andolGammalSokk: Well, in that case I'd say you'd also have to modify your new /etc/init.d/samba to call smbd and nmbd using the -s flag. That's probably just one of many defaults you now have to be explicit about.00:01
GammalSokkye, guess I'm gonna try getting it done tomorrow tho, getting late now, and I can't find any usefull about it when I search the forum or on google...00:02
GammalSokkoh and nmbd doesn't restart properly when I issue '/etc/init.d/samba restart' it seems, heh, I blame me being tired00:03
andolGammalSokk: That's a normal problem :)00:03
GammalSokkah, ok00:03
andolGammalSokk: That is, things going wrong due to the system administrator being tired :)00:04
GammalSokkI guess I can just blame my boss for demanding this to be done in a too small time frame :P Buuut then again he's paying my overtime so...00:08
andolGammalSokk: Well, if nothing else the smb.conf man page is really good.00:23
GammalSokkgives me something to do at work tomorrow I guess :)00:23
GammalSokkty for help so far, gotta try and sleep 4 hours before going back to work :P00:23
andolyeah, sleep is probably something I should look into myself :)00:24
crohakonHow do I setup SSL?00:27
crohakon(Error code: sec_error_untrusted_issuer) <--- I am getting this error when trying to access a https website on my server00:27
billybigriggerdon't have proper certs setup?00:28
billybigriggercheck the server guide00:28
crohakonbillybigrigger, good idea00:28
crohakonokat, the issue seems to be that the cert is self signed00:30
crohakonSo... wtf? I am not going to pay to have it authorized.00:30
crohakonThis is for a development server in my basement.00:30
crohakonoh, i'm an idiot00:32
crohakonnever mind, I missed the "make an exception" part =)00:32
billybigriggeranyone here familiar with ssh tunneling?00:41
billybigriggeri'm trying to setup a tunnel between my friends computer, and my server...00:41
billybigriggerso that we can both use my usenet account at the same time00:41
billybigriggerfrom the same IP address00:41
billybigriggeri've created an account on my server, and i can ssh into my box, from his...with this command ssh -p 2222 -L 2222:news.astraweb.com:11900:42
billybigriggerthat connects fine, and then after i launch pan on his pc, via vnc, i try to connect to localhost:222200:42
billybigriggerthis should redirect him to news.astraweb.com:119 correct?00:43
billybigriggeror am i missing something here?00:43
billybigrigger2222 is the port i have sshd running on my server00:43
billybigriggeror do i need to specify a different port to tunnel through? ie......00:43
billybigriggerssh -p 2222 -L 3333:news.astraweb.com:11900:44
billybigriggerand have him connect through pan via localhost:333300:44
billybigriggeri guess we're both downloading now at the same time...everything seems to be ok i guess00:45
billybigriggerthis tunnel is pretty effin slow i might add haha, maybe this isn't the best way to go about this00:49
billybigriggeri guess this tunnel would be capped at my upstream wouldn't it?00:49
jmarsdenbillybigrigger: Yes.00:49
billybigriggersince i'm technically sending it to him00:49
jmarsdenMight be better to have him use X forwarding, so he sshes into your server and then runs pan on that server, with its display forwarded over ssh back to his local workstation>  That assumes he has X on his local workstation...00:50
billybigriggereither way that data he downloads with still be capped via my upstream00:51
jmarsdenbillybigrigger: No, using X forwarding the data between your server and him is just video and keystrokes/mouse movement.  The news stays on your server machine.00:52
billybigriggermy server is a VM :)00:52
billybigriggermy upstream is 120kb/s max :P00:52
billybigriggermaybe i should look into renting a host for this :)00:52
jmarsdenThen why are you offering to share it with friends?? :)00:52
billybigriggeryeah, having my upstream being the bottleneck totally slipped my mind00:53
jmarsden120kb/sec is slow... you have a connection using 2 56k dialup modems bonded together??00:54
billybigriggerno thats my cable modem00:54
billybigrigger2.5MB/s down 120KB/s up :)00:55
jmarsdenAh, OK.00:55
billybigriggerhe has the same ISP00:55
jmarsdenI'm spoiled here -- Verizon FIOS, so 10Mbps down / 2Mbps up :)00:55
billybigriggereven using my server as a proxy would not help us out in this situation would it00:55
billybigriggerya canadian ISP's suck for upstream, they all suck00:56
jmarsdenbillybigrigger: Not that much -- I'm not sure whether remote X over 120kbps would be better or worse than the news feed going over that 120kbps link...00:56
billybigriggerin either option, the ssh tunnel, or setting up the proxy server, he will still be capped at my upstream00:57
billybigriggerso either tell him to buy his own usenet account or split the cost of a co-located server....00:57
billybigrigger$11/month for the usenet account seems to be the best option :) haha mind you i wouldn't mind having a server setup with a decent connection00:57
jmarsden$20/mo for a small slice on Linode might work -- $10each if you share it... ?00:58
billybigriggerlinode, never heard of it00:58
jmarsdenhttp://www.linode.com  -- well reputed place for getting Linux virtual servers00:59
billybigriggerchecking it out now00:59
billybigriggerdoesn't say what kind of link the servers are on though...unless im missing something01:03
zroysch1how can I get the output of dmesg with timestamps so I know when these things happened01:05
jmarsdenSeveral Mbits/sec per VM, I'm sure -- they are at huge data centers buying bandwidth in bulk... you can ask them if you want a clear answer01:05
jmarsdenzroysch1: The number in [] on the left of dmesg output is the number of seconds since server startup... doesn't that tell you when things happened?01:06
zroysch1jmarsden: yea i'm not trying to sit here and calculate for every event.01:07
jmarsdenzroysch1: You could write a trivial script to accept a time (the server boot time) as a parameter and dmesg output as input and display the times any way you want... probably a two or 3 line Perl script would do it.01:08
zroysch1yea i wouldnt know where to start01:09
jmarsdenYou are a server admin and have no scripting skills?  Time to learn, maybe ?01:10
epinkyserver admin, what is that?01:11
zroysch1uh yea i have a computer sitting next to me running ubuntu server01:12
zroysch1i guess that makes me a server admin01:12
=== MianoSM1 is now known as MianoSM
jmarsdenIf you prefer, get the dmesg output into a spreadsheet and set that up to do the time conversions, maybe?  Use whatever tools you *do* know.01:15
zroysch1jmarsden: dmesg -h would be ideal.01:32
billybigriggerjmarsden, can i still use ssl through an ssh tunnel?01:33
jmarsdenzroysch1: There is no -h option to dmesg.  You mean like du -h, where "h" means "human-reladable format"?  Sure.01:33
jmarsdenbillybigrigger: Yes.01:33
billybigriggerlinode is by far the best VPS option i can find01:33
=== crohakon is now known as crohakon|afk
jmarsdenzroysch1: Try this Perl oneliner: while (<STDIN>) { /^\[([0-9]+)(.*)$/ ; print "[" . localtime($ARGV[0] + $1) . $2 . "\n"; }01:42
zroysch1jmarsden: thanks, but how would i implement that01:43
=== jtisme is now known as jtholmes
zroysch1and why is my /var/log/messages filled with only -- MARK --01:44
zroysch1sorry i cannot google that01:44
jmarsdenStick it into a file that starts with #!/usr/bin/perl on one line and the perl I gave you on another line.  Let's say the file is called display-time.pl  Then do   dmesg |perl display-time.pl 123456789001:44
zroysch1ok thanks will try01:45
jmarsdenWhere 1234567890 is the time offset when you booted your serer01:45
jmarsden/var/log/messages is filled with only -- MARK -- if you have a server that is doing nothing at all and has the syslog mark option enabled.01:45
jmarsdenzroysch1: Actually you can do the date conversions on the command line if you prefer, just type01:47
jmarsdendmesg |perl -e 'while (<STDIN>) { /^\[([0-9]+)(.*)$/ ; print "[" . localtime($ARGV[0] + $1) . $2 . "\n"; }' 123456789001:47
jmarsdenAnd adjust the 1234567890 to the correct value for your machine :)01:48
zroysch1appreciate it01:49
zroysch1it seems that an ssh connection from the internet is finally stable.01:50
billybigriggerjmarsden, do you have a linode account?02:01
jmarsdenbillybigrigger: No, I've just heard good things from several Ubuntu people who do.02:02
billybigriggerahh ok02:02
billybigriggerjust wondering what the setup time is02:02
jmarsdenMinutes, they advertise.02:02
billybigriggerfair enough02:03
jmarsdenThe signup page says "Accounts are activated instantly when possible. " :)02:05
=== lamont` is now known as lamont
billybigriggerjmarsden, hmmm linode network link doesn't seem that great03:04
billybigriggeri've tunneled both me and my buddy to my linode server and we're both getting only 200kb/sec03:04
jmarsdenbillybigrigger: If you create a user for me on your server I can ssh in from here and test bandwidth to/from both my home and from other servers which have plenty of bandwidth,,,03:05
billybigrigger 1% [                                       ] 77,941,856  2.52M/s  eta 27m 50s03:08
