/srv/irclogs.ubuntu.com/2010/01/18/#ubuntu-server.txt

=== rberger__ is now known as rberger
=== erichammond1 is now known as erichammond
jMyles	I'm using dnsmasq for DHCP - how can I list all the devices on my network with their hostnames?	01:26
jMyles	....or, more properly, all the devices that are DHCP, not static devices	01:26
twb	jMyles: you need to tell dnsmasq to maintain a lease file.	01:44
twb	jMyles: then, you simply cat the lease file.	01:44
twb	Note that you will need to restart dnsmasq to turn the leasefile option on -- meaning that unless it's already on, you can't extract the current leases.	01:45
jMyles	twb: yeah, I thought it was strange that there was no file with this info :-) where do I do this? dnsmasq.conf?	01:45
jMyles	twb: that's no problem	01:45
jMyles	twb: I could have a grep-fest with nmap if I was really feeling energetic, but I knew there was an easier way	01:45
twb	Also note that if you have the leasefile turned on (and not read-only), restarting dnsmasq will no longer clear the lease database within dnsmasq. This can be REALLY confusing when you forget about it.	01:45
twb	jMyles: yes, it's in dnsmasq.conf, see the options in the dnsmasq(8) manpage.	01:46
twb	jMyles: you can also look at your current ARP table for hints	01:46
jMyles	twb: I looked at man, but I guess I searched for the wrong phrase	01:46
twb	"sudo arp"	01:46
twb	Erm, ARP assuming you're using Ethernet.	01:47
jMyles	twb: Awesome, found it. Another question (and again, I looked at man but maybe I missed it): how can I get dnsmasq to log to some place other than syslog?	01:49
twb	I doubt you can.	01:50
twb	Why would you want to?	01:50
jMyles	twb: just to stay organized	01:50
twb	What does that mean?	01:50
jMyles	twb: syslog gets so bloated :-\	01:50
twb	Um, are you talking about the service called syslog, or a file?	01:50
jMyles	twb: I'd rather have dnsmasq-dns.log and dnsmasq-dhcp.log	01:50
twb	OK, all you need to do in that case is configure syslog.	01:51
jMyles	I don't think I know the difference :-\	01:51
jMyles	the only way I find dnsmasq logs is by catting syslog	01:51
jMyles	which is very inefficient	01:51
twb	Daemons use a system call (called syslog, too, IIRC), and a daemon (syslogd, rsyslogd or syslog-ng) "hears" them and puts them in files.	01:52
jMyles	ahh, I see	01:52
twb	So if you want to put log entries in a different file, you configure rsyslog.	01:52
jMyles	so I need to have a little heart-to-heart with rsyslog	01:52
jMyles	right	01:52
twb	Personally I usually just grep dnsmasq.*DHCP /var/log/daemon or so	01:52
jMyles	I don't understand that last statement - can you explain?	01:53
twb	jMyles: are you familiar with grep(1)?	01:54
jMyles	perhaps not - the (1) is foreign to me	01:54
twb	(1) just means its in the first chapter of the manual	01:54
twb	(See man(5)).	01:54
jMyles	I see	01:56
jMyles	well, since we're on the topic - how does one search for a string in man?	01:57
jMyles	(like ctrl-f in firefox or ctrl-w in nano)	01:57
twb	apropos(1)?	01:59
twb	If you mean within the displayed manpage, then it depends on your pager. The default pager is less(1), so use / for forward searching, and ? for backward searching.	02:00
twb	C-/ or / should also work in firefox, FWIW.	02:00
twb	You can use a different pager (e.g. w3m), or have man generate PDFs or HTML, of course.	02:00
jMyles	phew. I'm learning many new server applications at once, and I really want to come to terms with all of them and have a good grasp. I have a gateway running dnsmasq (and apache) and now I'd like to set up openvpn. I've read the guides, and I've tried, but restarting openvpn is giving me [fail].	02:20
jMyles	Is there a specific guide for setting up openvpn on a computer that is a gateway / router?	02:20
twb	Have you looked at the Ubuntu Server Guide?	02:24
twb	It's the fourth link in /topic	02:24
jMyles	twb: looking.	02:31
jMyles	thanks for all your help	02:31
twb	np	02:32
jMyles	I am running into frustration over the bridging in openvpn - the documented setup seems to be for a server with one NIC connected to a router. In my case, I can't create the extra device br0 because I already have a bridge between eth0 (WAN) and eth1 (LAN). I don't think I need the bridging stuff at all, but I don't know how to use openvpn without it.	02:35
jMyles	I really just want openvpn to listen on eth0, that's it	02:35
twb	I don't do much with OpenVPN, sorry.	02:37
a\|3x	hi all	02:50
a\|3x	i have a bit of a problem with the official kernel and iscsi targed daemon, hoping somebody can help...	02:51
sabgenton	should my hostapd config be in /etc/hostapd/hostapd.conf	02:52
sabgenton	it doesn't seem to take there	02:52
twb	!anyone > a\|3x	02:52
ubottu	a\|3x, please see my private message	02:52
sabgenton	with /etc/init.d/hostapd start	02:52
twb	sabgenton: I don't know. What does the manpage say?	02:53
sabgenton	nothing	02:54
twb	strace the daemon, then.	02:54
sabgenton	I only can get it working with hostapd /etc/hostapd/hostpad.conf	02:54
a\|3x	i have vmware installed on an ubuntu server installation with iscsi target daemon, but every time my vm tries to use the iscsi target i get console message that says soft lockup, cpu #x stuck for 11s, and istd has 100% cpu usage, any ideas what could be causing this?	02:54
sabgenton	but I want to use it via /etc/init.d/hostapd	02:55
twb	sabgenton: my default position would be to blame vmware, because I hate it	02:55
twb	Oops, bad completion	02:56
twb	a\|3x: does it work if you take VMware out of the equation?	02:56
sabgenton	?	02:56
sabgenton	oh ok	02:56
sabgenton	:P	02:56
a\|3x	i cant	02:59
sabgenton	twb I asked this earlyer but when hostapd appers in /etc/init.d/hostapd is that sometimes becouse ubuntu/ the deb put it there or is that what would happen if I intalled it from source	02:59
sabgenton	generally i mean	02:59
sabgenton	as the man has nothing about /etc/init.d/hostapd	03:00
sabgenton	is it debian people that made the deb installer setup a space in /etc/init.d/ for it	03:00
twb	sabgenton: I don't know. I don't install packages from source.	03:00
sabgenton	for better management	03:00
twb	You could find out by inspecting the upstream source.	03:01
sabgenton	ok	03:01
a\|3x	twb: i could set up a test system on the side but i was wondering maybe its something easy	03:02
twb	a\|3x: I don't know.	03:02
twb	iscsi is pretty complicated. If I had to deal with network block devices, my gut position would be to steer towards AoE.	03:03
twb	That's assuming your nbd doesn't need to cross networks, of course.	03:04
a\|3x	twb: the problem is vmware is a fart when it comes to support for >2tb virtual drives	03:20
a\|3x	twb: that is why i had to use iscsi in the first place	03:22
ruben23	hi	03:34
ruben23	jmarsden: hi	03:34
jmarsden	hi	03:35
ruben23	jmarsden: the one you test me about the mount cifs.. it worked but with my fstab when reboot	03:40
ruben23	it didnt work im getting erro like this-->error connecting to IPv4 socket , cifs mount failed error code = -113	03:41
