/srv/irclogs.ubuntu.com/2010/07/15/#ubuntu-server.txt

webPragmatist	and thats a big nope	00:05
erichammond	webPragmatist: This doesn't answer your question, but I prefer to use rsync over ssh. That way I only have to worry about controlling a single point of access on the server (sshd).	00:06
webPragmatist	i am using rsync	00:07
webPragmatist	it's called rsync with xinetd so it will run as root and not bitch… but the problem is, well… it's bitching	00:07
webPragmatist	because it's not really running as root, it's running as like "nobody:	00:07
erichammond	webPragmatist: clarification: I prefer to do it over ssh rather than use rsyncd.	00:08
webPragmatist	oh	00:08
webPragmatist	lol	00:08
webPragmatist	i dunno about that jazz	00:08
webPragmatist	lsyncd doesn't use scp, etc.	00:09
webPragmatist	http://www.server-world.info/en/CentOS_5/lsync/1.html	00:09
webPragmatist	or rather it does but i don't care to try it	00:09
webPragmatist	rsyncd should work	00:09
erichammond	webPragmatist: rsync works over ssh without using "scp, etc."	00:10
webPragmatist	and you just use keys i suppose	00:11
webPragmatist	are you going to be around tomorrow?	00:11
webPragmatist	in general is the only difference the authentication? or what	00:12
webPragmatist	i put my clone in here if you have anything to say :)	00:13
ruben23	hi what is the latest upgraded kernel version of ubuntu-server..?	00:35
ruben23	like for ubuntu-8.04 LTS	00:35
Callum__	oh man, I've got a dead battery in one of my UPSs	00:36
Callum__	its so bad that its bulging in places	00:37
Callum__	since that 1500VA UPS is ancient, I am going to assemble a RBC7 battery for a newer APC SmartUPS 1500VA unit I have, but its going to set me back at least NZ$267 >_>	00:38
Callum__	and considering we're a non-profit, money isn't easy to set aside	00:38
billybigrigger	anyone here deal with alot of NFS shares?	01:00
multi_linux_dist	hi guys, i need a little help with my domainkey setup in the zonefile	01:01
multi_linux_dist	i have setted it up: http://pastebin.com/aGSs4pby	01:01
multi_linux_dist	but dig	01:01
multi_linux_dist	sorry, dig _domainkey.mara-tour.ro TXT returns no answer	01:02
multi_linux_dist	do you have any idea why?	01:02
billybigrigger	?	01:04
billybigrigger	looks ok to me here	01:04
billybigrigger	domainkey.mara-tour.ro.0INA67.215.65.132	01:04
patdk-wk	billybigrigger, that is a total foobar test :)	01:05
patdk-wk	he said txt, not a	01:05
patdk-wk	and it starts with a _	01:05
patdk-wk	dig -t txt _domainkey.mara-tour.ro	01:05
billybigrigger	thought he was looking for a mail record	01:05
patdk-wk	nope	01:05
billybigrigger	not familiar with txt sorry	01:05
patdk-wk	check: dig -t txt _domainkey.patrickdk.com	01:05
patdk-wk	he is looking to get dkim working	01:06
multi_linux_dist	yes	01:06
multi_linux_dist	patdk-wk: you are right, that is what i`m trying to do	01:06
billybigrigger	not familiar with dkim...looks like you've volunteered pat :P	01:06
patdk-wk	heh, you forgot to put a . on the end of your domains :)	01:07
patdk-wk	so it's not _domainkey.mara-tour.ro	01:07
patdk-wk	but _domainkey.mara-tour.ro.mara-tour.ro.	01:07
multi_linux_dist	patdk-wk: i will try it now, but tryied before and still nothing	01:08
patdk-wk	well, either it must just be, _domainkey	01:08
patdk-wk	or, _domainkey.mara-tour.ro.	01:08
patdk-wk	atleast based on the other examples i nthe file	01:09
patdk-wk	though _domainkey.mara-tour.ro. would be the safe garrentied way	01:09
patdk-wk	works	01:09
multi_linux_dist	works?	01:09
patdk-wk	;; ANSWER SECTION:	01:09
patdk-wk	_domainkey.mara-tour.ro. 3600INTXT"'t=y"	01:09
patdk-wk	extra ' though	01:09
multi_linux_dist	it doesn`t to me	01:09
patdk-wk	you foobar'ed your test also? :)	01:10
multi_linux_dist	dig -t txt _domainkey.mara-tour.ro	01:10
patdk-wk	well, that won't work	01:10
multi_linux_dist	QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0	01:11
patdk-wk	your local dns server is caching the bad result	01:11
patdk-wk	for up to an hour	01:11
multi_linux_dist	:D	01:11
patdk-wk	so you have to contact your server directly	01:11
patdk-wk	dig -t txt _domainkey.mara-tour.ro @92.114.86.188	01:11
multi_linux_dist	hehe	01:11
multi_linux_dist	:D	01:11
multi_linux_dist	patdk-wk: thank you very much!	01:12
patdk-wk	nohup dd if=/dev/urandom of=/dev/sdg bs=8192 > /dev/null 2>&1 &	01:14
patdk-wk	nothing better than running that on 3 drives	01:14
patdk-wk	just wish urandom was faster than 2MB/s	01:14
multi_linux_dist	patdk-wk: Authentication-Results: mx.google.com; spf=pass (google.com: domain of testmail@mara-tour.ro designates 92.114.86.188 as permitted sender) smtp.mail=testmail@mara-tour.ro; dkim=pass header.i=@mara-tour.ro	01:18
multi_linux_dist	google says that dkim pass	01:18
multi_linux_dist	yahoo dont	01:18
multi_linux_dist	cache?	01:19
multi_linux_dist	why all my mails go into spam folder if the ip is not reported as spam?	01:19
=== pgraner-afk is now known as pgraner
gnoob	guys, whats the easiest way to send e-mail from console? want to make my server notify me when somthing happen trough bash script	01:23
zul	mail command?	01:26
Guest28494	Hey is there a way to configure ubuntu server to connect to a wireless accesspoint to install?	01:26
multi_linux_dist	telnet?	01:27
multi_linux_dist	php mail?	01:27
multi_linux_dist	you can run a php command via sh	01:28
multi_linux_dist	or telnet i thin	01:28
multi_linux_dist	think*	01:28
multi_linux_dist	but php is sure	01:28
Guest28494	Hey is there a way to configure ubuntu server to connect to a wireless accesspoint to install?	01:32
Guest28494	Or where are the packages that the server needs to install?	01:34
pnunn	Has anyone worked out how to move a windows image into ubuntu's eucalyptus cloud yet?	02:11
=== jjohansen is now known as jjohansen-afk
cs1	hi guys	02:50
cs1	i need some advice about setting up the server	02:51
cs1	firstly	02:51
cs1	about the networking	02:51
cs1	how do i go about setting up the network on the server?	02:52
cs1	hello?is anybody available there?	02:54
cs1	your guidance is truly appreciated	02:55
=== dendro-afk is now known as dendrobates
p1l0t	Does anyone know why ifconfig would not want to read from /etc/network/interfaces	03:06
p1l0t	I swear I have this one server that changing the interfaces file does NOTHING I can set the address manually but changing the interfaces file has no effect. Everytime it reconnects it goes back to some other settings!	03:17
p1l0t	It can't be the syntax because this syntax works in every other ubuntu machine I have	03:19
dhastha	Need help: I am trying to install Ubuntu server 9.10 in virtual machine manager. But Virtual machine manager returns : Unable to complete install: 'internal error unable to start guest: char device redirected to /dev/pts/0	03:19
dhastha	qemu: could not open disk image /var/lib/libvirt/images/UbuntuServer.img: No such file or directory	03:19
dhastha	How to install ubuntu server 9.10 in virtual machine manager?	03:23
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
qman__	p1l0t, ifconfig doesn't use those settings, it's strictly a manual override tool	03:52
p1l0t	oh	03:53
qman__	you should run `sudo service networking restart` to apply changes made there	03:53
p1l0t	wilco	03:53
cs1	how do i get about setting up the network for the server??	03:59
