[00:12] hey guys, why would i get permissions denied for this one cronjob? [00:13] it's user cron, and when i do the exact command manually it works [00:18] Hi, I am googling around for ways to create a failover setup with two ISPs, where one is expensive but reliable and the other is cheap but unreliable [00:19] It seem the "bonding" module may achieve this, but it seems it establishes a dead gateway/route on the basis of the router responding, and not for instance an internet host [00:19] I'm guessing I would need to script this? [01:10] how to cehck mysql version on ubuntu server..>? [01:18] ruben23, mysql --version [01:18] ruben23: dpkg -l | grep mysql [01:19] ayi: What kind of routers do you have? === vorian is now known as v [01:43] Why is it when I change /etc/hostname and /etc/hosts (to make 127.0.1.1 the same as hostname) that I have other issues like Network_Manager not working on my netbook lucid === v is now known as TheMaster [02:11] jpds: very variable === TheMaster is now known as vorian [02:29] i need to find a cool dedicated server provider in the US that supports Ubuntu Server 10.04, any suggestions? === vorian is now known as davros [03:58] anyone have idea how to get hp dl380G4 fans to spin down? [04:01] c [04:18] Hmm [04:18] Is there a "proper" or repo method to install Sun's JDK on Ubuntu 10.04 LTS? [04:19] sun-java6-jdk does not seem to exist anymore as an option. [04:22] Aha, found it. It was in the partner repo. [06:18] How do I make a disc of files from the command-line of my server? [06:46] RudyValencia, see mkisofs and cdrecord [06:49] Whoa, lots of options [06:49] I don't know what half of them are for [06:50] All I want to do is store the contents of a directory to a disc. [07:11] New bug: #604185 in vsftpd (main) "Unable to start vsftpd with upstart if private key" [Undecided,New] https://launchpad.net/bugs/604185 === KenjiP0p is now known as KenjiP0p|away [07:59] hey guys, I have weird behaviour from portmap coming. I think it's an NFS misconfiguration. Could someone help me out? [07:59] I've got an internal network, 10.1.1.x, and an external network 134.117.55.x . My NFS traffic goes on 10.1.1.x (i'm pretty sure) [08:00] however, in the logs of all the NFS clients, I keep getting portmap errors saying there's unauthorized requests from 134.117.55.52 (my NFS server specifically) [08:01] it's really weird because I can't think of any config files that tell the NFS server to use the 134.117.55.52 interface [08:02] so I don't understand why I'm getting ypserv requests over that network. [08:04] the exact error is: Jul 11 02:54:54 s1 portmap[5048]: connect from 134.117.55.52 to callit(ypserv): request from unauthorized host [08:04] hi guys any suggestion a good opensource firewall apps..i mean widely used and one of the best being made. [08:07] !firewall | ruben23 [08:07] ruben23: Ubuntu, like any other Linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo | GUI frontends such as Firestarter/Gufw (Gnome) or Guarddog (KDE) also exist. [08:11] Jordan_U: you dont recommend firewall apps..? [08:12] ruben23: Ubuntu comes with ufw (which, as all linux firewalls uses iptables), and it's good and well integrated. [09:12] i can't ping the system that running in UEC, anyong help me please? === criminy is now known as sheenobu [09:55] and i can see the status is "running"~~~~ [09:57] BeeBuu: never used UEC but servers don't necessarily respond to ping [10:00] Is there a way to nice a process that forks? (ppid=1) and what about threads? [10:05] threads seem ok although transmission-daemon behaves strangely : it lost its nice priority after a few seconds [10:05] Caer: but i can ssh in it [10:05] i can't [10:07] I can't help you, sorry. [10:55] hi, bind9 doesn't log: logging channel 'debug' file '/var/log/named/named.log': permission denied. Permissions: -rw-rw-r-- 1 bind bind 0 2010-07-11 11:33 /var/log/named/named.log. Why do i get permission denied ? [12:21] brummel444: probably because of the apparmor profile for bind [12:22] brummel444: are the permissions for /var/log/named/ correct? [12:24] joschi: i solved by setting write permission to the directory. though the named.conf was set to 777 it didnt write to it. [12:24] brummel444: yes, the directory permissions have to be correct, too [12:25] brummel444: although owner bind:bind and 0750 should be enough for /var/log/named/ [12:25] hm.. dont understand that, because i created a named.log that was writable for all, why does the directory have to be writeable then ? a bind9 