jmarsden	ruben23: So now if you do sudo mount /media/share # what happens?	03:43
jmarsden	ruben23: -113 sounds like "wrong IP address or remote XP box is not there" kind of a problem, but I'm not really sure.	03:43
ruben23	jmarsden:--> mount media share i can mount it	03:45
ruben23	but with auto mount upon reboot i cant..	03:45
ruben23	my fstab is this-->http://pastebin.com/m594509e7	03:46
jmarsden	ruben23: Interesting. Sounds like a timing issue, maybe some other service is not up when the mount is tried at reboot. I don't have any great ideas on that. The fstab entry looks fine to me.	03:47
jmarsden	As an "ugly" workaround, you could try doing something like sleep 60 && mount -a in /etc/rc.local	03:48
ruben23	jmarsden: the windows unit is up already while the system is rebooting	03:48
ruben23	ow ok	03:48
ruben23	ill try it	03:48
jmarsden	That will wait for one minute and then try the mount again... it might help.	03:49
twb	jmarsden: isn't upstart supposed to magically fix boot order issues?	03:50
jmarsden	Yes... but I lack time right now to troubleshoot it, and ruben23 just needs something that works for a personal server :)	03:50
twb	I was just bitching	03:51
jmarsden	twb: If you can work with him on a full diagnosis and non-ugly fix for this, go for it :)	03:51
jmarsden	OK...	03:51
ruben23	jmarsden:thanks ill try the work around..	03:52
kingjm	kingjm	06:16
kingjm	12:13	06:16
kingjm	I am looking for some help to do with VPNs I have started a forum discussion as I could not find a previous one. http://ubuntuforums.org/showthread.php?t=1383560	06:16
kingjm	can somone see me now?	06:16
kingjm	is anyone in here?	06:18
twb	!anyone > kingjm	06:22
ubottu	kingjm, please see my private message	06:22
kingjm	I am trying to setup two VPN's one using PPTP and the other IPSEC/XL2TP I have started a forum thread with what I have done. however I cannot connect using Snow Leopard or windows Mobile. Can someone please help?	06:25
twb	kingjm: can you connect using Ubuntu Server?	06:26
kingjm	I havn't tried that I did not think that I could connect to my own server that I am serving the vpn from. I will try	06:26
kingjm	twb well I am having trouble with that too I don't know how to connect on ubuntu terminal. I have install pptp-linux	06:35
twb	Uh, PPTP, IPSec and L2TP are all different protocols.	06:37
twb	AFAIK you can't (for example) connect a PPTP client to an L2TP server.	06:37
kingjm	twb I am starting with pptp shoudl be the easiest…. it	06:38
kingjm	sudo pptp 192.168.0.100	06:38
kingjm	Terminated	06:38
twb	Have you configured your server to serve PPTP?	06:39
kingjm	I thought so. if you click this link it will show exactly what I did. don't worry. I have the only post atm	06:40
kingjm	http://ubuntuforums.org/showthread.php?t=1383560	06:40
twb	kingjm: the link you provided sets up three completely different VPN tunnels.	06:41
twb	It also contains bugs, so if you followed it you would've seen errors and tried to deal with them.	06:41
kingjm	I realize that. I am just trying to start with pptp. My goal is to get all of them working	06:42
twb	kingjm: so pptpd is installed?	06:42
kingjm	yep it is installed	06:42
twb	And you edit /etc/ppptpd.conf, /etc/ppp/options, /etc/ppp/chap-secrets and /etc/sysctl.conf as advised by that page, and restarted pptpd?	06:43
kingjm	yep just as that page says	06:43
twb	Did you activate the changes to sysctl.conf?	06:44
kingjm	with /etc/init.d/networking restart	06:44
twb	That's wrong.	06:44
kingjm	oh	06:44
twb	Here it is managed by the procps init script.	06:45
kingjm	so how do I activate the changes?	06:46
twb	17:45 <twb> Here it is managed by the procps init script.	06:46
kingjm	sudo /etc/init.d/procps restart	06:47
kingjm	* Setting kernel variables...	06:47
kingjm	...done.	06:47
kingjm	sudo pptp 192.168.0.100	06:49
kingjm	Terminated	06:49
kingjm	twb anything else that you can see might be wrong?	06:49
twb	kingjm: maybe you should look at the log files	06:50
twb	kingjm: and inspect the open ports (with ss or netstat) and firewall.	06:50
kingjm	I looked in var/log/messages nothing there anywhere else?	06:54
kingjm	tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN -	06:58
twb	kingjm: that will depend on how your daemon does logging.	07:00
jmarsden	kingjm: /var/log/daemon.log is one possibility. Read /etc/syslog.conf to see where else your syslog daemon might be logging things, or man pptpd to see where pptpd is supposed to log things.	07:02
kingjm	auth,authpriv.*/var/log/auth.log	07:04
kingjm	.;auth,authpriv.none-/var/log/syslog	07:04
kingjm	#cron.*/var/log/cron.log	07:04
kingjm	daemon.*-/var/log/daemon.log	07:04
kingjm	kern.*-/var/log/kern.log	07:04
kingjm	lpr.*-/var/log/lpr.log	07:04
kingjm	mail.*-/var/log/mail.log	07:04
kingjm	user.*-/var/log/user.log	07:04
jmarsden	Don't spam the channel :) Read it and then check the relevant log files on your server for pptp related log entries!	07:04
kingjm	I was just putting it up there so that you would know where to logs are going. as you may know which ones to check	07:05
jmarsden	Never post more than 2 lines to the channel. For anything more than that use pastebin.	07:06
kingjm	pastebin what is that?	07:06
jmarsden	It would have been faster to grep pptp /var/log/*log than to spam us with syslog.conf entries anyway...	07:06
jmarsden	!pastebin	07:06
ubottu	For posting multi-line texts into the channel, please use http://ubuntu.pastebin.com \| To post !screenshots use http://tinyurl.com/imagebin \| !pastebinit to paste directly from command line \| Make sure you give us the URL for your paste - see also the channel topic	07:06
kingjm	thanks I will	07:07
kingjm	http://ubuntu.pastebin.com/d1e9f0d5a this is the grep pptp	07:10
jmarsden	OK. So now you can go through that and fix anything you find relating to "error" or to missing or unrecognized options, etc.	07:12
kingjm	I am going through this, I don't understand much…. I do really appreciate that you are walking me through how to find my own errors.	07:17
kingjm	In file /etc/ppp/pptpd-options: unrecognized option 'localip' but this is needed for localip and remoteip. what can I change?	07:18
jmarsden	Are you sure that is the right option in the right file? man pptpd and check. Maybe it is spelled local-ip or maybe the intent is that you replace the string "localip" with your actual local IP address 1.2.3.4 or something ?	07:20
jmarsden	It has been years since I ran a pptpd so the man page will be more accurate than I am.	07:20
twb	Isn't PPTP the one with the gaping cleartext-password-type holes?	07:23
jmarsden	twb: I think the really bad holes were cleared up a while back, but since it is basically a Microsoft protocol, it wouldn't be surprising if there are still some issues with it.	07:25
kingjm	I think I got it thanks sudo pptp 192.168.0.100 did not return any errors	07:26
jmarsden	twb: http://www.sans.org/security-resources/malwarefaq/pptp-vpn.php May be worth a look for SANS ideas on improving its security...	07:27
twb	Ha, a security group is using PHP	07:27
kingjm	how do I check or close the pptp connection	07:28