qman__	cs1, it is explained clearly in the Ubuntu Server Guide, linked in the topic	04:10
cs1	ok.	04:11
cs1	sorry	04:11
cs1	maybe i phrased my question wrong.	04:11
qman__	if you are having a more specific problem, please explain	04:11
cs1	i want to know is it REALLY necessary to setup the TCP/IP and stuff	04:11
cs1	because we are only running the server within the company enviroment	04:11
qman__	you can't communicate with the internet if you don't have TCP/IP	04:11
cs1	icic	04:12
cs1	sorry if i ask stupid questions as im new to this	04:12
qman__	you could potentially use a different protocol, but these days, TCP/IP is the only one in widespread use	04:12
cs1	icic.	04:12
qman__	novell IPX/SPX is long gone, and IPv6 hasn't taken off yet	04:12
cs1	so its better to setup TCP/IP??	04:12
cs1	how about DHCP??	04:13
cs1	is it neccesary??	04:13
qman__	DHCP operates over IP	04:13
qman__	DHCP is entirely optional	04:13
cs1	ok	04:13
cs1	regarding remote administration	04:13
cs1	say i dont want to set it up now	04:14
cs1	will i have trouble setting it up later in the future??	04:14
qman__	it being remote administration, that's easy	04:14
qman__	simply install the openSSH server	04:14
qman__	it can be done at any point in time	04:14
cs1	icic	04:14
cs1	so it wont cause the server to crash later on??	04:15
qman__	of course not	04:15
qman__	it wouldn't be very useful if it did	04:15
cs1	ok.	04:15
cs1	about DNS	04:15
qman__	DNS is also optional	04:16
cs1	not necessary to setup right??	04:16
cs1	ok	04:16
qman__	provided you don't mind using IPs to refer to your computers	04:16
cs1	i cant use host name to refer to the pc in the company??	04:16
qman__	not without some sort of name resolution	04:16
cs1	sorry	04:16
p1l0t	you can with dns	04:16
cs1	computer name	04:16
qman__	DNS is one way, there are many	04:16
qman__	you can set up the hosts files, or use netbios, though that one's a bit trickier with linux	04:17
qman__	DNS scales the best	04:17
cs1	i see	04:17
cs1	so in a way its better to setup DNS to avoid any unwanted problems later on?	04:18
qman__	as opposed to using hosts files, yes	04:18
qman__	since each computer's hosts file must be configured in order to work	04:18
qman__	while a DNS server can provide names to all computers on the network	04:18
cs1	icic	04:18
cs1	so without DNS,i will have to use the ip address to communicate with them??	04:19
qman__	yes	04:19
cs1	ok.	04:19
cs1	network authentication	04:19
cs1	which one is more flexible	04:19
cs1	OpenLDAP	04:20
cs1	Samba and LDAP	04:20
cs1	Kerberos	04:20
cs1	Kerberos and LDAP	04:20
cs1	im not sure what are the difference among this four	04:20
p1l0t	Depends on what you want to do	04:20
qman__	they are all more or less equally flexible	04:20
cs1	icic	04:20
qman__	setting up a working system with any of the above is quite a complex process	04:20
cs1	because we want to setup ERP on the server	04:21
cs1	so we want to setup the server to be stable	04:21
qman__	be aware that if you are trying to integrate with a microsoft active directory network, not all features are implemented in samba and you will have limited functionality	04:21
electrofreak	why isn't there a config in /proc/?	04:21
cs1	so its better to use Kerberos??	04:22
qman__	no, samba is the only real way to integrate with active directory	04:22
cs1	aahh	04:22
cs1	ok	04:22
qman__	you can get basic authentication if you make some undocumented tweaks to your windows servers	04:23
qman__	but other than that, there isn't much	04:23
p1l0t	If you have any Windows computers on your network you will want samba more then likely	04:23
cs1	yes.	04:23
qman__	yes, samba provides the best way to communicate with windows	04:24
qman__	as limited as it is	04:24
cs1	limited as in??	04:24
qman__	samba's authentication is on the same level as windows NT 4	04:24
qman__	getting it to work with active directory is an exercise in frustration, to say the least	04:25
qman__	and you won't get anything more than simple authentication	04:25
cs1	ok.	04:25
qman__	none of the extra features like group policy are available	04:25
cs1	sounds extremely hard to setup then	04:25
qman__	it's definitely an advanced-level task	04:25
cs1	i see.	04:26
p1l0t	I wouldn't say extreme but it does take a little reading	04:26
cs1	ok.	04:26
cs1	for the remote administration, its better to use OpenSSH or eBox??	04:26
cs1	i read in forums, ebox seems to be the more favorable option	04:26
qman__	if you like hold-your-hand interfaces, then yes	04:27
qman__	but be prepared for little bugs and things to pop up	04:27
p1l0t	I use SSH but I have not tried eBox	04:27
qman__	and definitely make sure you lock down your internet access to it	04:27
qman__	I use SSH exclusively	04:27
electrofreak	what is eBox?	04:27
qman__	!ebox	04:27
ubottu	ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox	04:27
electrofreak	oh, ewww. lol	04:28
cs1	in other words SSH is more stable than ebox??	04:28
p1l0t	More secure for sure	04:28
electrofreak	eBox is likely more user friendly... I wouldn't even classify eBox and SSH together	04:28
qman__	because of the way ebox and similar interfaces work, if you try to do things manually as well as use ebox, you will be in a situation where the 'automagic' code is fighting with you over your manual settings	04:29
qman__	confusing things can happen	04:29
qman__	so unless you plan to use ebox exclusively, I suggest not using it	04:29
cs1	icic.	04:29
electrofreak	yeah, I would likely not like ebox because it wont be flexible enough	04:30
cs1	icic.	04:30
cs1	we want flexibility	04:30
cs1	thats why we are looking for options	04:30
p1l0t	automagic code has fighting me my whole life - hence why I switched to linux... of course now even linux is starting with auto-magic but at least my servers are still fairly pure	04:30
cs1	before we start setting up the server.	04:30
qman__	ebox fills the niche of cookie-cutter setups	04:31
qman__	custom setups are better served manually	04:31
cs1	ok.	04:31
electrofreak	cs1: ah... doing some research for work or something? definitely play with this stuff in VMs to get a feel for things	04:31
cs1	yes.	04:32
cs1	im doing research for work	04:32
qman__	yes, definitely set up a test system and play with it	04:32
qman__	make sure it will work for you before you commit to it	04:32
cs1	its better to run things in VM before doing it on the server right??	04:32
p1l0t	Or just stick it on some old computer and learn with it	04:32
p1l0t	I started a few years ago just because the Windows crashed on this old computer we had. No I run the company on that server. lol	04:33
cs1	LOL	04:33
cs1	about setting up the security for the server	04:33
cs1	im not entirely clear about this	04:33
p1l0t	Ubuntu is pretty good with being configured by default for security. Just read carefully about the changes you make	04:34
cs1	icic.	04:34
cs1	so i can setup up the server without have to fiddle with the security options>?	04:34
qman__	there aren't any "security options" per se	04:36
cs1	icic.	04:36
cs1	about the monitoring part	04:36
p1l0t	Well it depends what you do. Security options is kind of a vague statement	04:36
qman__	security is not something that you just "turn on", it is a philosophy you follow throughout your system design	04:36
cs1	hrmm	04:36
cs1	ok	04:36
qman__	ubuntu is secure by default, so you only need to worry about the things that you add or configure	04:36
