[01:26] <jMyles> I'm using dnsmasq for DHCP - how can I list all the devices on my network with their hostnames?
[01:26] <jMyles> ....or, more properly, all the devices that are DHCP, not static devices
[01:44] <twb> jMyles: you need to tell dnsmasq to maintain a lease file.
[01:44] <twb> jMyles: then, you simply cat the lease file.
[01:45] <twb> Note that you will need to restart dnsmasq to turn the leasefile option on -- meaning that unless it's already on, you can't extract the current leases.
[01:45] <jMyles> twb: yeah, I thought it was strange that there was no file with this info :-)  where do I do this?  dnsmasq.conf?
[01:45] <jMyles> twb: that's no problem
[01:45] <jMyles> twb: I could have a grep-fest with nmap if I was really feeling energetic, but I knew there was an easier way
[01:45] <twb> Also note that if you have the leasefile turned on (and not read-only), restarting dnsmasq will no longer clear the lease database within dnsmasq.  This can be REALLY confusing when you forget about it.
[01:46] <twb> jMyles: yes, it's in dnsmasq.conf, see the options in the dnsmasq(8) manpage.
[01:46] <twb> jMyles: you can also look at your current ARP table for hints
[01:46] <jMyles> twb: I looked at man, but I guess I searched for the wrong phrase
[01:46] <twb> "sudo arp"
[01:47] <twb> Erm, ARP assuming you're using Ethernet.
[01:49] <jMyles> twb: Awesome, found it.  Another question (and again, I looked at man but maybe I missed it): how can I get dnsmasq to log to some place other than syslog?
[01:50] <twb> I doubt you can.
[01:50] <twb> Why would you want to?
[01:50] <jMyles> twb: just to stay organized
[01:50] <twb> What does that mean?
[01:50] <jMyles> twb: syslog gets so bloated :-\
[01:50] <twb> Um, are you talking about the *service* called syslog, or a file?
[01:50] <jMyles> twb: I'd rather have dnsmasq-dns.log and dnsmasq-dhcp.log
[01:51] <twb> OK, all you need to do in that case is configure syslog.
[01:51] <jMyles> I don't think I know the difference :-\
[01:51] <jMyles> the only way I find dnsmasq logs is by catting syslog
[01:51] <jMyles> which is very inefficient
[01:52] <twb> Daemons use a system call (called syslog, too, IIRC), and a daemon (syslogd, rsyslogd or syslog-ng) "hears" them and puts them in files.
[01:52] <jMyles> ahh, I see
[01:52] <twb> So if you want to put log entries in a different file, you configure rsyslog.
[01:52] <jMyles> so I need to have a little heart-to-heart with rsyslog
[01:52] <jMyles> right
[01:52] <twb> Personally I usually just grep dnsmasq.*DHCP /var/log/daemon or so
[01:53] <jMyles> I don't understand that last statement - can you explain?
[01:54] <twb> jMyles: are you familiar with grep(1)?
[01:54] <jMyles> perhaps not - the (1) is foreign to me
[01:54] <twb> (1) just means its in the first chapter of the manual
[01:54] <twb> (See man(5)).
[01:56] <jMyles> I see
[01:57] <jMyles> well, since we're on the topic - how does one search for a string in man?
[01:57] <jMyles> (like ctrl-f in firefox or ctrl-w in nano)
[01:59] <twb> apropos(1)?
[02:00] <twb> If you mean within the displayed manpage, then it depends on your pager.  The default pager is less(1), so use / for forward searching, and ? for backward searching.
[02:00] <twb> C-/ or / should also work in firefox, FWIW.
[02:00] <twb> You can use a different pager (e.g. w3m), or have man generate PDFs or HTML, of course.
[02:20] <jMyles> phew.  I'm learning many new server applications at once, and I really want to come to terms with all of them and have a good grasp.  I have a gateway running dnsmasq (and apache) and now I'd like to set up openvpn.  I've read the guides, and I've tried, but restarting openvpn is giving me [fail].
[02:20] <jMyles> Is there a specific guide for setting up openvpn on a computer that is a gateway / router?
[02:24] <twb> Have you looked at the Ubuntu Server Guide?
[02:24] <twb> It's the fourth link in /topic
[02:31] <jMyles> twb: looking.
[02:31] <jMyles> thanks for all your help
[02:32] <twb> np
[02:35] <jMyles> I am running into frustration over the bridging in openvpn - the documented setup seems to be for a server with one NIC connected to a router.  In my case, I can't create the extra device br0 because I already have a bridge between eth0 (WAN) and eth1 (LAN).  I don't think I need the bridging stuff at all, but I don't know how to use openvpn without it.
[02:35] <jMyles> I really just want openvpn to listen on eth0, that's it
[02:37] <twb> I don't do much with OpenVPN, sorry.
[02:50] <a|3x> hi all
[02:51] <a|3x> i have a bit of a problem with the official kernel and iscsi targed daemon, hoping somebody can help...
[02:52] <sabgenton> should my hostapd config be in /etc/hostapd/hostapd.conf
[02:52] <sabgenton> it doesn't seem to take there
[02:52] <twb> !anyone > a|3x
[02:52] <sabgenton> with /etc/init.d/hostapd start
[02:53] <twb> sabgenton: I don't know.  What does the manpage say?
[02:54] <sabgenton> nothing
[02:54] <twb> strace the daemon, then.
[02:54] <sabgenton> I only can get it  working with hostapd /etc/hostapd/hostpad.conf
[02:54] <a|3x> i have vmware installed on an ubuntu server installation with iscsi target daemon, but every time my vm tries to use the iscsi target i get console message that says soft lockup, cpu #x stuck for 11s, and istd has 100% cpu usage, any ideas what could be causing this?
[02:55] <sabgenton> but I want to use it via /etc/init.d/hostapd
[02:55] <twb> sabgenton: my default position would be to blame vmware, because I hate it
[02:56] <twb> Oops, bad completion
[02:56] <twb> a|3x: does it work if you take VMware out of the equation?
[02:56] <sabgenton> ?
[02:56] <sabgenton> oh ok
[02:56] <sabgenton> :P
[02:59] <a|3x> i cant
[02:59] <sabgenton> twb I asked this earlyer but when hostapd appers in /etc/init.d/hostapd is that sometimes becouse ubuntu/ the deb put it there or is that what would happen if I intalled it from source
[02:59] <sabgenton> generally i mean
[03:00] <sabgenton> as the man has nothing about /etc/init.d/hostapd
[03:00] <sabgenton> is it debian people that made the deb installer setup a space in /etc/init.d/ for it
[03:00] <twb> sabgenton: I don't know.  I don't install packages from source.
[03:00] <sabgenton> for better management
[03:01] <twb> You could find out by inspecting the upstream source.
[03:01] <sabgenton> ok
[03:02] <a|3x> twb: i could set up a test system on the side but i was wondering maybe its something easy
[03:02] <twb> a|3x: I don't know.
[03:03] <twb> iscsi is pretty complicated.  If I had to deal with network block devices, my gut position would be to steer towards AoE.
[03:04] <twb> That's assuming your nbd doesn't need to cross networks, of course.
[03:20] <a|3x> twb: the problem is vmware is a fart when it comes to support for >2tb virtual drives
[03:22] <a|3x> twb: that is why i had to use iscsi in the first place
[03:34] <ruben23> hi
[03:34] <ruben23> jmarsden: hi
[03:35] <jmarsden> hi
[03:40] <ruben23> jmarsden: the one you test me about the mount cifs.. it worked but with my fstab when reboot
[03:41] <ruben23> it didnt work im getting erro like this-->error connecting to IPv4 socket , cifs mount failed error code = -113
[03:43] <jmarsden> ruben23: So now if you do   sudo mount /media/share   # what happens?
[03:43] <jmarsden> ruben23: -113 sounds like "wrong IP address or remote XP box is not there" kind of a problem, but I'm not really sure.
[03:45] <ruben23> jmarsden:--> mount media share i can mount it
[03:45] <ruben23> but with auto mount upon reboot i cant..
