[01:12] <jbernard> does anyone know what "owner" the cerficate for the dovecot-postfix package is generated with?
[01:14] <jbernard> ahh, $HOSTNAME
[01:25] <jbernard> does anyone know how to get dovecot-postfix to generate a certification with the FQDN and not just the host part?
[01:26] <jbernard> s/certification/certificate
[01:41] <moldy> jbernard: i suggest you generate your certs yourself :)
[02:36] <trimeta> Quick problem: sshfs is giving me an error reading "option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conf", even after I modified the specified file as requested and then logged out and logged back in.
[02:36] <trimeta> Is there something else I need to start, some module I need to remove and readd to the kernel?
[02:43] <trimeta> gpasswd -a <user> fuse was my problem.
[03:01] <maxagaz> is there a good alternative to bacula for server backups ?
[03:06] <twb> I use VCSs and rsnapshot.
[03:07] <twb> Amanda is mentioned a lot, usually in the context of "how the hell do I make amanda work?"
[03:31] <kpettit> Is there any virtualbox guest startup scripts?
[03:32] <twb> Try virt-manager
[03:32] <kpettit> I want a virtualbox vm to start like a init.d service but it doesn't seem virtualbox comes with any
[03:32] <twb> Maybe it has virtualbox support by now
[03:32] <kpettit> ok I'll take a look thanks
[03:34] <kpettit> nope, doesn't look like it
[03:39] <jumbers> I can't remember who it was that I was talking to earlier about my random server halts, but if anybody was curious, it turned out that one of the RAM sticks was faulty
[03:46] <twb> jumbers: were you the guy with the possibly dodgy switch?
[03:47] <jumbers> twb: Nah, just a faulty RAM stick that was causing halts after reboots
[03:48] <twb> Probably wasn't me, then
[04:15] <castis> question: trying to compile an old version of php5-ffmpeg. ./configure tells me use --enable-shared. where would i put that?
[04:22] <RoAkSoAx> castis,  './configure --enable-shared'
[04:35] <twb> castis: is there a good reason you're not using the standard packages?
[04:38] <Sam-I-Am> jumbers: nice.
[04:38] <jumbers> Sam-I-Am: Aha, thanks for the halps
[04:38] <Sam-I-Am> sure
[04:38] <castis> i looked around a whole lot. in trying to compile php5-ffmpeg v0.5.1 i get " ffmpeg headers not found. Make sure ffmpeg is compiled as shared libraries using the --enable-shared option" so my original question was a bit misleading.
[04:38] <Sam-I-Am> castis: so the way that works is you get to compile all the dependencies first
[04:38] <castis> and to answer your question. php5-ffmpeg 0.6 removed the resize() function.
[04:39] <Sam-I-Am> THEN you can build php-ffmpeg
[04:39] <Sam-I-Am> or you can install the development libs from packages if they're the versions you need
[04:39] <Sam-I-Am> castis: is there another way around it?  like... changing your code.
[04:39] <Sam-I-Am> you could also try installing an older version... sometimes works.
[04:40] <castis> tried apt-getting it, no previous versions exist. if i cant get it working by tonight ill just change the other code around. figured it would be fun to dive in and try this though.
[04:40] <Sam-I-Am> theres probably a reason resize went away
[04:41] <Sam-I-Am> maybe theres a mailing list for it you can ask
[04:48] <castis> hmm, i appreciate your help but i do believe im just going to rewrite the php to work around what the extension author is doing..
[05:41] <jmarsden> kpettit: http://libvirt.org/drvvbox.html   # Sure looks like libvirt has virtualbox support to me :)
[05:42] <twb> jmarsden: nice
[05:42] <jmarsden> kpettit: Also, have you looked at the vboxmanage command for writing scripts that stop and start virtualbox VMs ?
[05:42] <twb> Will LXC be a well-supported virtualization method in 10.04?
[05:42] <jmarsden> I
[05:43] <twb> Specifically, will it be better supported than bloody OpenVZ, which I am sick of?
[05:43] <jmarsden> I'm not sure, I keep hearing more and more about it, but I'm not sure who supports lxc yet.
[05:43] <twb> Well, there's at least http://libvirt.org/drvlxc.html :-)
[05:43] <twb> One cool thing about LXC is you can pick which resources to virtualize.