cs1	ok	04:37
qman__	set up a proper firewall preventing internet access to things that should not have it, etc	04:37
electrofreak	what is the server going to be used for?	04:37
cs1	to host ERP system	04:37
cs1	Enterprise Resourcing system	04:37
p1l0t	I wish I knew what that was	04:38
cs1	ermmm	04:38
cs1	http://en.wikipedia.org/wiki/Enterprise_resource_planning	04:38
cs1	here is the lin	04:39
cs1	*link	04:39
cs1	hope it helps	04:39
cs1	how about monitoring part??	04:39
cs1	from the documentation	04:39
cs1	i can see there are 2 ways to go	04:39
cs1	1 is using Nagios	04:39
cs1	another is Munin	04:39
qman__	Nagios is a good platform	04:40
qman__	I have not used Munin	04:40
qman__	but if you're only monitoring one system, either is overkill	04:40
p1l0t	I am actually working on my own system, but I have much more to learn about MySql	04:41
qman__	they're designed to be full network reporting infrastructures	04:41
cs1	ok	04:41
cs1	File servers	04:41
qman__	for windows clients, samba is king	04:41
qman__	for linux clients, there are lots of options	04:42
cs1	ok.	04:42
electrofreak	nfs is probably the best option for linux clients	04:42
cs1	thats for the DNS right??	04:42
* giovani cringes		04:42
cs1	ic	04:42
qman__	NFS has specific weaknesses	04:42
SpamapS	cs1: Munin is for instrumentation (graphing mostly). Nagios is for alerting.	04:42
cs1	such as??	04:42
qman__	it is wholly insecure without a tightly knit directory service	04:42
SpamapS	cs1: Munin can feed alerts to Nagios	04:43
qman__	if high throughput and performance is not critical, sftp is a great option	04:43
qman__	secure authentication and easy to use linux-to-linux	04:43
cs1	i see	04:44
qman__	there are many more options though, especially if you're looking into distributed file systems	04:44
cs1	i have no idea about file server	04:44
SpamapS	nfsv4 is not insecure	04:44
cs1	ok	04:44
SpamapS	most of the weaknesses in nfs were eliminated w/ v4	04:45
cs1	what other options do i have??	04:45
SpamapS	but its still more complex than samba	04:45
qman__	SpamapS, you still need a directory service to set up per-user access	04:45
qman__	NFS works great in specific situations	04:46
cs1	i see	04:46
qman__	but there are plenty where it is a poor choice too	04:46
SpamapS	qman__: yeah, I really wish people would just standardize on a single LDAP schema and one kerberos implementation so we can stop saying "it depends"	04:46
uvirtbot	New bug: #605719 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.31-1ubuntu2 failed to install/upgrade: subprocess pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/605719	04:46
qman__	Windows can interact with samba directly	04:46
qman__	anything else you choose will require you to install software on windows clients	04:46
cs1	all the computer in the company uses linux	04:47
cs1	but we wanna prepare ourselves just in case we have 1 or 2 windows platform	04:47
qman__	then, your options go way up	04:47
cs1	LOL	04:47
cs1	this is head cracking	04:47
qman__	tons of options with neat features, like AFS	04:48
cs1	what does AFS stands for?	04:48
qman__	there are about as many options are there are keys on your keyboard	04:48
qman__	Andrew File System	04:48
cs1	geez	04:48
SpamapS	Areallyhardtogetrunning File System	04:48
giovani	haha	04:48
SpamapS	at least, it was 6 years ago	04:48
giovani	I suppose if you expect solutions that are out of the box to work well	04:49
SpamapS	My theory is it was a ploy by CMU to encourage people to get advanced degrees trying to understand it.	04:49
giovani	you will be disappointed	04:49
giovani	well, AFS wasn't written by CMU	04:49
qman__	http://en.wikipedia.org/wiki/Category:Network_file_systems	04:49
qman__	just to give you an idea	04:49
cs1	@.@	04:49
cs1	thats alot	04:49
giovani	AFS was an IBM project originally	04:50
cs1	the chat application	04:50
giovani	then became CMU	04:50
cs1	can i add this feature in later on?	04:50
cs1	or its better to perform it while i setup my server	04:51
qman__	I don't know what you mean by "the chat application"	04:51
SpamapS	http://www.itp.uzh.ch/~dpotter/howto/kerberos <-- NFSv4 + LDAP + Kerberos = pages and pages of fun repetitive steps that could be packaged just like MS packages ActiveDirectory	04:51
electrofreak	cs1 you can setup any thing at any time	04:51
qman__	you can install anything at any time, but be aware that sometimes changing things breaks them, so any changes you make later you will want to perform on a test system first	04:51
cs1	aaahhh	04:51
cs1	ok	04:51
cs1	because im looking at the documentation for ubuntu server	04:52
cs1	there is a part called chat applications	04:52
qman__	SpamapS, that's my biggest feature request for ubuntu server, a tasksel-style ready to go directory setup	04:52
SpamapS	qman__: I believe it was discussed at UDS Maverick	04:53
cs1	guys...what is version control system??	04:54
SpamapS	cs1: wow	04:54
cs1	SpamapS : yes?	04:54
qman__	it is a system to keep track of versions and changes to files	04:55
qman__	mostly used for source code or important documents	04:55
cs1	i see	04:55
SpamapS	cs1: version control is just so vital, I'm surprised that you would ask. I'm sorry, I don't mean to imply anything by that.	04:55
qman__	yes, it's a critical part of the development process of any software	04:56
SpamapS	qman__: Should be used for config info too	04:56
cs1	i see i see.	04:56
SpamapS	FreeBSD figured that out a long time ago.. we're just not figuring it out w/ etckeeper.	04:56
cs1	so its a MUST to have??	04:56
qman__	only if you have something you need to keep track of	04:56
SpamapS	s/development of any software/infrastructure of any company/	04:56
cs1	ok.	04:57
qman__	such as a software project, some important documents, or anything that changes that you need to keep track of	04:57
cs1	i see i see.	04:57
SpamapS	like, say, /etc/apache2/* ;)	04:57
cs1	SpamapS : i ask about it because i have no idea what is it about. =)	04:57
qman__	version control is especially important if you have multiple people working on something	04:58
cs1	aaahhh	04:58
SpamapS	qman__: Its pretty vital to keep track of changes to system configurations IMO.	04:58
KurtKraut	How do I change my server locale?	04:58
cs1	about windows networking	04:58
qman__	if someone deletes something important from a file, you can get it back	04:58
twb	SpamapS: the other really annoying thing about nfsv3/krb/ldap is I don't have a turn-key way to get SSO	04:58
cs1	seems like windows networking is the hardest of all right??	04:59
qman__	integration with windows is handled mostly with samba	04:59
SpamapS	qman__: what if you hae one person.. but that person quits. Its going to be vital to your organization to be able to understand why that person did things.. version control can definitely help untangle messes and timebombs.	04:59
cs1	ok	04:59
SpamapS	cs1: actually setting up samba to talk to windows clients is pretty simple	04:59
cs1	so just install Samba an configure it??	04:59
qman__	file sharing with samba is easy	04:59
qman__	authentication is not	04:59
cs1	ok	05:00
cs1	authentication as in accessing each other file?	05:00
qman__	that is, active directory authentication	05:00
SpamapS	qman__: agreed. it can be.. maddening. ;)	05:00
qman__	user-based file permissions is also fairly simple	05:00