[03:46] <ruben23> my fstab is this-->http://pastebin.com/m594509e7
[03:47] <jmarsden> ruben23: Interesting.  Sounds like a timing issue, maybe some other service is not up when the mount is tried at reboot.   I don't have any great ideas on that.  The fstab entry looks fine to me.
[03:48] <jmarsden> As an "ugly" workaround, you could try doing something like    sleep 60 && mount -a     in /etc/rc.local
[03:48] <ruben23>  jmarsden: the windows unit is up already while the system is rebooting
[03:48] <ruben23> ow ok
[03:48] <ruben23> ill try it
[03:49] <jmarsden> That will wait for one minute and then try the mount again... it might help.
[03:50] <twb> jmarsden: isn't upstart supposed to magically fix boot order issues?
[03:50] <jmarsden> Yes... but I lack time right now to troubleshoot it, and ruben23 just needs something that works for a personal server :)
[03:51] <twb> I was just bitching
[03:51] <jmarsden> twb: If you can work with him on a full diagnosis and non-ugly fix for this, go for it :)
[03:51] <jmarsden> OK...
[03:52] <ruben23>  jmarsden:thanks ill try the work around..
[06:16] <kingjm> kingjm
[06:16] <kingjm> 12:13
[06:16] <kingjm> I am looking for some help to do with VPNs I have started a forum discussion as I could not find a previous one. http://ubuntuforums.org/showthread.php?t=1383560
[06:16] <kingjm> can somone see me now?
[06:18] <kingjm> is anyone in here?
[06:22] <twb> !anyone > kingjm
[06:25] <kingjm> I am trying to setup two VPN's one using PPTP and the other IPSEC/XL2TP I have started a forum thread with what I have done. however I cannot connect using Snow Leopard or windows Mobile. Can someone please help?
[06:26] <twb> kingjm: can you connect using Ubuntu Server?
[06:26] <kingjm> I havn't tried that I did not think that I could connect to my own server that I am serving the vpn from. I will try
[06:35] <kingjm> twb well I am having trouble with that too I don't know how to connect on ubuntu terminal.   I have install pptp-linux
[06:37] <twb> Uh, PPTP, IPSec and L2TP are all different protocols.
[06:37] <twb> AFAIK you can't (for example) connect a PPTP client to an L2TP server.
[06:38] <kingjm> twb I am starting with pptp shoudl be the easiest…. it
[06:38] <kingjm> sudo pptp 192.168.0.100
[06:38] <kingjm> Terminated
[06:39] <twb> Have you configured your server to serve PPTP?
[06:40] <kingjm> I thought so. if you click this link it will show exactly what I did. don't worry. I have the only post atm
[06:40] <kingjm> http://ubuntuforums.org/showthread.php?t=1383560
[06:41] <twb> kingjm: the link you provided sets up three completely different VPN tunnels.
[06:41] <twb> It also contains bugs, so if you followed it you would've seen errors and tried to deal with them.
[06:42] <kingjm> I realize that. I am just trying to start with pptp. My goal is to get all of them working
[06:42] <twb> kingjm: so pptpd is installed?
[06:42] <kingjm> yep it is installed
[06:43] <twb> And you edit /etc/ppptpd.conf, /etc/ppp/options, /etc/ppp/chap-secrets and /etc/sysctl.conf as advised by that page, and restarted pptpd?
[06:43] <kingjm> yep just as that page says
[06:44] <twb> Did you activate the changes to sysctl.conf?
[06:44] <kingjm> with /etc/init.d/networking restart
[06:44] <twb> That's wrong.
[06:44] <kingjm> oh
[06:45] <twb> Here it is managed by the procps init script.
[06:46] <kingjm> so how do I activate the changes?
[06:46] <twb> 17:45 <twb> Here it is managed by the procps init script.
[06:47] <kingjm> sudo /etc/init.d/procps restart
[06:47] <kingjm>  * Setting kernel variables...
[06:47] <kingjm>    ...done.
[06:49] <kingjm> sudo pptp 192.168.0.100
[06:49] <kingjm> Terminated
[06:49] <kingjm> twb anything else that you can see might be wrong?
[06:50] <twb> kingjm: maybe you should look at the log files
[06:50] <twb> kingjm: and inspect the open ports (with ss or netstat) and firewall.
[06:54] <kingjm> I looked in var/log/messages nothing there anywhere else?
[06:58] <kingjm> tcp        0      0 0.0.0.0:1723            0.0.0.0:*               LISTEN      -
[07:00] <twb> kingjm: that will depend on how your daemon does logging.
[07:02] <jmarsden> kingjm: /var/log/daemon.log is one possibility.  Read /etc/syslog.conf to see where else your syslog daemon might be logging things, or man pptpd to see where pptpd is supposed to log things.
[07:04] <kingjm> auth,authpriv.*			/var/log/auth.log
[07:04] <kingjm> *.*;auth,authpriv.none		-/var/log/syslog
[07:04] <kingjm> #cron.*				/var/log/cron.log
[07:04] <kingjm> daemon.*			-/var/log/daemon.log
[07:04] <kingjm> kern.*				-/var/log/kern.log
[07:04] <kingjm> lpr.*				-/var/log/lpr.log
[07:04] <kingjm> mail.*				-/var/log/mail.log
[07:04] <kingjm> user.*				-/var/log/user.log
[07:04] <jmarsden> Don't spam the channel :)  Read it and then check the relevant log files on your server for pptp related log entries!
[07:05] <kingjm> I was just putting it up there so that you would know where to logs are going. as you may know which ones to check
[07:06] <jmarsden> Never post more than 2 lines to the channel.  For anything more than that use pastebin.
[07:06] <kingjm> pastebin what is that?
[07:06] <jmarsden> It would have been faster to grep pptp /var/log/*log than to spam us with syslog.conf entries anyway...
[07:06] <jmarsden> !pastebin
[07:07] <kingjm> thanks I will
[07:10] <kingjm> http://ubuntu.pastebin.com/d1e9f0d5a this is the grep pptp
[07:12] <jmarsden> OK.  So now you can go through that and fix anything you find relating to "error" or to missing or unrecognized options, etc.
[07:17] <kingjm> I am going through this, I don't understand much…. I do really appreciate that you are walking me through how to find my own errors.
[07:18] <kingjm> In file /etc/ppp/pptpd-options: unrecognized option 'localip'  but this is needed for localip and remoteip. what can I change?
[07:20] <jmarsden> Are you sure that is the right option in the right file?  man pptpd and check.  Maybe it is spelled local-ip or maybe the intent is that you replace the string "localip" with your actual local IP address 1.2.3.4 or something ?
[07:20] <jmarsden> It has been years since I ran a pptpd so the man page will be more accurate than I am.
[07:23] <twb> Isn't PPTP the one with the gaping cleartext-password-type holes?
[07:25] <jmarsden> twb: I think the really bad holes were cleared up a while back, but since it is basically a Microsoft protocol, it wouldn't be surprising if there are still some issues with it.
[07:26] <kingjm> I think I got it thanks sudo pptp 192.168.0.100 did not return any errors
[07:27] <jmarsden> twb: http://www.sans.org/security-resources/malwarefaq/pptp-vpn.php    May be worth a look for SANS ideas on improving its security...
[07:27] <twb> Ha, a security group is using PHP
[07:28] <kingjm> how do I check or close the pptp connection
[07:31] <twb> You can close it by pulling the cable out and waiting an hour
[07:31] <jmarsden> kingjm: You are trying to write a wiki article about doing this stuff, but don't know how to start and stop PPTP, nor how to test it?  Seems odd... perhaps you should leave writing wiki articles about VPNs to folks who have experience with them?  You could kill the pptp client, to close the connection rather rapidly :)
[07:32] <twb> jmarsden: I think he was writing up what he *tried*, rather than having to repeat it all here
[07:32] <kingjm> I would love to however no one else has done so. That is why I am using the forums to figure it out
[07:32] <twb> Forums are worse than IRC!