billybigriggerthats from wget03:09
billybigriggerjust don't have a decent place to scp a file to test this upstream03:09
jmarsden2.52M/s == 2.52 Megabytes per second, so that's 20 mbits/sec which seems reasonably quick to me...03:09
billybigriggernot no 100mbit i thought i would have though :)03:10
billybigriggerthat's the same downlink as my home connection03:10
billybigriggerjust that my home connection has a crap uplink03:10
billybigriggerand by the looks of it, so does linode03:10
jmarsdenget me an ssh login and I'll test both ways from a server at a major datacenter to and from your server...03:11
billybigriggercheck pm03:11
jmarsdenGot it... here we go...03:11
billybigriggerjmarsden, i don't see you logged in03:15
jmarsden1.7Mbytes/sec from me to you, 1.4Mbytes/sec from you to me, over ssh.  Pretty decent for a small slice03:15
jmarsdenI scped rather than sshing in for each connection, use last to see the two brief scp sessions03:15
billybigriggerhmm some claim in the linode irc chan 50mbps03:16
billybigriggerfor uplink03:16
jmarsdenDo they have a larger slice?  it may be allocating bandwidth based on the size of your slice??03:17
billybigriggeri asked for my 360 account03:17
billybigrigger<amitz> 50mbps, upgradeable for free if you have legitimate/acceptable reason to be so.03:17
jmarsdenHmm.  Well, at the moment you're not seeing that, at least not to where I tested.  And I don't *think* the server I used would be the limiting factor...03:18
billybigriggerdid you test from a datacenter?03:18
billybigriggeror just your home link03:18
jmarsdenYes, from a Verio datacenter where I admin a work server03:19
billybigriggerwhat's 50mbps, like 6Mbytes/sec roughly?03:20
jmarsdenYes.  But does it matter to you -- if you get anywhere close to 2Mbits/sec your cable will become the limiting factor anyway :)03:21
billybigriggerof course03:22
billybigriggermy connection SHOULD be the bottleneck03:22
billybigriggerbut it's not by the looks of things03:22
billybigriggernot even seeing close to the 1.7/1.4 mbytes you saw though03:23
billybigrigger200k/sec here and 250k/sec for him03:23
jmarsdenSo if you do    scp -pv -P 2222 bigfile user@ipaddress:      what do you see?  Then scp -pv -P 2222 usedr@ipaddress:bigfile bigfile2  to try it from the server to you.03:23
billybigriggerssh -p 2222 -L 2222:news.astraweb.com:11903:24
billybigriggerdoes that look like a correct ssh tunnel?03:24
jmarsdenYes, looks fine to me.03:24
billybigriggerthought so03:24
jmarsdenNews may not be a good bandwidth test... lots of small articles...03:25
billybigriggerwhats a quick way to spit out a 10MB test file on this server?03:25
pmatulisuse dd03:26
jmarsdendd if=/dev/random of=testfile bs=1024 count=1024003:26
billybigrigger100%[======================================>] 10,485,760  23.6M/s   in 0.4s03:26
billybigriggernevermind, found one on the net03:27
billybigriggerthat was quick03:27
jmarsdenThere is also one in ~jmarsden on your server (from my tests) :)03:28
billybigriggerahh :)03:28
billybigriggercould it be the limitation of openssh or the tunnel?03:29
jmarsdenYou'd have to have a very slow CPU for the ssh crypto to slow down that far.03:29
jmarsdenOn a 486, sure, it might be a limitation :)03:30
jmarsdenIf you are really testing newsfeed speed, can you download news fast on the server itself using a shell-based newsreader?03:32
billybigriggerwell i'm just going to have to setup apache and host this 10mb.bin somewhere03:35
billybigriggerthis is odd03:35
jmarsdenWhat's odd?  1.14Mbytes/sec download to here ~= 10Mbit/sec which is my download speed... seems fine to me :)03:40
jmarsden1.6Mbit/sec to "my" server in a datacenter, but I think the file is too small to really be a good test at those speeds, it was still speeding up when the download ended.03:42
billybigrigger<HoopyCat> a little slow to get going at first (mind you, i'm coming at it from approx. 3000 miles away), but 3.11MB/sec -> 24.88Mb/sec, trending faster.  with a larger file, it'd fly03:44
billybigrigger<HoopyCat> 22:39:55 (3.11 MB/s) - `/dev/null' saved [10485760/10485760]03:44
billybigrigger<billybigrigger> 3.11MB/s is nowhere near my 231K/s :)03:44
billybigrigger<HoopyCat> from my house, 2009-11-22 22:41:45 (1.68 MB/s) - `/dev/null' saved [10485760/10485760]03:44
billybigriggerhe's 3000 miles from my server, i'm only 1500 miles03:45
billybigriggeri'd be happy to see 1MB/s03:45
twbIs WUBI the same thing as goodbye-windows.com?03:48
=== crohakon|afk is now known as crohakon
kshahI somehow botched my postfix configuration, I set home_mailbox to Maildir/ but I still see mail going to /var/mail/user .. ideas?03:56
billybigriggerdid you restart postfix?03:57
kshahbillybigrigger: yes I was following Ubuntu server guide on postfix, so I also have dovecot up.. I'm not great setting up email daemons03:58
kshahmy ultimate goal here is to setup procmail03:59
WALoeIIIuse google apps03:59
WALoeIIImail SUCKS03:59
WALoeIIIbut you already know that.03:59
kshahbut it seems like procmail needs the mail in the /home/user/Maildir format03:59
jmarsdentwb: No, WUBI installs Linux within files inside the WIndows filesystem, or used to... goodbye-windows.com looks like a way to boot a Debian installer from Windows, but you need to repartition etc etc as normal.03:59
jmarsdenkshah: No, procmail will work on normal mailbox files too, or it did a few years ago for me...04:02
twbjmarsden: OK.  I was confused on that point, since goodbye-windows also appears to run as a Windows .exe04:02
kshahjmarsden: awesome, and I'll go that route if I can't figure this out, but I do also want to know why my setting isn't taking effect04:02
billybigriggerjmarsden, would a proxy server help out my speeds here at all?04:02
kshahcat /etc/postfix/main.cf | grep home_mailbox # => home_mailbox = Maildir/04:03
jmarsdenbillybigrigger: Well, for browsing static web pages it might, but that's not what you are trying to speed up...04:03
billybigriggerso pretty much, my connection to my server sucks, but it's great for everyone else :)04:03
qman__billybigrigger, a proxy server only increases speeds on files you have already downloaded before04:04
jmarsdenbillybigrigger: Looks like it :)  Which is pretty odd...04:04
qman__so it helps in multi user environments04:04
qman__but that's about it04:04
billybigriggerjmarsden, i should have looked into a canadian vps04:04
twbbillybigrigger: a proxy for what?  HTTP?04:04
jmarsdenbillybigrigger: Well, you have 7 days to test it for free, if you find something better you can drop Linode within that time and get your money back.04:05
jmarsdenAt least, they used to offer that, I think they still do.04:05
twbProbably takes a week to get a VPS fully configured anyway04:06
qman__billybigrigger, what type of internet connection are you using?04:06
twb(Just like any other server.)04:06
qman__1MB/s is more than a lot of home connections can do04:06
billybigrigger25mbps advertised04:06
billybigriggeri can get around 2.0 - 2.5/MB/s downloads, with a 120K/s upload04:07
twbIncidentally, an HTTP proxy like polipo uses some tricks to reduce latency even for URLs that aren't cached, such as upgrading the connection to HTTP 1.1 and using multiplexing.04:07
twbbillybigrigger: that'll just be because you're a ways from the exchange, or have a lot of line noise04:07
twbObviously another way to make browsing faster is to disable flash, images, js, css, etc.04:08
billybigriggernot trying to speed up browsing04:08
jmarsdentwb: or use lynx :)04:08
twbI use w3m, actually.04:08
billybigriggerme and a buddy are sharing a usenet account, and we're both tunneling over ssh into this VPS i bought, so we can both use the news server at the same time04:09
billybigriggerbut we're only seeing like 200k/sec each04:09
billybigrigger200K/sec sorry04:09
twbbillybigrigger: you could set up leafnode (an NNTP proxy)04:09
billybigriggerwhat do you guys get for download speeds from this server?04:09
billybigriggertwb, is it going to be any faster than this ssh tunnel?04:09
twbbillybigrigger: latency is not the same as speed04:10
billybigriggereven when i ssh into this server it seems lagged to hell04:10
twbbillybigrigger: if leafnode has already downloaded news to your local machine overnight, then you don't need to wait for it to come down while you're reading it -- so latency is reduced even though you're probably downloading more overall04:10
billybigriggertyping takes forever...04:11
twbbillybigrigger: you should also investigate QoS04:11
twbbillybigrigger: also, you should check the load on the remote host -- it might be that someone is running e.g. emacs or firefox there04:11
twb15:09 <billybigrigger>
twb100 10.0M  100 10.0M    0     0   127k      0  0:01:20  0:01:20 --:--:--  129k04:11
twbThat's 129kB/s, I think.04:11
jmarsdentwb: He'd need a fair amount of disk space and bandwidth to maintain a leaf node, though -- how big is a full Usenet feed these days?04:13
twbjmarsden: leafnode can proxy selective groups04:13
jmarsdenbillybigrigger: ssh to your VPS has no discernible lag from here in Southern California...04:13