cs1	i see	05:00
cs1	perghhh...information overload on my head now	05:00
SpamapS	cs1: just figure out the next thing you need to do.. leave the rest for after thats done.	05:01
qman__	SpamapS, I can definitely see the value there, I don't really use it myself because I'm pretty much a one-man IT department, even with the jobs I do for other people	05:01
cs1	how about backups??	05:02
qman__	but bringing others into the equation, that would be critical	05:02
qman__	backups have even more options than file sharing	05:02
cs1	Bacula is a software to handle backup?	05:02
SpamapS	qman__: one man IT depts. are actually more important to wrap in version control. :)	05:02
SpamapS	cs1: I am a huge fan of Bacula	05:03
cs1	easy to use??	05:03
SpamapS	cs1: depends on your setup.. if you just backup "everything everywhere" .. then its easy because the config file is very simple.	05:04
electrofreak	I'd suggest rsnapshot, too. I've never used bacula, tho	05:04
SpamapS	cs1: if you start trying to get tricky w/ different file sets and agents and policies.. its still not all that "hard" .. but its not point and click. ;)	05:04
cs1	about the networking part	05:05
cs1	we have router and switch on our server	05:05
qman__	most of my backups consist of tar commands in a cron script	05:05
SpamapS	rsnapshot is good for very simple setups. Its kind of like Apple's Time Machine without the pretty graphics. ;)	05:05
cs1	do we still need to configure TCP/IP??	05:05
electrofreak	SpamapS: and it works.	05:05
qman__	cs1, you cannot access network resources if you don't configure TCP/IP	05:05
SpamapS	cs1: I think you may need to think about getting some training.	05:06
electrofreak	SpamapS: please don't compare it to TimeMachine... I hate TM with a passion	05:06
cs1	yeah	05:06
SpamapS	cs1: we can answer questions, but the reason you're feeling overwhelmed is you need a stronger foundation.	05:06
cs1	i seriously need training now	05:06
electrofreak	ubuntu is absolutely a very good "first linux server" tho...	05:07
SpamapS	electrofreak: TM has saved me at least 3 times now.. so I <heart> TimeMachine.	05:07
qman__	if you really want to understand how it works, I suggest starting with a routers & routing course	05:07
qman__	it will give you a strong understanding of what networking really is	05:07
qman__	then move on to the server administration stuff	05:07
SpamapS	cs1: though being forced to learn it all "on the job" can be great training. :)	05:07
cs1	yeah	05:08
electrofreak	but if it's your first encounter with linux... or running a server in general... it will definitely be overwhelming	05:08
cs1	thats what im going through now	05:08
SpamapS	actually I know a kid who started out in IT at 16 racking servers for a hosting company..	05:08
SpamapS	one of the best sysadmins/webdevs I work with now, 5 years later.	05:08
SpamapS	never saw Windows other than on his laptop.	05:09
electrofreak	some people just really have a nac for it	05:09
SpamapS	Yeah, the key is that you like trial and error. :)	05:09
cs1	wow	05:09
cs1	that kid is smart	05:09
qman__	I find the people that know the most and do the best work are the ones who take the time to learn and understand how it works on a basic level	05:10
qman__	don't just memorize commands or "this is how it's done"	05:10
SpamapS	memorization is what you do to get a paycheck	05:10
cs1	LOL	05:10
cs1	agree	05:10
SpamapS	deep understanding comes from a desire to master your domain. :)	05:10
cs1	i see	05:10
cs1	you guys have been great help	05:10
cs1	thank you so much	05:10
electrofreak	this channel is open 24x7!	05:11
twb	You're confusing memorization with deliberately inserting dead-man heisenbugs.	05:11
twb	electrofreak: except bank holidays and the Queen's birthday	05:11
cs1	LOL	05:11
electrofreak	lol	05:11
cs1	ok	05:12
cs1	1 more question	05:12
cs1	what steps do i have to take in order to setup the server...	05:12
electrofreak	install it you mean?	05:12
cs1	the company will be using the server to host the ERP system	05:12
cs1	yaya	05:13
cs1	install it	05:13
qman__	download the iso, burn to CD	05:13
cs1	ok	05:13
qman__	boot it in the server and follow the on-screen instructions	05:13
electrofreak	well, download and burn the ISO... insert it into the drive, boot up, and follow the step-by-step. installing ubuntu is as easy as it gets.	05:14
cs1	ok	05:14
electrofreak	I do it for fun sometimes.	05:14
cs1	but i mean when configuring the whole server to perform what we want the server to do for us	05:14
qman__	the Ubuntu Server Guide covers most common tasks very well, once it's installed	05:15
electrofreak	https://help.ubuntu.com/10.04/serverguide/C/index.html	05:15
cs1	thanks	05:16
cs1	so before doing it on a server	05:16
cs1	its better to install it on a VM right??	05:16
cs1	to test out everything	05:16
qman__	whether you use a real server or a VM doesn't matter	05:16
cs1	before we migrate to server	05:16
cs1	aahh	05:16
cs1	ic	05:16
qman__	what does matter is that you don't take your business down to do it	05:16
cs1	haha	05:17
qman__	do it in a sandbox, a test system	05:17
cs1	thats crazy	05:17
electrofreak	VM is just easy to play around with things...	05:17
cs1	i see	05:17
qman__	if you have extra hardware to play with, feel free	05:17
cs1	haha	05:17
qman__	if not, a VM is a good way to do it	05:17
cs1	now my brain is hanged	05:17
cs1	LOL!!	05:18
electrofreak	good luck sir!	05:18
cs1	haha	05:18
cs1	thanks	05:19
cs1	im not sir btw..=P	05:19
electrofreak	ooo, opps. my bad	05:19
cs1	haha	05:20
cs1	its ok	05:20
cs1	=)	05:20
cs1	anything else i missed out?	05:20
cs1	in making more out from the server??	05:20
electrofreak	make sure the hardware you put it on is a stable machine...	05:21
electrofreak	not something thats going to catch fire every other day or whatever	05:21
cs1	haha	05:21
cs1	yeah	05:21
cs1	i mean software	05:21
qman__	yeah, don't buy brand new overclocker hardware, or grandma's old computer, get something you can trust	05:21
cs1	what is etckeeper btw??	05:22
qman__	etckeeper is version control for your /etc directory, in other words, your system configuration files	05:22
cs1	so its a must have??	05:23
qman__	highly recommended	05:23
cs1	ok	05:23
cs1	great	05:23
cs1	im still not very clear about the networking thingy	05:24
cs1	maybe like you guys have said	05:24
cs1	i need training	05:24
qman__	networking is the basis on which everything we talked about runs	05:24
qman__	it is essential	05:24
cs1	but by setting up the TCP/IP,it wont affect the switch and router right?	05:24
electrofreak	oh, if the server is just going to be a client behind an existing router/switch setup... then you shouldn't have any problems.	05:25
cs1	what about using the server as a host?	05:26
cs1	will it have problems?	05:26
qman__	no, the networking only gets complicated once you start using the server as a router or firewall	05:26
cs1	haha	05:26
cs1	OK	05:26
qman__	pretty much, you will configure an address for it to use, and leave it alone	05:26
cs1	ok	05:27
cs1	i think thats all for now	05:27
qman__	but an understanding of how it works is very useful when you run into trouble elsewhere	05:27
cs1	now i have to discuss about it to my boss	05:27
qman__	definitely look into a good book or a course on it	05:27
cs1	haha	05:28
cs1	ok	05:28
cs1	will invest in a good book	05:28