twb	You can close it by pulling the cable out and waiting an hour	07:31
jmarsden	kingjm: You are trying to write a wiki article about doing this stuff, but don't know how to start and stop PPTP, nor how to test it? Seems odd... perhaps you should leave writing wiki articles about VPNs to folks who have experience with them? You could kill the pptp client, to close the connection rather rapidly :)	07:31
twb	jmarsden: I think he was writing up what he tried, rather than having to repeat it all here	07:32
kingjm	I would love to however no one else has done so. That is why I am using the forums to figure it out	07:32
twb	Forums are worse than IRC!	07:32
twb	They are populated by people too stupid to configure a newsreader.	07:32
jmarsden	kingjm: Did you Google for ubuntu pptp server and see how many hits there are? "noone else has done so?"	07:33
kingjm	I have gotten pptp to work and connect via snowleopard	07:33
kingjm	I did google that is where I started. then I went to the wiki, then to the forums, and now here	07:33
jmarsden	kingjm: OK. So you know there are plenty of people who have written this up. Mostly a long time ago, because few people use PPTP any more, it being considered too insecure...	07:35
beric	Hi, Something moved my syslog.conf to syslog.conf.0 , I guess some unattended upgrade. where can I read about protecting my config files from things like that ?	07:39
twb	The Debian Policy ought to prevent that :-/	07:40
jmarsden	twb: That's what I was thinking... "is that allowed?"	07:41
jmarsden	beric: What kind of automated unattended updating software are you using on your Ubuntu server that you think did this?	07:41
beric	apt-cron	07:41
twb	apt-cron is basically an obsolete version of unattended-upgrades.	07:42
twb	It shouldn't do anything like that -- it basically just does an "apt-get update && apt-get upgrade"	07:42
twb	Now, if you have cowboy third-party repositories enabled, their postinsts could do any kind of crack-addled thing...	07:43
beric	it's 8.04 LTS. I know it's old but can't upgrade anything	07:43
kingjm	I would just like to say thanks for all those who helped. good night	07:43
jmarsden	kingjm: Goodnight.	07:43
beric	twb: sounds reasonable, It has turnkey linux repositories . what can I do about that in the future ?	07:45
jmarsden	beric: You might want to check what version of syslogd you have and where it came from? And make frequent backups of /etc :)	07:45
jmarsden	beric: You may also be able to use pinning to restrict which pacakges the 3rd party repositories can update, to ONLY the few you really need from there. man apt_preferences for more on pinning.	07:47
twb	The obvious solution is not to use those shitty "turnkey" repos	07:48
twb	Or, to not enable auto-upgrading, or at least disable it for everything by hardy-security	07:49
twb	aptitude install '~i ~S ~VTARGET ~Ahardy-security' (untested)	07:50
beric	ok. I'll consider that	07:50
twb	Pinning ought to work for that, too, but it always makes my brain hurt	07:50
jiboumans	good morning	09:17
=== ewook_ is now known as ewook
Helix001	hi is anyone using squid and likewise open with active directory?	10:02
rags	Hello, I am running BIND 9.4 on Hardy, I'm getting this messages in the logs : "named[30429]: unexpected RCODE (SERVFAIL) resolving '31.59.243.72.in-addr.arpa/PTR/IN': 97.66.48.58#53"	10:21
rags	I've totally locked down the server - query and recursion only from local net and bind is listening only on the local host and n/w, but I keep getting these messages in the logs...	10:21
jiboumans	soren, ping?	10:40
jiboumans	soren: LP question. do you know why http://qa.ubuntu.com/reports/team-assigned/canonical-server-assigned-bug-tasks.html isn't listing https://bugs.launchpad.net/ubuntu/+source/ec2-init/+bug/494185 ?	10:41
soren	jiboumans: /me looks	10:46
soren	jiboumans: Probably because it's listed as fixed in Lucid.	10:46
jiboumans	hmm, but not in karmic, which is half of the bug =/	10:46
soren	jiboumans: It says "Status tracked in Lucid", so whatever the status is in Lucid is what matters here, I believe.	10:46
jiboumans	soren: thanks for explaining.. damn this falling through the cracks. so if i say 'status tracked in karmic', it should pop up again?	10:47
soren	jiboumans: You can do that?!?	10:48
jiboumans	soren: i have no idea	10:48
jiboumans	all i know is there's a bug that's 50% fixed and it's not showing up in reports	10:48
soren	jiboumans: I don't think you can. I think it's just telling you that that's how it is.	10:49
jiboumans	i see. damn.	10:49
jiboumans	soren: could you check with the QA folks if there's a report they generate that does include things like this?	10:49
soren	jiboumans: I'd bother the good people in #launchpad. I'm sure there's a bug open about it already (I remember seeing one to this effect), but I don't remember the bug no.	10:49
jiboumans	ok, i'll ask there	10:49
soren	ta	10:49
tarski	anyone here have any luck or know about installing ruby 1.9.1 with rails on ubuntu server?	13:56
jiboumans	tarski: you're running karmic?	14:02
tarski	no i downloaded hardy	14:02
tarski	jiboumans: but it's not working, so many errors with gems, and such	14:03
tarski	jiboumans: think i should use karmic?	14:03
jiboumans	tarski: depends on what you are looking for. Hardy's an LTS; the software will be older, but stable	14:03
jiboumans	Karmic's the latest release, so will have the newest versions of ruby & co that were available	14:03
tarski	jiboumans: well im looking for the newest ruby, i can install ruby1.9.1 on hardy from the karmic repos but rails wont work and some other gems i need	14:04
jiboumans	tarski: your best bet to run the newest gems/rails/ruby is to use karmic	14:04
tarski	jiboumans: thought so. im going to be installing 10.04 when it's out so no i dont need lts right now	14:05
tarski	jiboumans: thanks	14:05
jiboumans	tarski: happy to help. good luck	14:05
Ash-Fox	Perhaps someone else can figure this out - I have an external 1TB USB harddrive, it works perfectly on my other systems with the same distro, doesn't matter what kernel I use however on this specific machine, the drive eventually becomes inaccessible. I have tried tweaking max_sectors, but that doesn't seem to help at all. Here is a copy of my syslog:	15:31
Ash-Fox	http://ash-fox.pastebin.com/d1fc9a240	15:31
zul	soren: ping	15:37
soren	zul: hey.	15:43
zul	soren: i just uploaded the latest mysql 5.1 from debian testing can you add it to your testsuite thing?	15:49
soren	zul: It's already there, isn't it?	15:49
zul	i dunno how can i check?	15:50
soren	zul: Don't you get build failures for mysql-dfgs-5.1 each morning?	15:50
soren	Anyhow, the authoritative sources is:	15:50
zul	lemme check	15:50
soren	https://edge.launchpad.net/~ubuntu-server-qa/+archive/regression-test	15:51
soren	Yup, mysql 5.1 is already there.	15:51
zul	soren: cool thanks	15:51
kaffien	can apt-get be used to install applications with make flags?	16:06
ZimCS	Hello. I am running ubuntu server on a small home server that I just built. What is a good option to backup files from remote PC's?	16:07