twbjmarsden: actually its default behaviour is only to pre-fetch groups you have tried to read in the last N days04:13
jmarsdentwb: OK, that sounds workable.04:14
twbSo if you read all articles in a group, leafnode shouldn't be significantly more intensive than not using leafnode04:14
billybigriggerhmmm....i use nzb's mostly, i don't even subscribe to any groups04:16
twbIs that a newsreader?04:16
billybigriggerpan i use for the newsreader04:17
billybigriggernzb is just for downloading binaries04:17
twbOh, you are an alt.sex.binaries weenie04:18
billybigriggernot quite04:18
* jmarsden thinks alt.sex.* preferences are probably off topic in #ubuntu-server :)04:19
twbSo, has anybody tried ext3's transparent compression functionality?  Is it reliable?04:20
twbI'm wondering if I can/should turn it on for stuff like ~/Mail and ~/News, which are guaranteed to be lots of small text files.04:20
jmarsdenI've never tried it, but have wondered about it... is it still "an unofficial patch" ?  I'm not sure how much I trust an unofficially patched filesystem...04:28
billybigriggeryou doing anything important on that vps jmarsden? :)04:30
jmarsdenNope :) I just left myself logged in after testing for keyboard lagginess that you reported :)04:30
billybigriggerdo you see it?04:31
jmarsdenNo, it's lag-free for me.04:31
jmarsden<jmarsden> billybigrigger: ssh to your VPS has no discernible lag from here in Southern California...04:31
billybigriggerthat vps is in cali, i'd sure hope not :)04:31
jmarsdenLooks like I'm ten hops and about 25ms away from it.04:34
jmarsdenbillybigrigger: 1 100MByte test file makes the bandwidth of your VPS look better: 4.2Mbytes/sec scp transfer.04:39
billybigriggerk i moved it to /var/www04:41
billybigrigger4% [>                                      ] 4,233,872    178K/s  eta 5m 37s04:42
billybigriggeri think i just need to get a VPS host here in canada or something04:42
jmarsdenCould be.04:43
billybigriggereveryone else seems to be able to pull over a MB/s from it, and i can barely break 300KB/sec04:43
jmarsdenAre binaries from Usenet really worth all this effort? :)04:43
billybigriggerno i actually have a host, thefrozencanuck.ca that i have www/mail and a bunch of junk on here on a VM on my home connection04:44
billybigriggeri wouldn't mind having it hosted somewhere else04:44
billybigriggerbut on a host that has a better connection than my home connection :)04:45
uvirtbot`New bug: #486950 in php5 (main) "php5-cgi should be compiled with the --enable-pcntl option." [Undecided,New] https://launchpad.net/bugs/48695004:51
smackdaddywhats a good webmail server for ubuntu 9.10 that lets users create their own accounts?05:56
Sam-I-Amgenerally users shouldnt be creating their own accounts05:57
smackdaddywell, yes , i mean that lets them change their passwords from within the webmail page05:59
billybigriggercheck out roundcube06:00
smackdaddyi tried squirrelmail it didnt have it06:00
billybigriggerdunno if you can change user/pass though, as it just reads your systems users06:00
Sam-I-Amusually password management is not a function of the mail client06:00
billybigriggeri think you can setup roundcube to read users from a db though06:00
billybigriggerSam-I-Am, yeah exactly06:00
Sam-I-Amwhat i've done in the past is made a web page for password changes06:00
crohakonbillybigrigger, you drive semi trucks?06:01
billybigriggerwork on oil rigs :)06:01
smackdaddyalright, thanks06:01
* smackdaddy installs roundcube06:01
crohakonbillybigrigger, damn... ever been to an asteroid? =)06:01
billybigriggerever been to an asteroid?06:01
billybigriggeri don't understand your question06:02
crohakonbillybigrigger, do you often sing "Leavin on a jet plane"?06:02
billybigriggerahh...haha not in awhile06:02
Sam-I-Ambillybigrigger: they have internet connections on those?06:02
crohakonSam-I-Am, of course they do.06:02
billybigriggeryeah they do06:02
crohakonSam-I-Am, they have to send and receive data all the time. Most likely satellite?06:03
billybigriggeryeah usually the operator's office usually wants to watch the rig data, and usually some bigshot's with all the $$$ in houston like to watch what your doing aswell :)06:03
crohakonbillybigrigger, one last off topic question... Are you in the gulf?06:04
billybigriggeri live/work in canada06:04
crohakonoh, nice06:04
pwnguin(Error code: ssl_error_rx_record_too_long)06:12
crohakonpwnguin, ssl with zen-cart? =)06:12
pwnguinjust followed the wiki06:12
pwnguincrohakon: any idea?06:13
crohakonpwnguin, was I right? Zen Cart?06:13
crohakonpwnguin, oh... nope, I can't help. I am getting the same issue with zencart and ssl06:13
pwnguini have no idea what zencart is06:14
pwnguinim guessing a php app for ecommerce06:14
crohakonpwnguin, shopping cart e commerce stuff06:14
pwnguincrohakon: im pretty sure the problem is unrelated to your cart, except for the part where ecommerce requires SSL06:15
pwnguincrohakon: check your virtualdirectory apache config06:16
crohakonpwnguin, figured as much as well... I just reinstalled it without ssl as I am just playing around with it.06:16
crohakonseeing if I like it06:16
pwnguinyea, i had <VirtualHost *:80>06:17
pwnguinSSL dont like that06:17
Sam-I-Amwell you can run one ssl vhost... then the other ones wont work without other IPs heh06:18
pwnguinwell, i just have the one domain06:27
Sam-I-Amtime for zzz here...06:28
maxagazi have put my id_dsa.key in the .ssh/authorized_keys of a server, but still when i try to ssh to the server, it returns: Permission denied (publickey). why?06:30
pwnguinbecause you did it backwards06:34
pwnguinyou need to put the .pub in the authorized keys file06:35
pwnguinthat way the server doesn't have your private key06:35
pwnguinthe id_dsa.key is stored wherever you wish to ssh FROM, and the id_dsa.pub is needed wherever you wish to ssh INTO06:36
pwnguinmaxagaz: there's a program that will actually deploy keys for you06:40
smackdaddyhow do i configure roundcube06:42
pwnguinjudging by my server logs, poorly06:44
pwnguinseems like im always getting roundcube attack attempts =/06:45
smackdaddyit sucks?06:47
smackdaddyi cant even get it installed06:47
smackdaddyor working..06:47
smackdaddyits installed06:47
maxagazpwnguin, i don't have password access to the server, so ssh-copy-id won't work06:53
pwnguinwell, then you get to do it the hard way06:54
maxagazpwnguin, what is the hard way ? I already put the content of my user's id_dsa.key at the end of the authorized_keys of the distant user on the remote server07:02
maxagazpwnguin, is there something else to do ?07:02
pwnguinmaxagaz: yes. delete that, becuase it's the wrong thing07:08
pwnguinmaxagaz: do you know how public key encryption works?07:08
maxagazpwnguin, partly07:08
pwnguinyou want the user's public key on the server07:08
pwnguinhowever, you put the private key on the server07:09
maxagazpwnguin, no, i did put the public key07:09
maxagazpwnguin, id_dsa.pub07:09
maxagaz(pwnguin, sorry for saying id_dsa.key)07:09
pwnguinthen you have a long night ahead of you07:10
pwnguinperhaps blow away the auth_keys file07:11
pwnguinand maybe make sure the keys are matched07:11
maxagazpwnguin, actually i can access the server via another address and port, with password, so I've add the pub key from it using ssh-copy-id, now i can access the server from this way without password, but if i try to access the server from its other address and other port, it returns: Permission denied (publickey). Why?07:16
pwnguinnot sure. im not quite the expert at configuring servers yet07:21
crohakonso, when I try to connect to my ftp server from outside my lan I get Response:227 Entering Passive Mode (192,168,1,2,209,60) and Status:Server sent passive reply with unroutable address. Using server address instead.07:30
crohakonHow do I fix this?07:30
jmarsdencrohakon: Tell your FTP server what your external address is and that it needs to use it in port commands.07:31
crohakonI use vsftpd... where do I start?07:32
jmarsdencrohakon: the man page for vsftpd, I would think... :)  Let me look...07:32
crohakonjmarsden, nothing in the man page07:33
jmarsdenDid you also read the man page it points to, man vsftpd.conf ?  I think not.07:34
jmarsdenHint: search for pasv_address07:35
crohakonokay, what if I have a dynamic IP?07:38
jmarsdenI think you are somewhat stuck; you can use pasv_addr_resolve to resolve your dyndns hostname at vsftpd startup time, but if it changes underneath the vsftpd instance it will break until you restart vsftpd.07:40
jmarsdenDoes your ISP really sanction file servers on dynamic IP addresses, by the way?07:41
crohakonSo I can used the pasv_addr_resolve=YES with pasv_address=whatever.dynhost.com07:41
crohakonAnd that should work?07:41
crohakonThanks man.07:41
jmarsdenIt will "work" until your dynamic address changes, I think.07:42
crohakonWell, it now resolves, but still fails to connect.07:44
smackdaddyi keep getting connection refused with vsftpd07:44
qman__FTP is a nightmare, suggest SFTP instead07:44
smackdaddywhats the command to open ftp07:44
jmarsdencrohakon: do you have the relevant range of ports open for incoming PASV FTP connections?07:45