[05:44] <twb> e.g. in a one-liner I ran a dhclient3 process with a virtual networking stack, but the rest not virtualized, and I successfully got a DHCPACK from the server.
[05:44] <twb> That was really cool (if useless)
[05:45] <jmarsden> Hmmm, I see what you mean :)
[05:46] <twb> I'd have played further but I only have a 512MB device runnign >=2.6.30
[05:46] <twb> 512MB disk, I mean
[05:49] <billybigrigger> any security gurus around?
[05:49] <jmarsden> !ask
[05:49] <jmarsden>  :)
[05:50] <twb> jmarsden: !anyone would be more pertinent
[05:50] <jmarsden> Yes, I think that's what I intended :)
[05:52] <billybigrigger> http://pastebin.ca/1709276
[05:52] <twb> I'd be more inclined to deploy a normal OpenBSD, Debian or OpenWRT box as the bastion
[05:54] <billybigrigger> ok well i was wondering through awstats output on my server, and found a wierd connection from ::1 which i found out later was one of apache's internal connections, which led me to discover the output of that pastebin, definitely a bunch of attempts to slip into my system, anyway to block these attempts, besides stopping apache and port 80 since they're all https requests...
[05:54] <billybigrigger> iptables could block the ips, but i wouldn't know an ip address until after the attack...
[05:55] <jmarsden> billybigrigger: As long as you are not running any of the old buggy software those scans look pretty boring... you can look at things like mod_security if you want to harden Apache itself, not sure where getting that into Ubuntu got to, licencing woes I think...
[05:55] <billybigrigger> ok, so as far as you can tell they're harmless...
[05:55] <billybigrigger> fair enough
[05:56] <kringell> billybigrigger: with a bit of luck Morfeus is as loud once he attacks .-)
[05:57] <jmarsden> billybigrigger: Well, Morfeus is a bot-based scanner, constantly being updated, but I can see that those are looking for OLD exploits, such as the Roundcube one from about six months ago...
[05:57] <billybigrigger> it's an up to date jaunty server, with no self compiled packages, all security updates and services are installed from ubuntu repos
[05:57] <billybigrigger> i was going to say, maybe a script kiddie?
[05:58] <twb> ::1 is an IPv6 localhost address
[05:58] <jmarsden> billybigrigger: Any "web apps" or self made PHP scripts would be more of a worry to me than being scanned by a bot.  if you allow others to upload PHP stuff, then if they upload and run and older version of some app you can get caught out...
[05:59] <twb> Oops, that "bastion" comment was for #netfilter.
[05:59] <billybigrigger> only "web apps" i run are roundcube 0.31 and whatever is the latest phpmyadmin package
[06:00] <billybigrigger> any php scripts were made by me and highly doubt any security risks there :) pretty basic php stuff...still learning :P
[06:00] <twb> Heh.  "The only app I run is one that gives superuser privileges to the database to anyone who can brute-force a password."
[06:00] <billybigrigger> jmarsden, well thanks for the re-assurance
[06:00] <billybigrigger> :)
[06:00] <billybigrigger> my passwords are pretty secure
[06:00] <jmarsden> billybigrigger: well, Roundcube *used* to have holes, but seems to be Ok at the moment, so keep a watchful eye on that.  BTW if you want to check, use the web scanners from http://sectools.org/web-scanners.html against yourself and see if you find any issues :)
[06:00] <twb> billybigrigger: password-based authentication is INHERENTLY insecure.  Always.
[06:00] <billybigrigger> any db passwords are md5 generated and only written down on a peice of paper in front of me
[06:01] <billybigrigger> have fun brute forcing those
[06:01] <jmarsden> billybigrigger: And the pws are also in the config files of the apps that use them, so if those files become read accessible...
[06:01] <billybigrigger> :)
[06:02] <twb> My point is that if you use password-based auth, brute-force guessing WILL eventually work.