[07:32] <twb> They are populated by people too stupid to configure a newsreader.
[07:33] <jmarsden> kingjm: Did you Google for    ubuntu pptp server      and see how many hits there are?  "noone else has done so?"
[07:33] <kingjm> I have gotten pptp to work and connect via snowleopard
[07:33] <kingjm> I did google that is where I started. then I went to the wiki, then to the forums, and now here
[07:35] <jmarsden> kingjm: OK.  So you know there are plenty of people who have written this up.  Mostly a long time ago, because few people use PPTP any more, it being considered too insecure...
[07:39] <beric> Hi, Something moved my syslog.conf to syslog.conf.0 , I guess some unattended upgrade. where can I read about protecting my config files from things like that ?
[07:40] <twb> The Debian Policy ought to prevent that :-/
[07:41] <jmarsden> twb: That's what I was thinking... "is that *allowed*?"
[07:41] <jmarsden> beric: What kind of automated unattended updating software are you using on your Ubuntu server that you think did this?
[07:41] <beric> apt-cron
[07:42] <twb> apt-cron is basically an obsolete version of unattended-upgrades.
[07:42] <twb> It shouldn't do anything like that -- it basically just does an "apt-get update && apt-get upgrade"
[07:43] <twb> Now, if you have cowboy third-party repositories enabled, their postinsts could do any kind of crack-addled thing...
[07:43] <beric> it's 8.04 LTS. I know it's old but can't upgrade anything
[07:43] <kingjm> I would just like to say thanks for all those who helped. good night
[07:43] <jmarsden> kingjm: Goodnight.
[07:45] <beric> twb: sounds reasonable, It has turnkey linux repositories . what can I do about that in the future ?
[07:45] <jmarsden> beric: You might want to check what version of syslogd you have and where it came from?  And make frequent backups of /etc :)
[07:47] <jmarsden> beric: You may also be able to use pinning to restrict which pacakges the 3rd party repositories can update, to ONLY the few you really need from there.  man apt_preferences for more on pinning.
[07:48] <twb> The obvious solution is not to use those shitty "turnkey" repos
[07:49] <twb> Or, to not enable auto-upgrading, or at least disable it for everything by hardy-security
[07:50] <twb> aptitude install '~i ~S ~VTARGET ~Ahardy-security' (untested)
[07:50] <beric> ok. I'll consider that
[07:50] <twb> Pinning ought to work for that, too, but it always makes my brain hurt
[09:17] <jiboumans> good morning
[10:02] <Helix001> hi is anyone using squid and likewise open with active directory?
[10:21] <rags> Hello, I am running BIND 9.4 on Hardy, I'm getting this messages in the logs : "named[30429]: unexpected RCODE (SERVFAIL) resolving '31.59.243.72.in-addr.arpa/PTR/IN': 97.66.48.58#53"
[10:21] <rags> I've totally locked down the server - query and recursion only from local net and bind is listening only on the local host and n/w, but I keep getting these messages in the logs...
[10:40] <jiboumans> soren, ping?
[10:41] <jiboumans> soren: LP question. do you know why http://qa.ubuntu.com/reports/team-assigned/canonical-server-assigned-bug-tasks.html isn't listing https://bugs.launchpad.net/ubuntu/+source/ec2-init/+bug/494185 ?
[10:46] <soren> jiboumans: /me looks
[10:46] <soren> jiboumans: Probably because it's listed as fixed in Lucid.
[10:46] <jiboumans> hmm, but not in karmic, which is half of the bug =/
[10:46] <soren> jiboumans: It says "Status tracked in Lucid", so whatever the status is in Lucid is what matters here, I believe.
[10:47] <jiboumans> soren: thanks for explaining.. damn this falling through the cracks. so if i say 'status tracked in karmic', it should pop up again?
[10:48] <soren> jiboumans: You can do that?!?
[10:48] <jiboumans> soren: i have no idea
[10:48] <jiboumans> all i know is there's a bug that's 50% fixed and it's not showing up in reports
[10:49] <soren> jiboumans: I don't think you can. I think it's just telling you that that's how it is.
[10:49] <jiboumans> i see. damn.
[10:49] <jiboumans> soren: could you check with the QA folks if there's a report they generate that does include things like this?
[10:49] <soren> jiboumans: I'd bother the good people in #launchpad. I'm sure there's a bug open about it already (I remember seeing one to this effect), but I don't remember the bug no.
[10:49] <jiboumans> ok, i'll ask there
[10:49] <soren> ta
[13:56] <tarski> anyone here have any luck or know about installing ruby 1.9.1 with rails on ubuntu server?
[14:02] <jiboumans> tarski: you're running karmic?
[14:02] <tarski> no i downloaded hardy
[14:03] <tarski> jiboumans: but it's not working, so many errors with gems, and such
[14:03] <tarski> jiboumans: think i should use karmic?
[14:03] <jiboumans> tarski: depends on what you are looking for. Hardy's an LTS; the software will be older, but stable
[14:03] <jiboumans> Karmic's the latest release, so will have the newest versions of ruby & co that were available
[14:04] <tarski> jiboumans: well im looking for the newest ruby, i  can install ruby1.9.1 on hardy from the karmic repos but rails wont work and some other gems i need
[14:04] <jiboumans> tarski: your best bet to run the newest gems/rails/ruby is to use karmic
[14:05] <tarski> jiboumans: thought so. im going to be installing 10.04 when it's out so no i dont need lts right now
[14:05] <tarski> jiboumans: thanks
[14:05] <jiboumans> tarski: happy to help. good luck
[15:31] <Ash-Fox> Perhaps someone else can figure this out - I have an external 1TB USB harddrive, it works perfectly on my other systems with the same distro, doesn't matter what kernel I use however on this specific machine, the drive eventually becomes inaccessible. I have tried tweaking max_sectors, but that doesn't seem to help at all. Here is a copy of my syslog:
[15:31] <Ash-Fox> http://ash-fox.pastebin.com/d1fc9a240
[15:37] <zul> soren: ping
[15:43] <soren> zul: hey.
[15:49] <zul> soren: i just uploaded the latest mysql 5.1 from debian testing can you add it to your testsuite thing?
[15:49] <soren> zul: It's already there, isn't it?
[15:50] <zul> i dunno how can i check?
[15:50] <soren> zul: Don't you get build failures for mysql-dfgs-5.1 each morning?
[15:50] <soren> Anyhow, the authoritative sources is:
[15:50] <zul> lemme check
[15:51] <soren> https://edge.launchpad.net/~ubuntu-server-qa/+archive/regression-test
[15:51] <soren> Yup, mysql 5.1 is already there.
[15:51] <zul> soren: cool thanks
[16:06] <kaffien> can apt-get be used to install applications with make flags?
[16:07] <ZimCS> Hello.  I am running ubuntu server on a small home server that I just built.  What is a good option to backup files from remote PC's?
[16:08] <kaffien> I used to use samba
[16:08] <kaffien> then use a backup software on the other machines to backup to the network share
[16:09] <ZimCS> thanks
[16:13] <ZimCS> kaffien: i setup samba last night and the file transfer was extremely slow.  did you ever run into that problem?
[16:13] <kaffien> define slow
[16:14] <ZimCS> 160GB would take 22 hours
[16:14] <kaffien> the fastest way i have transferred to to a linux system was on an ftp program via the SCP protocol
[16:15] <kaffien> jesus
[16:15] <kaffien> that should take about 4 hours with the right hardware
[16:15] <ZimCS> yeah
[16:15] <kaffien> what kind of a server do you have?
[16:15] <kaffien> you must consider all points
[16:15] <ZimCS> what do you mean what kind
[16:15] <kaffien> cpu, ram, hdd speed (do they have bad sectors etc)  speed of network switch,  cables, nic cards etc
[16:16] <kaffien> all of those can slow a transfer to a halt
[16:16] <kaffien> one of the biggest mistakes folks make is using a 10/100 switch / router
[16:16] <ZimCS> oh, an amd sempron single core 2.2ghz 2 gb ram 10/100/1000  with 2 sata drives
[16:16] <kaffien> what speed of sata drives?