crohakondo they use something different then the normal port? I currently have the server listening on port 9307:46
crohakonand I have the router set to forward all connections on port 93 to the server07:46
qman__crohakon, you need both the FTP listening port and a range of high ports07:46
crohakonHow do I get that range?07:47
qman__assigned to the FTP server, all forwarded07:47
jmarsdencrohakon: Yes.  Very much so.  To run an FTP server that supports PASV mode FTP you need a range of ports too. ... read the vsftpd.conf man page again... :)07:47
qman__this is why I hate FTP, and suggest SFTP instead07:47
qman__on top of only needing one port, the default is not filtered by your ISP07:47
* crohakon sighs07:47
qman__and you won't have any dyndns issues07:48
jmarsdencrohakon: pasv_min_port and pasv_max_port are your friends .  As you are discovering, FTP was not designed to have FTP servers run behind home NAT/firewall boxes.07:48
jmarsdenIt can be made to work, as long as you understand it.07:48
crohakonthose are not in the man page, but I guess I get how they work. pasv_min_port=5000 pasv_max_port=5100  and it will then use 5000 through 5100?07:50
qman__and you need one port per connection07:50
jmarsdenThey are in my man page... but yes.07:50
crohakonIs the page alphabetical?07:50
qman__and it will choose randomly, so make sure you forward the entire range07:50
jmarsdencrohakon: No idea, I searched for the word "range" to find them quickly.07:51
crohakonso if I only expect say, 4 connections at a time then I only have to have a 4 port range?07:51
qman__technically yes, but you should have extras07:52
qman__and be aware that one person may make multiple connections07:52
qman__some clients transfer multiple files and browse at the same time07:52
qman__opening lots of connections07:52
jmarsdenI've generally used 1000 ports for this on FTP servers behind NAT.  Just so there are plenty available :)07:53
jmarsden100 should be fine in practice.  4 .. could be limiting.07:53
pwnguinanyone know of a photo gallery webapp that's similar to the flickr API?07:54
pwnguinor otherwise popular enough to have linux apps supporting it?07:54
crohakonResponse:425 Security: Bad IP connecting. <---- getting this now =( damn07:54
qman__as was mentioned before, FTP was designed before firewalls and NAT07:55
qman__as such it's very difficult to make it work07:55
crohakonI am almost to the point that I want to connect the server directly to the modem and place the router and switches behind it...07:55
crohakonI have a spare nic card lol07:55
qman__still not sure why you want FTP, SFTP is better in every way07:55
crohakonWell, I already have vsftpd setup to work with my MySQL server for account names and such....07:56
crohakonSo, I kind of want to push on and make it work.07:56
qman__well, check the connection log and see what IP your client is giving to the server07:57
crohakonokay, so the log tells me that I am connecting from (which is correct, it is the IP I have set for my laptop)07:59
qman__ok, let me put this into perspective08:00
qman__since FTP isn't designed to work with NAT, in order to allow external connections, you have to tell the FTP server it's using the external IP08:00
qman__but when you do that, connections from LAN cease to work08:00
jmarsdencrohakon: Wait... I thought you were configuring this for connections from the outside...!08:00
twbYou can run FTP over a NAT08:00
qman__so you can either go from the net, or you can go from local08:00
twbYou need to use some conntrack magic on the router08:00
qman__but not both at the same time unless you configure the router specially08:01
crohakonjmarsden, I am configuring it to work from the out side... but I also want to connect from the lan as well. I have friends that need to connect from the out side.08:01
qman__and unless you have a router with dd-wrt or linux or something, you probably can't do that08:01
jmarsdencrohakon: qman__ is correct -- you didn't specify you needed this to work from the LAN earlier.  Unles you can make your router sing and dance, pick one or the other.08:02
crohakonI honestly don't use the ftp access much as I mostly wget files to the server...08:02
qman__the FTP server can only accept connections to a certain IP, and it must either be your LAN IP or your internet IP, not both08:02
jmarsdencrohakon: Then test it from the Internet, not from a machine on your lcoal LAN.08:02
crohakonHow do I test it from the internet?08:02
qman__call one of your friends ;)08:03
jmarsdencrohakon: ssh out to some other box, ftp in from there...08:03
crohakon... *sigh*08:03
billybigriggeropen your ftp connection to your IP address should route outside the lan, and back in08:04
billybigriggerie for example, not your LAN ip of or whatever08:04
qman__it would, but only if the router can handle it08:05
qman__most routers can't by default08:05
crohakonand I doubt this router can08:05
qman__it requires some magic08:05
crohakonSo, if I connect the server directly to the modem, and then route my other computer through it, would that resolve the issue?08:05
qman__yeah, but it would bring up a whole bunch more08:06
billybigriggerhehe not worth it08:06
qman__you'd be running ftp on your router08:06
qman__which is a bad idea08:06
qman__every day of the week08:06
crohakonmodem <-- server <--- wireless/4port router <--- switches08:06
* crohakon sighs once more08:06
qman__when you do that, your server becomes the router08:07
qman__you have to configure NAT and masquerading08:07
qman__and be very careful how you set up your firewall08:07
crohakonqman__, I figured that.08:07
qman__and running services on the router itself to the internet is a bad idea08:07
billybigriggerwhats wrong wtih sftp or scp?08:07
crohakonokay, so, when it comes down to it I don't really care if I can ftp from inside my network. I mostly wget and edit files via ssh anyway.08:08
crohakonMy friend that is attempting to connect to it, however, is still unable to connect.08:08
qman__then the configuration you have now is likely correct08:08
jmarsdencrohakon: What exact error does your friend see?08:08
crohakonport forwarding is set correctly, conf looks correct as well08:08
crohakonconnection was closed by remote host08:09
qman__what does the server log say08:09
crohakonCONNECT: Client "xxx.yyy.zzz.vvv"08:10
crohakonno other information08:10
qman__I just made a connection attempt08:12
qman__it asked me for a user/pass and gave me incorrect login08:12
qman__so it's probably a problem with your friend's client08:12
crohakonIt seems he was using an SFTP client08:15
crohakonfugu or something for max08:15
crohakonHe is going to download a new client and try again. =)08:16
crohakonthanks for everyones help thus far.08:16
jmarsdencrohakon: Assuming his Mac runs OS X, can't he open a Terminal window and use the command line ftp client?08:19
crohakonjmarsden, I don't know.. never used a mac... and he is not exactly a power users...08:19
billybigriggeri never touched a mac or osx but isn't it based on a linux kernel?08:20
qman__BSD actually08:20
twbOS X runs a FreeBSD-derived userland and a Mach-derived microkernel08:20
twbThen they bolted on some GNU stuff08:21
twbIt's basically the sort of messy clustercruft you'd expect from the Unix Wars of the 1980s08:21
twb(Fortunately, Debian runs perfectly well on any post-"old world" mac.)08:22
crohakonhe is running MacOS 10.4.1108:22
crohakonI am trying to convert him to ubuntu, though not sure if it can install on his computer08:23
twbcrohakon: is it PowerPC or x86-64?08:25
twbcrohakon: Ubuntu will run on either, but I believe the former's support is unofficial08:25
qman__yeah, not every release has a ppc version, and they're generally unsupported08:26
qman__but they do exist08:27
crohakonbtw, qman__ tested the ftp server and it works fine. Thanks for all the help.08:27
Bo7Hello! How can I limit the bandwidth that my apache2 web-server is using?08:27
twbBo7: tx or rx?08:27
Bo7upsteam mostly08:27
crohakonWell, when I convince him to try ubuntu I will bother the people in #ubuntu =)08:27
twbBo7: first of all, look at your httpd logs and realize that most of it is web crawlers like the google bot.08:28
twbBo7: then, either write a robots.txt that simply tells them to bugger off, or instead actually fix your website so it is "cache friendly", e.g. using e-tag and expiry headers.08:28
Bo7twb, well, I host some big files and I want to limit the total bandwidth for all downloaders, so the other apps don't suffer. I don't think robots is a big problem for me really08:32
twbYou could set up per-IP recency and rate limits in iptables.08:33
twbProbably this can be done in apache, too.08:33
Bo7aha, if I do that in iptables will it interfere with UFW which I use?08:34
twbIIRC the hentai.plan9.de webmaster has set up something pretty solid, you could email him and ask for details.08:34
Bo7but there's not like a simple config-setting in apache for limiting then?08:36
twbI don't know.  #httpd (apache's channel) would08:36
twbI tend to stick to extremely simple httpds like thttpd and busybox httpd.08:36