[06:02] <billybigrigger> just double checked, but only readable by root and www-data, just like i suspected :P
[06:02] <billybigrigger> twb, point taken
[06:02] <twb> Whereas assymetric authentication can't be brute-forced
[06:03] <billybigrigger> oooh...a new term :P
[06:03]  * billybigrigger googles assymetric authentication
[06:03] <twb> billybigrigger: http://en.wikipedia.org/wiki/Asymmetric_encryption
[06:04] <twb> billybigrigger: also http://en.wikipedia.org/wiki/Multifactor_authentication
[06:04]  * billybigrigger bookmarks
[06:05] <billybigrigger> too much reading for this guy tonight :P take it easy guys im going to bed thanks again for the useful information
[06:06] <twb> Which is why ssh -t mysql with key-based auth would be better than a phpmysqladmin protected by a mere password.
[07:03] <arooni-mobile> hi folks!  having trouble mounting /dev/md1 as my home partition.  md1 is a raid 1 device across two hard drives.  running karmic.  i changed nothing except for the locatoin of the PC (moved it without dropping it).  now when i try to mount /dev/md1 i see: "EXT3-fs: unable to read spuerblock; mount: wrong fs type, bad option, bad superblock on /dev/mda1" ....   what should i do now?
[07:18] <cell0> anyone know how to check which processes are using the most disk io in linux?
[07:41] <jmarsden> cell0: iotop
[07:47] <cell0> i've used "sar" to identify high %util on a given disk. How do i translate this into a offending process?
[07:48] <jmarsden> cell0: If you run iotop you don't see the processes near the top of the list being the one causing the high % util ???
[07:49] <cell0> the processes switch very rapidly, between postgres, apache and freeradius
[07:50] <cell0> it's very difficult to isolate the problem like this, is that another way? someone suggested iostat to me, but not sure how to use it
[07:52] <jmarsden> run iotop with a larger -d delay interval?
[07:54] <jmarsden> You have postgres, apache and freeradius all on the same disk?    You could also see if iotop -a mode will show you the real culprit.
[07:55] <jmarsden> Obviously one way is to stop each of the 3 services in turn and see when the io goes away... but that has consequences if this is a production server :)
[07:55] <cell0> yip, its a production server. iotop doesn't have -a option
[07:59] <jmarsden> does iotop -d 10 -o   work better for "by eye" analysis of who is causing all the i/o ?  BTW I need to go to bed... interesting problem, but I need to get some sleep :)
[08:00] <jumbers> My host apparently provides 2 IPs for my server. How would I take advantage of this second IP address?
[08:01] <jmarsden> jumbers: Use it for a second ssl web server, for example.  If both IPs are public, that is -- some places have an internal interface for doing backups, plus the external Internet-facing interface.
[08:02] <jumbers> Er, what I meant is how would I get the IP to resolve to the machine
[08:02] <jumbers> There's only 1 NIC on the box
[08:02] <jmarsden> Oh, one NIC can have many IPs assigned to it at once.  Virtual interfaces...
[08:03] <jumbers> I haven't had any experience with virtual interfaces :p
[08:04] <jmarsden> I forget the syntax that is currently used... used to be eth0:0 and eth0:1 and so forth, but I think that was years ago and there is now a "better" way... good it and man ifconfig and you should get somewhere... usually I'd help more but I was already /away'ed and abou to go to sleep when you asked your question...
[08:07] <jmarsden> jumbers: http://74.125.155.132/search?q=cache:UtPC36ohgBEJ:ubuntuforums.org/showthread.php%3Ft%3D555319+ubuntu+virtual+interface&cd=1&hl=en&ct=clnk&gl=us  has an old example you can probably use as a basis for what you want... and goodnight :)
[08:08] <jumbers> Night, thanks
[08:49] <alex88[sleep]> nick alex88
[08:59] <thenetduck> hey how do you install a font on a ubuntu server so my css can use it?
[09:01] <twb> thenetduck: copy it into ~/.fonts/
[09:01] <thenetduck> twb: that's it? it almost seems to easy
[09:01] <twb> That's on the client side
[09:01] <thenetduck> ok will do :)
[09:01] <thenetduck> oh
[09:01] <twb> AFAIK you can't install fonts on a web server and export them to end users
[09:01] <thenetduck> oooh... so I have to use an image I guess then
[09:02] <twb> Other than saying "you must install this font to view my page"
[09:02] <thenetduck> for my logo
[09:02] <twb> Logos shouldn't contain text
[09:02] <thenetduck> ya I wouldn't wanna do that ... ok that's good to know
[09:02] <twb> Becaus blind users can't see the logos, and thus can't see your text
[09:03] <twb> Unless you're going to write proper ALT tags, which would be great.