[16:16] <ZimCS> yes, unfortunately my router is a wrt50g so the switch is 10/100
[16:17] <ZimCS> 3.0GB
[16:17] <kaffien> thats a majour bottle neck
[16:17] <ZimCS> even for home use?
[16:17] <kaffien> yes
[16:17] <kaffien> gigabyte switches are cheep
[16:17] <mike3> .
[16:17] <mike3> how can i remove the motd of permanently. It keeps generating a new message in MOTD.
[16:17] <kaffien> id connect all computers to switch then one cord to the router for internets
[16:18] <kaffien> also make sure your workstations / desktops have gigabyte ethernet cards or a gb switch is pointless
[16:19] <ZimCS> yes, they do.  i guess i'll trade my router in then.
[16:19] <kaffien> no no
[16:19] <kaffien> you still need the router
[16:20] <ZimCS> i mean just to one that has 10/100/1000
[16:20] <kaffien> unless you can find a gigabyte ethernet router
[16:20] <kaffien> if not just get a switch ... its more hardware but it might be cheaper
[16:21] <ZimCS> a lot of my transfers from my laptop will be wireless
[16:22] <kaffien> ahh
[16:22] <kaffien> make sure you got wireless N on your net router then
[16:22] <kaffien> wireless is generally slower than wired still
[16:23] <alvin> Are those remote pc's running Linux? NFS would be a better choice for that.
[16:23] <mike3> What keeps generating in my /etc/motd ? How can I remove it permanently?
[16:24] <kaffien> scp will transfer faster than nfs
[16:24] <ZimCS> alvin; windows
[16:24] <kaffien> setup scp on the linux box and get winscp for windows (its free)
[16:25] <alvin> kaffien: It will most certainly not. scp (SFTP) uses encryption.
[16:26] <ziesemer_> mike3: What version of Ubuntu?  And do you only want to remove parts, or the entire thing?
[16:26] <kaffien> FTP and scp are different
[16:26] <mike3> the entire thing
[16:26] <kaffien> sftp is slooooow compaired to scp
[16:26] <alvin> actually, they are the same
[16:26] <kaffien> definately faster over here
[16:26] <kaffien> maybe its the way winscp handles them
[16:26] <ziesemer_> Well, /etc/motd.tail is part of it, and I just cleared that.  That way I can still see package update notifications, etc.
[16:27] <kaffien> i usually get about 17MBs
[16:27] <ziesemer_> So you want to remove from just SSH, or all shell logins?
[16:28] <alvin> No, it's just ssh. winscp should not be faster than the scp command, or FileZilla.
[16:28] <mike3> ziesemer_: where to i tell it to use a different motd? Which file is doing this?
[16:28] <ziesemer_> Either way, at least under Karmic, look in /etc/pam.d.  In both "login" and "sshd", there are references to pam_motd.so that could be commented out.
[16:29] <Pici> mike3: look at the manpage for motd.tail, it explains the process as to how the motd is generated.
[16:29] <sub> In my experience I've never been able to get winscp to exceed 10Mbps
[16:29] <sub> or maybe it was MBps, i don't quite remember
[16:30] <ivoks> if you want to remove it just from sshd
[16:30] <ivoks> edit /etc/ssh/sshd_config
[16:30] <ivoks> PrintMotd no
[16:31] <mike3> Pici: okay thanks
[16:31] <kaffien> alvin, its not im saying that SCP is faster than regular ftp and or windows transferring to a samba share
[16:31] <kaffien> via drag and drop
[16:32] <ZimCS> thanks for the help.  i have one more question.  this server primarily does hosting for my website, backups and file sharing.  but it has an hdmi out and I'd like to use it to watch movies on my hdtv.  but since boxee needs x-windows to run, do i need to install a gui?
[16:32] <ivoks> man, don't do that
[16:32] <ivoks> don't mix webhosting and divix :)
[16:33] <ZimCS> its just for my site though, nothing important
[16:33] <mike3> Pici: okay i found that, but I am still getting system information in there that I don't want..
[16:33] <ivoks> mplayer can output to svga :)
[16:33] <ivoks> aai is nice too :D
[16:34] <alvin> kaffien: Ah, you were saying it was faster than NFS, and NFS is faster than CIFS (marginally). I didn't mention FTP. What I meant was that FileZilla can do SFTP (=SCP) too.
[16:34] <ivoks> sftp != scp
[16:35] <mike3> okay nm, i just removed /etc/motd all together
[16:35] <mike3> i still would like to know where it generates the system information from. /etc/motd.tail doesn't contain this info
[16:35] <ziesemer_>  /etc/update-motd.d
[16:35] <ivoks> it depends on version of ubuntu and packages you installed
[16:35] <ziesemer_> https://wiki.ubuntu.com/UpdateMotd .  But is slightly outdated for Karmic, as it no longer uses cron.
[16:36] <mike3> ziesemer_: oh okay.. hrm..
[16:36] <kaffien> alvin wouldn't he be better off using scp to transfer files as big as 160gb?
[16:36] <ziesemer_> And I'm not sure that just removing /etc/motd will work like you expect.  It might, but I'm not sure.  You'd be better off removing the lines I mentioned from the pam.d files.
[16:38] <alvin> kaffien: I don't know. In his case, I would use Windows file sharing in combination with backup software. The built-in backup solutions of Windows will probably be good enough.
[16:38] <alvin> I would use SCP over an untrusted link only.
[16:39] <ivoks> in any case, use scp always instead of sftp
[16:39] <kaffien> seems to be that his problem is his 10/100 router
[16:39] <kaffien> 160gb transfer took 22 hours
[16:40] <mike3> ziesemer_: in ssh  right?
[16:40] <ziesemer_> Depends.  Who do you want to disable it for?  SSH users only, or all users?
[16:40] <mike3> let's say ssh users
[16:40] <mike3> what do i need to do?
[16:40] <alvin> kaffien, ivoks: Apparently I'm wrong. SCP is older than SFTP (faster, but less features). I thought it was the same.
[16:41] <mike3> because PrintMotd is already no
[16:41] <ziesemer_> Did you restart sshd?
[16:41] <mike3> it was already set
[16:41] <mike3> it was never yes
[16:41] <ivoks> oh really?
[16:41] <ivoks> hm...
[16:42] <ziesemer_> And you're still seeing it?  Then I'd try disabling it in the pam.d files I mentioned above, e.g. /etc/pam.d/sshd .
[16:42] <ivoks> i consider that as a bug
[16:42] <mike3> ziesemer_: okay thanks..
[16:42] <mike3> found it
[16:42] <mike3> sec
[16:42] <ivoks> ah... it's not
[16:43] <mike3> okay that worked
[16:43] <mike3> sweet
[16:43] <ziesemer_> mike3:  See also:  https://bugs.launchpad.net/ubuntu/+source/pam/+bug/399071
[16:44] <mike3> now on to my next problem... I want to install talkd but it wants to install the openbsd inetd which I do not want to use. I want to use xinetd
[16:44] <ivoks> install xinetd first
[16:45] <mike3> ivoks: it's installed already, but apt-get wants to remove it and intsall inetd
[16:45] <bogeyd6> Anyone have a guide on how to have a linux server running bind be a backup dns server for active directory?
[16:46] <ivoks> mike3: inetutils-talkd
[16:46] <mike3> sec
[18:09] <Aison> can I use dhcp3-server also for ipv6?!?
[18:11] <genii> Aison: not yet
[18:12] <Aison> so I need this "wide-dhcpv6-server" ?
[18:13] <genii> Aison: As far as i know, yes
[18:18] <kingjm> I have a problem wtih pppd "Cannot determine ethernet address for proxy ARP" how do I define proxyarp in /etc/ppp/options?
[18:21] <kingjm> can I use arp --use-device --set 192.168.0.100 eth0 pub.  etho 192.168.0.100 is server address
[18:29] <mike3> I'm having issues getting talkd to work..