specific "feature" ? [12:26] brummel444: no. a posix specific feature... [12:28] joschi: do you know how to update dns to listen on (a new) ppp (vpn) connection ? i always have to restart dns after i connected.. [12:29] brummel444: that's the way bind works. you have to restart (or maybe just reload/SIGHUP?) bind for it to bind on new interfaces [12:32] joschi: ok. i thought there should be some kind of update function for dns, to inform it about a new ppp interface. [12:45] ayi: routers> Well, you might want something like HSRP. [12:48] is it possible to have bind listen on 0.0.0.0 instead of specific interfaces? [12:51] Anyone know if UEC uses qemu? [12:52] RoyK: sure, but named will only listen on interfaces known at the start time and bind explicitly to them [12:53] RoyK: ehm, forget it. no, named can't listen on 0.0.0.0:53. [13:05] Is there something similar to Landscape but free? [13:07] io: red hat spacewalk. but it's veeeery red hat centric ;) [13:18] joschi: Red Hat provides Spacewalk for free but Canonical charge for Landscape? :-) [13:19] io: the commercial version of spacewalk is red hat satellite. [13:19] joschi: Right. === brummel444_ is now known as brummel444 [14:09] Hi, I am looking for a package that allows me to playback music from my local machine on my ubuntu server. It would be nice if the server would act like a playback device so it would be autodiscovered via upnp. [14:10] mpd. [14:10] !info mpd [14:10] mpd (source: mpd): Music Player Daemon. In component universe, is optional. Version 0.15.4-1ubuntu3 (lucid), package size 174 kB, installed size 508 kB [14:11] hmm, i have mpd running currently, got to check how to expose it I guess? [14:19] Hi all. [14:19] Using stock Apache on 10.4. Documentroot is set to /var/www/default. The default webpage is accesible using my.site.com . I want to point my.site.com/doc to /usr/share/doc r . I also want to use the ubuntu system of enabled / disabled sites . /etc/apache2/sites-available/doc is available at http://pastebin.com/9X08QbDC . /etc/apache2/sites-available-default is available at http://pastebin.com/TUmYJTtq [14:21] Kream: The default setup forwards /doc to /usr/share/doc. Did you see cat /etc/apache2/sites-enabled/000-default already? [14:21] Kream: You will need to manipulate the allowed/denied hostnames though, as only 127.0.0.0/255.0.0.0 ::1/128 can access it by default. [14:22] Kream: And why are you making an extra site just for doc? Your site is site.com, not doc? :-) [14:23] io: i know, i'm just using doc as an example [14:23] thing is [14:23] i installed munin and it's working beautifully, but it's config is sitting in /etc/apache2/conf.d/munin [14:23] jpds: I am probably missing something: How do I expose mpd as an upnp media renderer? [14:23] and it's www root is /var/www/munin [14:24] i'm going mad trying to make a munin site work in /etc/apache2/sites-available [14:24] the reason i need to do all this is i'm trying ot get redmine working, which is sitting in /var/www/redmine [14:29] Kream: I would have /etc/apache2/sites-available/www.example.com and set the DocumentRoot to /var/www/www.example.com and then off that have alises for www.example.com{munin,redmine} to /var/www/www.example.com/{munin,redmine} and then enable www.domain.com. [14:31] hey [14:31] i am trying to mount cifs with automount [14:31] by staring at the files, i cannot figure out where do i tell autofs which host to actually mount [14:32] Kream: Or as you current setup with /var/www/{munin,redmine} place something like this: http://paste.ubuntu.com/462057/ in to your /etc/apache2/sites-available/{domain} file. [14:33] Kream: Without the 'Deny from all' line on the Redmine block. ;-) [14:36] Any ideas on how to expose my ubuntu box as an upnp media renderer? Thanks :-) [14:38] io: thanks, puting hip waders on [14:41] Kream: No problem. :-) [14:43] ok by mistake, I went and asked #httpd for help and they seem to think that Ubuntu's httpd config is borked. they even have a wiki page up at http://wiki.apache.org/httpd/DebianDeb0rkification ... is what's in there useful? [14:51] http://pastebin.com/qxjDK7ut [14:51] ^^^ that is my new /etc/apache2/sites-enabled/000-default and in it xxx.xxx.com/doc works fine [14:51] Kream: Error: "^^" is not a valid command. [14:51] http://pastebin.com/qxjDK7ut [14:51] is my new /etc/apache2/sites-enabled/000-default and in it xxx.xxx.com/doc works fine [14:52] am I missing something fundamental when I ask if I can "split" away the docs section into another