[09:03] <thenetduck> oh .. thats intersting I never hought of that
[09:03] <thenetduck> thought*
[09:04] <twb> tidy --accessibility-check 3 is your friend!
[09:21] <cell0> how do i find which files are read/written to the most on my system?
[10:26] <twb> cell0: why do you want to do that?
[10:40] <SockPants> hi all, i'm stuck trying to set up a git server
[10:41] <SockPants> i'm reading this:
[10:41] <SockPants> http://batterypowered.wordpress.com/2008/07/04/deploying-a-git-repository-server-in-ubuntu/
[10:41] <SockPants> at some point it says "Next copy your public key, i.e the rsa_id.pub file, to the server", and i have no idea what he's talking about.
[10:45] <Jeeves_> Have you even run ssh-keygen?
[10:45] <SockPants> actually, i just found that part, and no i hadn't
[10:45] <SockPants> but now i have, and the error i get on the next step isUsername contains not allowed characters: 'SockPants@mbp_wifi.local'
[10:46] <Jeeves_> I don't know about git, I only knew what he meant with 'public key'
[10:46] <SockPants> ok.
[10:47] <SockPants> i've got that now, it hink
[10:47] <SockPants> except i think it doesn't like the @
[11:57] <alvin> SockPants: I found http://blog.drewolson.org/2008/05/remote-git-repos-on-ubuntu-right-way.html to be an easier guide to installing git (more basic, without gitosis)
[12:03] <cell0> twb: trying to find the process which is doing the most disk io
[12:05] <twb> iotop
[12:05] <twb> But it'll either be your RDBMS or your kernel's software RAID5 handler, IME
[12:19] <jacko_bello> hi I'm using zeroshell distro with 2 pc's but when I reach to enter in configuration webpage by https://192.168.0.75 can't find this ip
[12:41] <cell0> twb: ideally i would like to know which file/s have been accessed the most within say the last hour
[13:04] <Aison> hello
[13:04] <Aison> is it possible that samba pdc LDAP is not dereferencing aliases?
[13:14] <ttx> jiboumans:  hmm, so the diskthing in the frankenbox doesn't get detected with the lucid amd64 kernel. Works with i386. So I cannot test UEC/amd64 for alpha1
[13:14]  * ttx looks for a relevant bug, but I think it might be frankenbox-specific
[13:14] <jiboumans> ttx: i thought the frankenbox was an intel one..
[13:15] <jiboumans> would we expect it to work with an amd64 kernel?
[13:15] <ttx> jiboumans: yes. The "amd64" is x86_64 and the frankenbox has some variation of a Core2Duo
[13:15] <ttx> worked in karmic
[13:16] <jiboumans> ttx: understood. all the more reason to get some different hardware in i suppose. what are we losing right now in terms of test coverage?
[13:17] <ttx> We are losing the 64-bit UEC image, the UEC/node and UEC/instace run tests
[13:18] <ttx> I'm reasonably confident that they should be alright though, which could be sufficient for alpha1
[13:19] <jiboumans> ttx: i assume switching with the dell box isn't possible?
[13:19] <ttx> no, frankenbox doesn't do VT :)
[13:19] <jiboumans> of course
[13:19] <jiboumans> ok, not much we can do on the really short term; let's get you some more decent hardware
[13:20] <jiboumans> mdz seems to be in favour of more laptops. if we can get the ethernet-over-usb confirmed working, i'm happy with that
[13:20] <ttx> ok.
[13:21] <alvin> Is setting 'ForwardX11 Yes' in ~/.ssh/config the same as 'ssh -X'? I'm getting the error: 'Bad yes/no argument'
[13:21] <ttx> smoser: could you set up a UEC/amd64 for tests ?
[13:21] <ttx> zul: could you run the EC2 image tests ?
[13:22] <jiboumans> alvin: your /etc/ssh/ssh_config should give youa  good overview of the syntax
[13:22] <jiboumans> alvin: could be a simple matter of case sensitivity
[13:24] <alvin> jiboumans: thx, it is indeed case sensitivity!