martin-Does the jeos edition of ubuntu 8.04 have lts?08:58
=== simplexi1 is now known as simplexio
twbLTS is provider on a per-package basis, AFAIK09:01
martin-yeah, you're right09:02
twbWhether any given package receives five years of support depends on something obscure09:02
twbI use that to find out whether a package will be supported.09:02
martin-but it doesn't matter anyway as there doesn't seem to be an amd64 version of jeos 8.0409:02
twbI have to say I take a rather jaundiced view of just slapping together some branding on top of some arbitrary subset of the main archive.09:04
twbOr does JeOS actually do something useful, like repace coreutils with busybox?09:05
twbmartin-: wikipedia claims there is an x86-64 version09:05
martin-then where is it? :o09:06
twbOh sorry, it says "AMD x86"09:06
twbI think they just mean "x86" and are writing for non-techs09:06
_rubenjeos isnt even all that much smaller than a clean server install .. so disk footprint wouldnt be an issue .. it does come with fair ammount of less packages, which mostly annoyed me, stuff like tab completion and the likes09:08
twb_ruben: it says 380MB -- I'm pretty sure a stock d-i install without tasksel tasks checked is more like 200MB09:08
martin-disk footprint doesn't really matter09:10
martin-more interested in the optimized kernel and the vmware-optimizations09:10
twbmartin-: what are they?09:10
twbmartin-: the jeos documentation conspicuously doesn't say09:11
martin-no idea, it just sounds good :P09:11
twbIf Ubuntu wasn't partly FOSS, I'd be inclined to dismiss it as marketing vapourware09:11
martin-the VMs I'm setting up have a very specific purpose (one DB and one application server)09:12
martin-anything else doesn't matter09:12
martin-well, yeah09:12
martin-it's currently running some ancient red hat enteprise linux 4, which doesn't even have yum09:13
twbI suspect all that jeos is is a preseed that disabled ubuntu-standard (but leaves ubuntu-minimal in), and forcibly installs openvm-tools, the FOSS fork of the crap that VMware wants guest OSs to taint their kernels with.09:13
_rubenthere's no vmware optimizations in jeos09:13
_rubenits just a stripped down -server kernel (less modules)09:14
twbAnd even that kernel tainting doesn't provide anything useful if you're using VMware Server, since hgfs isn't implemented there and you (presumably) aren't doing 3D graphics09:14
twb_ruben: so they're using kernel packages that aren't in the main archive?09:14
_rubennor does it do open-vm-tools, as jeos isnt vmware specific09:14
martin-so nothing special about -virtual kernels?09:15
_rubenonly that it provides the bare minimum of modules for a vm to work09:15
twb_ruben: depends on the VM, too, I expect :-)09:15
twb_ruben: for example, some VMs might want ipt_*09:15
_rubenand perhaps a few tweaked clock settings, which usualy dont need recompile anyway09:15
* \sh uses always the standard -server flavour with vmware modules ... which gives me a bit better memory sharing between the vms...but I'm not using vmware-server but vmware ESX09:15
martin-esx here too09:16
_rubenesxi here09:16
twbAs for me, I am eagerly awaiting LXC productization09:16
=== georg is now known as kwork
maxagazhow to ssh with a given private key ?10:54
\shssh -o IdentityFile=<path>/<filename of priv key> user@host10:55
\shor use ~/.ssh/config10:55
Gorlistgood day, does anyone here run fail2ban on 8.04, proftpd?10:58
twbIn current openssh-client, you can even use %r, %h, etc. in your .ssh/config10:59
twbGorlist: nope.  Have you considered migrating to SFTP (read-write access) + HTTP (read-only access)?11:00
Gorlistive not, using plesk however11:00
twbAnd/or a simple iptables -m recent rule to limit repeated connection attempts from specific IPs?11:00
twbplesk doesn't really have anything to do with how you provide remote file access to your users...11:01
Gorlistive considered that :) and may use it later on but trying to figure out this specific problem11:01
Gorliststill would like to have fail2ban working, just getting a fault with proftpd11:01
twbDepending on your use case, if -m recent was working you could get rid of fail2ban11:02
Gorlistwell at the moment im using ufw, though was going to sit down at somepoint, hopefully learn iptable setups as well as applying the rate limit11:03
twbHm, does fail2ban even use ipset when you're hooking it into iptables?  Or does it simply add ridiculous numbers of individual iptables rules to INPUT?11:04
Gorlistipset I believe, might be wrong however11:05
twbGood, good.11:05
acalvosomeone using ldap with replication?11:41
twbacalvo: what's your real question?11:50
acalvoI've been working with ldap and replication for a month or so, but the last days one of the servers does not respond to queries. However, I can retrieve all the objects of the tree, and I can browse it thru the apache directory studio11:53
acalvoand I was wondering why this behaviour, and if it's realted to the some cn=config attribute11:54
=== georg_ is now known as kwork
uvirtbot`New bug: #236719 in ntp (main) "ntp doesn't support proxy" [Undecided,Invalid] https://launchpad.net/bugs/23671912:53
=== mrchrisadams_ is now known as mrchrisadams
jbernardzul: morning13:16
jbernardzul: made it back okay, no jetlag?13:17
zuljbernard: yep no delays and no jetlag13:17
zuljbernard: you?13:18
jbernardzul: no delays for me, im in good shape13:19
zuljbernard: coolio13:20
=== MarwolTuk___ is now known as MarwolTuk
uvirtbot`New bug: #228442 in virt-manager (universe) "KVM eats 100% CPU, Host Hardy64, Guest XP with more than 1 VCPU" [High,Triaged] https://launchpad.net/bugs/22844213:42
uvirtbot`New bug: #239068 in tftp-hpa (main) "tftpd-hpa is not working on Edubuntu 8.04 upgraded system." [Low,Incomplete] https://launchpad.net/bugs/23906813:42
uvirtbot`New bug: #399993 in tftp-hpa (main) "package tftpd-hpa 0.48-2.3ubuntu1 failed to install/upgrade: subprocess post-installation script returned error exit status 71" [Low,Invalid] https://launchpad.net/bugs/39999313:42
uvirtbot`New bug: #415410 in squid-langpack (main) "MIR for squid-langpack" [Low,Incomplete] https://launchpad.net/bugs/41541013:42
uvirtbot`New bug: #487098 in quota (main) "package quota (not installed) failed to install/upgrade: subprocess post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/48709813:46
uvirtbot`New bug: #345712 in samba4 (universe) "package samba4-common 4.0.0~alpha4~20080727-1ubuntu1 failed to install/upgrade: subproces post-installation script gaf een foutwaarde 2 terug" [Undecided,Incomplete] https://launchpad.net/bugs/34571213:47
Italian_Plumberis there a contest for oldest machine running hardy?  I have mine on a Pentium III 450... I'm sure I'm not the oldest.14:02
incorrecti know someone running a PII14:05
incorrectwith 256mb14:05
Italian_Plumbersounds fun14:06
incorrecti would imagine we could find someone out there running a k614:06
Italian_Plumberthats an old AMD processor, right?14:06
Italian_Plumberequivalent to Intel....14:06
incorrecti think i might have a K6-233mhz14:07
incorrectmaybe i could find my P16614:07
incorrectmm 16mb14:07
incorrectthat was an awesome machine14:07
Italian_Plumberwould it run on a 486 or 386?14:07
incorrectsuck it and see14:07
incorrectdepends if it is compiled for 686 or 38614:09
incorrecti would imagine its 686 minimum these days14:09
Italian_Plumber686is equivalent to PII?14:12
_rubenthere's still a 386 kernel avail .. wouldnt surprise if me if that'd get dropped sometime14:20
sorenstgraber: Heheh.... That thing I though was preventing LXC to work from libvirt.. That was in Jaunty. I'm getting old.14:21
sorenstgraber: The only reason it doesn't work in Karmic is because of Apparmor.14:21
sorenstgraber: If you switch libvirtd to complain mode, it works just fine.14:22
jdstrandstgraber: you can also adjust the profile. See bug #480478 for details14:31
uvirtbot`Launchpad bug 480478 in libvirt "libvirt's apparmor profile doesn't allow execution of /usr/lib/libvirt/libvirt_lxc" [Medium,Triaged] https://launchpad.net/bugs/48047814:31
sorenjdstrand: I'm not entirely convinced that's sufficient.14:31
sorenjdstrand: I will know in a minute. You're supposed to be on holiday, by the way :)14:32
sorenjdstrand: Ok, so if I add that to the profile, what do I need to to do reload it?14:32
jdstrandsoren: apparmor_parser -r -W -T /etc/apparmor.d/usr.sbin.libvirtd14:33
jdstrandsoren: that will make it work with apparmor. as to how well lxc works with libvirt atm, I can't say-- I've heard 0.7.0 doesn't work too well14:34
sorenjdstrand: Obviously14:34
sorenWell, it seems to work for me.14:34
sorenI wasn't entirely sure about some of the interactions there, but it seems to actually do what I want it to.14:34
* jdstrand has no idea14:34
sorenjdstrand: Do you see any reason not to SRU this into Karmic?14:35
sorenIt seems like very low hanging fruit.14:35
jdstrandsoren: I plan to  SRU it and another bug. but the SRU will use a different rule to enable it14:36
sorenjdstrand: Can I see it?14:36
jdstrandsoren: bug #48456214:37