qman__	"is my network working" is to system administration as "is it plugged in" is to desktop support	05:29
cs1	haha	05:29
electrofreak	it should be said I guess that out of the box, ubuntu server will get an IP from the DHCP server (your router) and "just work"	05:30
qman__	but if you don't set it static, that will change from time to time causing many headaches	05:30
twb	IMO if you ask for static networking, you probably ACTUALLY want fixed DHCP	05:30
electrofreak	just set the IP to something OUTSIDE of the DHCP range	05:31
twb	That's where downstream is just a dump DHCP client, but upstream (the router) is configured to always and only allocate <IP> to a particular MAC	05:31
qman__	yes, but then your DHCP server becomes a single point of failure	05:31
qman__	fine for less important things, but this server sounds pretty important	05:32
twb	qman__: in static networking, you have TWO points of failure	05:32
twb	qman__: because if the network configuration of either end changes, your network won't	05:32
twb	...work	05:32
=== shocm is now known as shocm_
electrofreak	yea, I don't use static assignments on my DHCP server... I just give it a range and then systems that need a static IP, I set a static IP on that system	05:32
twb	For a mission-critical core host like the LDAP/Kerberos server, I might use static networking.	05:33
twb	I certainly wouldn't use static networking for something less important like apache servers.	05:33
qman__	anything that needs to still work when the internet goes down, I use a static IP	05:33
electrofreak	that's a good rule of thumb	05:34
twb	Your DHCP leases are served by the internet?	05:34
qman__	basically, the file server, and the DHCP server	05:34
qman__	a reserved lease is good for just about everything else	05:34
electrofreak	twb, no I think he just means deciding one what needs a static IP...	05:34
twb	It's also worth mentioning that DHCP poisoning can occur on untrusted networks	05:35
electrofreak	all sorts of stuff can happen on untrusted networks ;-)	05:35
twb	Which for something like the auth server, would leave you exposed to MITM	05:35
twb	electrofreak: by "untrusted" I mean things like LANs where you have idiot end users with zombified windows laptops, rather than the conventional stuff like "the internet"	05:36
qman__	I've run into those	05:36
qman__	nasty buggers	05:36
qman__	try to hijack your network with bad DHCP and DNS information	05:36
electrofreak	ha, it's always fun to take all the available DHCP addresses with one machine :-P	05:37
qman__	one windows machine gets infected, starts its own DHCP and DNS, serves other nodes on the network	05:38
qman__	and starts hijacking google searches with malware	05:38
electrofreak	I guess we bored 'em	05:40
yosi	hi all, I'm running 10.04... but i just did an upgrade.. and now my SSHd dones't work... when i log on locally, if i turn ListenAddress (to restrict the SSH host addresses) everything works fine, if it turn it back on, can't connect from any of the listed IPs, but everything worked fine before i did the upgrade... did they do something to the SSHd in the latest upgrade?	06:04
yosi	anyone, any ideas?	06:06
yosi	error: Bind to port 22 on ... failed: Cannot assign requested address.	06:10
yosi	is what i get in my auth log	06:10
jmarsden	yosi: One of the addresses in your ListenAddress line is incorrect, or does not exist on your system, most likely.	06:16
yosi	hmmmm.. well ist s list of 3 external ips... my home and work ip's... it was working for the last 6 months until i did a apt-get upgrade today	06:18
yosi	could that have changed something?	06:18
yosi	its a list*	06:19
yosi	the next line after that error in my auth log is:	06:21
yosi	fatal: Cannot bind any address.	06:21
jmarsden	Um... ListenAddress is for addresses to listen on not for a list of remote addresses! man sshd_config and read it.	06:23
jmarsden	It says: ListenAddress Specifies the local addresses sshd(8) should listen on.	06:23
jmarsden	To restrict where people can ssh in to the server from, use ufw or any other iptables-based packet filter.	06:25
yosi	oh u are right!	06:27
yosi	i mis read it	06:27
yosi	so those are the local address, i guess if u have multiple ips	06:27
yosi	yikes...	06:27
EvilTrek	where are sshd config files stored?	06:28
yosi	so all these months, i guess that feature hasn't been working as inteneded	06:28
jmarsden	EvilTrek: /etc/ssh/	06:28
yosi	is there any way to restict the IPs entering SSH without setting up a firewall...	06:28
EvilTrek	thanks	06:28
yosi	i find ip tables so complicated...	06:28
jmarsden	yosi: ufw is simpler	06:29
yosi	what does ufw stand for?	06:29
yosi	is it as good as iptables?	06:29
EvilTrek	and which line do i edit to deny password auth and allow publickey auth only?	06:30
jmarsden	It uses iptables underneath. It is just a simple command line interface to it.	06:30
EvilTrek	last time I edited sshd_config was about a year ago xD	06:30
jmarsden	EvilTrek: man sshd_config to read all about it.	06:30
yosi	is it part of ubuntu or do i need to load it?	06:30
EvilTrek	jmarsden: ty	06:30
jmarsden	yosi: It is part of Ubuntu but you may need to apt-get install ufw , I am not sure if it gets installed by default on Ubuntu Server.	06:31
yosi	thanks...	06:31
yosi	i will try..	06:31
jmarsden	EvilTrek: You probably want PasswordAuthentication No	06:32
yosi	since i need to only restict ssh, is there any facility in SSHd to oly allow connections from a certain host?	06:32
jmarsden	yosi: You're welcome	06:32
EvilTrek	jmarsden: yeah i found it, already edited, and since its on a VPS, i'm rebooting it now xP	06:32
jmarsden	yosi: I don't think so, but man sshd_config would talk about it if it exists :)	06:34
yosi	thanks	06:34
yosi	will read it nwo	06:34
jmarsden	EvilTrek: There is no need to reboot for that, just restart sshd :)	06:34
EvilTrek	jmarsden: i also edited a few other things that required a restart for (system updates since i'm lazy at updating)	06:34
cs1	guys	06:56
cs1	i would like to ask whether windows platform users can login into Linux server	06:56
yosi	i figured out i could restrict SSH to certain clinetas using TCP wrappers	07:01
jmarsden	cs1: See /topic and read the Server Guide, especially https://help.ubuntu.com/10.04/serverguide/C/windows-networking.html	07:02
cs1	is LVM necessary during RAID installation??	07:25
twb	LVM and RAID are orthogonal	07:26
cs1	aaahh	07:27
cs1	ok	07:27
cs1	thanks	07:27
SpamapS	cs1: these days, not using lvm is sort of like choosing a car with manual windows/locks/etc. It has a place, but you need a good reason. ;)	07:32
cs1	icic	07:32
twb	Does lucid's upstart still run rcS.d and rc2.d jobs by default?	07:32
SpamapS	twb: it still runs all of rc.	07:33
twb	I think so...	07:33
SpamapS	twb: /etc/init/rc.conf	07:33
cs1	about the RAID + LVM...if follow the steps shouldnt be a problem right??	07:33
cs1	because i will start installing the server soon	07:34
cs1	=S	07:34
twb	cs1: md, fake or hardware RAID?	07:34
cs1	whats the difference btwn those 3???=S	07:34
twb	Whether the raid is done by linux, badly by the CPU, or by an expensive dedicated coprocessor	07:35
cs1	i think is done by linux	07:36
SpamapS	cs1: basically, do you have a RAID card, or just some SCSI/SATA/SAS drives?	07:36
cs1	Sata drives	07:36
cs1	not RAID card	07:36
SpamapS	cs1: md then	07:36