[13:26] <zul> ttx: sure besides amd64 is overrated ;)
[13:27] <lau> hi, how can I identify the Ethernet Controller brand and size and capacity (w/o lshw) ?
[13:27] <lau> I tried dmesg, lspci, /var/log/messages w/o any success
[13:29] <toabctl> lau, maybe "lscpi -vv"
[13:31] <lau> oh yes ! i remember it now
[13:32] <lau> :( same output 0000:00:19.0 Ethernet controller: Intel Corporation Ethernet Controller (rev 02)
[13:32] <lau> i am trying with dmidecode but do not know how to translate manufacturer codes
[13:32] <mdz> jiboumans, ttx, Daviey has one and might be able to do a quick test
[13:33] <mdz> but we've confirmed the module is available and that's really all that's needed
[13:33] <ttx> right.
[13:33] <ttx> mdz: So two options here:
[13:33] <ttx> Go for a 5-laptop setup (i.e. order two more, + two USB Ethernet adapters)
[13:33] <mdz> (see #-devel)
[13:33] <Daviey> will do.. gonna be odd PXE booting to get to d-i then swapping the cat5 cable to the usb module.
[13:33] <ttx> Go for 4 laptops and use the Dell workstation (noisy, but working) as part of the setup (i.e. order one more laptop, one USB Ethernet adapter, and one PCI NIC)
[13:33] <ttx> mdz: The test cases needing 5 machines are sufficiently rare that I can bear the occasional blower noise.
[13:34] <mdz> Daviey, a test with kvm -usb -usbdevice host:... would be sufficient if that's more convenient
[13:34] <Daviey> oo
[13:35] <mdz> ttx, you might even be able to do a test without the hardware at all using kvm -usb -usbdevice net: but I didn't know that existed until just now
[13:36] <mdz> ttx, having an extra machine in the mix would be a good idea (e.g. if one fails we can ship it out as a replacement)
[13:36] <ttx> mdz: so i should aim for option 1 and keep the dell as a wildcard ?
[13:37] <mdz> ttx, that's my suggestion
[13:37] <mdz> jiboumans, thoughts?
[13:37]  * jiboumans reads back
[13:37] <ttx> mdz: I'm perfectly happy with that if you approve it :)
[13:38] <jiboumans> i agree with ttx there
[13:38] <jiboumans> if ethernet-usb works, let's go with that
[13:42]  * ttx tests -usb -usbdevice net:
[13:47] <smoser> ttx, you want me to run the image tests in uec ? or in ec2?
[13:47] <smoser> or both
[13:47] <ttx> install UEC cluster, install UEC node, test UEC instance run with UEC image
[13:48] <ttx> smoser: ^
[13:49] <smoser> freaking eh, ttx! :)
[13:49] <smoser> i can do that, yeah. the 64 bit ?
[13:49] <ttx> smoser: yes
[13:49] <smoser> ah, and you asked zul to run the ec2, then i'm ok with that.
[13:49] <smoser> i thought i was on both those request above.
[13:50] <ttx> smoser: I think that's the optimal use of our currently limited resources ;)
[13:50] <smoser> did you see my comment in bug regarding "don't boot" ?
[13:50] <ttx> smoser: I tested the UEC/i386 image alright
[13:50] <smoser> i have no idea why it was failing on 'small' for me.
[13:51] <ttx> smoser: I didn't test that. The test case says "c1.medium" :)
[13:51] <ttx> there might be some size check that fails only on 64bit
[13:52] <smoser> i was on 64 bit host testing 32 bit instance, but the 32 bit karmic release instance booted.
[13:59] <ttx> mdz: installer doesn't seem to pick up the USB NIC when run from "kvm -usb -usbdevice net:"
[14:01] <mdz> ttx, can we have this conversation on #ubuntu-installer or #ubuntu-devel with cjwatson?