uvirtbot`Launchpad bug 484562 in libvirt "apparmor prevents libvirt-vnc certificate from being read" [Undecided,New] https://launchpad.net/bugs/48456214:37
jdstrandsoren: I think for bug #480478 I would actually use:14:38
uvirtbot`Launchpad bug 480478 in libvirt "libvirt's apparmor profile doesn't allow execution of /usr/lib/libvirt/libvirt_lxc" [Medium,Triaged] https://launchpad.net/bugs/48047814:38
jdstrand/usr/lib/libvirt/* PUx,14:38
sorenjdstrand: Sorry, not the other bug, but the different rule.14:38
sorenWhat's P for?14:38
jdstrandsoren: the P says to transition to another profile14:38
jdstrandsoren: the U says to go unconfined if the profile doesn't exist14:38
jdstrandsoren: I would do this because in 0.7.2 virt-aa-helper is moving to /usr/lilb/libvirt14:39
sorenI'm not sure I understand that. I mean.. This is being defined /in a profile/. How can the profile not exist?14:39
jdstrandand therefore it would be more consistent and slightly easier on upgrades for people who modify the profile14:39
=== johe_ is now known as johe
jdstrandsoren: the rule is a globbing rule14:40
jdstrandsoren: there are several helpers in /usr/lib/libvirt14:40
jdstrandsoren: in the future, one will have a profile, and the other two won't14:40
jdstrandsoren: we can either be very specific and list the helpers individually, or stick with the globbing rule and use PUx14:41
jdstrandI like the globbing rule so that it will work if libvirt adds more helpers14:41
sorenRight, ok.14:42
jdstrandsoren: actually, if you plan to be doing the SRU, perhaps use 'PUxr', I see 'r' is in the existing profile14:42
jdstrandsoren: but I plan to do the SRU next week14:43
sorenjdstrand: I'm in no hurry :)14:43
sorenOk, so the P transitions to another profile. Which other profile? How is that defined?14:44
sorenOh, I see it at the bottom.14:44
sorenLet me just take that for a quick spin.14:45
jdstrandsoren: unless you name the profile explicitly using '->' in the rule, it will transition to a profile for the binary it matches14:45
jdstrandsoren: in this case, it will go unconfined for anything in /usr/lib/libvirt, cause there are no profiles defined for binaries in that dir14:46
jdstrandsoren: in 0.7.2, we will have /usr/lib/libvirt-virt-aa-helper14:46
sorenOh, so the P is a no-op in this case?14:46
jdstrandsoren: yes. just there for consistency with the upgrade to 0.7.2 (for reducing the diff if people modified the profile on their own)14:47
uvirtbot`New bug: #485361 in samba (main) "CIFS mounted drives do not allow write access to program other than nautilus, gedit or the command line" [Low,Incomplete] https://launchpad.net/bugs/48536114:52
stgraberjdstrand: I'm pretty sure I'm the one who opened that bug ;)14:54
jdstrandstgraber: oh, heh, so you are :)14:54
jdstrandsomeone else hit it last week too, so I was thinking he reported it :)14:55
* jdstrand wanders off14:56
incorrecthow irritating sara.nl aren't giving the source to their dellomsa package14:59
stgrabersoren: started to play with lxc ?15:05
sorenstgraber: Yeah, just for giggles so far :)15:19
uvirtbot`New bug: #486178 in ntp (main) "package ntp (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 127" [Low,Incomplete] https://launchpad.net/bugs/48617815:32
majukWOO HOO! Samba PDC makes me wanna UUUUHNNNN15:49
=== erichammond1 is now known as erichammond
uvirtbot`New bug: #454302 in munin (universe) "Missing dependency - apache_process plugin" [Wishlist,Triaged] https://launchpad.net/bugs/45430216:13
=== mrchrisadams_ is now known as mrchrisadams
kshahjeeeeez.. I'm really struggling here16:40
kshahI've been trying to setup postfix to use /home/%u/Maildir to store mail16:40
kshahand I've told dovecot to do the same16:40
kshahnow i see mail still coming in and using mbox16:40
kshahexcept instead of /var/mail/user it's /home/user/mbox16:41
kshahthere is some key config setting i'm clearly missing16:41
essialHey guys, I have a mail server set up, and I can email anyone, BUT emails hosted at secureserver.net reject (as in, they can't recieve them). I am not on a blacklist, and reverse DNS APPEARS to be correct16:43
essialI even opted out of that in-by-default blacklist16:43
essial (host mailstore1.secureserver.net[] refused to talk to me: 554-p3pismtp01-003.prod.phx3.secureserver.net 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation.16:44
essialhost is metro1ems.com and every website that tests domains says it's clean and good16:44
ScottKessial: Reputation services are all propietary and everyone uses a different one, so you've have to ask the people that run the server that's rejecting you,16:45
kshahsolved... mailbox_command... as my sys admin told me to do *sigh* listening16:45
essialok so basically I have to call godaddy then, right?16:46
ScottKGood luck.16:47
essialYeah I had to do this once before16:49
essialI really dislike godaddy16:49
majuk1and1 ftw?16:49
essialI was thinking that maybe my reverse dns was not correct or something but I guess not16:50
billybigriggeranyone here know a good vps host? preferably in canada?16:51
kshahjust use slicehost like everyone else ;)16:53
uvirtbot`New bug: #288052 in dhcp3 (main) "/etc/resolv.conf inserts commas between Search Domains" [Medium,Confirmed] https://launchpad.net/bugs/28805216:56
kshahthat bot is making me wonder if their is a zero day policy for ubuntu17:22
ivokshi all17:33
zulhey ivoks17:56
zulnijaba: done17:56
ivokshey guys17:56
nijabazul: that was QUICK :)17:56
nijabazul: thanks a lot17:56
zulnijaba: well i just got it17:56
nijabazul: I know, I just wrote the request !17:57
nijabaivoks: hello Ante.  had a good trip back?  got your luggage too?17:57
ivoksyes, got my luggage, but i'm very tired17:58
ivoksi've spent 20 hours on planes and airports17:58
ivokstomorrow i'm back in packaging business :)17:58
nijabaivoks: I bet you are more in the ubpacking business at the moment ;)17:59
ivoksusually, i just leave my bags packaged and don't touch them for couple of days :D17:59
=== dendro-afk is now known as dendrobates
=== mrchrisadams_ is now known as mrchrisadams
=== luis__lopez is now known as luis_lopez
nijabaDaviey: heya.  Safe trip back home?18:16
=== mrchrisadams_ is now known as mrchrisadams
=== mrchrisadams_ is now known as mrchrisadams
incentifitUsing ubuntu 9.10, I've set /var/www permissions to 0775 and group to root:publisher.  My user incentifit is a member of incentifit:publisher.  That user still cannot create new files and folders in /var/www.  What have I over looked?  (I've got notes from previous setup of 9.04 that work on 9.04 using same setup so I suspect something new or a bug)19:12
ivoksincentifit: ls -dl /var/www19:20
incentifitivoks: I'm confused now.  I skimmed the -dl flags in man...  I sudo mkdir /var/www/hello then ran ls -dl /var/www and it returns nothing.  I plain ls shows the new folder.19:23
bogeyd6that is impossible19:24
ivoksls -dl shows only the folder you are asking it19:24
ivoksso ls -dl /var/www will not return /var/www/hello19:24
ivoksjust /var/www19:24
incentifitls /var/www shows the new hello19:24
ivoksthat's right19:24
orudie_can i run xen on ubuntu server? if yes, what is the process of installing xen ?19:25
ivoksso, what's confusing?19:25
ivoksorudie_: xen?19:25
ivoksorudie_: return to 21. century :)19:25
incentifitI guess I expected the same... I need to reread ls -dl in the man.  So, what is it that you wanted me to return, which leads to an answer to my first question?19:25
ivoksincentifit: -d doesn't do recursive19:26
incentifitI don't see how ls -dl /var/www resolves the apparent permission issue19:26
ivoksi do, that's why i asked19:26
orudie_ivoks, what are you suggesting ?19:26
ivoksyou claim that /var/www has some permissions19:26
ivoksi'd like to check them19:26
=== nxvl_ is now known as nxvl
ivoksso, please, paste the output of 'ls -dl /var/www'19:27
incentifitivoks: sorry, just sec...19:28
ivoksor don't19:29
incentifitdrwxrwsr -x 3 root publisher 4096 2009-11-23 12:55 /var/www19:29
incentifitpatience! :P  couldn't copy and paste19:29
ivoksso, group publisher should be able to write there19:29
ivoksyou do know you have setgid on that dir?19:29
ivoksand your user is member or publisher group?19:30
imladHello, what would I need to install on a client machine already running Karmic to run the 9.10 Server?19:31
ivokstouch /var/www/testing_123 doesn't work?19:31
ivoksorudie_: kvm19:31
incentifitno, permission denied19:31
incentifitconfirmed cat /etc/groups shows my user in that group19:32
ivoksdid you log out and log in after adding that user into group?19:32
incentifityes,rebooted to19:32
bogeyd6imlad depends, what services are you wanting to offer?19:33
imladbogeydo, I want to look at UEC on the same machine I am running my client on.19:34
incentifitI've a very detailed setup of steps I created when building such a machine on 9.04.  I built many using those steps.  So, something is different about 9.10.  I suspect stronger protection, just dunno.19:34
ivoksthis are basic permissions19:34
ivoksls -dl /tmp/TEST/19:34
ivoksdrwxrwsr-x 2 root ivoks 4096 2009-11-23 20:33 /tmp/TEST/19:34
ivokstouch /tmp/TEST/test19:34