cs1	ok	07:36
SpamapS	cs1: md == multi device	07:37
cs1	so i just follow the steps in the RAID guide???	07:37
SpamapS	cs1: its Linux's built in software RAID	07:37
cs1	https://help.ubuntu.com/community/Installation/RAID1%2BLVM	07:37
twb	cs1: if you're using md RAID and LVM, you can set up both at install time using the Ubuntu Server install media.	07:37
cs1	icic	07:38
huats	morning	09:57
AlexC_	morning	11:36
AlexC_	I've got an issue with one of our servers here regarding SSH. We can login just fine, however it is slightly delayed. Looking in /var/log/auth.log we see: reverse mapping checking getaddrinfo for alex.office.local [192.168.0.4] failed - POSSIBLE BREAK-IN ATTEMPT!	11:36
twb	.local is reserved for MDNS	11:37
AlexC_	doing a 'host 192.168.0.4' comes back with 'alex.office.local' and a 'dig a alex.office.local' comes back with 192.168.0.4	11:37
AlexC_	MDNS?	11:37
twb	zeroconf/bonjour/rendezvous	11:37
twb	You cannot use .local on a 192.168 network.	11:38
AlexC_	hum, I thought that was one of the purposes of it?	11:38
twb	You thought wrong.	11:38
AlexC_	however, if this was the issue - our other server does not result in this error and works just fine	11:38
twb	Well, I didn't say it was the ONLY issue	11:39
twb	Ultimately the problem is that libc (nsswitch.conf) isn't reverse resolving your IP back to the expected hostname.	11:39
AlexC_	what could cause this?	11:40
twb	Er, getting it wrong	11:40
cwillu_at_work	AlexC_, was that host run from the server with the issue?	11:40
twb	You should be using "getent hosts".	11:40
twb	host(1) is not a valid test, because it always and only uses DNS.	11:41
AlexC_	cwillu_at_work: yes	11:41
cwillu_at_work	what twb said	11:41
AlexC_	$ getent hosts 192.168.0.4 192.168.0.4 alex.office.local	11:42
cwillu_at_work	the other server probably isn't configured to resolve mdns hostnames, or it's later in the resolve order (which I think it incorrect, as it ends up putting out a dns request that's guaranteed to fail)	11:42
twb	Yeah; I still think the problem is using .local on the wrong network	11:42
AlexC_	what is advised to use instead of .local?	11:42
twb	IME it gives these kinds of bizarro failures	11:42
twb	AlexC_: I use .lan, because it's the OpenWRT default.	11:42
AlexC_	twb: if it makes any difference, there is a Windows Active Directory server on the network, which was setup before I got here to use '.local'	11:45
twb	Just because it was someone else who fucked up doesn't make it right.	11:46
AlexC_	ok, I'll see about changing to .lan	11:49
ramseyd_	Hi guys	12:04
ramseyd_	quick question:	12:04
ramseyd_	I am trying to get latest version of cherokee web server on my ubuntu 10.04 using apt-get	12:04
ramseyd_	But it keeps giving me this error:	12:04
ramseyd_	W: Failed to fetch http://ppa.launchpad.net/cherokee-webserver/ppa/ubuntu/dists/lucid/main/binary-amd64/Packages.gz 404 Not Found	12:04
ramseyd_	Even though, that link is correct	12:04
ramseyd_	Anyone knows what could be wrong?	12:05
ramseyd_	here is what a wget of that link gives me : http://dpaste.org/sIdK/	12:05
ramseyd_	Someone can answer my question please?	12:17
AlexC_	if I'm not putting users in a chroot, and clients would like SSH access - what sort of things should I do to protect certain files? Is it bad practice to remove read access on some files/directories?	12:49
hallyn	jdstrand: gmorning - i was wondering, were you planning on merging libvirt 0.8.2 soon-ish?	12:55
pmatulis	AlexC_: if these clients are not your own people then i wouldn't allow non-chroot access. otherwise set up a separate system just for ssh access	12:56
AlexC_	pmatulis: have you got a guide or reference for chroot SSH? Everything I see is very old and contradicts what other guides say	12:59
AlexC_	I can't find any solid or trustworthy resource	12:59
redshirtlinux	Hello everyone, does anyone know a reason why running updates on an Ubuntu 9.04 server might break the servers ability to talk to LDAP? The server is a hosts a front end via apache and tomcat. The site is made up of java, php, and html.	13:01
pmatulis	AlexC_: i made some notes about it. i don't remember it being terribly hard.	13:19
pmatulis	AlexC_: what's stopping you?	13:19
codeshepherd	I find 50 instances of console-kit-daemon running in my server.. . what does it do? Do I really need it? how do I stop it?	13:38
codeshepherd	no one here uses console kit daemon ?	13:53
jmitchell	are there any bind9 ninjas in the house?	13:54
jmitchell	how can i get bind9 to use/allow login's and passwords for dyndns updates to it? I want to copy changeip.com or dyndns.org's type of setup	13:55
jmitchell	i am currently generating keys instead	13:55
smoser	anyone want to help with https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/43574	13:55
uvirtbot	Launchpad bug 43574 in xinetd "Needs Ubuntu-style init script" [Wishlist,Triaged]	13:55
smoser	it just needs sponsoring.	13:56
smoser	branch attached.	13:56
* jmitchell takes a look at the link\		13:56
jdstrand	hallyn: I'm working on updates for libvirt and will do it as part of that	13:59
AlexC_	pmatulis: I guess it's knowing what programs I want them to have access to, the directory structure and generally how to set it up	14:02
D347H-C0D3	Hi gys... I just used debootrap for ubuntu 8.04 on my ubuntu 9.04(hosted on virtual box). When i tried installing xfce desktop on ubuntu 8.04 the folowing error came: http://paste.ubuntu.com/464024/	14:03
pmatulis	AlexC_: well if they need access surely they know what for, no?	14:06
soren	smoser: Does anything take care not to install the init script anymore?	14:14
smoser	soren, yes. dh handles that.	14:14
smoser	theres magic that, and on upgrade, there is magic that replaces /etc/init.d/xinetd with a link to /lib/init/upstart-job	14:15
smoser	s/^theres magic that,//	14:15
soren	smoser: Neat. :)	14:16
hallyn	jdstrand: awesome, thanks	14:18
AlexC_	pmatulis: yes, though I mean the more core gnu utils	14:21
pmatulis	AlexC_: you have to at least provide a shell for them. i remember having to copy over manually files for even that to work - it's not great	14:22
AlexC_	pmatulis: this is what I don't like, it just seems like one big dirty hack. What happens regarding system updates for files I've copied?	14:23
pmatulis	AlexC_: heh, you ask too many questions	14:24
AlexC_	questions lead to knowledge :P	14:25
pmatulis	AlexC_: and pain	14:25
pmatulis	AlexC_: i can send you my notes if you would like	14:25
AlexC_	that would be great	14:25
AlexC_	thankfully most of our clients will use SFTP, of which chroot is incredibly simple	14:26
pmatulis	AlexC_: dumped notes in a private window	14:27
AlexC_	thanks, I'll read over :)	14:28
sommer	morning all	14:43
freakynl	hi, i'm having quite a bit of issues with ufw (the so called (not so)-uncomplicated firewall). Running ubuntu server 10.04 amd64 with ufw (because apparently that's the only iptables thing actually supported by ubuntu). It's main problem is the default config... who/what decided it would be nice to have a 3 connections per minute by default on EVERY connection on a server? Point me there, I'll bring the bat :). Anyways, anyone know how to	14:58
pmatulis	freakynl: cool down	14:59
AlexC_	freakynl: shorewall. end of :)	14:59