kaffien	I used to use samba	16:08
kaffien	then use a backup software on the other machines to backup to the network share	16:08
ZimCS	thanks	16:09
ZimCS	kaffien: i setup samba last night and the file transfer was extremely slow. did you ever run into that problem?	16:13
kaffien	define slow	16:13
ZimCS	160GB would take 22 hours	16:14
kaffien	the fastest way i have transferred to to a linux system was on an ftp program via the SCP protocol	16:14
kaffien	jesus	16:15
kaffien	that should take about 4 hours with the right hardware	16:15
ZimCS	yeah	16:15
kaffien	what kind of a server do you have?	16:15
kaffien	you must consider all points	16:15
ZimCS	what do you mean what kind	16:15
kaffien	cpu, ram, hdd speed (do they have bad sectors etc) speed of network switch, cables, nic cards etc	16:15
kaffien	all of those can slow a transfer to a halt	16:16
kaffien	one of the biggest mistakes folks make is using a 10/100 switch / router	16:16
ZimCS	oh, an amd sempron single core 2.2ghz 2 gb ram 10/100/1000 with 2 sata drives	16:16
kaffien	what speed of sata drives?	16:16
ZimCS	yes, unfortunately my router is a wrt50g so the switch is 10/100	16:16
ZimCS	3.0GB	16:17
kaffien	thats a majour bottle neck	16:17
ZimCS	even for home use?	16:17
kaffien	yes	16:17
kaffien	gigabyte switches are cheep	16:17
mike3	.	16:17
mike3	how can i remove the motd of permanently. It keeps generating a new message in MOTD.	16:17
kaffien	id connect all computers to switch then one cord to the router for internets	16:17
kaffien	also make sure your workstations / desktops have gigabyte ethernet cards or a gb switch is pointless	16:18
ZimCS	yes, they do. i guess i'll trade my router in then.	16:19
kaffien	no no	16:19
kaffien	you still need the router	16:19
ZimCS	i mean just to one that has 10/100/1000	16:20
kaffien	unless you can find a gigabyte ethernet router	16:20
kaffien	if not just get a switch ... its more hardware but it might be cheaper	16:20
ZimCS	a lot of my transfers from my laptop will be wireless	16:21
kaffien	ahh	16:22
kaffien	make sure you got wireless N on your net router then	16:22
kaffien	wireless is generally slower than wired still	16:22
alvin	Are those remote pc's running Linux? NFS would be a better choice for that.	16:23
mike3	What keeps generating in my /etc/motd ? How can I remove it permanently?	16:23
kaffien	scp will transfer faster than nfs	16:24
ZimCS	alvin; windows	16:24
kaffien	setup scp on the linux box and get winscp for windows (its free)	16:24
alvin	kaffien: It will most certainly not. scp (SFTP) uses encryption.	16:25
ziesemer_	mike3: What version of Ubuntu? And do you only want to remove parts, or the entire thing?	16:26
kaffien	FTP and scp are different	16:26
mike3	the entire thing	16:26
kaffien	sftp is slooooow compaired to scp	16:26
alvin	actually, they are the same	16:26
kaffien	definately faster over here	16:26
kaffien	maybe its the way winscp handles them	16:26
ziesemer_	Well, /etc/motd.tail is part of it, and I just cleared that. That way I can still see package update notifications, etc.	16:26
kaffien	i usually get about 17MBs	16:27
ziesemer_	So you want to remove from just SSH, or all shell logins?	16:27
alvin	No, it's just ssh. winscp should not be faster than the scp command, or FileZilla.	16:28
mike3	ziesemer_: where to i tell it to use a different motd? Which file is doing this?	16:28
ziesemer_	Either way, at least under Karmic, look in /etc/pam.d. In both "login" and "sshd", there are references to pam_motd.so that could be commented out.	16:28
Pici	mike3: look at the manpage for motd.tail, it explains the process as to how the motd is generated.	16:29
sub	In my experience I've never been able to get winscp to exceed 10Mbps	16:29
sub	or maybe it was MBps, i don't quite remember	16:29
ivoks	if you want to remove it just from sshd	16:30
ivoks	edit /etc/ssh/sshd_config	16:30
ivoks	PrintMotd no	16:30
mike3	Pici: okay thanks	16:31
kaffien	alvin, its not im saying that SCP is faster than regular ftp and or windows transferring to a samba share	16:31
kaffien	via drag and drop	16:31
ZimCS	thanks for the help. i have one more question. this server primarily does hosting for my website, backups and file sharing. but it has an hdmi out and I'd like to use it to watch movies on my hdtv. but since boxee needs x-windows to run, do i need to install a gui?	16:32
ivoks	man, don't do that	16:32
ivoks	don't mix webhosting and divix :)	16:32
ZimCS	its just for my site though, nothing important	16:33
mike3	Pici: okay i found that, but I am still getting system information in there that I don't want..	16:33
ivoks	mplayer can output to svga :)	16:33
ivoks	aai is nice too :D	16:33
alvin	kaffien: Ah, you were saying it was faster than NFS, and NFS is faster than CIFS (marginally). I didn't mention FTP. What I meant was that FileZilla can do SFTP (=SCP) too.	16:34
ivoks	sftp != scp	16:34
mike3	okay nm, i just removed /etc/motd all together	16:35
mike3	i still would like to know where it generates the system information from. /etc/motd.tail doesn't contain this info	16:35
ziesemer_	/etc/update-motd.d	16:35
ivoks	it depends on version of ubuntu and packages you installed	16:35
ziesemer_	https://wiki.ubuntu.com/UpdateMotd . But is slightly outdated for Karmic, as it no longer uses cron.	16:35
mike3	ziesemer_: oh okay.. hrm..	16:36
kaffien	alvin wouldn't he be better off using scp to transfer files as big as 160gb?	16:36
ziesemer_	And I'm not sure that just removing /etc/motd will work like you expect. It might, but I'm not sure. You'd be better off removing the lines I mentioned from the pam.d files.	16:36
alvin	kaffien: I don't know. In his case, I would use Windows file sharing in combination with backup software. The built-in backup solutions of Windows will probably be good enough.	16:38
alvin	I would use SCP over an untrusted link only.	16:38
ivoks	in any case, use scp always instead of sftp	16:39
kaffien	seems to be that his problem is his 10/100 router	16:39
kaffien	160gb transfer took 22 hours	16:39
mike3	ziesemer_: in ssh right?	16:40
=== blackxored is now known as Guest15704
ziesemer_	Depends. Who do you want to disable it for? SSH users only, or all users?	16:40
mike3	let's say ssh users	16:40
mike3	what do i need to do?	16:40
alvin	kaffien, ivoks: Apparently I'm wrong. SCP is older than SFTP (faster, but less features). I thought it was the same.	16:40
mike3	because PrintMotd is already no	16:41
ziesemer_	Did you restart sshd?	16:41
mike3	it was already set	16:41
mike3	it was never yes	16:41
ivoks	oh really?	16:41
ivoks	hm...	16:41
ziesemer_	And you're still seeing it? Then I'd try disabling it in the pam.d files I mentioned above, e.g. /etc/pam.d/sshd .	16:42
ivoks	i consider that as a bug	16:42
mike3	ziesemer_: okay thanks..	16:42
mike3	found it	16:42
mike3	sec	16:42
ivoks	ah... it's not	16:42
mike3	okay that worked	16:43
mike3	sweet	16:43
ziesemer_	mike3: See also: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/399071	16:43
