[00:05] and thats a big nope [00:06] webPragmatist: This doesn't answer your question, but I prefer to use rsync over ssh. That way I only have to worry about controlling a single point of access on the server (sshd). [00:07] i am using rsync [00:07] it's called rsync with xinetd so it will run as root and not bitch… but the problem is, well… it's bitching [00:07] because it's not really running as root, it's running as like "nobody: [00:08] webPragmatist: clarification: I prefer to do it over ssh rather than use rsyncd. [00:08] oh [00:08] lol [00:08] i dunno about that jazz [00:09] lsyncd doesn't use scp, etc. [00:09] http://www.server-world.info/en/CentOS_5/lsync/1.html [00:09] or rather it does but i don't care to try it [00:09] rsyncd should work [00:10] webPragmatist: rsync works over ssh without using "scp, etc." [00:11] and you just use keys i suppose [00:11] are you going to be around tomorrow? [00:12] in general is the only difference the authentication? or what [00:13] i put my clone in here if you have anything to say :) [00:35] hi what is the latest upgraded kernel version of ubuntu-server..? [00:35] like for ubuntu-8.04 LTS [00:36] oh man, I've got a dead battery in one of my UPSs [00:37] its so bad that its bulging in places [00:38] since that 1500VA UPS is ancient, I am going to assemble a RBC7 battery for a newer APC SmartUPS 1500VA unit I have, but its going to set me back at least NZ$267 >_> [00:38] and considering we're a non-profit, money isn't easy to set aside [01:00] anyone here deal with alot of NFS shares? [01:01] hi guys, i need a little help with my domainkey setup in the zonefile [01:01] i have setted it up: http://pastebin.com/aGSs4pby [01:01] but dig [01:02] sorry, dig _domainkey.mara-tour.ro TXT returns no answer [01:02] do you have any idea why? [01:04] ? [01:04] looks ok to me here [01:04] domainkey.mara-tour.ro. 0 IN A 67.215.65.132 [01:05] billybigrigger, that is a total foobar test :) [01:05] he said txt, not a [01:05] and it starts with a _ [01:05] dig -t txt _domainkey.mara-tour.ro [01:05] thought he was looking for a mail record [01:05] nope [01:05] not familiar with txt sorry [01:05] check: dig -t txt _domainkey.patrickdk.com [01:06] he is looking to get dkim working [01:06] yes [01:06] patdk-wk: you are right, that is what i`m trying to do [01:06] not familiar with dkim...looks like you've volunteered pat :P [01:07] heh, you forgot to put a . on the end of your domains :) [01:07] so it's not _domainkey.mara-tour.ro [01:07] but _domainkey.mara-tour.ro.mara-tour.ro. [01:08] patdk-wk: i will try it now, but tryied before and still nothing [01:08] well, either it must just be, _domainkey [01:08] or, _domainkey.mara-tour.ro. [01:09] atleast based on the other examples i nthe file [01:09] though _domainkey.mara-tour.ro. would be the safe garrentied way [01:09] works [01:09] works? [01:09] ;; ANSWER SECTION: [01:09] _domainkey.mara-tour.ro. 3600 IN TXT "'t=y" [01:09] extra ' though [01:09] it doesn`t to me [01:10] you foobar'ed your test also? :) [01:10] dig -t txt _domainkey.mara-tour.ro [01:10] well, that won't work [01:11] QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 [01:11] your local dns server is caching the bad result [01:11] for up to an hour [01:11] :D [01:11] so you have to contact your server directly [01:11] dig -t txt _domainkey.mara-tour.ro @92.114.86.188 [01:11] hehe [01:11] :D [01:12] patdk-wk: thank you very much! [01:14] nohup dd if=/dev/urandom of=/dev/sdg bs=8192 > /dev/null 2>&1 & [01:14] nothing better than running that on 3 drives [01:14] just wish urandom was faster than 2MB/s [01:18] patdk-wk: Authentication-Results: mx.google.com; spf=pass (google.com: domain of testmail@mara-tour.ro designates 92.114.86.188 as permitted sender) smtp.mail=testmail@mara-tour.ro; dkim=pass header.i=@mara-tour.ro [01:18] google says that dkim pass [01:18] yahoo dont [01:19] cache? [01:19] why all my mails go into spam folder if the ip is not reported as spam? === pgraner-afk is now known as pgraner [01:23] guys, whats the easiest way to send e-mail from console? want to make my server notify me when somthing happen trough bash script [01:26] mail command? [01:26] Hey is there a way to configure ubuntu server to connect to a wireless accesspoint to install? [01:27] telnet? [01:27] php mail? [01:28] you can run a php command via sh [01:28] or telnet i thin [01:28] think* [01:28] but php is sure [01:32] Hey is there a way to configure ubuntu server to connect to a wireless accesspoint to install? [01:34] Or where are the packages that the server needs to install? [02:11] Has anyone worked out how to move a windows image into ubuntu's eucalyptus cloud yet? === jjohansen is now known as jjohansen-afk [02:50] hi guys [02:51] i need some advice about setting up the server [02:51] firstly [02:51] about the networking [02:52] how do i go about setting up the network on the server? [02:54] hello?is anybody available there? [02:55] your guidance is truly appreciated === dendro-afk is now known as dendrobates [03:06] Does anyone know why ifconfig would not want to read from /etc/network/interfaces [03:17] I swear I have this one server that changing the interfaces file does NOTHING I can set the address manually but changing the interfaces file has no effect. Everytime it reconnects it goes back to some other settings! [03:19] It can't be the syntax because this syntax works in every other ubuntu machine I have [03:19] Need help: I am trying to install Ubuntu server 9.10 in virtual machine manager. But Virtual machine manager returns : Unable to complete install: 'internal error unable to start guest: char device redirected to /dev/pts/0 [03:19] qemu: could not open disk image /var/lib/libvirt/images/UbuntuServer.img: No such file or directory [03:23] How to install ubuntu server 9.10 in virtual machine manager? === dendrobates is now known as dendro-afk === dendro-afk is now known as dendrobates [03:52] p1l0t, ifconfig doesn't use those settings, it's strictly a manual override tool [03:53] oh [03:53] you should run `sudo service networking restart` to apply changes made there [03:53] wilco [03:59] how do i get about setting up the network for the server?? [04:10] cs1, it is explained clearly in the Ubuntu Server Guide, linked in the topic [04:11] ok. [04:11] sorry [04:11] maybe i phrased my question wrong. [04:11] if you are having a more specific problem, please explain [04:11] i want to know is it REALLY necessary to setup the