freakynl	pmatulis: actually I am pretty calm, I just find it extremely hard to believe nobody else runs into it / this is default ufw rules on a server. 3 connections / min with a 10 burst is absolutely nothing for a webserver especially if clients don't pipeline	15:01
jdstrand	freakynl: a) shorewall and iptables are both supported. b) only the 'limit' command has a 3 connections per minute default. allow does not	15:01
freakynl	jdstrand: before hitting any allow rules i created with ufw (mainly for 80/443) it hits the ufw-logging-deny chain which blocks it (it goes input -> ufw-before-input -> ufw-logging-deny)	15:03
freakynl	jdstrand: but there's something like iptables-save/restore from init.d then?	15:03
=== dendrobates is now known as dendro-afk
jdstrand	freakynl: actually, I mispoke, the limit command is 6. the '3' you are seeing is for the logging chain, yes	15:06
jdstrand	freakynl: that limit can be adjusted by adjusting your log level in ufw	15:07
jdstrand	freakynl: see the LOGGING section in 'man ufw' for details	15:08
jdstrand	freakynl: but, based on your comment, it sounds like the packets aren't matching your allow rule, which is why it is going to logging-deny (and therefore your default policy) in the first place	15:10
jdstrand	freakynl: as for iptables-restore, see 'man ufw-framework' for details on how things are put together. basically, there is no iptables-save (you use the 'ufw' command or edit files directly) and an iptables-restore action happens on boot (or start/reload)	15:13
Daviey	Is anyone ACK'ing SRU's today?	15:21
Daviey	bah, wrong channel	15:21
freakynl	jdstrand: thanks for the explanation. Actually they do hit allow, otherwise the backup clients wouldn't be able to backup at all and the website wouldn't be accessible. Currently almost all backup clients, depending on what they're doing (ie it occurs when uploading many small files) log 'network connection issues' every 5-10 mins. It then stops backing up for like 5 mins and then tries again. It hits the log/block due to not being allowed by	15:32
=== dendro-afk is now known as dendrobates
=== ogra_ is now known as ogra
Daviey	zul, Are you able to look at bug 313275, soonish?	15:53
uvirtbot	Launchpad bug 313275 in logwatch "logwatch stunnel script doesn't match any stunnel4 log entries" [Low,Triaged] https://launchpad.net/bugs/313275	15:53
zul	Daviey: i could be persuaded yes	15:53
Daviey	zul, R-O-C-K-I-N-G	15:54
Trek	i'm getting a weird issue with things related to something with perl failing. Pastebin: http://starfleet.pastebin.com/E1uXrcyw	15:54
Trek	any idea how to fix it?	15:54
pmatulis	Trek: did you google for 'perl: warning: Setting locale failed.' ?	15:55
Trek	pmatulis: yah, had issues finding it (slow slow slow internet)	15:55
Daviey	Trek, Let us know if your search engine doesn't help you find a solution, and we'll crack on.	15:56
Trek	standby, since GOOGLE IS TAKING 15 MINUTES TO LOAD	15:56
Trek	grr stupid caps	15:56
=== dendrobates is now known as dendro-afk
Trek	o.o	15:58
Trek	well google found a result...	15:58
Trek	but...	15:58
Trek	i get new issues too o.o	15:58
Trek	standby	15:59
Trek	http://starfleet.pastebin.com/2YMhWT6D	15:59
* Trek thinks his install is borked		15:59
sherr	Trek: Google gets lots of hits for : "Cannot set LC_CTYPE to default locale" +ubuntu	16:09
zul	smoser: ping	16:10
smoser	here	16:10
zul	smoser: im thinking this might help you guys http://people.canonical.com/~chucks/xen-mask-out-xsave-for-hvm-guests.patch	16:13
smoser	jjohansen-afk, ^	16:13
RyanP	I have Ubuntu Server 10.04 setup with LDAP authentication, and am using the LDAP server to authenticate client computers to the server. On the clients, everything works. On the server, I can login fine, but attempting to change the password I get the error: 'passwd: Authentication token manipulation error'	16:32
=== dendro-afk is now known as dendrobates
n0n0x	Has anyone ever used sysbench on ubuntu?	16:47
sherr	RyanP: that LDAP error seems to happen a lot and you will get a lot of hits on Google for it. Might be worth checking there first.	16:47
RyanP	sherr: I spent a bunch of time on Google, and most of the links seemed to just say something like 'This is sometimes something to do with LDAP.' but nothing more helpful than that.	16:49
=== jjohansen-afk is now known as jjohansen
[diablo]	hi, anyone know a big table database shipping with LTS please?	16:57
binBASH	big table database?	16:57
binBASH	I thought until now only google got BigTable :D	16:58
oru_work	is there any suspicious activity here ? http://www.pastebin.org/397564	17:01
oru_work	whats that ghostscript ?	17:02
sherr	oru_work: why don't you look it up on the web - easy to track down. Why are you asking about "suspicious" activity?	17:03
jjohansen	smoser: yeah that is essentially what I did	17:04
ScottK	kirkland: Is it reasonably safe/possible to convert from unencrypted to encrypted home directory on 10.04?	17:05
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
hallyn	ScottK: looks like ecryptfs-migrate-home might do it for you. I'm going to test it right now actually. You're on maverick?	17:21
ScottK	I have systems on maverick, but the one in question is lucid.	17:21
hallyn	ScottK: ok - i'm testing in a lucid vm then. I'm curious about it myself, to be able to answer other ppl. (for myself i prefer hand-mounting ecrytpfs'd subdirs - don't know why - old dogs and all that)	17:26
webPragmatist	anyon here use rsyncd?	17:27
* ScottK prefers it to automagic and reliable to having to think about it.		17:28
hallyn	ScottK: <shrug> it worked perfectly for me. I created a new temporary user with sudo privs, logged in as him, then did ecryptefs-migrate-home -u hallyn; did a 'switch user' to hallyn to verify files were ok, 'switch users' back and rm -rf /home/hallyn.<random>	17:42
maek	is there a way to copy the contents of the install dvd and use it for a network based install source?	17:42
hallyn	ScottK: if/when the per-user keyring is honored to deny file reads, i might do all-home encrypted, but as it is, once you log in, any user able to descend your /home/$USER can read all your decrypted files... so i try to keep encrypted dirs unmounted when possible,	17:42
webPragmatist	ScottK: hey	18:01
n0n0x	is it possible that mutexes got 4~5 times slower on x86_64 compared to x86? At least that's what sybench is telling me.	18:01
webPragmatist	under /etc/default/rsync what's yalls default RSYNC_ENABLE	18:02
webPragmatist	true?	18:02
robbiew	ttx: wanted to get together in Prague to make sure things are in line for 10.04.1...is there anyone in Server focused on this?	18:02
maek	in preseed how do you tell the server to use a different repo to install from other then archive.ubuntu.com or the mirror of said repo?	18:03
=== dendrobates is now known as dendro-afk
robbiew	ttx: just want to be sure I don't leave anyone out	18:03
SuperLag	Any of you guys use Tomcat on Ubuntu Server?	18:17
SuperLag	I've added all the tomcat6-* packages, and edited the tomcat-users.xml file to add the default users who were commented out... but when I try to bring up the Tomcat Manager, I'm still getting an "access denied" message	18:18
SuperLag	sigh	18:37
SuperLag	I figured it out. :/	18:37
* SuperLag kicks himself		18:37
ttx	robbiew: that would be zul (and possibly me)	18:45
robbiew	ttx: ack..thnx	18:46