incentifitchmod -R 0777 /var/www allows incentifit user to rw of course...19:35
incentifitchmod -R 0775 /var/www and incentifit can no longer create files or directories19:35
bogeyd6imlad i dont know much about the cloud, but here is something, http://www.ubuntu.com/cloud/private19:35
incentifitcat /etc/groups shows user in group19:35
imladthanks, bogeydo.19:36
ivoksincentifit: hm, it works here19:36
incentifitand of course ls -l shows the user and group19:36
ivoksjust to be sure:19:37
ivoksadduser incentifit publisher19:37
kshahI'm using postfix, and I have .forward file that I want to trigger a script, but I want to mail itself as well19:37
kshahI can't seem to do this.. i"ve been trying for far far far too long19:37
incentifitThe user 'incentifit' is already a member of 'publisher'19:38
kshahmy .forward file looks like: | "echo 'awesome' >> /home/stream/foo.txt"19:38
lamontkshah: \user, "|script"19:38
ivoksincentifit: ok, chmod 777 /var/www19:38
kshahlamont: is 'user' a variable there?19:38
ivoksincentifit: then as user, touch /var/www/testing_12319:38
ivoksincentifit: ls -dl /var/www/testing_12319:39
lamontkshah: yeah19:39
lamontthe \ says "don't do forward file processing here, just use the user, dammit"19:39
ubottuAn explanation of what file permissions are and how they can be manipulated can be found at https://help.ubuntu.com/community/FilePermissions19:39
kshahlamont: and thank you, #postfix.. was having too much trying holding their knowledge above my head19:39
kshahfriendlier crowd here19:39
bogeyd6!help @ kshah19:40
ubottuSorry, I don't know anything about help @ kshah19:40
bogeyd6!help | kshah19:40
ubottukshah: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)19:40
bogeyd6kshah i meant !ohmy not help19:41
kshahdid i just get !help'ed after complimenting the channel :) ?19:41
kshahheh all good19:41
lamontkshah: actually, could you file a bug against postfix that the "manpage for aliases(5) does not document leading backslash"19:41
lamontand I'll forward that upstream19:41
bogeyd6!ohmy | kshah19:41
ubottukshah: Please remember that all Ubuntu IRC channels share the same attitude of providing friendly and polite interaction with all users of all ages and cultures. Basically, this means no foul language and no abuse towards others.19:41
lamontkshah: (postfix is my package in debian, you see...)19:42
lamontkshah: and I'd rather be forwarding a user's original report than one of my own crafting19:42
kshahlamont: and I thank you for it, I'll file that request. My only gripe was that the channel was less than kind to me19:43
kshah(theirs not this one)19:43
lamontfwiw, the procmail manpages document it, as does the sendmail aliases(5) manpage, as does......19:44
lamont(I believe - haven't actually bothered to go verify any of that pile of festering assertion)19:44
kshahi typically need to see examples / usage to be able to learn anything19:44
kshahwhich I also fully recognize is unreasonable to expect all the time19:45
incentifitivoks: -rw-r--r-- 1 incentifit publisher 0 ............. /var/www/testing_12319:45
lamontkshah: OTOH, the postfix aliases(5) manpage documents everything else about forward files --> iz bug19:45
lamontkshah: if it's any help, I got told to go to #ubuntu last night.  meh.19:46
kshahirc *sigh*19:46
lamontmind you, I probably should have been there, I suppose.19:46
ivoksincentifit: same thing doesn't work if /var/www is 0775?19:47
kshahI got told to use procmail which and got into an argument since I said I knew it could be done without.. and then the merits of add a component or not, etc, etc >> /dev/null19:47
ivoksincentifit: just change permissions and try touch again19:47
incentifitivoks:  look at the permissions when doing 0777 see how publisher doesn't have write, is that right?19:48
ivoksincentifit: /var/www isn't mounted share or something?19:48
incentifitivoks: no19:48
ivoksincentifit: that's ok, umask controls that19:48
incentifitivoks: thanks for your help... I just got called into a meeting, be back later, thanks again19:49
billybigriggerjmarsden, ping20:16
bogeyd6lamont this is server support channel and desktop support is frowned upon but not unheard of20:17
lamontbogeyd6: and?20:18
lamontthe postfix question was definitely in-scope for this channel.  my grumpiness last night was actually in the devel channel, not here.20:19
billybigriggerwhere can i find what the default MTU is set at for a 9.04 server install20:21
ivoksifconfig would give you that20:22
billybigriggerwell i just purchased a VPS host...20:22
billybigriggerbut it's not set in interfaces, just wondering where it gets the default value20:22
billybigriggernewark1.linode.com i get 100%[==============================================================================>] 95,545,644  3.04M/s   in 47s20:23
ivoks1500 is default value20:23
ivoksthat's the one you should use for ethernet20:23
ivokspppoe should be smaller 149220:23
billybigriggerwhile newark129.linode.com (my node) i only get anywhere from 400K/s to 800K/s20:24
billybigriggerfrom the same server to my home connection20:24
ivoksso, you know it's a mtu problem or you are guessing?20:24
bogeyd6sounds like a guess20:24
bogeyd6more likely oversold hosting20:24
billybigriggerjust wondering where i can start tweaking, if needed20:24
billybigriggeryeah they claim 50Mbps PER NODE20:25
billybigriggermy ass20:25
ivoksit's vps20:25
billybigrigger<mwalling> poor tuning?20:25
billybigrigger<SelfishMan> could be many reasons20:25
billybigrigger<mwalling> too many variables20:25
billybigrigger<SelfishMan> MTU, window scaling, server load, node load, standard TCP sawtooth behavior, etc20:25
billybigrigger<SelfishMan> also, urmom might be sitting on the tube limiting your bandwidth20:25
bogeyd6!pastebin | billybigrigger20:25
ubottubillybigrigger: pastebin is a service to post multiple-lined texts so you don't flood the channel. Ubuntu pastebin is at  http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from  command line | Make sure you give us the URL for your paste - see also the channel topic20:25
bogeyd6billybigrigger were you upping or downloading20:25
bogeyd6Cuz on a single 1gbs connect with two raid 5 scsi servers, can only get like 34.* mbs transfer20:26
billybigriggerdownloading from their servers to my house20:26
bogeyd6for instance i just transfered a virtual machine -_-_-_-> 3,794,279,374 59.7M/s   in 97s20:27
ivoksbillybigrigger: problems with mtu would be 'i can see this site, but i can't see that site'20:27
ivoksfor example, you'd be able to see all web sites from your ISP, but not any other20:27
billybigriggerwell im not asking for the 50M/s they claim (6.25M/s) as my home connection maxes at 3M/s20:28
billybigriggerbut 400k-800K/s? come on20:28
bogeyd6my guess is most likely is oversold VPS20:28
ivoksmtu should be 1500 on ethernet20:28
bogeyd6linode is famous for that20:28
billybigriggerso apparently they blame the config on my node, ie fresh as can be 9.04 install20:30
ivoksthey have no clue20:31
billybigrigger<SelfishMan> billybigrigger: Short answer is that your node probably isn't tweaked the way your home connection wants20:32
ivoksi'm getting 5MB/s peek and 3,78MB/s average20:32
bogeyd6billybigrigger im checking that download speed right now20:32
bogeyd6base ubuntu install20:32
bogeyd6wget ftw20:32
billybigriggerinstalled nano and wget20:33
bogeyd615:32:57 (2.38 MB/s) - `Tailing-Aaron.mov.1' saved [95545644/95545644]20:33
billybigriggeroh apache, and created my user20:33
billybigriggerso why the hell do i get 400k from it?20:33
bogeyd6cable modem?20:33
ivoksmaybe your MTU at home isn't right :)20:33
billybigriggerbut from the same server, i can max out my connection20:33
billybigrigger100%[==============================================================================>] 95,545,644  3.04M/s   in 47s20:33
ivoks21:33:51 (3.77 MB/s) - `Tailing-Aaron.mov' saved [95545644/95545644]20:33
billybigrigger^^ newark1.linode.com20:33
uvirtbot`billybigrigger: Error: "^" is not a valid command.20:33
billybigrigger100%[==============================================================================>] 95,545,644   478K/s   in 2m 58s20:34
billybigrigger^^ same file, same wget command from my linode newark129.linode.com20:34
uvirtbot`billybigrigger: Error: "^" is not a valid command.20:34
billybigriggerboth have same hops and same ping20:34
billybigriggerit's not my home connection20:34
ivokstry from another location20:34
ivokstry from that second server20:34
billybigriggerwhat second server?20:35
ivoksnewark129.linode.com or whatever the name is20:35
billybigrigger thats my linode20:35
billybigriggerthe one your all downloading from20:35
ivoksso, on newark1.linode.com wget from newark129.linode.com20:35
billybigriggeri can't wget on newark120:36
ivoksthen wget somewhere else20:36
ivoksas you've seen20:36
ivoksboth bogeyd6 and i have normal speeds20:36
ivoksand others on IRC had normal speeds20:36
billybigriggerok, but what i don't understand...20:37
billybigriggeris that from the same datacenter....newark1 and newark129 are on the same connection20:37
billybigriggereveryone else can get normal speeds, but from my node i can only get 400-800k20:37