TCP/IP and stuff [04:11] because we are only running the server within the company enviroment [04:11] you can't communicate with the internet if you don't have TCP/IP [04:12] icic [04:12] sorry if i ask stupid questions as im new to this [04:12] you could potentially use a different protocol, but these days, TCP/IP is the only one in widespread use [04:12] icic. [04:12] novell IPX/SPX is long gone, and IPv6 hasn't taken off yet [04:12] so its better to setup TCP/IP?? [04:13] how about DHCP?? [04:13] is it neccesary?? [04:13] DHCP operates over IP [04:13] DHCP is entirely optional [04:13] ok [04:13] regarding remote administration [04:14] say i dont want to set it up now [04:14] will i have trouble setting it up later in the future?? [04:14] it being remote administration, that's easy [04:14] simply install the openSSH server [04:14] it can be done at any point in time [04:14] icic [04:15] so it wont cause the server to crash later on?? [04:15] of course not [04:15] it wouldn't be very useful if it did [04:15] ok. [04:15] about DNS [04:16] DNS is also optional [04:16] not necessary to setup right?? [04:16] ok [04:16] provided you don't mind using IPs to refer to your computers [04:16] i cant use host name to refer to the pc in the company?? [04:16] not without some sort of name resolution [04:16] sorry [04:16] you can with dns [04:16] computer name [04:16] DNS is one way, there are many [04:17] you can set up the hosts files, or use netbios, though that one's a bit trickier with linux [04:17] DNS scales the best [04:17] i see [04:18] so in a way its better to setup DNS to avoid any unwanted problems later on? [04:18] as opposed to using hosts files, yes [04:18] since each computer's hosts file must be configured in order to work [04:18] while a DNS server can provide names to all computers on the network [04:18] icic [04:19] so without DNS,i will have to use the ip address to communicate with them?? [04:19] yes [04:19] ok. [04:19] network authentication [04:19] which one is more flexible [04:20] OpenLDAP [04:20] Samba and LDAP [04:20] Kerberos [04:20] Kerberos and LDAP [04:20] im not sure what are the difference among this four [04:20] Depends on what you want to do [04:20] they are all more or less equally flexible [04:20] icic [04:20] setting up a working system with any of the above is quite a complex process [04:21] because we want to setup ERP on the server [04:21] so we want to setup the server to be stable [04:21] be aware that if you are trying to integrate with a microsoft active directory network, not all features are implemented in samba and you will have limited functionality [04:21] why isn't there a config in /proc/? [04:22] so its better to use Kerberos?? [04:22] no, samba is the only real way to integrate with active directory [04:22] aahh [04:22] ok [04:23] you can get basic authentication if you make some undocumented tweaks to your windows servers [04:23] but other than that, there isn't much [04:23] If you have any Windows computers on your network you will want samba more then likely [04:23] yes. [04:24] yes, samba provides the best way to communicate with windows [04:24] as limited as it is [04:24] limited as in?? [04:24] samba's authentication is on the same level as windows NT 4 [04:25] getting it to work with active directory is an exercise in frustration, to say the least [04:25] and you won't get anything more than simple authentication [04:25] ok. [04:25] none of the extra features like group policy are available [04:25] sounds extremely hard to setup then [04:25] it's definitely an advanced-level task [04:26] i see. [04:26] I wouldn't say extreme but it does take a little reading [04:26] ok. [04:26] for the remote administration, its better to use OpenSSH or eBox?? [04:26] i read in forums, ebox seems to be the more favorable option [04:27] if you like hold-your-hand interfaces, then yes [04:27] but be prepared for little bugs and things to pop up [04:27] I use SSH but I have not tried eBox [04:27] and definitely make sure you lock down your internet access to it [04:27] I use SSH exclusively [04:27] what is eBox? [04:27] !ebox [04:27] ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox [04:28] oh, ewww. lol [04:28] in other words SSH is more stable than ebox?? [04:28] More secure for sure [04:28] eBox is likely more user friendly... I wouldn't even classify eBox and SSH together [04:29] because of the way ebox and similar interfaces work, if you try to do things manually as well as use ebox, you will be in a situation where the 'automagic' code is fighting with you over your manual settings [04:29] confusing things can happen [04:29] so unless you plan to use ebox exclusively, I suggest not using it [04:29] icic. [04:30] yeah, I would likely not like ebox because it wont be flexible enough [04:30] icic. [04:30] we want flexibility [04:30] thats why we are looking for options [04:30] automagic code has fighting me my whole life - hence why I switched to linux... of course now even linux is starting with auto-magic but at least my servers are still fairly pure [04:30] before we start setting up the server. [04:31] ebox fills the niche of cookie-cutter setups [04:31] custom setups are better served manually [04:31] ok. [04:31] cs1: ah... doing some research for work or something? definitely play with this stuff in VMs to get a feel for things [04:32] yes. [04:32] im doing research for work [04:32] yes, definitely set up a test system and play with it [04:32] make sure it will work for you before you commit to it [04:32] its better to run things in VM before doing it on the server right?? [04:32] Or just stick it on some old computer and learn with it [04:33] I started a few years ago just because the Windows crashed on this old computer we had. No I run the company on that server. lol [04:33] LOL [04:33] about setting up the security for the server [04:33] im not entirely clear about this [04:34] Ubuntu is pretty good with being configured by default for security. Just read carefully about the changes you make [04:34] icic. [04:34] so i can setup up the server without have to fiddle with the security options>? [04:36] there aren't any "security options" per se [04:36] icic. [04:36] about the monitoring part [04:36] Well it depends what you do. Security options is kind of a vague statement [04:36] security is not something that you just "turn on", it is a philosophy you follow throughout your system design [04:36] hrmm [04:36] ok [04:36] ubuntu