[14:01] <ttx> sure
[14:15] <Aison> is there some ubuntu docu about bind9 and zones in ldap? cant find a good one :(
[14:16] <Aison> for me it looks like there are 2 different possibilities
[14:36] <smoser> ttx, to be clear, you want me to run http://testcases.qa.ubuntu.com/Install/ServerECluster (intsall from iso for server and node, then test uec images, right)
[14:37] <smoser> where is that URL linked from ? ie where do i record results of UEC intsall test
[14:37] <ttx> smoser: yes. That should also take care of the amd64 UEC cloud image test
[14:37] <ttx> smoser: I'll paste the testcases here
[14:38] <ttx> http://iso.qa.ubuntu.com/qatracker/result/3436/334
[14:38] <ttx> http://iso.qa.ubuntu.com/qatracker/result/3436/336
[14:38] <ttx> http://iso.qa.ubuntu.com/qatracker/result/3436/361
[14:38] <ttx> http://iso.qa.ubuntu.com/qatracker/result/3470/342
[14:39] <smoser> how do i find those tests from navigation ?
[14:40] <smoser> in case i forget the numbers 3436/334
[14:41] <ttx> smoser: drill down from http://iso.qa.ubuntu.com/qatracker/build/ubuntuserver/all
[14:42] <mdz> smoser, from http://iso.qa.ubuntu.com/ click on Ubuntu Server
[14:42] <smoser> ttx, ok. i see it now as a test for the server iso. i had previously thought there wsa a separate 'uec install' at that top level.
[14:50] <rickspencer3> smoser, hi
[14:52] <smoser> rickspencer3, hi.
[14:53] <rickspencer3> smoser, https://blueprints.edge.launchpad.net/ubuntu/+spec/desktop-lucid-desktop-cloud
[14:53] <rickspencer3> we should probably get started on this
[14:53] <rickspencer3> other than saying "I think we should use the nx server from Google" is there anything else you need from me?
[14:54] <smoser> i think i'm a couple hours away from having desktop builds available... i did a bunch of work on it last few days but didn't want to push it to the build system before we tested alpha1
[14:54] <smoser> so i think i'm a couple hours from having the first 3 TODOs done.
[14:55] <smoser> couple hours of work time, not clock. got to test uec now.
[15:02] <Aison> can I configure my pppoe connections in interfaces?
[15:03] <Aison> man 5 interfaces is quite spare
[15:05] <smoser> ttx, did the node controller find the cloud controller automatically for you?
[15:07] <ttx> smoser: no.
[15:07] <smoser> bug?
[15:07] <ttx> smoser: it's because the new UEC installer is half-landed
[15:07] <ttx> smoser: known issue
[15:07] <smoser> so is there a bug for that? should i open one ?
[15:08] <ttx> smoser: there is no bug for that, you can, but don't need to, file a bug about it
[15:09] <ttx> smoser: enter the cloud IP adress and insist on installing a node :)
[15:09] <smoser> yeah. thats what i did.
[15:11] <Aison> what are my options for iface eth0 inet manual
[15:11] <Aison> so when I use manual?
[15:26] <Aison> I did ifdown [mydevice]
[15:26] <Aison> now I called ifup [mydevice]
[15:26] <Aison> eth3.100: ERROR while getting interface flags: No such device
[15:26] <Aison> Failed to bring up eth3.200.
[15:27] <Aison> why do I get this error?
[15:27] <Aison> of course I can do /etc/init.d/networking restart
[15:27] <Aison> but then everything is restarted
[15:28] <t0rc> Is there a way to see why my server says it needs rebooted?
[15:32] <rickspencer3> smoser, thanks
[15:56] <smoser> ttx, maybe this is user error, but
[15:56] <smoser> euca-run-instances -k mykey $EMI -t c1.medium
[15:56] <smoser> FinishedVerify: Not enough resources available: addresses (try --addressing private)
[15:56] <smoser> $ grep "^VNET_PUBLICIPS=" /etc/eucalyptus/eucalyptus.conf
[15:56] <smoser> VNET_PUBLICIPS="192.168.1.224-192.168.1.131"
[15:56] <ttx> smoser: hm
[15:57] <ttx> 224>131
[15:57] <ttx> that probably translates to 0
[15:58] <ttx> smoser: fix VNET_PUBLICIPS and sudo stop eucalyptus CLEAN=1 / start eucalyptus CLEAN=1
[15:58] <smoser> i read that several times before i pasted
[15:58] <smoser> :)
[15:58] <smoser> each time replacing that '1' with a '2'
[15:58] <ttx> or you can test with private addressing)
[16:05] <pmatulis> on jaunty i've made an lvm snapshot (of a kvm guest disk/volume) and then tried to mount the snapshot but was unsuccessful.  mount complains about filesystem
[16:16] <ttx> smoser: non-double-base64-encoding euca2ools is now in karmic-proposed
[16:16] <smoser> whoowhoo
[16:21] <Aison> are iptables settings stored/restored on shutdown/boot?
