. Didn't find it before due to it being a PDF. It shows a log file of a user authenticating with a certificate. It appears to pull the username out of the certificate. I'd guess from the common name (cn) field. Will have to test later.	21:58
Mike_lifeguard	Hi, how can I stop pam_motd in libpam-modules from changing my /etc/motd?	22:02
epinky	Mike_lifeguard: look for /etc/pam.d/ssh look for a line "session optional pam_motd.so" and comment it out	22:06
axisys	i have two ethernet ports on my server .. how do I do network load balance and failover ? right now i am using only one ethernet port ..	22:07
Mike_lifeguard	epinky: /etc/pam.d/ssh doesn't exist	22:08
ziesemer	axisys - what are you connected to in terms of a network switch?	22:08
ziesemer	Ideally, you'd just trunk to a compatible network switch, which would handle both load balancing and failover.	22:09
Mike_lifeguard	ah, there is login ... let's see if that's it	22:09
axisys	ziesemer: i am connected to a switch .. i think cat 5500 .. let me double check	22:10
ziesemer	Otherwise, you could set a 2nd IP on the 2nd port, and use DNS balancing to hand out alternating IPs for each request to a given hostname.	22:10
Mike_lifeguard	epinky: That line appears in /etc/pam.d/login -- however the description is that it "prints the motd upon successful login" (I still want to show the motd, I just want pam_motd to stop changing it from what I've set.	22:11
axisys	ziesemer: cisco cat 4000	22:11
ziesemer	That doesn't mean much to me, except that it is a Cisco Catalyst, which I'm sure supports just about everything. :-)	22:12
axisys	ziesemer: how do I do the DNS balancing ?	22:12
ziesemer	Given that you have a supporting switch, I'd just use that instead.	22:12
ziesemer	I just did a quick Google search. It's a little dated (for 6.10), but still appears applicable: http://www.howtoforge.com/network_bonding_ubuntu_6.10	22:13
epinky	Mike_lifeguard: "session optional pam_motd.so motd=/etc/motd"	22:14
axisys	ziesemer: thanks.. i want to do the bonding instead.. since i have to depend on network guys for my config ..	22:14
ziesemer	Even better: https://wiki.ubuntu.com/LinkAggregation	22:15
axisys	ziesemer: thanks a lot :-)	22:16
axisys	ziesemer: i did not know what to google search... i only used IPMP and dladm on solaris	22:16
Mike_lifeguard	epinky: That seems to have no effect :\	22:19
axisys	ziesemer: Prerequisite: Ethtool support in the base drivers for retrieving the speed of each slave	22:19
axisys	ziesemer: how do I know my card supports that ^ ?	22:19
epinky	Mike_lifeguard: then PAM is not changing your motd	22:20
axisys	ziesemer: i see ethtool gets me the speed .. so i guess i am good w/ prereqa	22:21
axisys	prereqs*	22:21
axisys	how do I make sure /var/log/messages file is readable by hobbit always.. i think some rotate job reverts it.. whats the recommended way to make the change so hobbit can read messages file ?	22:29
axisys	do I have to add hobbit to adm group ?	22:29
ivoks	yep	22:30
ivoks	note that that will give it access to all logs	22:30
Mike_lifeguard	epinky: Do you know of anything else that would be doing it?	22:30
ivoks	read-only	22:30
axisys	ivoks: hmm.. that gives hobbit too much privilege.. i guess i need to ask hobbit guys on how to make changes in the app so hobbit can read the file using sudo instead	22:31
ivoks	why?	22:31
ivoks	it can only read logs	22:31
ivoks	that's not perfect, for sure...	22:31
axisys	so adm group has no other priv than just reading logs ?	22:31
ivoks	right	22:31
axisys	ivoks: oh ok.. then its fine.. its simpler than anything else.. i guess	22:32
axisys	adduser hobbit adm will add the hobbit as part of adm group.. but will it remove its assosication w/ other group with that command ?	22:32
Mike_lifeguard	Is there a list of the groups what what privileges they confer? Some are quite cryptic :\	22:32
ivoks	no	22:33
axisys	let me read the man	22:33
ivoks	it just adds it to the group	22:33
axisys	ivoks: oh! u r fast .. thanks	22:33
ivoks	each user can be a member of multiple groups	22:33
epinky	Mike_lifeguard: not really, sry :(	22:33
axisys	ivoks: yep.. i just dont remember the command to do it throuh cli..	22:34
ivoks	adduser user group	22:34
axisys	ivoks: i can from solaris env.. that's why	22:34
ivoks	:)	22:34
axisys	s/can/came/	22:34
Mike_lifeguard	epinky: oh well. thanks for the help anyways	22:35
=== erichammond1 is now known as erichammond
epinky	ivoks: just use usermod -G <group> <youruser>	22:36
ivoks	or that	22:36
ivoks	adduser username group is faster :p	22:36
axisys	epinky: like in solaris	22:37
aberhow	make sure you use -a too in that usermod command so it appends the groups	22:38
aberhow	usermode -a -G adm hobbit	22:39

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!