is secure by default, so you only need to worry about the things that you add or configure [04:37] ok [04:37] set up a proper firewall preventing internet access to things that should not have it, etc [04:37] what is the server going to be used for? [04:37] to host ERP system [04:37] Enterprise Resourcing system [04:38] I wish I knew what that was [04:38] ermmm [04:38] http://en.wikipedia.org/wiki/Enterprise_resource_planning [04:39] here is the lin [04:39] *link [04:39] hope it helps [04:39] how about monitoring part?? [04:39] from the documentation [04:39] i can see there are 2 ways to go [04:39] 1 is using Nagios [04:39] another is Munin [04:40] Nagios is a good platform [04:40] I have not used Munin [04:40] but if you're only monitoring one system, either is overkill [04:41] I am actually working on my own system, but I have much more to learn about MySql [04:41] they're designed to be full network reporting infrastructures [04:41] ok [04:41] File servers [04:41] for windows clients, samba is king [04:42] for linux clients, there are lots of options [04:42] ok. [04:42] nfs is probably the best option for linux clients [04:42] thats for the DNS right?? [04:42] * giovani cringes [04:42] ic [04:42] NFS has specific weaknesses [04:42] cs1: Munin is for instrumentation (graphing mostly). Nagios is for alerting. [04:42] such as?? [04:42] it is wholly insecure without a tightly knit directory service [04:43] cs1: Munin can feed alerts to Nagios [04:43] if high throughput and performance is not critical, sftp is a great option [04:43] secure authentication and easy to use linux-to-linux [04:44] i see [04:44] there are many more options though, especially if you're looking into distributed file systems [04:44] i have no idea about file server [04:44] nfsv4 is not insecure [04:44] ok [04:45] most of the weaknesses in nfs were eliminated w/ v4 [04:45] what other options do i have?? [04:45] but its still more complex than samba [04:45] SpamapS, you still need a directory service to set up per-user access [04:46] NFS works great in specific situations [04:46] i see [04:46] but there are plenty where it is a poor choice too [04:46] qman__: yeah, I really wish people would just standardize on a single LDAP schema and one kerberos implementation so we can stop saying "it depends" [04:46] New bug: #605719 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.31-1ubuntu2 failed to install/upgrade: subprocess pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/605719 [04:46] Windows can interact with samba directly [04:46] anything else you choose will require you to install software on windows clients [04:47] all the computer in the company uses linux [04:47] but we wanna prepare ourselves just in case we have 1 or 2 windows platform [04:47] then, your options go way up [04:47] LOL [04:47] this is head cracking [04:48] tons of options with neat features, like AFS [04:48] what does AFS stands for? [04:48] there are about as many options are there are keys on your keyboard [04:48] Andrew File System [04:48] geez [04:48] Areallyhardtogetrunning File System [04:48] haha [04:48] at least, it was 6 years ago [04:49] I suppose if you expect solutions that are out of the box to work well [04:49] My theory is it was a ploy by CMU to encourage people to get advanced degrees trying to understand it. [04:49] you will be disappointed [04:49] well, AFS wasn't written by CMU [04:49] http://en.wikipedia.org/wiki/Category:Network_file_systems [04:49] just to give you an idea [04:49] @.@ [04:49] thats alot [04:50] AFS was an IBM project originally [04:50] the chat application [04:50] then became CMU [04:50] can i add this feature in later on? [04:51] or its better to perform it while i setup my server [04:51] I don't know what you mean by "the chat application" [04:51] http://www.itp.uzh.ch/~dpotter/howto/kerberos <-- NFSv4 + LDAP + Kerberos = pages and pages of fun repetitive steps that could be packaged just like MS packages ActiveDirectory [04:51] cs1 you can setup any thing at any time [04:51] you can install anything at any time, but be aware that sometimes changing things breaks them, so any changes you make later you will want to perform on a test system first [04:51] aaahhh [04:51] ok [04:52] because im looking at the documentation for ubuntu server [04:52] there is a part called chat applications [04:52] SpamapS, that's my biggest feature request for ubuntu server, a tasksel-style ready to go directory setup [04:53] qman__: I believe it was discussed at UDS Maverick [04:54] guys...what is version control system?? [04:54] cs1: wow [04:54] SpamapS : yes? [04:55] it is a system to keep track of versions and changes to files [04:55] mostly used for source code or important documents [04:55] i see [04:55] cs1: version control is just so vital, I'm surprised that you would ask. I'm sorry, I don't mean to imply anything by that. [04:56] yes, it's a critical part of the development process of any software [04:56] qman__: Should be used for config info too [04:56] i see i see. [04:56] FreeBSD figured that out a long time ago.. we're just not figuring it out w/ etckeeper. [04:56] so its a MUST to have?? [04:56] only if you have something you need to keep track of [04:56] s/development of any software/infrastructure of any company/ [04:57] ok. [04:57] such as a software project, some important documents, or anything that changes that you need to keep track of [04:57] i see i see. [04:57] like, say, /etc/apache2/* ;) [04:57] SpamapS : i ask about it because i have no idea what is it about. =) [04:58] version control is especially important if you have multiple people working on something [04:58] aaahhh [04:58] qman__: Its pretty vital to keep track of changes to system configurations IMO. [04:58] How do I change my server locale? [04:58] about windows networking [04:58] if someone deletes something important from a file, you can get it back [04:58] SpamapS: the other really annoying thing about nfsv3/krb/ldap is I don't have a turn-key way to get SSO [04:59] seems like windows networking is the hardest of all right?? [04:59] integration with windows is handled mostly with samba [04:59] qman__: what if you hae one person.. but that person quits. Its going to be vital to your organization to be able to understand why that person did things.. version control can definitely help untangle messes and timebombs. [04:59] ok [04:59] cs1: actually setting up samba to talk to windows clients is pretty simple [04:59] so just install Samba an configure it?? [04:59] file sharing with samba is easy [04:59] authentication is not [05:00] ok [05:00] authentication as in accessing each other file? [05:00] that is, active directory authentication [05:00] qman__: agreed. it can be.. maddening. ;) [05:00] user-based file permissions is also fairly simple [05:00] i see [05:00] perghhh...information overload on my head now [05:01] cs1: just figure out the next thing you need to do.. leave the rest for after thats done. [05:01] SpamapS, I can definitely see the value there, I don't really use it myself because I'm pretty much a one-man IT department, even with the jobs I do for other people [05:02] how about backups?? [05:02] but bringing others into the equation, that would be critical [05:02] backups have even more options than file sharing [05:02] Bacula is a software to handle backup? [05:02] qman__: one man IT depts. are actually *more* important to wrap in version control. :) [05:03] cs1: I am a huge fan of Bacula [05:03] easy to use?? [05:04] cs1: depends on your setup.. if you just backup "everything everywhere" .. then its easy because the config file is very simple. [05:04] I'd suggest rsnapshot, too. I've never used bacula, tho [05:04] cs1: if you start trying to get tricky w/ different file sets and agents and policies.. its still not all that "hard" .. but its not point and click. ;) [05:05] about the networking part [05:05] we have router and switch on our server [05:05] most of my backups consist of tar commands in a cron script [05:05] rsnapshot is good for very simple setups. Its kind of like Apple's Time Machine without the pretty graphics. ;) [05:05] do we still need to configure TCP/IP?? [05:05] SpamapS: and it works. [05:05] cs1, you cannot access network resources if you don't configure TCP/IP [05:06] cs1: I think you may need to think about getting some training. [05:06] SpamapS: please don't compare it to TimeMachine... I hate TM with a passion [05:06] yeah [05:06] cs1: we can answer questions, but the reason you're feeling overwhelmed is you need a stronger foundation. [05:06] i seriously need training now [05:07] ubuntu is absolutely a very good "first linux server" tho... [05:07] electrofreak: TM has saved me at least 3 times now.. so I TimeMachine. [05:07] if you really want to understand how it works, I suggest starting with a routers & routing course [05:07] it will give you a strong understanding of what networking really is [05:07] then move on to the server administration stuff [05:07] cs1: though being forced to learn it all "on the job" can be great training. :) [05:08] yeah [05:08] but if it's your first encounter with linux... or running a server in general... it will definitely be overwhelming [05:08] thats what im going through now [05:08] actually I know a kid who started out in IT at 16 racking servers for a hosting company.. [05:08] one of the best sysadmins/webdevs I work with now, 5 years later. [05:09] never saw Windows other than on his laptop. [05:09] some people just really have a nac for it [05:09] Yeah, the key is that you like trial and error. :) [05:09] wow [05:09] that kid is smart [05:10] I find the people that know the most and do the best work are the ones who take the time to learn and understand how it works on a basic level [05:10] don't just memorize commands or "this is how it's done" [05:10] memorization is what you do to get a paycheck [05:10] LOL [05:10] agree [05:10] deep understanding comes from a desire to master your domain. :) [05:10] i see [05:10] you guys have been great help [05:10] thank you so much [05:11] this channel is open 24x7! [05:11] You're confusing memorization with deliberately inserting dead-man heisenbugs. [05:11] electrofreak: except bank holidays and the Queen's birthday [05:11] LOL [05:11] lol [05:12] ok [05:12] 1 more question [05:12] what steps do i have to take in order to setup the server... [05:12] install it you mean? [05:12] the company will be using the server to host the ERP system [05:13] yaya [05:13] install it [05:13] download the iso, burn to CD [05:13] ok [05:13] boot it in the server and follow the on-screen instructions [05:14] well, download and burn the ISO... insert it into the drive, boot up, and follow the step-by-step. installing ubuntu is as easy as it gets. [05:14] ok [05:14] I do it for fun sometimes. [05:14] but i mean when configuring the whole server to perform what we want the server to do for us [05:15] the Ubuntu Server Guide covers most common tasks very well, once it's installed [05:15] https://help.ubuntu.com/10.04/serverguide/C/index.html [05:16] thanks [05:16] so before doing it on a server [05:16] its better to install it on a VM right?? [05:16] to test out everything [05:16] whether you use a real server or a VM doesn't matter [05:16] before we migrate to server [05:16] aahh [05:16] ic [05:16] what does matter is that you don't take your business down to do it [05:17] haha [05:17] do it in a sandbox, a test system [05:17] thats crazy [05:17] VM is just easy to play around with things... [05:17] i see [05:17] if you have extra hardware to play with, feel free [05:17] haha [05:17] if not, a VM is a good way to do it [05:17] now my brain is hanged [05:18] LOL!! [05:18] good luck sir! [05:18] haha [05:19] thanks [05:19] im not sir btw..=P [05:19] ooo, opps. my bad [05:20] haha [05:20] its ok [05:20] =) [05:20] anything else i missed out? [05:20] in making more out from the server?? [05:21] make sure the hardware you put it on is a stable machine... [05:21] not something thats going to catch fire every other day or whatever [05:21] haha [05:21] yeah [05:21] i mean software [05:21] yeah, don't buy brand new overclocker hardware, or grandma's old computer, get something you can trust [05:22] what is etckeeper btw?? [05:22] etckeeper is version control for your /etc directory, in other words, your system configuration files [05:23] so its a must have?? [05:23] highly recommended [05:23] ok [05:23] great [05:24] im still not very clear about the networking thingy [05:24] maybe like you guys have said [05:24] i need training [05:24] networking is the basis on which everything we talked about runs [05:24] it is essential [05:24] but by setting up the TCP/IP,it wont affect the switch and router right? [05:25] oh, if the server is just going to be a client behind an existing router/switch setup... then you shouldn't have any problems. [05:26] what about using the server as a