mike3	now on to my next problem... I want to install talkd but it wants to install the openbsd inetd which I do not want to use. I want to use xinetd	16:44
ivoks	install xinetd first	16:44
mike3	ivoks: it's installed already, but apt-get wants to remove it and intsall inetd	16:45
bogeyd6	Anyone have a guide on how to have a linux server running bind be a backup dns server for active directory?	16:45
ivoks	mike3: inetutils-talkd	16:46
mike3	sec	16:46
Aison	can I use dhcp3-server also for ipv6?!?	18:09
genii	Aison: not yet	18:11
Aison	so I need this "wide-dhcpv6-server" ?	18:12
genii	Aison: As far as i know, yes	18:13
kingjm	I have a problem wtih pppd "Cannot determine ethernet address for proxy ARP" how do I define proxyarp in /etc/ppp/options?	18:18
kingjm	can I use arp --use-device --set 192.168.0.100 eth0 pub. etho 192.168.0.100 is server address	18:21
mike3	I'm having issues getting talkd to work..	18:29
mike3	I need to use xinetd	18:29
mike3	in.talkd is nowhere to be found...	18:37
jfelt	Hail.	19:00
jfelt	I'm trying to gather some more information about the Cloud functionality of Ubuntu 9.10 server.	19:00
jfelt	has anyone implemented anything with it, yet?	19:00
=== NotADJ is now known as TheDJACR
kpettit	Can anybody recommend a good systems monitor that's easy to script? Basically I want to say "do XYZ if system is down..." type of stuff	19:23
=== WALoeIII_ is now known as WALoeIII
jMyles	I need to know how to reset my password for ldap. I am getting "Invalid credentials". I have looked and looked, but many of the guides seem to reference an outdated configuration using /etc/openldap/slapd.conf, which no longer exists.	19:40
Jeniczek	hi guyz	19:50
Jeniczek	am tryon to solve an installation problem	19:51
Jeniczek	anybody around?	19:51
Jeniczek	I wasnt successful on ubuntu channel :(	19:51
guntbert	Jeniczek: the rules are the same - just ask :)	19:51
Jeniczek	I have a Fujitsu RX300S4 server with 4 SAS drives. Both of the drives are put into 2 mirror RAIDS. During installation, I do partition the first RAID to / , swap and /home and the second RAID to /var . After successful install the server reboots and then all it says during boot is Fatal protection error at 0000:0000. I have tried to Low level format all hardrives, so its not an MBR issue.. Or at least doesnt looks so... The GRUB i	19:51
Jeniczek	thats it ;)	19:51
Jeniczek	hm :P	20:01
Jeniczek	well, g2g, bb guyz	20:21
Maz3Mike	How is it going everybody?	20:27
Maz3Mike	I had some issues installing Fedora 12 with graphics, and I thought I would give Ubuntu a chance	20:28
Maz3Mike	I have a Nvidia 7800 installed...any advice?	20:28
guntbert	Maz3Mike: this is primarily support for the server version	20:28
Maz3Mike	guntbert: That is what I am wanting to install	20:29
guntbert	Maz3Mike: I was confused - where does graphics come into the picture?	20:30
Maz3Mike	guntbert: I used to have a teamspeak server on fedora 9, but I wanted to upgrade...it didnt work..so I am going to give UbuntuServer a shot	20:30
Maz3Mike	guntbert: I was just wanting to have a monitor hooked up to it	20:31
guntbert	Maz3Mike: I see - and what exactly is your problem?	20:32
Maz3Mike	guntbert: Since I have been fooling around with the linux the last couple of years..I always run into issues with graphic cards	20:32
Maz3Mike	gunbert:installing it right now	20:33
guntbert	Maz3Mike: with the CLI? very rare - I'd say just go ahead :)	20:33
Maz3Mike	guntbert:already like the intial config...got opensuse working before this but I didnt like it either	20:35
Maz3Mike	guntbert: question...I have one 300GB disc that I wont the os to go on...and I have a 500GB disc that I want to keep stuff on there such as pictures..videos...ISOs..random things for the most part..set it up as a file share throught samba..but I want to ecrypt all of the 500GB disc	20:37
Maz3Mike	guntbert: what would be the best way of doing this...I am at the partition disk menu right now	20:38
guntbert	Maz3Mike: no experience with encryption on server here - but I'd say install to the 300GB and leave the other one untouched for now - you should be able to handle that later	20:39
Maz3Mike	k	20:39
Maz3Mike	guntbert: I will encrypt that sucker later...just have to use fdisk	20:40
Maz3Mike	figured it out	20:44
Maz3Mike	just partion the disk and then encrypt what volumes you want	20:44
* RoyK never uses X on servers unless they run opensolaris		20:49
RoyK	sometimes I even turn it off on those suckers	20:49
EtienneG	hey guys, I feel like an idiot	20:49
guntbert	RoyK: and?	20:49
RoyK	EtienneG: wanna talk about it?	20:50
EtienneG	I just built a three host cloud (CLC/CC/SC/Walrus, and two NC)	20:50
EtienneG	RoyK, oh yes!	20:50
* RoyK hands EtienneG paper towels		20:50
EtienneG	so anyway, I used the installer integration, it works fine	20:50
EtienneG	only thing: no networking to the instances, except from the frontend	20:51
EtienneG	it's like it is not routing between the public IP, and the instances private IP	20:51
EtienneG	yet, sysctl says net.ipv4.ip_forward = 1	20:51
* RoyK really has no idea about setting up clouds		20:52
EtienneG	RoyK, it's all good, mathiaz, kirkland, nurmi or someone else will surely help eventually	20:52
EtienneG	it's worth saying that both VNET_PUBINTERFACE and VNET_PRIVINTERFACE are set to eth0	20:53
EtienneG	so I wonder if that has something to do with it ...	20:54
kpettit	any good tools to say something like so "If ping 192.168.0.XX dpesm	20:55
kpettit	If ping doesn't give me a response restart system?	20:55
RoyK	kpettit: heh - no	20:55
kpettit	I'm having a hard time finding something simple to do that. Most of the systems are very bloated. Don't really want nagios or zabbix for something like that	20:55
RoyK	kpettit: what is this, from a server?	20:55
RoyK	if you can't ping x.x.x.x, it's most likely (as in 99,lots%) something else than linux that is the problem	20:56
kpettit	I've got this VirtualBox client VM that seems to die every so often. The process stays running but windows locks up. SO I want to do a ping test and send a restart to the client if it doesn't respond	20:56
kpettit	Basically I want the Linux host to ping the Windows guest and restart it if it doesn't respond	20:56
guntbert	kpettit: there is c	20:57
guntbert	sorry	20:57
RoyK	kpettit: nagios would be neat, but it really is a short script to do it manually	20:57
kpettit	:) If I had to code something I'd use python, it's the only thing I know well enough to do something usefull in. But I hate re-inveting the wheel	20:57
guntbert	kpettit: there is a complete CLI instruction set - so a "simple" script should do it	20:58
EtienneG	kpettit, something I do not understand is: how will you restart the unresponsive machine?	21:00
EtienneG	it's unresponsive, after all	21:01
kpettit	The linux server would still be running.	21:01
EtienneG	kpettit, yes. How will it restart the Windows machine?	21:01
kpettit	It's the VirtualBox guest that dies. The guest gets it's own IP address, I can't ping it when it locks up	21:01