[18:29] <mike3> I need to use xinetd
[18:37] <mike3> in.talkd is nowhere to be found...
[19:00] <jfelt> Hail.
[19:00] <jfelt> I'm trying to gather some more information about the Cloud functionality of Ubuntu 9.10 server.
[19:00] <jfelt> has anyone implemented anything with it, yet?
[19:23] <kpettit> Can anybody recommend a good systems monitor that's easy to script?  Basically I want to say "do XYZ if system is down..." type of stuff
[19:40] <jMyles> I need to know how to reset my password for ldap.  I am getting "Invalid credentials".  I have looked and looked, but many of the guides seem to reference an outdated configuration using /etc/openldap/slapd.conf, which no longer exists.
[19:50] <Jeniczek> hi guyz
[19:51] <Jeniczek> am tryon to solve an installation problem
[19:51] <Jeniczek> anybody around?
[19:51] <Jeniczek> I wasnt successful on ubuntu channel :(
[19:51] <guntbert> Jeniczek: the rules are the same - just ask :)
[19:51] <Jeniczek> I have a Fujitsu RX300S4 server with 4 SAS drives. Both of the drives are put into 2 mirror RAIDS. During installation, I do partition the first RAID to / , swap and /home and the second RAID to /var . After successful install the server reboots and then all it says during boot is Fatal protection error at 0000:0000. I have tried to Low level format all hardrives, so its not an MBR issue.. Or at least doesnt looks so... The GRUB i
[19:51] <Jeniczek> thats it ;)
[20:01] <Jeniczek> hm :P
[20:21] <Jeniczek> well, g2g, bb guyz
[20:27] <Maz3Mike> How is it going everybody?
[20:28] <Maz3Mike> I had some issues installing Fedora 12 with graphics, and I thought I would give Ubuntu a chance
[20:28] <Maz3Mike> I have a Nvidia 7800 installed...any advice?
[20:28] <guntbert> Maz3Mike: this is primarily support for the server version
[20:29] <Maz3Mike> guntbert: That is what I am wanting to install
[20:30] <guntbert> Maz3Mike: I was confused - where does graphics come into the picture?
[20:30] <Maz3Mike> guntbert: I used to have a teamspeak server on fedora 9, but I wanted to upgrade...it didnt work..so I am going to give UbuntuServer a shot
[20:31] <Maz3Mike> guntbert: I was just wanting to have a monitor hooked up to it
[20:32] <guntbert> Maz3Mike: I see - and what exactly is your problem?
[20:32] <Maz3Mike> guntbert: Since I have been fooling around with the linux the last couple of years..I always run into issues with graphic cards
[20:33] <Maz3Mike> gunbert:installing it right now
[20:33] <guntbert> Maz3Mike: with the CLI? very rare - I'd say just go ahead :)
[20:35] <Maz3Mike> guntbert:already like the intial config...got opensuse working before this but I didnt like it either
[20:37] <Maz3Mike> guntbert: question...I have one 300GB disc that I wont the os to go on...and I have a 500GB disc that I want to keep stuff on there such as pictures..videos...ISOs..random things for the most part..set it up as a file share throught samba..but I want to ecrypt all of the 500GB disc
[20:38] <Maz3Mike> guntbert: what would be the best way of doing this...I am at the partition disk menu right now
[20:39] <guntbert> Maz3Mike: no experience with encryption on server here - but I'd say install to the 300GB and leave the other one untouched for now - you should be able to handle that later
[20:39] <Maz3Mike> k
[20:40] <Maz3Mike> guntbert: I will encrypt that sucker later...just have to use fdisk
[20:44] <Maz3Mike> figured it out
[20:44] <Maz3Mike> just partion the disk and then encrypt what volumes you want
[20:49]  * RoyK never uses X on servers unless they run opensolaris
[20:49] <RoyK> sometimes I even turn it off on those suckers
[20:49] <EtienneG> hey guys, I feel like an idiot
[20:49] <guntbert> RoyK: and?
[20:50] <RoyK> EtienneG: wanna talk about it?
[20:50] <EtienneG> I just built a three host cloud (CLC/CC/SC/Walrus, and two NC)
[20:50] <EtienneG> RoyK, oh yes!
[20:50]  * RoyK hands EtienneG paper towels
[20:50] <EtienneG> so anyway, I used the installer integration, it works fine
[20:51] <EtienneG> only thing: no networking to the instances, except from the frontend
[20:51] <EtienneG> it's like it is not routing between the public IP, and the instances private IP
[20:51] <EtienneG> yet, sysctl says net.ipv4.ip_forward = 1
[20:52]  * RoyK really has no idea about setting up clouds
[20:52] <EtienneG> RoyK, it's all good, mathiaz, kirkland, nurmi or someone else will surely help eventually
[20:53] <EtienneG> it's worth saying that both VNET_PUBINTERFACE and VNET_PRIVINTERFACE are set to eth0
[20:54] <EtienneG> so I wonder if that has something to do with it ...
[20:55] <kpettit> any good tools to say something like so "If ping 192.168.0.XX dpesm
[20:55] <kpettit> If ping doesn't give me a response restart system?
[20:55] <RoyK> kpettit: heh - no
[20:55] <kpettit> I'm having a hard time finding something simple to do that.  Most of the systems are very bloated.  Don't really want nagios or zabbix for something like that
[20:55] <RoyK> kpettit: what is this, from a server?
[20:56] <RoyK> if you can't ping x.x.x.x, it's most likely (as in 99,lots%) something else than linux that is the problem
[20:56] <kpettit> I've got this VirtualBox client VM that seems to die every so often.  The process stays running but windows locks up.  SO I want to do a ping test and send a restart to the client if it doesn't respond
[20:56] <kpettit> Basically I want the Linux host to ping the Windows guest and restart it if it doesn't respond
[20:57] <guntbert> kpettit: there is c
[20:57] <guntbert> sorry
[20:57] <RoyK> kpettit: nagios would be neat, but it really is a short script to do it manually
[20:57] <kpettit> :)  If I had to code something I'd use python, it's the only thing I know well enough to do something usefull in.  But I hate re-inveting the wheel
[20:58] <guntbert> kpettit: there is a complete CLI instruction set - so a "simple" script should do it
[21:00] <EtienneG> kpettit, something I do not understand is: how will you restart the unresponsive machine?
[21:01] <EtienneG> it's unresponsive, after all
[21:01] <kpettit> The linux server would still be running.
[21:01] <EtienneG> kpettit, yes.  How will it restart the Windows machine?
[21:01] <kpettit> It's the VirtualBox guest that dies.  The guest gets it's own IP address, I can't ping it when it locks up
[21:01] <kpettit> So normally I have to kill the process and restart it.
[21:01] <EtienneG> kpettit, ok, that make sense
[21:02] <EtienneG> then you would use a script that does something like:
[21:02] <EtienneG> if ! ping -c 1 ip.of.virtualbox.guest; then
[21:02] <EtienneG> # do something
[21:02] <EtienneG> fi
[21:02] <kpettit> exactly
[21:02] <EtienneG> then run it from cron every minute, or something?
[21:03] <kpettit> yes, not that often but something like that.
[21:03] <EtienneG> kpettit, cool!
[21:04] <kpettit> I just know it'll take me 1/2 a day to code something that's decent and doesn't give me a bunch of false postives or negatives.  That's why I was looking
[21:04] <RoyK> kpettit: http://karlsbakk.net/pingtest.sh.txt
[21:05] <RoyK> kpettit: that took me a little less than half a day :þ
[21:05] <kpettit> cool. I'll test it out.
[21:05] <kpettit> I'm not a very good programmer though :)
[21:05] <RoyK> just replace the stuff in function restart...