host? [05:26] will it have problems? [05:26] no, the networking only gets complicated once you start using the server as a router or firewall [05:26] haha [05:26] OK [05:26] pretty much, you will configure an address for it to use, and leave it alone [05:27] ok [05:27] i think thats all for now [05:27] but an understanding of how it works is very useful when you run into trouble elsewhere [05:27] now i have to discuss about it to my boss [05:27] definitely look into a good book or a course on it [05:28] haha [05:28] ok [05:28] will invest in a good book [05:29] "is my network working" is to system administration as "is it plugged in" is to desktop support [05:29] haha [05:30] it should be said I guess that out of the box, ubuntu server will get an IP from the DHCP server (your router) and "just work" [05:30] but if you don't set it static, that will change from time to time causing many headaches [05:30] IMO if you ask for static networking, you probably ACTUALLY want fixed DHCP [05:31] just set the IP to something OUTSIDE of the DHCP range [05:31] That's where downstream is just a dump DHCP client, but upstream (the router) is configured to always and only allocate to a particular MAC [05:31] yes, but then your DHCP server becomes a single point of failure [05:32] fine for less important things, but this server sounds pretty important [05:32] qman__: in static networking, you have TWO points of failure [05:32] qman__: because if the network configuration of either end changes, your network won't [05:32] ...work === shocm is now known as shocm_ [05:32] yea, I don't use static assignments on my DHCP server... I just give it a range and then systems that need a static IP, I set a static IP on that system [05:33] For a mission-critical core host like the LDAP/Kerberos server, I might use static networking. [05:33] I certainly wouldn't use static networking for something less important like apache servers. [05:33] anything that needs to still work when the internet goes down, I use a static IP [05:34] that's a good rule of thumb [05:34] Your DHCP leases are served by the internet? [05:34] basically, the file server, and the DHCP server [05:34] a reserved lease is good for just about everything else [05:34] twb, no I think he just means deciding one what needs a static IP... [05:35] It's also worth mentioning that DHCP poisoning can occur on untrusted networks [05:35] all sorts of stuff can happen on untrusted networks ;-) [05:35] Which for something like the auth server, would leave you exposed to MITM [05:36] electrofreak: by "untrusted" I mean things like LANs where you have idiot end users with zombified windows laptops, rather than the conventional stuff like "the internet" [05:36] I've run into those [05:36] nasty buggers [05:36] try to hijack your network with bad DHCP and DNS information [05:37] ha, it's always fun to take all the available DHCP addresses with one machine :-P [05:38] one windows machine gets infected, starts its own DHCP and DNS, serves other nodes on the network [05:38] and starts hijacking google searches with malware [05:40] I guess we bored 'em [06:04] hi all, I'm running 10.04... but i just did an upgrade.. and now my SSHd dones't work... when i log on locally, if i turn ListenAddress (to restrict the SSH host addresses) everything works fine, if it turn it back on, can't connect from any of the listed IPs, but everything worked fine before i did the upgrade... did they do something to the SSHd in the latest upgrade? [06:06] anyone, any ideas? [06:10] error: Bind to port 22 on *.*.*.* failed: Cannot assign requested address. [06:10] is what i get in my auth log [06:16] yosi: One of the addresses in your ListenAddress line is incorrect, or does not exist on your system, most likely. [06:18] hmmmm.. well ist s list of 3 external ips... my home and work ip's... it was working for the last 6 months until i did a apt-get upgrade today [06:18] could that have changed something? [06:19] its a list* [06:21] the next line after that error in my auth log is: [06:21] fatal: Cannot bind any address. [06:23] Um... ListenAddress is for addresses to *listen* on not for a list of remote addresses! man sshd_config and read it. [06:23] It says: ListenAddress Specifies the local addresses sshd(8) should listen on. [06:25] To restrict where people can ssh in to the server from, use ufw or any other iptables-based packet filter. [06:27] oh u are right! [06:27] i mis read it [06:27] so those are the local address, i guess if u have multiple ips [06:27] yikes... [06:28] where are sshd config files stored? [06:28] so all these months, i guess that feature hasn't been working as inteneded [06:28] EvilTrek: /etc/ssh/ [06:28] is there any way to restict the IPs entering SSH without setting up a firewall... [06:28] thanks [06:28] i find ip tables so complicated... [06:29] yosi: ufw is simpler [06:29] what does ufw stand for? [06:29] is it as good as iptables? [06:30] and which line do i edit to deny password auth and allow publickey auth only? [06:30] It uses iptables underneath. It is just a simple command line interface to it. [06:30] last time I edited sshd_config was about a year ago xD [06:30] EvilTrek: man sshd_config to read all about it. [06:30] is it part of ubuntu or do i need to load it? [06:30] jmarsden: ty [06:31] yosi: It is part of Ubuntu but you may need to apt-get install ufw , I am not sure if it gets installed by default on Ubuntu Server. [06:31] thanks... [06:31] i will try.. [06:32] EvilTrek: You probably want PasswordAuthentication No [06:32] since i need to only restict ssh, is there any facility in SSHd to oly allow connections from a certain host? [06:32] yosi: You're welcome [06:32] jmarsden: yeah i found it, already edited, and since its on a VPS, i'm rebooting it now xP [06:34] yosi: I don't think so, but man sshd_config would talk about it if it exists :) [06:34] thanks [06:34] will read it nwo [06:34] EvilTrek: There is no need to reboot for that, just restart sshd :) [06:34] jmarsden: i also edited a few other things that required a restart for (system updates since i'm lazy at updating) [06:56] guys [06:56] i would like to ask whether windows platform users can login into Linux server [07:01] i figured out i could restrict SSH to certain clinetas using TCP wrappers [07:02] cs1: See /topic and read the Server Guide, especially https://help.ubuntu.com/10.04/serverguide/C/windows-networking.html [07:25] is LVM necessary during RAID installation?? [07:26] LVM and RAID are orthogonal [07:27] aaahh [07:27] ok [07:27] thanks [07:32] cs1: these days, not using lvm is sort of like choosing a car with manual windows/locks/etc. It has a place, but you need a good reason. ;) [07:32] icic [07:32] Does lucid's upstart still run rcS.d and rc2.d jobs by default? [07:33] twb: it still runs all of rc. [07:33] I *think* so... [07:33] twb: /etc/init/rc.conf [07:33] about the RAID + LVM...if follow the steps shouldnt be a problem right?? [07:34] because i will start installing the server soon [07:34] =S [07:34] cs1: md, fake or hardware RAID? [07:34] whats the difference btwn those 3???