kpettit	So normally I have to kill the process and restart it.	21:01
EtienneG	kpettit, ok, that make sense	21:01
EtienneG	then you would use a script that does something like:	21:02
EtienneG	if ! ping -c 1 ip.of.virtualbox.guest; then	21:02
EtienneG	# do something	21:02
EtienneG	fi	21:02
kpettit	exactly	21:02
EtienneG	then run it from cron every minute, or something?	21:02
kpettit	yes, not that often but something like that.	21:03
EtienneG	kpettit, cool!	21:03
kpettit	I just know it'll take me 1/2 a day to code something that's decent and doesn't give me a bunch of false postives or negatives. That's why I was looking	21:04
RoyK	kpettit: http://karlsbakk.net/pingtest.sh.txt	21:04
RoyK	kpettit: that took me a little less than half a day :þ	21:05
kpettit	cool. I'll test it out.	21:05
kpettit	I'm not a very good programmer though :)	21:05
RoyK	just replace the stuff in function restart...	21:05
kpettit	But I can copy and paste with the best of them	21:05
RoyK	it shouldn't be too hard	21:05
RoyK	it's hardly any more 'programming' than the usual linux commandline	21:06
kpettit	interpreting the ping results is what I was worried about	21:06
RoyK	oh	21:06
RoyK	never mind	21:06
RoyK	ping returns an error code	21:07
RoyK	0 on success, 1 on error	21:07
RoyK	so	21:07
kpettit	ah cool	21:07
kpettit	that's perfect then. Didn't know it did that, was thinking I'd have to parse the result line or something	21:07
RoyK	if [ `ping blah > /dev/null 2>&1` ]; then echo success; else echo fail; fi	21:07
RoyK	that's the simple way	21:07
kpettit	sweet	21:07
RoyK	that's unix basics :)	21:08
RoyK	most commands follow that regime	21:08
kpettit	good to know	21:09
Maz3Mike	alright guys..just got the server	21:12
Maz3Mike	edition installed	21:12
Maz3Mike	hopefully it works with my nvidia 7800	21:12
RoyK	erm	21:12
RoyK	isn't this a server?	21:12
RoyK	or do you plan to do some fancy 3d games with it as well?	21:13
Maz3Mike	no..it is a server	21:13
Maz3Mike	how do i enable Xserver?	21:13
RoyK	first question is "WHY?"	21:14
Maz3Mike	want to have the gui interface	21:14
RoyK	Maz3Mike: https://help.ubuntu.com/community/ServerGUI	21:15
RoyK	it's possible but not recommended	21:15
RoyK	there's no need for a gui on a server	21:15
ivoks	gui interfaces to unix services are... bad	21:16
Maz3Mike	yes	21:16
ivoks	you can't have that many checkboxes :)	21:16
ivoks	so, why bother?	21:16
=== cyphermox_ is now known as cyphermox
ivoks	just learn to use real unix UI - CLI	21:16
EtienneG	mathiaz, we had that discussion a little while back on UEC topology. Sorry, I am amnesic, I do not remember the conclusion, but am I correct in thinking that the public and private interface cannot be the same?	21:17
ivoks	vimtutor is a good start	21:17
Maz3Mike	if you forgot your root password...what is the easiest way to reset it?	21:17
mathiaz	EtienneG: hm - they could be the same	21:17
ivoks	Maz3Mike: live cd	21:17
Maz3Mike	I know how to do this on solaris..use disc..mount the drive...delete the password out of the shadow file	21:18
Maz3Mike	Is that the disc I used to install with?	21:18
mathiaz	EtienneG: I was able to run a UEC setup with one network only	21:18
EtienneG	mathiaz, glad to her that - somehow, on my flat install (all interface on the same "public" network), the frontend is not routing traffic to the instance private IP (172.19.1.2). Any ideas?	21:18
mathiaz	EtienneG: what's you configuration?	21:19
ivoks	Maz3Mike: the same is with ubuntu	21:19
EtienneG	mathiaz, stock from the installer	21:19
mathiaz	EtienneG: ie where are your CC/Walrus/CLC located?	21:19
EtienneG	mathiaz, all on the same machine	21:19
mathiaz	EtienneG: separate CLC and CC?	21:19
EtienneG	mathiaz, no, all on the same machine. that's what the installer does	21:19
mathiaz	EtienneG: and what are you trying to do?	21:19
mathiaz	EtienneG: for karmic or lucid?	21:20
RoyK	Maz3Mike: if you haven't set a root password on ubuntu, single user mode lets you straight in	21:20
RoyK	otherwise, just boot on a live cd	21:20
EtienneG	mathiaz, instance is started fine, except I cannot ssh/ping whatever to it. Security group, checked	21:20
EtienneG	mathiaz, karmic!	21:20
mathiaz	EtienneG: are you trying to ping/ssh the private instance IP or the public instance IP?	21:20
EtienneG	mathiaz, the public IP, from another machine (not the frontend). Pinging/sshing works fine on the frontend, using both the public or private instance IP	21:21
soren	EtienneG: Can you get out from it?	21:21
Maz3Mike	crap	21:21
Maz3Mike	thought i set the password	21:21
Maz3Mike	should be su -..right?	21:22
Maz3Mike	for root	21:22
EtienneG	soren, good question, I shoudl try that	21:22
RoyK	maxb: sudo su -	21:22
RoyK	Maz3Mike: that was for you	21:22
maxb	mis-bing?	21:22
maxb	righ	21:22
EtienneG	soren, mathiaz: when checking iptables output, I can see that no packet goes through the FORWARD chain. Is that normal?	21:22
RoyK	maxb: sorry :)	21:22
mathiaz	EtienneG: yes	21:22
maxb	Why do people think 'sudo su -' is a good idea?	21:22
RoyK	Maz3Mike: sudo su -, then use your own password	21:22
mathiaz	EtienneG: things are handled in the nat table	21:22
RoyK	maxb: because it's neat	21:22
mathiaz	EtienneG: try iptables -t nat -nL:	21:23
maxb	It's like "Become root and become root and run a shell"	21:23
RoyK	maxb: you get root's environment that way	21:23
RoyK	sudo sh doesn't give you that	21:23
EtienneG	mathiaz, yeah, did that, some packets are indeed going through the POST/PREROUTING chain	21:23
EtienneG	mathiaz, soren might be on to something .... maybe traffic is just not coming out of the instance somehow	21:24
maxb	I guess sometimes you want that. However I frequently use 'sudo -s' and find it actively useful that my $HOME is my own	21:24
RoyK	maxb: it's probably another fancy way to do that, but sudo su - works	21:24
ivoks	sudo -i	21:24
ivoks	sudo -s can be tricky	21:24
mathiaz	EtienneG: are you able to ssh into the Cloud Frontend?	21:24
maxb	define tricky	21:24
RoyK	well, that's what I want, most of the time, to use root's environment	21:24
EtienneG	mathiaz, sure	21:24
ivoks	if you run a command that drops something in ~, it will end up in user's home with root permissions	21:25
mathiaz	EtienneG: ie does the Cloud frontend knows how to route to your workstation?	21:25
ivoks	for example, firefox :)	21:25
maxb	eek	21:25
ivoks	or some cli tools - vim	21:25
RoyK	sudo -i I didn't know	21:25
RoyK	neat	21:25
mathiaz	EtienneG: is there a dhcp server running on the network?	21:25
maxb	I would never run something huge and gui under sudo	21:25
mathiaz	EtienneG: the instance may have gotten the wrong IP address	21:25
EtienneG	mathiaz, grrrrr! I hate you!	21:25
EtienneG	mathiaz, of cours ethere is one ... :(	21:25
* EtienneG bang head		21:25
EtienneG	there we are	21:25
* RoyK helps banging EtienneG's head		21:26
ivoks	maxb: find ~ -user root	21:26
EtienneG	If it wasn't for the CoC, I would transcribe the litany of swears that just came out of me	21:27
EtienneG	it was very pittoresque	21:27
EtienneG	mathiaz, in any case, thanks a bunch	21:27