[21:05] <kpettit> But I can copy and paste with the best of them
[21:05] <RoyK> it shouldn't be too hard
[21:06] <RoyK> it's hardly any more 'programming' than the usual linux commandline
[21:06] <kpettit> interpreting the ping results is what I was worried about
[21:06] <RoyK> oh
[21:06] <RoyK> never mind
[21:07] <RoyK> ping returns an error code
[21:07] <RoyK> 0 on success, 1 on error
[21:07] <RoyK> so
[21:07] <kpettit> ah cool
[21:07] <kpettit> that's perfect then.  Didn't know it did that, was thinking I'd have to parse the result line or something
[21:07] <RoyK> if [ `ping blah > /dev/null 2>&1` ]; then echo success; else echo fail; fi
[21:07] <RoyK> that's the simple way
[21:07] <kpettit> sweet
[21:08] <RoyK> that's unix basics :)
[21:08] <RoyK> most commands follow that regime
[21:09] <kpettit> good to know
[21:12] <Maz3Mike> alright guys..just got the server
[21:12] <Maz3Mike> edition installed
[21:12] <Maz3Mike> hopefully it works with my nvidia 7800
[21:12] <RoyK> erm
[21:12] <RoyK> isn't this a server?
[21:13] <RoyK> or do you plan to do some fancy 3d games with it as well?
[21:13] <Maz3Mike> no..it is a server
[21:13] <Maz3Mike> how do i enable Xserver?
[21:14] <RoyK> first question is "WHY?"
[21:14] <Maz3Mike> want to have the gui interface
[21:15] <RoyK> Maz3Mike: https://help.ubuntu.com/community/ServerGUI
[21:15] <RoyK> it's possible but not recommended
[21:15] <RoyK> there's no need for a gui on a server
[21:16] <ivoks> gui interfaces to unix services are... bad
[21:16] <Maz3Mike> yes
[21:16] <ivoks> you can't have that many checkboxes :)
[21:16] <ivoks> so, why bother?
[21:16] <ivoks> just learn to use real unix UI - CLI
[21:17] <EtienneG> mathiaz, we had that discussion a little while back on UEC topology.  Sorry, I am amnesic, I do not remember the conclusion, but am I correct in thinking that the public and private interface cannot be the same?
[21:17] <ivoks> vimtutor is a good start
[21:17] <Maz3Mike> if you forgot your root password...what is the easiest way to reset it?
[21:17] <mathiaz> EtienneG: hm - they could be the same
[21:17] <ivoks> Maz3Mike: live cd
[21:18] <Maz3Mike> I know how to do this on solaris..use disc..mount the drive...delete the password out of the shadow file
[21:18] <Maz3Mike> Is that the disc I used to install with?
[21:18] <mathiaz> EtienneG: I was able to run a UEC setup with one network only
[21:18] <EtienneG> mathiaz, glad to her that - somehow, on my flat install (all interface on the same "public" network), the frontend is not routing traffic to the instance private IP (172.19.1.2).  Any ideas?
[21:19] <mathiaz> EtienneG: what's you configuration?
[21:19] <ivoks> Maz3Mike: the same is with ubuntu
[21:19] <EtienneG> mathiaz, stock from the installer
[21:19] <mathiaz> EtienneG: ie where are your CC/Walrus/CLC located?
[21:19] <EtienneG> mathiaz, all on the same machine
[21:19] <mathiaz> EtienneG: separate CLC and CC?
[21:19] <EtienneG> mathiaz, no, all on the same machine.  that's what the installer does
[21:19] <mathiaz> EtienneG: and what are you trying to do?
[21:20] <mathiaz> EtienneG: for karmic or lucid?
[21:20] <RoyK> Maz3Mike: if you haven't set a root password on ubuntu, single user mode lets you straight in
[21:20] <RoyK> otherwise, just boot on a live cd
[21:20] <EtienneG> mathiaz, instance is started fine, except I cannot ssh/ping whatever to it.  Security group, checked
[21:20] <EtienneG> mathiaz, karmic!
[21:20] <mathiaz> EtienneG: are you trying to ping/ssh the private instance IP or the public instance IP?
[21:21] <EtienneG> mathiaz, the public IP, from another machine (not the frontend).  Pinging/sshing works fine on the frontend, using both the public or private instance IP
[21:21] <soren> EtienneG: Can you get out from it?
[21:21] <Maz3Mike> crap
[21:21] <Maz3Mike> thought i set the password
[21:22] <Maz3Mike> should be su -..right?
[21:22] <Maz3Mike> for root
[21:22] <EtienneG> soren, good question, I shoudl try that
[21:22] <RoyK> maxb: sudo su -
[21:22] <RoyK> Maz3Mike: that was for you
[21:22] <maxb> mis-bing?
[21:22] <maxb> righ
[21:22] <EtienneG> soren, mathiaz: when checking iptables output, I can see that no packet goes through the FORWARD chain.  Is that normal?
[21:22] <RoyK> maxb: sorry :)
[21:22] <mathiaz> EtienneG: yes
[21:22] <maxb> Why do people think 'sudo su -' is a good idea?
[21:22] <RoyK> Maz3Mike: sudo su -, then use your own password
[21:22] <mathiaz> EtienneG: things are handled in the nat table
[21:22] <RoyK> maxb: because it's neat
[21:23] <mathiaz> EtienneG: try iptables -t nat -nL:
[21:23] <maxb> It's like "Become root and become root and run a shell"
[21:23] <RoyK> maxb: you get root's environment that way
[21:23] <RoyK> sudo sh doesn't give you that
[21:23] <EtienneG> mathiaz, yeah, did that, some packets are indeed going through the POST/PREROUTING chain
[21:24] <EtienneG> mathiaz, soren might be on to something .... maybe traffic is just not coming *out* of the instance somehow
[21:24] <maxb> I guess sometimes you want that. However I frequently use 'sudo -s' and find it actively useful that my $HOME is my own
[21:24] <RoyK> maxb: it's probably another fancy way to do that, but sudo su - works
[21:24] <ivoks> sudo -i
[21:24] <ivoks> sudo -s can be tricky
[21:24] <mathiaz> EtienneG: are you able to ssh into the Cloud Frontend?
[21:24] <maxb> define tricky
[21:24] <RoyK> well, that's what I want, most of the time, to use root's environment
[21:24] <EtienneG> mathiaz, sure
[21:25] <ivoks> if you run a command that drops something in ~, it will end up in user's home with root permissions
[21:25] <mathiaz> EtienneG: ie does the Cloud frontend knows how to route to your workstation?
[21:25] <ivoks> for example, firefox :)
[21:25] <maxb> eek
[21:25] <ivoks> or some cli tools - vim
[21:25] <RoyK> sudo -i I didn't know
[21:25] <RoyK> neat
[21:25] <mathiaz> EtienneG: is there a dhcp server running on the network?
[21:25] <maxb> I would never run something huge and gui under sudo
[21:25] <mathiaz> EtienneG: the instance may have gotten the wrong IP address
[21:25] <EtienneG> mathiaz, grrrrr!  I hate you!
[21:25] <EtienneG> mathiaz, of cours ethere is one ... :(
[21:25]  * EtienneG bang head
[21:25] <EtienneG> there we are
[21:26]  * RoyK helps banging EtienneG's head
[21:26] <ivoks> maxb: find ~ -user root
[21:27] <EtienneG> If it wasn't for the CoC, I would transcribe the litany of swears that just came out of me
[21:27] <EtienneG> it was very pittoresque
[21:27] <EtienneG> mathiaz, in any case, thanks a bunch
[21:27] <jMyles> I'm really in need of help with LDAP.  I'm pretty lost.  It never asked me for a password during installation, and now I can't even get started with it because I don't know the password.  Also, I want to understand it more / better.
[21:28] <RoyK> jMyles: afaicr it asks for the initial password during install
[21:28] <ivoks> jMyles: dpkg-reconfigure slapd
[21:29] <Maz3Mike> Just want to say...thanks for all the help so far.....guys in the fedora channel werent that helpful
[21:29] <RoyK> Maz3Mike: :)
[21:29] <RoyK> ubuntu!