=S [07:35] Whether the raid is done by linux, badly by the CPU, or by an expensive dedicated coprocessor [07:36] i think is done by linux [07:36] cs1: basically, do you have a RAID card, or just some SCSI/SATA/SAS drives? [07:36] Sata drives [07:36] not RAID card [07:36] cs1: md then [07:36] ok [07:37] cs1: md == multi device [07:37] so i just follow the steps in the RAID guide??? [07:37] cs1: its Linux's built in software RAID [07:37] https://help.ubuntu.com/community/Installation/RAID1%2BLVM [07:37] cs1: if you're using md RAID and LVM, you can set up both at install time using the Ubuntu Server install media. [07:38] icic [09:57] morning [11:36] morning [11:36] I've got an issue with one of our servers here regarding SSH. We can login just fine, however it is slightly delayed. Looking in /var/log/auth.log we see: reverse mapping checking getaddrinfo for alex.office.local [192.168.0.4] failed - POSSIBLE BREAK-IN ATTEMPT! [11:37] .local is reserved for MDNS [11:37] doing a 'host 192.168.0.4' comes back with 'alex.office.local' and a 'dig a alex.office.local' comes back with 192.168.0.4 [11:37] MDNS? [11:37] zeroconf/bonjour/rendezvous [11:38] You cannot use .local on a 192.168 network. [11:38] hum, I thought that was one of the purposes of it? [11:38] You thought wrong. [11:38] however, if this was the issue - our other server does not result in this error and works just fine [11:39] Well, I didn't say it was the ONLY issue [11:39] Ultimately the problem is that libc (nsswitch.conf) isn't reverse resolving your IP back to the expected hostname. [11:40] what could cause this? [11:40] Er, getting it wrong [11:40] AlexC_, was that host run from the server with the issue? [11:40] You should be using "getent hosts". [11:41] host(1) is not a valid test, because it always and only uses DNS. [11:41] cwillu_at_work: yes [11:41] what twb said [11:42] $ getent hosts 192.168.0.4 192.168.0.4 alex.office.local [11:42] the other server probably isn't configured to resolve mdns hostnames, or it's later in the resolve order (which I think it incorrect, as it ends up putting out a dns request that's guaranteed to fail) [11:42] Yeah; I still think the problem is using .local on the wrong network [11:42] what is advised to use instead of .local? [11:42] IME it gives these kinds of bizarro failures [11:42] AlexC_: I use .lan, because it's the OpenWRT default. [11:45] twb: if it makes any difference, there is a Windows Active Directory server on the network, which was setup before I got here to use '.local' [11:46] Just because it was someone else who fucked up doesn't make it right. [11:49] ok, I'll see about changing to .lan [12:04] Hi guys [12:04] quick question: [12:04] I am trying to get latest version of cherokee web server on my ubuntu 10.04 using apt-get [12:04] But it keeps giving me this error: [12:04] W: Failed to fetch http://ppa.launchpad.net/cherokee-webserver/ppa/ubuntu/dists/lucid/main/binary-amd64/Packages.gz 404 Not Found [12:04] Even though, that link is correct [12:05] Anyone knows what could be wrong? [12:05] here is what a wget of that link gives me : http://dpaste.org/sIdK/ [12:17] Someone can answer my question please? [12:49] if I'm not putting users in a chroot, and clients would like SSH access - what sort of things should I do to protect certain files? Is it bad practice to remove read access on some files/directories? [12:55] jdstrand: gmorning - i was wondering, were you planning on merging libvirt 0.8.2 soon-ish? [12:56] AlexC_: if these clients are not your own people then i wouldn't allow non-chroot access. otherwise set up a separate system just for ssh access [12:59] pmatulis: have you got a guide or reference for chroot SSH? Everything I see is very old and contradicts what other guides say [12:59] I can't find any solid or trustworthy resource [13:01] Hello everyone, does anyone know a reason why running updates on an Ubuntu 9.04 server might break the servers ability to talk to LDAP? The server is a hosts a front end via apache and tomcat. The site is made up of java, php, and html. [13:19] AlexC_: i made some notes about it. i don't remember it being terribly hard. [13:19] AlexC_: what's stopping you? [13:38] I find 50 instances of console-kit-daemon running in my server.. . what does it do? Do I really need it? how do I stop it? [13:53] no one here uses console kit daemon ? [13:54] are there any bind9 ninjas in the house? [13:55] how can i get bind9 to use/allow login's and passwords for dyndns updates to it? I want to copy changeip.com or dyndns.org's type of setup [13:55] i am currently generating keys instead [13:55] anyone want to help with https://bugs.launchpad.net/ubuntu/+source/xinetd/+bug/43574 [13:55] Launchpad bug 43574 in xinetd "Needs Ubuntu-style init script" [Wishlist,Triaged] [13:56] it just needs sponsoring. [13:56] branch attached. [13:56] * jmitchell takes a look at the link\ [13:59] hallyn: I'm working on updates for libvirt and will do it as part of that [14:02] pmatulis: I guess it's knowing what programs I want them to have access to, the directory structure and generally how to set it up [14:03] Hi gys... I just used debootrap for ubuntu 8.04 on my ubuntu 9.04(hosted on virtual box). When i tried installing xfce desktop on ubuntu 8.04 the folowing error came: http://paste.ubuntu.com/464024/ [14:06] AlexC_: well if they need access surely they know what for, no? [14:14] smoser: Does anything take care not to install the init script anymore? [14:14] soren, yes. dh handles that. [14:15] theres magic that, and on upgrade, there is magic that replaces /etc/init.d/xinetd with a link to /lib/init/upstart-job [14:15] s/^theres magic that,// [14:16] smoser: Neat. :) [14:18] jdstrand: awesome, thanks [14:21] pmatulis: yes, though I mean the more core gnu utils [14:22] AlexC_: you have to at least provide a shell for