[16:21] <jiboumans> aison: that's what iptables-save & iptables-restore is for
[16:21] <arj> not by default I believe
[16:22] <jiboumans> aison: you'll have to make the changes permanent yourself
[16:22] <Aison> jiboumans, yes I know those. But I also know several linux distributions and some have got init scripts that store/restore iptables rules
[16:22] <Aison> ok, what's best way to go? create my own init script?
[16:23] <Aison> pre-up / post-down in interfaces maybe a problem ,because I've got over 15 LAN devices  ^^
[16:24] <jiboumans> aison: i'm not sure off the top of my head. a quick google comes up with a very recent: https://help.ubuntu.com/community/IptablesHowTo
[16:24] <Aison> yes, I already reading this nowto ;)
[16:25] <Aison> they do it with interfaces pre-up post-down
[16:25] <jiboumans> that is the intuitive way i'd say
[16:27] <Aison> ok, there's also some small script for if-post-down
[16:27] <Aison> nice
[16:31] <Aison> ok, now the hardcore test, rebooting my router ^^  there are so many rules, devices, routes, etc...
[16:31] <Aison> I hope everything is setup nice
[16:36] <benedikt> I have a 100mb /boot partition which has now filled up (100% full). What can i do ?
[16:36] <J_P> hi all
[16:36] <jmarsden> benedikt: Remove some stuff from it :)   Is there an older kernel package you can now safely remove, for example?
[16:36] <J_P> people, I have a old app that use -lboost_date_time. And today I try to compile and I have this message: g++ -o simple_server ServerSocket.o Socket.o simple_server_main.o -lboost_date_time /usr/bin/ld: cannot find -lboost_date_time. I have installed libboost-date-time. Any idea?
[16:37] <benedikt> jmarsden: wasnt sure if i woulc ro right ahead and just remove the older kernels, wouldnt grub turn grumpy about that
[16:37] <J_P> I'm using 9.10
[16:37] <benedikt> i have kernels from 2.6.28 it looks like
[16:37] <jmarsden> benedikt: Do you need them all?
[16:37] <benedikt> nope
[16:38] <benedikt> it just installed 2.6.31-16 today but i am running 2.6.31-14 (server is at a remote location and i really dont want to reboot in case it doesnt come up again)
[16:39] <J_P> anyone?
[16:39] <benedikt> jmarsden: rm /boot/*2.6.2*
[16:39] <J_P> find /usr/lib -name libboost_date_time-mt.so
[16:39] <J_P> /usr/lib/libboost_date_time-mt.so
[16:39] <benedikt> and then run grub-install
[16:40] <benedikt> is that safe?
[16:40] <jmarsden> benedikt: No....    sudo apt-get remove all the unwanted old kernels (leave one older one just  in case)
[16:40] <benedikt> ill leave one below the running one
[16:41] <benedikt> dont know why i didnt think about the package manager..
[16:42] <jmarsden> benedikt: Do it as packages not rm, so you get everything related to each kernel and keep things clean... OK :)
[16:42] <ttx> smoser: you should mark http://iso.qa.ubuntu.com/qatracker/result/3436/361 as passed as well, I guess, since you ran a UEC image
[16:42] <benedikt> removing linux-image-2.6.28-15-server saved 14 mb.. yay
[16:43] <benedikt> why did i have a separate /boot , again?
[16:45] <smoser> done
[17:11] <dru> Im haveing quite hard time setting up something as rudementary as a samba server
[17:12] <dru> the file permissions are set at 700, testparm tells me the cfg is fine...however user1 can look at user2s folder contents and vice versa
[17:16] <pmatulis> dru: how are you accessing these shares?