[21:30] <RoyK> Maz3Mike: http://en.wikipedia.org/wiki/Ubuntu_(philosophy)
[21:35] <jMyles> RoyK, ivoks: dpkg-reconfigure slapd doesn't ask me to set credentials.  I am essentially having the exact problem described in this forum, but I do not understand the solution (although it is marked "SOLVED"): http://ubuntuforums.org/showthread.php?t=1295934
[21:36] <ivoks> jMyles: dpkg-reconfigure -plow slapd
[21:37] <RoyK> wtf is plow? manpage doesn't list it
[21:37] <ivoks> priority
[21:37] <ivoks> low
[21:37] <jmarsden> RoyK: priority of questions low
[21:37] <RoyK> k
[21:37] <ivoks> plow - ask everything
[21:37]  * RoyK thought of plowing
[21:37] <ivoks> phigh - ask only essential
[21:37] <RoyK> I see - just getting late
[21:37]  * jMyles *is* plowing
[21:38] <jMyles> ivoks: Even after plowing, I am not asked for credentials
[21:38] <jmarsden> jMyles: For ldap in 9.10 you are not supposed to be... the way it works changed, didn't it?
[21:38] <EtienneG> mathiaz, that was not it, after all
[21:39] <EtienneG> mathiaz, the instance does have a private IP.  It can ping the frontend (172.19.1.1), but nowhere else
[21:39] <ivoks> jMyles: true... i haven't installed slapd on karmic yet
[21:39] <ivoks> this worked on 8.04
[21:39] <mathiaz> EtienneG: can you ssh into the instance from the frontend?
[21:39] <EtienneG> mathiaz, I am starting to think there is something fishy with my security group or something
[21:39] <EtienneG> mathiaz, yes
[21:39] <RoyK> jmarsden: https://help.ubuntu.com/community/OpenLDAPServer <-- this says how to reset it
[21:39] <ivoks> mathiaz: how do we setup root pass in slapd in karmic? :D
[21:39] <mathiaz> EtienneG: I'd check the routing table on the instance then
[21:39] <mathiaz> ivoks: olcRootPW
[21:40] <EtienneG> mathiaz, ubuntu@172:~$ ip route show
[21:40] <EtienneG> 172.19.1.0/27 dev eth0  proto kernel  scope link  src 172.19.1.2
[21:40] <EtienneG> default via 172.19.1.1 dev eth0  metric 100
[21:40] <EtienneG> that seems kosher
[21:40] <mathiaz> ivoks: man slapo-config <- has the list of parameter
[21:40] <bogeyd6> can lts run cloud?
[21:40] <ivoks> oh, tree configuration
[21:41] <EtienneG> bogeyd6, no, it was introduced in jaunty
[21:41] <mathiaz> EtienneG: well - it seems that the instances are set correctly
[21:41] <EtienneG> bogeyd6, but you can run LTS *kin* the cloud, ie on EC2, or your own private cloud
[21:41] <EtienneG> mathiaz, indeed.
[21:42] <mathiaz> EtienneG: I'd use tcpdump on the instance/NC/CC to check where the network stops
[21:42] <bogeyd6> ok
[21:42] <bogeyd6> so i need 9.10
[21:42] <EtienneG> mathiaz, I did: it stops on the frontend
[21:43] <jmarsden> RoyK: Be careful, there is "old" and "new" documentation around at the moment... that page says "This page may contain outdated information." ...
[21:43] <mathiaz> EtienneG: have you enabled ssh traffic in your security groups?
[21:43] <jmarsden> jMyles: The steps presented by xingmu in the forum thread you linked to look like the "new" way to do things... did you try them?
[21:43] <EtienneG> mathiaz, etienne@curst:~$ euca-describe-groups
[21:43] <EtienneG> GROUP	admin	default	default group
[21:43] <EtienneG> PERMISSION	admin	default	ALLOWS	tcp	22	22	FROM	CIDR	0.0.0.0/0
[21:43] <EtienneG> PERMISSION	admin	default	ALLOWS	tcp	80	80	FROM	CIDR	0.0.0.0/0
[21:43] <EtienneG> GROUP	admin	demo	Demo security group
[21:43] <EtienneG> so, yes
[21:44] <EtienneG> hold on
[21:44] <RoyK> jmarsden: i know, just trying to help the guy
[21:44] <mathiaz> EtienneG: is your instance running in the demo group?
[21:44] <EtienneG> what does the "tcp 22 22" means?  hopefully, it is not the source port
[21:44] <RoyK> jmarsden: you, that is
[21:44] <EtienneG> mathiaz, no, in the default group
[21:44] <Maz3Mike> wtf man
[21:45] <Maz3Mike> I log in and use my user account and try to sudo to root but it wont work
[21:45] <mathiaz> EtienneG: you can check the iptables rules on the CC
[21:45] <Maz3Mike> i keep getting su authentication failure
[21:45] <EtienneG> mathiaz, sure.  Should I dump it here?
[21:45] <mathiaz> !paste | EtienneG
[21:45] <jmarsden> Maz3Mike: sudo or su ?  They are two different things...
[21:46] <Maz3Mike> su
[21:46] <EtienneG> ubottu, thanks, nice RTFM you have here!
[21:46] <Maz3Mike> should su -
[21:46] <Maz3Mike> for root right?
[21:46] <jmarsden> Maz3Mike: No.  Not in Ubuntu.
[21:46] <jmarsden> !root
[21:46] <RoyK> http://uncyclopedia.wikia.com/wiki/Rtfm
[21:46] <RoyK> heh
[21:46] <Maz3Mike> so what would I type?
[21:47] <RoyK> just remember that without any root password set, you can get right through all 'security' by just booting into single
[21:47] <EtienneG> mathiaz, http://ubuntu.pastebin.com/m331fc577
[21:47] <jmarsden> Maz3Mike: as a Ubuntu server admin you need to learn, not just type.  Did you read https://help.ubuntu.com/community/RootSudo
[21:47] <RoyK> Maz3Mike: sudo -i and type your own password
[21:48] <ivoks> only members of admin group have sudo privileges
[21:48] <ivoks> so if you aren't member of admin group, sudo won't work
[21:48] <EtienneG> mathiaz, notice nothing gets into the FORWARD chain, hence nothing gets to be processed trough admin-default.  Is that normal?
[21:49] <mathiaz> EtienneG: I don't think so
[21:49] <mathiaz> EtienneG: what's the routing table on the CC?
[21:49] <Maz3Mike> love it..nice got root access
[21:49] <EtienneG> mathiaz, lots of stuff through PRE/POSTROUTING
[21:49] <Maz3Mike> man the ubuntu website seems sloooow
[21:49] <EtienneG> mathiaz, cloudmaster@uec-frontend:~$ ip route show
[21:49] <EtienneG> 172.19.1.0/27 dev eth0  proto kernel  scope link  src 172.19.1.1
[21:49] <EtienneG> 10.153.108.0/24 dev eth0  proto kernel  scope link  src 10.153.108.210
[21:49] <EtienneG> default via 10.153.108.1 dev eth0  metric 100
[21:50] <EtienneG> (I just love flooding the channel!)
[21:50] <Maz3Mike> see...its always the little things that you need to know
[21:50] <henriquev> EtienneG: you shouldn't
[21:50] <Maz3Mike> Thanks guys..now on to figuring out the xserver setup
[21:50] <EtienneG> henriquev, I know ... :-/
[21:50] <ivoks> Maz3Mike: xserver setup?
[21:50] <RoyK> Maz3Mike: true, one should be able to play tetris on ones server
[21:51]  * RoyK sniggers
[21:51] <ivoks> just install xorg package :)
[21:52] <Maz3Mike> lol..dont make fun of me guys..i am on the gui crutch but i will get off of it soon enough
[21:52] <Maz3Mike> need to get teamspeak 3 working on it
[21:52] <mathiaz> EtienneG: I think it's because your public instance IPs are shared by the network IPs
[21:52] <mathiaz> EtienneG: the CC doesn't do any routing
[21:52] <ivoks> sudo apt-get install xorg
[21:52] <RoyK> Maz3Mike: https://help.ubuntu.com/community/ServerGUI
[21:52] <EtienneG> mathiaz, yes, that could well be ...