them. i remember having to copy over manually files for even that to work - it's not great [14:23] pmatulis: this is what I don't like, it just seems like one big dirty hack. What happens regarding system updates for files I've copied? [14:24] AlexC_: heh, you ask too many questions [14:25] questions lead to knowledge :P [14:25] AlexC_: and pain [14:25] AlexC_: i can send you my notes if you would like [14:25] that would be great [14:26] thankfully most of our clients will use SFTP, of which chroot is incredibly simple [14:27] AlexC_: dumped notes in a private window [14:28] thanks, I'll read over :) [14:43] morning all [14:58] hi, i'm having quite a bit of issues with ufw (the so called (not so)-uncomplicated firewall). Running ubuntu server 10.04 amd64 with ufw (because apparently that's the only iptables thing actually supported by ubuntu). It's main problem is the default config... who/what decided it would be nice to have a 3 connections per minute by default on *EVERY* connection on a *server*? Point me there, I'll bring the bat :). Anyways, anyone know how to [14:59] freakynl: cool down [14:59] freakynl: shorewall. end of :) [15:01] pmatulis: actually I am pretty calm, I just find it extremely hard to believe nobody else runs into it / this is default ufw rules on a *server*. 3 connections / min with a 10 burst is absolutely nothing for a webserver especially if clients don't pipeline [15:01] freakynl: a) shorewall and iptables are both supported. b) only the 'limit' command has a 3 connections per minute default. allow does not [15:03] jdstrand: before hitting any allow rules i created with ufw (mainly for 80/443) it hits the ufw-logging-deny chain which blocks it (it goes input -> ufw-before-input -> ufw-logging-deny) [15:03] jdstrand: but there's something like iptables-save/restore from init.d then? === dendrobates is now known as dendro-afk [15:06] freakynl: actually, I mispoke, the limit command is 6. the '3' you are seeing is for the logging chain, yes [15:07] freakynl: that limit can be adjusted by adjusting your log level in ufw [15:08] freakynl: see the LOGGING section in 'man ufw' for details [15:10] freakynl: but, based on your comment, it sounds like the packets aren't matching your allow rule, which is why it is going to logging-deny (and therefore your default policy) in the first place [15:13] freakynl: as for iptables-restore, see 'man ufw-framework' for details on how things are put together. basically, there is no iptables-save (you use the 'ufw' command or edit files directly) and an iptables-restore action happens on boot (or start/reload) [15:21] Is anyone ACK'ing SRU's today? [15:21] bah, wrong channel [15:32] jdstrand: thanks for the explanation. Actually they do hit allow, otherwise the backup clients wouldn't be able to backup at all and the website wouldn't be accessible. Currently almost all backup clients, depending on what they're doing (ie it occurs when uploading many small files) log 'network connection issues' every 5-10 mins. It then stops backing up for like 5 mins and then tries again. It hits the log/block due to not being allowed by === dendro-afk is now known as dendrobates === ogra_ is now known as ogra [15:53] zul, Are you able to look at bug 313275, soonish? [15:53] Launchpad bug 313275 in logwatch "logwatch stunnel script doesn't match any stunnel4 log entries" [Low,Triaged] https://launchpad.net/bugs/313275 [15:53] Daviey: i could be persuaded yes [15:54] zul, R-O-C-K-I-N-G [15:54] i'm getting a weird issue with things related to something with perl failing. Pastebin: http://starfleet.pastebin.com/E1uXrcyw [15:54] any idea how to fix it? [15:55] Trek: did you google for 'perl: warning: Setting locale failed.' ? [15:55] pmatulis: yah, had issues finding it (slow slow slow internet) [15:56] Trek, Let us know if your search engine doesn't help you find a solution, and we'll crack on. [15:56] standby, since GOOGLE IS TAKING 15 MINUTES TO LOAD [15:56] grr stupid caps === dendrobates is now known as dendro-afk [15:58] o.o [15:58] well google found a result... [15:58] but... [15:58] i get new issues too o.o [15:59] standby [15:59] http://starfleet.pastebin.com/2YMhWT6D [15:59] * Trek thinks his install is borked [16:09] Trek: Google gets lots of hits for : "Cannot set LC_CTYPE to default locale" +ubuntu [16:10] smoser: ping [16:10] here [16:13] smoser: im thinking this might help you guys http://people.canonical.com/~chucks/xen-mask-out-xsave-for-hvm-guests.patch [16:13] jjohansen-afk, ^ [16:32] I have Ubuntu Server 10.04 setup with LDAP authentication, and am using the LDAP server to authenticate client computers to the server. On the clients, everything works. On the server, I can login fine, but attempting to change the password I get the error: 'passwd: Authentication token manipulation error' === dendro-afk is now known as dendrobates [16:47] Has anyone ever used sysbench on ubuntu? [16:47] RyanP: that LDAP error seems to happen a lot and you will get a lot of hits on Google for it. Might be worth checking there first. [16:49] sherr: I spent a bunch of time on Google, and most of the links seemed to just say something like 'This is sometimes something to do with LDAP.' but nothing more helpful than that. === jjohansen-afk is now known as jjohansen [16:57] <[diablo]> hi, anyone know a big table database shipping with LTS please? [16:57] big table database? [16:58] I thought until now only google got BigTable :D [17:01] is there any suspicious activity here ? http://www.pastebin.org/397564 [17:02] whats that ghostscript ? [17:03] oru_work: why don't you look it up on the web - easy to track down. Why are you asking about "suspicious" activity? [17:04] smoser: yeah that is essentially what I did [17:05] kirkland: Is it reasonably safe/possible to convert from unencrypted to encrypted home directory on 10.04? === dendrobates is now known as dendro-afk === dendro-afk is now known as dendrobates [17:21] ScottK: looks like ecryptfs-migrate-home might do it for you. I'm going to test it right now actually. You're on maverick? [17:21] I have systems on maverick, but the one in question is lucid. [17:26] ScottK: ok - i'm testing in a lucid vm then. I'm curious about it myself, to be able to answer other ppl. (for myself i prefer hand-mounting ecrytpfs'd subdirs - don't know why - old dogs and all that) [17:27] anyon here use rsyncd? [17:28] * ScottK prefers it to automagic and reliable to having to think about it. [17:42] ScottK: it