ivoksand only you20:37
ivoksat home20:37
ivokseverybody else gets a lot more20:38
ivoksfrom that same server20:38
ivoksyet, you still think it's a server issue20:38
billybigriggerfrom linode1 i can max out my connection at 3.0M/s20:38
ivoksbut if everybody else gets normal speed from newark12920:38
billybigriggeri know it's not me20:38
ivoksthen problem isn't in that server20:39
billybigriggernode configuration?20:39
ivoksi give up20:39
uvirtbot`New bug: #487280 in eucalyptus "move the database away from hsql" [Wishlist,Confirmed] https://launchpad.net/bugs/48728020:41
linuxamoebahello. i am trying to make a largish (11TB) ext4 partition with mkfs, and it keeps showing up in df as 2 tb. any ideas?20:52
embrikwhen I sshfs to my server I get write-protected on every document I open on the client. Is there an option to the sshfs command to give my self direct write permissions?20:52
embrikanybody knows about sshfs?20:55
linuxamoebaembrik, when i've used sshfs as user x, i've always gotten user x's permissions20:59
linuxamoebai thought that was a major advantage21:00
linuxamoebayou know anything about large ext4 partitions?21:08
kane_embrik: sshfs takes uid & guid options, which are meant to solve the permission problems21:09
kane_this is what i use in my scripts: sshfs TARGET MOUNTPIONT  -o uid=`id -u` -o gid=`id -g`21:10
=== orudie_ is now known as oru_work
SyLlinuxamoeba: You have an 11TB drive?21:16
linuxamoebaSyL, hardware raid521:18
SyLlinuxamoeba: have you checked how big the partitions are?21:19
majukHey guys, I had to change the IP address of my PDC, now Samba is complaining that my domain already has a PDC at the old address. Restarted the server entirely, no change. Any ideas?21:19
linuxamoebasyl, can i do that with something other than fdisk?21:20
majukGot it, wins.dat ftl21:23
linuxamoebasyl, on closer inspection, fdisk won't let me create a partition bigger than 2tb21:24
majuklinuxamoeba! This isn't a great solution, but you could bust it up into smaller chunks with LVM21:26
majukI dunno, nevermind, my idea sucks, gg thinking things through21:27
linuxamoebaaccording to some internets (sic), i need GPT support in the kernel, which is probably not on by default21:28
pmatulislinuxamoeba: what do you intend to do with this 11TB?21:35
linuxamoebaback up another one:)21:37
crohakonlinuxamoeba, what on earth are you storing that is taking up 11TB? hehe21:38
linuxamoebalots of physics data21:39
majukcrohakon! He's making a copy of the MIT cat brain.21:39
linuxamoebai have a sunfire x4500 (20tb) that hosts data + my users homes21:39
linuxamoebawhich makes backing things up sort of a pain!21:39
linuxamoebai tried again in parted rather than fdisk21:42
pmatulislinuxamoeba: have you considered xfs?21:43
ahei just setup my first UEC but when i try to start a instance with euca-run-instances as described in the documentation i get this error message:21:44
ahe   FinishedVerify: Not enough resources: vm instances.21:45
crohakonmajuk, I want a copy of the MIT cat brain. I bet it does not bite and claw me like my real cat does....21:45
linuxamoebai hadn't though of xfs21:45
linuxamoebai'll check it out21:45
ahemy nc has vt extensions since i get matches for svm in /proc/cpuinfo21:45
linuxamoeba(considered opensolaris + zfs!)21:45
pmatulislinuxamoeba: it's made for large filesystems and/or large files21:46
bogeyd6xfs makes data recovery nearly impossible, but in a properly admin'ed system you have backups21:47
bogeyd6i use XFS, but all my servers include a /boot in ext321:47
bogeyd6!xfs | linuxamoeba21:48
ubottulinuxamoeba: xfs is a high-performance journaling filesystem originally developped by Silicon Graphics for their IRIX OS. It is now fully supported by Linux so you can install Ubuntu on it if you wish. More info at http://en.wikipedia.org/wiki/XFS21:48
SyLlinuxamoeba: what OS is your 20TB running?21:48
linuxamoebasolaris 1021:48
linuxamoebaw/ zfs21:49
SyLahe: when you do a "euca-describe-availibility verbose" do you get anything?21:49
linuxamoebazfs+nfs serving to linux == hella slow!21:49
aheSyL: is this command in euca2ools?21:50
ahei get "command not found"21:50
ahedid you mean "euca-describe-availibility-zones" ?21:51
ahewith that i get the same list of preconfigured VM sizes that i can also see in the web interface21:52
pmatulislinuxamoeba: are you running a 32-bit system?21:54
linuxamoebapmatulis, 6421:54
SyLlinuxamoeba: http://spiralbound.net/2008/01/11/how-to-make-gnarly-big-linux-filesystems21:55
SyLahe: yes, it's a euca-tools command. I might not be spelling it correctly.21:56
SyLlinuxamoeba: I love me some ZFS21:56
linuxamoebasyl, thanks -- i found parted and gave it a try, it mkfs *seems* to be making a big one21:56
linuxamoeba(fingers crossed)21:57
linuxamoebai love my zfs but don't love administratifying solaris21:57
aheSyL: euca-describe-availability-zones verbose returns the same list as shown on https://help.ubuntu.com/community/UEC/CDInstall21:58
SyLahe: right, but do you see anything under "free" ?21:59
aheSyL: got me22:00
aheeverything 000022:00
ahei installed both machines from a ISO/usb key22:01
aheand selected UEC in the installation menu22:01
linuxamoebaallllmooosssttt theeeeereee...22:02
ahehow can i find out which nodes are actually registered?22:04
SyLahe: if you hit tab a few times when you type "euca" it should show you all the euca-tools commands.22:05
SyLI think euca-describe-regions is the command you are looking for22:05
aheSyL: i get something back that looks like an json error message coming from a webservice: http://pastebin.com/m70a13b0c22:09
SyLahe: that is a new error to me. have you looked on the server side logs to see if there is anything more useful?22:10
ahenot yet but i'm about to do that22:10
SyLyeah, check that next22:12
oneseventeenis there a reason not to use the LAMP server collection of software?22:13
oneseventeen(I normally shy away from automagic stuff, hence the Ubuntu Server install.)22:13
linuxamoebalamp == <322:15
linuxamoebadev/sdb1             9.4T  167M  9.0T   1% /mnt/tank122:19
linuxamoebaclose enough!22:19
kane_linuxamoeba: there's usually a space reserved for root; you might want to shrink that a bit on 11TB22:20
linuxamoebais there a way to check how much is reserved?22:21
aheSyL: thanks for the help so far there is nothing interesting on the nc but on the cc there are some java exceptions but i will check that tomorrow22:22
kane_linuxamoeba: hdparm should be able to tell you22:23
linuxamoebahdparm doesn't tell me anything, probs due to raid controller in between :(22:24
SyLlinuxamoeba: you can remove the reserved with tunefs22:24
SyLlinuxamoeba: I think the standard is 10% of the total drive is saved for root22:27
linuxamoebathat makes sense22:27
linuxamoebaparted shows 10.5TB and i get 9.422:27
linuxamoebai think 1% will do22:28
linuxamoebaif that22:28
linuxamoebai did tune2fs -m 0.5 /dev/sdb1 and it claimed to work, but df still shows 9.4 TB.. do i have to do other things?22:31
SyLlinuxamoeba: are you doing df -h or just df?22:35
ScottKMake sure you are comparing the same kind of TB.  Some are made of 1,000 Byte KB and some of 1,024 KB.22:36
linuxamoebathat was df -h, good point22:36
linuxamoebabut still, i wouldn't expect the difference to be a whole TB22:36
linuxamoebaalso it didn't change when i changed to reserved %22:36
SyLyou might need to remount it?22:36
linuxamoebai did, will again22:37
SyLhrm... interesting.22:38
SyLmaybe some of it for journaling? =)22:38
SyLahe: you should do "tail -f /var/log/eucalyptus/cc.log|grep cores" and you should see something like this22:39
SyL[Mon Nov 23 16:37:44 2009][020340][EUCAINFO  ]  node= mem=3804/1756 disk=247525/246461 cores=2/022:39
linuxamoebathat would be pretty sad for ext4 haha22:42
linuxamoebai could start over and tell it not to reserve so much in the first place22:45
aheSyL: oh thanks i'll try that22:45
linuxamoebasigh... any other thoughts before i re-reformat 10.5tb?22:46
SchmidtIf I want to host multiple mail domains on one server (with separate IP for every domain) should I select the Smarthost option when I do dpkg-reconfigure postfix or just Internet Site and enter all the domains I want ?22:51
SyLlinuxamoeba: which File system is it?22:51
SyLlinuxamoeba: not off the top of my head. I would run fsck on it first though22:53
SyLand check e2fsprogs helps any22:54
SyLlinuxamoeba: and also check esize2fs22:56
SyLerr... resize2fs22:56
linuxamoebaresize2fs 1.41.9 (22-Aug-2009)The filesystem is already 2563476558 blocks long.  Nothing to do!22:59
linuxamoebafsck = happy23:00
SyLhrm... intersting23:02
SyLok, my brain just turned off...23:03
SyLlinuxamoeba: I would see how much the filesystem takes for journaling. I can't think anymore today.23:03
linuxamoebais there a non-hdparm way to do that?23:04
SyLI don't think so... I would look up some documents on ext4 by searching on google23:04
linuxamoebawill do23:05
linuxamoebathanks for all the help23:05
=== WALoeIII_ is now known as WALoeIII
=== robbiew is now known as robbiew_

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!