snippet? [14:54] Kream: the doc just points you to the apache docs. if you don't need it just delete it [15:00] let me clarify. I have a website at www.example.com which works fine. Under Apache2 in Ubuntu 10.4, can I have a site (that means something enabled from /etc/apache2/sites-available) that points to somewhere arbitrary? Or should all such instances be aggregated into Aliases in /etc/apache2/sites-available/000-default ? [15:00] I'm not mucking around with multiple hostnames etc etc [15:14] ahhh gods [15:14] i'd basically misunderstood the fundamental reason for entries in /etc/apache2/sites-availble. [15:43] hi guys how to install rt-kernel on ubuntu-server [15:49] guys any idea on rt kernel deployment on ubuntu server..? [16:01] in dpkg --list, some packages are prefixed with rc, what does this mean? [16:08] Kream: google for it === twister004_ is now known as twister004 [16:56] New bug: #604320 in net-snmp (main) "package libsnmp-perl 5.4.2.1~dfsg0ubuntu1-0ubuntu2.1 failed to install/upgrade: error writing to '': No such file or directory" [Undecided,New] https://launchpad.net/bugs/604320 [17:59] Kream: Release candidate. Also, did you need something? [18:38] Hi. we're in the process of migrating our office to ubuntu [18:38] we have 1 ubuntu server, 25 ubuntu desktops [18:38] how can we get the 25 ubuntu desktops to actually log on to the server? instead of to their own computer? [18:38] so that can login at any computer and their docs/wallpaper etc will be the same [18:51] jasonme: are there going to be windows machines logging in as well? [18:53] no just ubuntu [18:55] jasonme: then you'll need something like this: home directories exported from an NFS server [18:55] and an NIS/YP server to authenticate over the network [18:56] schools are an example.. they dont save users documents to the hd, also wallpapers and user settings are available on any computer the user logs in from [18:57] is there a simpler option? [18:57] sure [18:57] get a big server+thin client setup [18:57] you save big as you add more desktops [18:57] that setup is LTSP [18:58] it's very easy to setup [18:58] well, compared to NIS at least [18:58] and everything works, nowadays... cdroms, usb drives, the works [18:58] sound too [18:58] https://help.ubuntu.com/community/SettingUpNFSHowTo [18:59] https://help.ubuntu.com/community/UbuntuLTSP [19:05] Kream: thanks so much! [19:08] np share and enjoy [19:11] New bug: #604353 in dhcp3 (main) "can't open external .dhcp config file" [Undecided,New] https://launchpad.net/bugs/604353 [20:17] it doesn't seem to be easy to get ubuntu to act as an upnp media renderer [20:21] hi guys any help on installing zoiper communicator on ubuntu.. === davros is now known as vorian === CaptainTrek is now known as Mithos [21:47] Anyone know of problems with openldap and ubuntu lucid? [21:48] I am following https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html and can not figure out the cause of the " main: TLS init def ctx failed: -1 " [21:49] usually that means that something's wrong with your certificates [21:50] I tried this: gnutls-serv --x509cafile /etc/ssl/certs/cacert.pem --x509certfile /etc/ssl/certs/ldap01-test_slapd_cert.pem --x509keyfile /etc/ssl/private/ldap01_slapd_key.pem [21:50] and it seems fine [21:50] and I checked that the user openldap has read access to all 3 of the cert/key files and the user does have access [21:51] so it doesn't seem to be a permission issue, nor does it seem to be a valid certs issue [21:51] I'm feeling all out of ideas [21:52] have you tried running slapd with "-d -1" ? [21:53] same error message: main: TLS init def ctx failed: -1 [21:53] after it loads all the ldif files [21:53] what's the command you are using to run slapd? [21:54] slapd -h 'ldaps:/// ldapi:///' -g openldap -u openldap -F /etc/ldap/slapd.d/ -d 1 [21:54] and I tried: slapd -d 1 [21:55] -d -1, not -d 1 [21:55] still the same so far [21:55] does it say anything else about TLS? [21:56] it could be a few thousand lines before [21:58] strange it won't pipe to a file. [21:59] not even with: slapd -d -1 2>&1 > debug.log [22:00] weird.. [22:03] I don't see any output with tls in the line except for the lines that define which files to load [22:04] Just to make sure, run it with strace to see if it can actually open the files [22:05] I need to fix the documentation on that page, [22:06] there is a typo when creating the cert [22:06] ? [22:06] Here is what fixed the issue: mv /etc/ssl/certs/ldap01-test_slapd_cert.pem /etc/ssl/certs/ldap01_test_slapd_cert.pem [22:07] there is a hyphen where there should have been an underscore [22:07] thanks for the help vmlintu_ [22:07] I gave up copy-pasting commands a while ago because of these little typos.. [22:08] Do you know a little about desktop ldap auth? [22:08] I prefer kerberos, but I have used also pam_ldap [22:08] I'm trying to plan out the network authentication here, but there are laptops, and desktops. And the laptops are outside the network about half the time [22:09] vmlintu_, I'm looking into kerberos as well, but first have to get ldap up and running. [22:09] Is there a way to allow for both ldap auth and local auth? [22:09] in a way that will allow changes made on local to still be around when authed with ldap? [22:10] if that makes any sense. [22:10] is local auth meant to be used when there's no connection and ldap when there's connection? [22:11] yes, basically. [22:11] I'd recommend using sssd for that [22:12] when users login with sssd, it stores enough information locally so that later they can login without connection too [22:12] http://www.opinsys.fi/en/user-management-with-sssd-on-shared-laptops === Mithos is now known as EvilTrek [22:15] So it would store the info after a successful login? [22:15] if you login successfully while connected, you can log in when disconnected? [22:15] yes [22:17] any advice for mounting file systems after login? [22:17] such as home directories? [22:18] One small hope is that I can have the ldap/kerb auth system work from within the network and from remote [22:18] I'm using autofs for that when users are in the local network [22:18] with autofs you can store the share information in ldap and it mounts the correct share when it is needed for the first time [22:19] http://www.opinsys.fi/en/setting-up-nfsv4kerberosautofs5-ldap-on-ubuntu-10-04-alpha-2-lucid-part-7 [22:19] would that work for when the device is remote? [22:19] if the dns entries resolve properly for inside and out? [22:20] Depends on the firewalls and connection speeds [22:20] I wouldn't use nfs with slow connections [22:21] but autofs works with other filesystems too [22:21] do you know if nfs would allow for file changes if there is no connection to the nfs server? [22:22] no, it needs a working connection [22:22] vmlintu_, and thanks a ton for helping. [22:22] for laptops I'd recommend synchronising the home directories with something like unison [22:23] with unison you can sync file both ways when they are modified [22:23] It's not automatic, though, so users need to activate it [22:24] I think I can be happy with a system that only automounts certain directories if there is connectivity [22:24] if not, then it is obvious you don't have access. [22:25] with nfs you'll probably have problems if something is mounted when the connection breaks [22:25] unmounting the nfs share with a lost connection can be a pain [22:25] yeah, I have seen that happen. [22:25] you might have better success with samba/cifs [22:26] I am also looking into glusterfs [22:26] If users connect to the cifs shares through nautilus, they usually behave better than nfs when connection breaks [22:27] I really don't know much about glusterfs as I've tried it only once [22:28] what were your thoughts when you did test it? [22:30] I'll look into cifs this looks like what I will need [22:44] glusterfs looked nice, but I really need kerberos or some similar way of authenticating users to the file system [22:47] what is the advantage of kerberos over just plain ldap for you? [22:50] Running nfs4 with kerberos makes it possible to give access to users instead of just hosts. So once users authenticate with kerberos, they get access to their home directories. [22:50] That is well worth it... [22:51] Especially when running hundreds of nfs clients in network, you don't want to share whole /home to anyone who asks for it [22:53] right [22:55] I'm running quite a few school networks and I must assume that every user is potentially hostile as kids try to break in [22:55] I think I might wind up using glusterfs to aggregate the bricks, then share with nfs and cifs [22:55] maybe add something to determine if within the network and if not then use cifs only [22:55] vmlintu_, I have a school as a client, I know what you mean. === KenjiP0p|away is now known as KenjiP0p [23:40] I'm curious. Ubuntu's had a lot of excelent focus on virtualization with kvm and all. But have they put into any focus about HA/HS support as well? === KenjiP0p is now known as KenjiP0p|away