jMyles	I'm really in need of help with LDAP. I'm pretty lost. It never asked me for a password during installation, and now I can't even get started with it because I don't know the password. Also, I want to understand it more / better.	21:27
RoyK	jMyles: afaicr it asks for the initial password during install	21:28
ivoks	jMyles: dpkg-reconfigure slapd	21:28
Maz3Mike	Just want to say...thanks for all the help so far.....guys in the fedora channel werent that helpful	21:29
RoyK	Maz3Mike: :)	21:29
RoyK	ubuntu!	21:29
RoyK	Maz3Mike: http://en.wikipedia.org/wiki/Ubuntu_(philosophy)	21:30
=== luis__lopez is now known as luis_lopez
jMyles	RoyK, ivoks: dpkg-reconfigure slapd doesn't ask me to set credentials. I am essentially having the exact problem described in this forum, but I do not understand the solution (although it is marked "SOLVED"): http://ubuntuforums.org/showthread.php?t=1295934	21:35
ivoks	jMyles: dpkg-reconfigure -plow slapd	21:36
RoyK	wtf is plow? manpage doesn't list it	21:37
ivoks	priority	21:37
ivoks	low	21:37
jmarsden	RoyK: priority of questions low	21:37
RoyK	k	21:37
ivoks	plow - ask everything	21:37
* RoyK thought of plowing		21:37
ivoks	phigh - ask only essential	21:37
RoyK	I see - just getting late	21:37
* jMyles is plowing		21:37
jMyles	ivoks: Even after plowing, I am not asked for credentials	21:38
jmarsden	jMyles: For ldap in 9.10 you are not supposed to be... the way it works changed, didn't it?	21:38
EtienneG	mathiaz, that was not it, after all	21:38
EtienneG	mathiaz, the instance does have a private IP. It can ping the frontend (172.19.1.1), but nowhere else	21:39
ivoks	jMyles: true... i haven't installed slapd on karmic yet	21:39
ivoks	this worked on 8.04	21:39
mathiaz	EtienneG: can you ssh into the instance from the frontend?	21:39
EtienneG	mathiaz, I am starting to think there is something fishy with my security group or something	21:39
EtienneG	mathiaz, yes	21:39
RoyK	jmarsden: https://help.ubuntu.com/community/OpenLDAPServer <-- this says how to reset it	21:39
ivoks	mathiaz: how do we setup root pass in slapd in karmic? :D	21:39
mathiaz	EtienneG: I'd check the routing table on the instance then	21:39
mathiaz	ivoks: olcRootPW	21:39
EtienneG	mathiaz, ubuntu@172:~$ ip route show	21:40
EtienneG	172.19.1.0/27 dev eth0 proto kernel scope link src 172.19.1.2	21:40
EtienneG	default via 172.19.1.1 dev eth0 metric 100	21:40
EtienneG	that seems kosher	21:40
mathiaz	ivoks: man slapo-config <- has the list of parameter	21:40
bogeyd6	can lts run cloud?	21:40
ivoks	oh, tree configuration	21:40
EtienneG	bogeyd6, no, it was introduced in jaunty	21:41
mathiaz	EtienneG: well - it seems that the instances are set correctly	21:41
EtienneG	bogeyd6, but you can run LTS kin the cloud, ie on EC2, or your own private cloud	21:41
EtienneG	mathiaz, indeed.	21:41
mathiaz	EtienneG: I'd use tcpdump on the instance/NC/CC to check where the network stops	21:42
bogeyd6	ok	21:42
bogeyd6	so i need 9.10	21:42
EtienneG	mathiaz, I did: it stops on the frontend	21:42
jmarsden	RoyK: Be careful, there is "old" and "new" documentation around at the moment... that page says "This page may contain outdated information." ...	21:43
mathiaz	EtienneG: have you enabled ssh traffic in your security groups?	21:43
jmarsden	jMyles: The steps presented by xingmu in the forum thread you linked to look like the "new" way to do things... did you try them?	21:43
EtienneG	mathiaz, etienne@curst:~$ euca-describe-groups	21:43
EtienneG	GROUPadmindefaultdefault group	21:43
EtienneG	PERMISSIONadmindefaultALLOWStcp2222FROMCIDR0.0.0.0/0	21:43
EtienneG	PERMISSIONadmindefaultALLOWStcp8080FROMCIDR0.0.0.0/0	21:43
EtienneG	GROUPadmindemoDemo security group	21:43
EtienneG	so, yes	21:43
EtienneG	hold on	21:44
RoyK	jmarsden: i know, just trying to help the guy	21:44
mathiaz	EtienneG: is your instance running in the demo group?	21:44
EtienneG	what does the "tcp 22 22" means? hopefully, it is not the source port	21:44
RoyK	jmarsden: you, that is	21:44
EtienneG	mathiaz, no, in the default group	21:44
Maz3Mike	wtf man	21:44
Maz3Mike	I log in and use my user account and try to sudo to root but it wont work	21:45
mathiaz	EtienneG: you can check the iptables rules on the CC	21:45
Maz3Mike	i keep getting su authentication failure	21:45
EtienneG	mathiaz, sure. Should I dump it here?	21:45
mathiaz	!paste \| EtienneG	21:45
ubottu	EtienneG: For posting multi-line texts into the channel, please use http://ubuntu.pastebin.com \| To post !screenshots use http://tinyurl.com/imagebin \| !pastebinit to paste directly from command line \| Make sure you give us the URL for your paste - see also the channel topic	21:45
jmarsden	Maz3Mike: sudo or su ? They are two different things...	21:45
Maz3Mike	su	21:46
EtienneG	ubottu, thanks, nice RTFM you have here!	21:46
ubottu	Error: I am only a bot, please don't think I'm intelligent :)	21:46
Maz3Mike	should su -	21:46
Maz3Mike	for root right?	21:46
jmarsden	Maz3Mike: No. Not in Ubuntu.	21:46
jmarsden	!root	21:46
ubottu	Do not try to guess the root password, that is impossible. Instead, realise the truth... there is no root password. Then you will see that it is 'sudo' that grants you access and not the root password. Look at https://help.ubuntu.com/community/RootSudo	21:46
RoyK	http://uncyclopedia.wikia.com/wiki/Rtfm	21:46
RoyK	heh	21:46
Maz3Mike	so what would I type?	21:46
RoyK	just remember that without any root password set, you can get right through all 'security' by just booting into single	21:47
EtienneG	mathiaz, http://ubuntu.pastebin.com/m331fc577	21:47
jmarsden	Maz3Mike: as a Ubuntu server admin you need to learn, not just type. Did you read https://help.ubuntu.com/community/RootSudo	21:47
RoyK	Maz3Mike: sudo -i and type your own password	21:47
ivoks	only members of admin group have sudo privileges	21:48
ivoks	so if you aren't member of admin group, sudo won't work	21:48
EtienneG	mathiaz, notice nothing gets into the FORWARD chain, hence nothing gets to be processed trough admin-default. Is that normal?	21:48
mathiaz	EtienneG: I don't think so	21:49
mathiaz	EtienneG: what's the routing table on the CC?	21:49
Maz3Mike	love it..nice got root access	21:49
EtienneG	mathiaz, lots of stuff through PRE/POSTROUTING	21:49
Maz3Mike	man the ubuntu website seems sloooow	21:49
EtienneG	mathiaz, cloudmaster@uec-frontend:~$ ip route show	21:49
EtienneG	172.19.1.0/27 dev eth0 proto kernel scope link src 172.19.1.1	21:49
EtienneG	10.153.108.0/24 dev eth0 proto kernel scope link src 10.153.108.210	21:49
EtienneG	default via 10.153.108.1 dev eth0 metric 100	21:49
EtienneG	(I just love flooding the channel!)	21:50
Maz3Mike	see...its always the little things that you need to know	21:50
henriquev	EtienneG: you shouldn't	21:50
Maz3Mike	Thanks guys..now on to figuring out the xserver setup	21:50
EtienneG	henriquev, I know ... :-/	21:50
ivoks	Maz3Mike: xserver setup?	21:50
RoyK	Maz3Mike: true, one should be able to play tetris on ones server	21:50
* RoyK sniggers		21:51
ivoks	just install xorg package :)	21:51