Ast001	Hello after installation of Ubuntu 10.04 server I have got fonts so small that I need microscope to read anything. How can I enlarge that ?	18:47
matt_keys	I'm trying to connect to a remote kvm host via ssh. using just the hostname, I can't log in as root by default so I used username@kvmhost. It prompts for the password and authenticates, but then it closes connection with "File "/usr/share/virt-manager/virtManager/connection.py", line 896, in _try_open None], flags) File "/usr/lib/python2.6/dist-packages/libvirt.py", line 111, in openAuth if ret is None:raise libvirtError('virCon	18:49
Jeeves_	Ast001: Uh, on your monitor?	18:49
Jeeves_	Or via ssh? :)	18:49
Ast001	yes I am unable to configure anything	18:49
Ast001	on monitor	18:50
Jeeves_	Hmm, goed question.	18:50
matt_keys	Ast001: try text mode install?	18:50
Jeeves_	matt_keys: He allready installed	18:50
Jeeves_	and the serverinstaller is textmode :)	18:50
Ast001	I installed ubuntu	18:50
matt_keys	oh... try holding ctrl down and using the scroll wheel	18:50
zul	ttx: are we planning on updating openldap its getting kind of stale in maverick	18:51
Ast001	ok	18:51
Ast001	ctr + mouse wheel changes nothing	18:52
ttx	zul: we should, maybe sync with mathiaz on that	18:52
matt_keys	Ast001: http://ubuntuforums.org/showpost.php?p=4322584&postcount=3	18:53
Ast001	ok thanks	18:53
Ast001	I will try that	18:53
uvirtbot	New bug: #605977 in puppet (main) "emacs puppet-mode not auto loaded in lucid" [Undecided,New] https://launchpad.net/bugs/605977	18:56
RyanP	I have Ubuntu Server 10.04 setup with LDAP authentication, and am using the LDAP server to authenticate client computers to the server. On the clients, everything works. On the server, I can login fine, but attempting to change the password I get the error: 'passwd: Authentication token manipulation error'	19:06
pmatulis	is there a mailing list manager that integrates well with ldap (to hold membership data)?	19:31
ForestBear	hey guys I have a server set up with nginx, I can see it on my own computer by LAN computers (connected to the same router) cannot see it?	19:34
=== dendro-afk is now known as dendrobates
b14ck	Hey all. I'm trying to compile some software that requires the linux source code. I've installed linux-headers-2.6.32-23 linux-image-2.6.32-23-server and linux-source-2.6.32 but they aren't showing up in /usr/src. My question is: How can I force the package manager to 're-install' those packages fresh without removing them and breaking my install?	19:37
sherr	"linux-source" should give you a .tar.bz2 file to extract in /usr/src - are you sure you need it though? Module compilation just needs headers I think.	19:59
pmatulis	he's gone	20:00
sherr	OK, thanks.	20:00
Kream	can anyone recommend a lightweight http webserver with support for http digest authentication?	20:01
pmatulis	Kream: lighttpd	20:03
norbiAnevem	hy guys	20:13
=== norbiAnevem is now known as ubuntu_love
ubuntu_love	can you please help me with some info	20:13
ubuntu_love	i have a domain key	20:14
ubuntu_love	public and private and spf	20:14
ubuntu_love	but yahoo says that domainkey is neutral=it doesn`t exists	20:14
ubuntu_love	it is that possible that dkim-milter doesn`t sign the mail with the domainkey?	20:14
ubuntu_love	or yahoo server is checking that with dig TXT _domainkey?	20:15
=== dendrobates is now known as dendro-afk
ccheney	kirkland, found you don't really need a mirror, approx is good enough :)	20:31
=== pgraner is now known as pgraner-afk
ScottK	ubuntu_love: domainkey and dkim aren't the same thing.	20:41
=== dendro-afk is now known as dendrobates
ubuntu_love	ScottK: could you please check this report: http://pastebin.com/KFXF07hg	20:53
ubuntu_love	it says that the domain key is invalid	20:54
ScottK	ubuntu_love: It says domainkeys neutral (which is due to no signature). Your mail has a DKIM signature, not a domainkeys signature.	20:56
ScottK	ubuntu_love: Which Ubuntu release are you using?	20:57
ubuntu_love	ScottK: i downloaded the ubuntu server today	20:57
ubuntu_love	the server from i send the mails is a fake centos	20:57
ScottK	Then support for it's off topic here.	20:57
ubuntu_love	ScottK: ok, thank you!	20:58
ScottK	hallyn: Worked great. Thanks.	21:04
hallyn	ScottK: cool, glad to hear it	21:07
=== ubuntu_love is now known as tar_xvf
=== tar_xvf is now known as why_centos
n0n0x	Isn't there any way to check how ECC memories are performing? I mean, how many times ECC saved my server	21:31
effowe	Hi: I'm running Ubuntu Server 10.04 and am trying to learn more about /etc/rc*.d, runtimes, and startup processes. running sysv-rc-conf still shows packages that are no longer installed, can someone point me to a comprehensive guide / tutorial to removing unused startup processes from their runtime directories so that they no longer show up in sysv-rc-conf?	21:36
piov	hi...any iptables helpers here...need help with port based routing	21:39
Kream	anyone here use munin?	21:44
ruben23	hi guya anyone can recommend cheapest hosted server..?	21:50
MTecknology	!info php5-gd2	22:04
ubottu	Package php5-gd2 does not exist in lucid	22:04
MTecknology	!info php-gd2	22:04
ubottu	Package php-gd2 does not exist in lucid	22:04
guntbert	!info php5-gd \| MTecknology	22:05
ubottu	MTecknology: php5-gd (source: php5): GD module for php5. In component main, is optional. Version 5.3.2-1ubuntu4.2 (lucid), package size 33 kB, installed size 152 kB	22:05
MTecknology	guntbert: thanks :)	22:07
guntbert	MTecknology: you're welcome :-)	22:07
Kream	anyone here use munin?	22:07
guntbert	Kream: why don't you ask your real question? (I myself know nothing about munin though)	22:09
MTecknology	Kream: I use nginx, it has some of the same letters. :)	22:09
piov	when i do port based routing (mark..ip route...ip rule...etc), traffic routes fine outbound, but inbound syn/ack packets are not forwarded to the client from the linux firewall?	22:10
piov	i can see the packets hit the prerouting chain, but they never get to the forward chain	22:11
piov	any ideas?	22:11
piov	problem similar to http://linux.derkeiler.com/Newsgroups/comp.os.linux.networking/2007-09/msg00095.html	22:12
webPragmatist	how hard would it be to retrofit this to ubutun	22:28
webPragmatist	ubuntu*	22:28
webPragmatist	http://www.server-world.info/en/CentOS_5/lsync/1.html	22:28
=== dendrobates is now known as dendro-afk
=== metcalfc_ is now known as metcalfc
=== Wandrewvious is now known as WALoeIII
theacolyte	Am I missing something, or why is escape not letting me enter grub settings (looks like likewise open broke AGAIN - and I can't log in using any username/password combnations)	23:15
* theacolyte needs to get into init 1		23:15
theacolyte	No amount of mashing escape is working	23:18
theacolyte	Eh, nevermind, I'm just going to roll back to 8.04	23:23
theacolyte	10.04 has been extremely painful	23:23
webPragmatist	how can i make a init.d script start at boot	23:32
qman__	webPragmatist, update-rc.d	23:47
webPragmatist	aww eff LOL	23:47
webPragmatist	well i don't feel as bad… it just uses the start-stop-daemon too … i just created an init.d that was already somewhere on the interweb http://code.google.com/p/lsyncd/source/browse/package/debian/init.d?r=73	23:48
webPragmatist	well	23:51
webPragmatist	that doesn't even seem to specify runtimes?	23:51

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!