[17:16] <dru> hey pmatulis
[17:16] <dru> umm they are accessed via afp i think its called ....via macs
[17:17] <dru> using smb://address
[17:17] <dru> they are accessed locally as well as via vpn
[17:17] <RoyK> afp != smb
[17:17] <dru> kool
[17:18] <RoyK> afp:// is afp
[17:18] <RoyK> but there really isn't much reason to use that anymore
[17:23] <dru> in the "global" section of the cfg i have a list of all users under "valid users, read list, write list...
[17:28] <RoyK> dru: that shouldn't be necessary
[17:29] <dru> yeah ....i removed it but it still dosnt help to secure the single sares from "other" users
[17:29] <RoyK> just allow "public access" and the users will be allowed access after authenticating
[17:30] <RoyK> dru: samba specific stuff is best answered at #samba, btw, but most of the stuff is in man smb.conf
[17:30] <dru> awsomeo ...thanks RoyK
[17:58] <J_P> I have a server with 7.10 but somes sources.list not works.. are there another server (old server) with ubuntu 7.10 ?
[18:01] <J_P> How I use http://old-releases.ubuntu.com/releases/ in sources.list?
[18:01] <neonfreon>           #ubuntu-server
[18:01] <neonfreon> 09:58 < J_P> I have a server with 7.10 but somes sources.list not works.. are
[18:01] <neonfreon>              there another server (old server) with ubuntu 7.10 ?
[18:01] <neonfreon> sorry
[18:03] <jpds> J_P: You don't.
[18:04] <jpds> J_P: You use: http://old-releases.ubuntu.com/ubuntu/
[18:05] <jpds> J_P: And seriously consider upgrading your server if you want it to be secure.
[18:07] <J_P> jpds: what is woring with this? deb http://old-releases.ubuntu.com/ubuntu/dists/ gutsy main restricted
[18:07] <jpds> J_P: The "dists" bit.
[18:07] <jpds> Not suppose to be there.
[18:08] <J_P> jpds: ahh ok just deb http://old-releases.ubuntu.com/ubuntu/ gutsy main restricted
[18:08] <J_P> works ;-)
[18:09] <jpds> :)
[20:58] <Aison> I would like to use quota with ldap lookup
[20:58] <Aison> I don't know here to start ;)
[20:58] <Aison> ldap is working
[21:10] <Aison> crap quota :(
[21:10] <Aison> it's not even working with lvm here
[21:10] <Aison> quotaon: quotactl() on /dev/mapper/vg0-lv0: Function not implemented
[21:54] <Italian_Plumber1> sudo apt-get install girlfriend-generator
[22:08] <smoser> good night all.
[22:33] <ruben23> hi is it possible to have to wan connection on my ubuntu router gaetway, form different ISP.
[22:33] <ruben23> mostl likely 4 port of ethernet- 2 for wan and 2 for local
[22:34] <benedikt> ruben23: uh, yes.
[22:35] <ruben23>  benedikt: any guides how to do it,
[22:36] <benedikt> just assign the appropriate ip addresses to each interface (eth0-3) and connect them to the right ports
[22:38] <ruben23>  benedikt: how about the routing and the gateway..?
[22:38] <ruben23> the iptable rules for it
[22:38] <benedikt> just use the approrirate eth names in the rules
[22:42] <ruben23> benedikt: should NAT still be used..?
[22:42] <benedikt> if you want to NAT a private ip network then yes
[22:42] <benedikt> but if you are routing an ip network (and not NAT-ing) then no
[22:42] <qman`> ruben23, I think what you're really wanting to know is how to load balance two internet connections
[22:43] <qman`> that's a bit more complicated than just connecting them
[22:45] <ruben23> qman: i have a pc client need to directly registered on a public hosted server. what you think i need, i think NAt is problem, but another problem is, it is not only one client pc but its multiple client pc
[22:46] <qman`> ruben23, sorry, I don't follow -- if you just need port forwarding, that's easily done through iptables
[22:49] <ruben23>  qman`:  i have voice traffic form my client pc generated form soft phones, whihc the server or system runs it is hosted on a remote location, multiple client pc are using it..if i used my gateway server the linux router i have, would it be ok,
[22:50] <ruben23> my client pc is in private IP, so basically they need NAt, can it be possible without NAT on my linux router
[23:27] <jiboumans> Night guys