[21:53] <EtienneG> mathiaz, ok, so I will try with another IP range, like 192.168.something
[21:53] <mathiaz> EtienneG: is ip_forward enabled on the cC?
[21:53] <EtienneG> mathiaz, that makes a lot of sense indeed, and remind me of something
[21:53] <RoyK> http://www.lamebook.com/wp-content/uploads/2010/01/weekendwin4.png
[21:53] <ivoks> ah, time for bed
[21:53] <EtienneG> mathiaz, in fact, i am pretty sure I had this problem before indeed
[21:53] <mathiaz> EtienneG: yeah - try to allocate instance public IP in a non-used network
[21:53] <EtienneG> mathiaz, yes, CC is routing, I checked that first!
[21:54] <ivoks> bye
[21:54] <EtienneG> bye ivoks
[21:54] <mathiaz> EtienneG: if the FORWARD chain isn't hit, it means that things are fishy at the kernel routing level
[21:54] <EtienneG> mathiaz, yes, i got that indeed
[21:55] <mathiaz> EtienneG: you could try to see if packets *leave* eth0 on the CC
[21:56] <EtienneG> mathiaz, they aren't, I checked
[21:56] <mathiaz> EtienneG: I don't remember exactly under which circumstances packets go through the FORWARD rule
[21:56] <jMyles> jmardsen, ivok, royk, et. al.: I think I need to take a step back.  For LDAP, do I need to go through this process (the "people.ldif" thing from the forums) every time I want to create an account?  All I really want is 1) for the users / groups on my server to be authoritative across the network and 2) to be able to use that user list for a few other things (authenticating a wifidog portal, logging in to mediawiki, etc)
[21:56] <mathiaz> EtienneG: does the kernel say anything special?
[21:57] <EtienneG> mathiaz, no, completely silent
[21:58] <mathiaz> EtienneG: I don't know then
[21:58] <mathiaz> EtienneG: try to use instance public IP from a different network
[21:58] <EtienneG> mathiaz, but I think you got it ... it has to be the PUBLICIP range overlap
[22:05] <RoyK> jMyles: there are better ways to administer ldap than using ldif files, but you need to look it up. I really have no idea
[22:06] <EtienneG> gah! now I have the 403 bug ...
[22:07] <RoyK> EtienneG: 403 bug?
[22:07] <EtienneG> RoyK, jMyles: there is not, really.  There are a couple of toolchains for managing user/group in LDAP, but they all suck.  smbldap-tools suck the least
[22:08] <EtienneG> RoyK, jMyles: there is a blueprint to get a better toolchain in Ubuntu, but we are not there yet
[22:08] <EtienneG> RoyK, in EUC
[22:08] <jMyles> EtienneG: I guess I assumed that the process was going to be that the userlist on the server was going to just work on other computers.  I don't really mind using ldif files - I'll just have to learn how.
[22:09] <EtienneG> jMyles, what you describe is more like NIS, the older network directory.  It is deprecated, though.
[22:10] <RoyK> jMyles: we're still using NIS in our network
[22:10] <RoyK> works like a dream
[22:10]  * RoyK underlines the fact that not dreams are good
[22:10] <soren> Do you dream in black and white?
[22:10] <soren> and 320x200?
[22:10] <RoyK> no, it's colour
[22:11] <RoyK> cyan and magenta is nice
[22:11] <RoyK> CGA FTW!
[22:11] <soren> Yup, those are colours.
[22:11]  * soren doesn't miss CGA much
[22:11] <jMyles> EtienneG, RoyK: Thanks for walking me through these baby steps.  I think I think LDAP because it seems to be compatible where I need it: starting with wifidog and mediawiki, which both support it.  What is the best practice for securing and authentication wireless clients?  We want to do everything with one set of credentials per user.  (Background: My girlfriend and I are starting SlashRoot: The Grassroots Tech Cafe, where we se
[22:11] <jMyles> rve organic, fair trade coffee and open source software)
[22:11] <soren> Incidentally, I don't miss NIS much either. Coincidence?
[22:12] <soren> jMyles: Where?
[22:12] <jMyles> soren: New Paltz, NY, USA
[22:12] <jMyles> soren: Hudson Valley Region
[22:13] <RoyK> jMyles: http://luma.sourceforge.net/ <-- nothing has happened there recently, but it might work
[22:13] <soren> google maps refuses to give me directions. I miss the times when it would tell you to swim from somewhere in France to New York or whatnot.
[22:14] <RoyK> :)
[22:14] <RoyK> soren: are you danish or perhaps norwegian?
[22:14] <soren> RoyK: Danish.
[22:15] <soren> http://googlesystem.blogspot.com/2007/03/google-maps-shows-funny-directions.html
[22:15] <RoyK> makes sense - Søren isn't really a very common name up here
[22:15] <soren> No, you're all named Sven. Everyone knows that.
[22:15] <soren> Well..
[22:15] <soren> Except for those named Olaf.
[22:16] <RoyK> heh
[22:17] <RoyK> soren: seems those aren't so popular anymore http://www.ssb.no/navn/fylke/Hele_landet_2008-menn.html
[22:18] <soren> RoyK: Bah. Statistics.
[22:18] <soren> RoyK: http://dst.dk/Statistik/Navne/NamesPop.aspx fwiw
[22:18]  * soren tries to get back on topic
[22:18] <RoyK> lies, damn lies and statistics...
[22:21] <EtienneG> mathiaz, excuse me again, I am abusing your time today.  I changed VNET_PUBLICIPS in eucalyptus.conf, restarted the services, rebooted even, and euca-describe-addresses still returns the old public IP.  Do we need to do some voodoo to have the new public IP setting applied?
[22:21] <mathiaz> EtienneG: try to restart eucalytpus with CLEAN=1
[22:21] <mathiaz> EtienneG: network information is presistant accross reboot
[22:21] <mathiaz> EtienneG: you'd have to clean everything
[22:22] <EtienneG> mathiaz, yeah, I see that!
[22:22] <mathiaz> EtienneG: check eucalyptus init script the get the exact CLEAN syntax
[22:22] <mathiaz> EtienneG: (CLEAN=1 IIRC)
[22:22] <EtienneG> mathiaz, ok, looking
[22:23] <EtienneG> mathiaz, but there is nothing in the init script about CLEAN
[22:23] <EtienneG> would that be an environment variable?
[22:24]  * RoyK corrects incidence 
[22:24]  * RoyK corrects incorrect instead
[22:24] <mathiaz> EtienneG: hm - you're right
[22:25] <mathiaz> EtienneG: we've added the CLEAN env in lucid
[22:25] <EtienneG> mathiaz, isn't it an upstart job now anyway?
[22:25] <mathiaz> EtienneG: yes - but it still works the same way
[22:25] <mathiaz> EtienneG: see bug 491254
[22:25] <EtienneG> checking ...
[22:26] <mathiaz> EtienneG: well - it should in karmic actually
[22:27] <mathiaz> EtienneG: have you installed the latest version from karmic-updates?
[22:27] <EtienneG> mathiaz, aaaaah, victory!
[22:27] <EtienneG> mathiaz, yes, I did
[22:27] <EtienneG> ok now, running instances
[22:35] <EtienneG> mathiaz, VICTORY!!!
[22:36] <EtienneG> note to self: VNET_PUBLICIPS range shall not be in your publicépriv interface subnet
[22:38] <EtienneG> now, what is the URL of MediaWiki on the demo appliance?
[22:42] <soren> http://whatever/mediawiki/
[22:45] <soren> http://whatever/mediawiki/
[22:45] <soren> Whoops.
[22:47] <EtienneG> soren, yeah, I got that
[22:52] <EtienneG> I am defacing my own wikipedia!
[22:53]  * RoyK takes EtienneG's coke
[22:54] <EtienneG> crack, man, crack