Maz3Mike	lol..dont make fun of me guys..i am on the gui crutch but i will get off of it soon enough	21:52
Maz3Mike	need to get teamspeak 3 working on it	21:52
mathiaz	EtienneG: I think it's because your public instance IPs are shared by the network IPs	21:52
mathiaz	EtienneG: the CC doesn't do any routing	21:52
ivoks	sudo apt-get install xorg	21:52
RoyK	Maz3Mike: https://help.ubuntu.com/community/ServerGUI	21:52
EtienneG	mathiaz, yes, that could well be ...	21:52
EtienneG	mathiaz, ok, so I will try with another IP range, like 192.168.something	21:53
mathiaz	EtienneG: is ip_forward enabled on the cC?	21:53
EtienneG	mathiaz, that makes a lot of sense indeed, and remind me of something	21:53
RoyK	http://www.lamebook.com/wp-content/uploads/2010/01/weekendwin4.png	21:53
ivoks	ah, time for bed	21:53
EtienneG	mathiaz, in fact, i am pretty sure I had this problem before indeed	21:53
mathiaz	EtienneG: yeah - try to allocate instance public IP in a non-used network	21:53
EtienneG	mathiaz, yes, CC is routing, I checked that first!	21:53
ivoks	bye	21:54
EtienneG	bye ivoks	21:54
mathiaz	EtienneG: if the FORWARD chain isn't hit, it means that things are fishy at the kernel routing level	21:54
EtienneG	mathiaz, yes, i got that indeed	21:54
mathiaz	EtienneG: you could try to see if packets leave eth0 on the CC	21:55
EtienneG	mathiaz, they aren't, I checked	21:56
mathiaz	EtienneG: I don't remember exactly under which circumstances packets go through the FORWARD rule	21:56
jMyles	jmardsen, ivok, royk, et. al.: I think I need to take a step back. For LDAP, do I need to go through this process (the "people.ldif" thing from the forums) every time I want to create an account? All I really want is 1) for the users / groups on my server to be authoritative across the network and 2) to be able to use that user list for a few other things (authenticating a wifidog portal, logging in to mediawiki, etc)	21:56
mathiaz	EtienneG: does the kernel say anything special?	21:56
EtienneG	mathiaz, no, completely silent	21:57
mathiaz	EtienneG: I don't know then	21:58
mathiaz	EtienneG: try to use instance public IP from a different network	21:58
EtienneG	mathiaz, but I think you got it ... it has to be the PUBLICIP range overlap	21:58
RoyK	jMyles: there are better ways to administer ldap than using ldif files, but you need to look it up. I really have no idea	22:05
EtienneG	gah! now I have the 403 bug ...	22:06
RoyK	EtienneG: 403 bug?	22:07
EtienneG	RoyK, jMyles: there is not, really. There are a couple of toolchains for managing user/group in LDAP, but they all suck. smbldap-tools suck the least	22:07
EtienneG	RoyK, jMyles: there is a blueprint to get a better toolchain in Ubuntu, but we are not there yet	22:08
EtienneG	RoyK, in EUC	22:08
jMyles	EtienneG: I guess I assumed that the process was going to be that the userlist on the server was going to just work on other computers. I don't really mind using ldif files - I'll just have to learn how.	22:08
EtienneG	jMyles, what you describe is more like NIS, the older network directory. It is deprecated, though.	22:09
RoyK	jMyles: we're still using NIS in our network	22:10
RoyK	works like a dream	22:10
* RoyK underlines the fact that not dreams are good		22:10
soren	Do you dream in black and white?	22:10
soren	and 320x200?	22:10
RoyK	no, it's colour	22:10
RoyK	cyan and magenta is nice	22:11
RoyK	CGA FTW!	22:11
soren	Yup, those are colours.	22:11
* soren doesn't miss CGA much		22:11
jMyles	EtienneG, RoyK: Thanks for walking me through these baby steps. I think I think LDAP because it seems to be compatible where I need it: starting with wifidog and mediawiki, which both support it. What is the best practice for securing and authentication wireless clients? We want to do everything with one set of credentials per user. (Background: My girlfriend and I are starting SlashRoot: The Grassroots Tech Cafe, where we se	22:11
jMyles	rve organic, fair trade coffee and open source software)	22:11
soren	Incidentally, I don't miss NIS much either. Coincidence?	22:11
soren	jMyles: Where?	22:12
jMyles	soren: New Paltz, NY, USA	22:12
jMyles	soren: Hudson Valley Region	22:12
RoyK	jMyles: http://luma.sourceforge.net/ <-- nothing has happened there recently, but it might work	22:13
soren	google maps refuses to give me directions. I miss the times when it would tell you to swim from somewhere in France to New York or whatnot.	22:13
RoyK	:)	22:14
RoyK	soren: are you danish or perhaps norwegian?	22:14
soren	RoyK: Danish.	22:14
soren	http://googlesystem.blogspot.com/2007/03/google-maps-shows-funny-directions.html	22:15
RoyK	makes sense - Søren isn't really a very common name up here	22:15
soren	No, you're all named Sven. Everyone knows that.	22:15
soren	Well..	22:15
soren	Except for those named Olaf.	22:15
RoyK	heh	22:16
RoyK	soren: seems those aren't so popular anymore http://www.ssb.no/navn/fylke/Hele_landet_2008-menn.html	22:17
soren	RoyK: Bah. Statistics.	22:18
soren	RoyK: http://dst.dk/Statistik/Navne/NamesPop.aspx fwiw	22:18
* soren tries to get back on topic		22:18
RoyK	lies, damn lies and statistics...	22:18
EtienneG	mathiaz, excuse me again, I am abusing your time today. I changed VNET_PUBLICIPS in eucalyptus.conf, restarted the services, rebooted even, and euca-describe-addresses still returns the old public IP. Do we need to do some voodoo to have the new public IP setting applied?	22:21
mathiaz	EtienneG: try to restart eucalytpus with CLEAN=1	22:21
mathiaz	EtienneG: network information is presistant accross reboot	22:21
mathiaz	EtienneG: you'd have to clean everything	22:21
EtienneG	mathiaz, yeah, I see that!	22:22
mathiaz	EtienneG: check eucalyptus init script the get the exact CLEAN syntax	22:22
mathiaz	EtienneG: (CLEAN=1 IIRC)	22:22
EtienneG	mathiaz, ok, looking	22:22
EtienneG	mathiaz, but there is nothing in the init script about CLEAN	22:23
EtienneG	would that be an environment variable?	22:23
* RoyK corrects incidence		22:24
* RoyK corrects incorrect instead		22:24
mathiaz	EtienneG: hm - you're right	22:24
mathiaz	EtienneG: we've added the CLEAN env in lucid	22:25
EtienneG	mathiaz, isn't it an upstart job now anyway?	22:25
mathiaz	EtienneG: yes - but it still works the same way	22:25
mathiaz	EtienneG: see bug 491254	22:25
EtienneG	checking ...	22:25
mathiaz	EtienneG: well - it should in karmic actually	22:26
mathiaz	EtienneG: have you installed the latest version from karmic-updates?	22:27
EtienneG	mathiaz, aaaaah, victory!	22:27
EtienneG	mathiaz, yes, I did	22:27
EtienneG	ok now, running instances	22:27
EtienneG	mathiaz, VICTORY!!!	22:35
EtienneG	note to self: VNET_PUBLICIPS range shall not be in your publicépriv interface subnet	22:36
EtienneG	now, what is the URL of MediaWiki on the demo appliance?	22:38
soren	http://whatever/mediawiki/	22:42
soren	http://whatever/mediawiki/	22:45
soren	Whoops.	22:45
EtienneG	soren, yeah, I got that	22:47
EtienneG	I am defacing my own wikipedia!	22:52
* RoyK takes EtienneG's coke		22:53
EtienneG	crack, man, crack	22:54

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!