worked perfectly for me. I created a new temporary user with sudo privs, logged in as him, then did ecryptefs-migrate-home -u hallyn; did a 'switch user' to hallyn to verify files were ok, 'switch users' back and rm -rf /home/hallyn. [17:42] is there a way to copy the contents of the install dvd and use it for a network based install source? [17:42] ScottK: if/when the per-user keyring is honored to deny file reads, i might do all-home encrypted, but as it is, once you log in, any user able to descend your /home/$USER can read all your decrypted files... so i try to keep encrypted dirs unmounted when possible, [18:01] ScottK: hey [18:01] is it possible that mutexes got 4~5 times slower on x86_64 compared to x86? At least that's what sybench is telling me. [18:02] under /etc/default/rsync what's yalls default RSYNC_ENABLE [18:02] true? [18:02] ttx: wanted to get together in Prague to make sure things are in line for 10.04.1...is there anyone in Server focused on this? [18:03] in preseed how do you tell the server to use a different repo to install from other then archive.ubuntu.com or the mirror of said repo? === dendrobates is now known as dendro-afk [18:03] ttx: just want to be sure I don't leave anyone out [18:17] Any of you guys use Tomcat on Ubuntu Server? [18:18] I've added all the tomcat6-* packages, and edited the tomcat-users.xml file to add the default users who were commented out... but when I try to bring up the Tomcat Manager, I'm still getting an "access denied" message [18:37] *sigh* [18:37] I figured it out. :/ [18:37] * SuperLag kicks himself [18:45] robbiew: that would be zul (and possibly me) [18:46] ttx: ack..thnx [18:47] Hello after installation of Ubuntu 10.04 server I have got fonts so small that I need microscope to read anything. How can I enlarge that ? [18:49] I'm trying to connect to a remote kvm host via ssh. using just the hostname, I can't log in as root by default so I used username@kvmhost. It prompts for the password and authenticates, but then it closes connection with "File "/usr/share/virt-manager/virtManager/connection.py", line 896, in _try_open None], flags) File "/usr/lib/python2.6/dist-packages/libvirt.py", line 111, in openAuth if ret is None:raise libvirtError('virCon [18:49] Ast001: Uh, on your monitor? [18:49] Or via ssh? :) [18:49] yes I am unable to configure anything [18:50] on monitor [18:50] Hmm, goed question. [18:50] Ast001: try text mode install? [18:50] matt_keys: He allready installed [18:50] and the serverinstaller is textmode :) [18:50] I installed ubuntu [18:50] oh... try holding ctrl down and using the scroll wheel [18:51] ttx: are we planning on updating openldap its getting kind of stale in maverick [18:51] ok [18:52] ctr + mouse wheel changes nothing [18:52] zul: we should, maybe sync with mathiaz on that [18:53] Ast001: http://ubuntuforums.org/showpost.php?p=4322584&postcount=3 [18:53] ok thanks [18:53] I will try that [18:56] New bug: #605977 in puppet (main) "emacs puppet-mode not auto loaded in lucid" [Undecided,New] https://launchpad.net/bugs/605977 [19:06] I have Ubuntu Server 10.04 setup with LDAP authentication, and am using the LDAP server to authenticate client computers to the server. On the clients, everything works. On the server, I can login fine, but attempting to change the password I get the error: 'passwd: Authentication token manipulation error' [19:31] is there a mailing list manager that integrates well with ldap (to hold membership data)? [19:34] hey guys I have a server set up with nginx, I can see it on my own computer by LAN computers (connected to the same router) cannot see it? === dendro-afk is now known as dendrobates [19:37] Hey all. I'm trying to compile some software that requires the linux source code. I've installed linux-headers-2.6.32-23 linux-image-2.6.32-23-server and linux-source-2.6.32 but they aren't showing up in /usr/src. My question is: How can I force the package manager to 're-install' those packages fresh without removing them and breaking my install? [19:59] "linux-source" should give you a .tar.bz2 file to extract in /usr/src - are you sure you need it though? Module compilation just needs headers I think. [20:00] he's gone [20:00] OK, thanks. [20:01] can anyone recommend a lightweight http webserver with support for http digest authentication? [20:03] Kream: lighttpd [20:13] hy guys === norbiAnevem is now known as ubuntu_love [20:13] can you please help me with some info [20:14] i have a domain key [20:14] public and private and spf [20:14] but yahoo says that domainkey is neutral=it doesn`t exists [20:14] it is that possible that dkim-milter doesn`t sign the mail with the domainkey? [20:15] or yahoo server is checking that with dig TXT _domainkey? === dendrobates is now known as dendro-afk [20:31] kirkland, found you don't really need a mirror, approx is good enough :) === pgraner is now known as pgraner-afk [20:41] ubuntu_love: domainkey and dkim aren't the same thing. === dendro-afk is now known as dendrobates [20:53] ScottK: could you please check this report: http://pastebin.com/KFXF07hg [20:54] it says that the domain key is invalid [20:56] ubuntu_love: It says domainkeys neutral (which is due to no signature). Your mail has a DKIM signature, not a domainkeys signature. [20:57] ubuntu_love: Which Ubuntu release are you using? [20:57] ScottK: i downloaded the ubuntu server today [20:57] the server from i send the mails is a fake centos [20:57] Then support for it's off topic here. [20:58] ScottK: ok, thank you! [21:04] hallyn: Worked great. Thanks. [21:07] ScottK: cool, glad to hear it === ubuntu_love is now known as tar_xvf === tar_xvf is now known as why_centos [21:31] Isn't there any way to check how ECC memories are performing? I mean, how many times ECC saved my server [21:36] Hi: I'm running Ubuntu Server 10.04 and am trying to learn more about /etc/rc*.d, runtimes, and startup processes. running sysv-rc-conf still shows packages that are no longer installed, can someone point me to a comprehensive guide / tutorial to removing unused startup processes from their runtime directories so that they no longer show up in sysv-rc-conf? [21:39] hi...any iptables helpers here...need help with port based routing [21:44] anyone here use munin? [21:50] hi guya anyone can recommend cheapest hosted server..? [22:04] !info php5-gd2 [22:04] Package php5-gd2 does not exist in lucid [22:04] !info php-gd2 [22:04] Package php-gd2 does not exist in lucid [22:05] !info php5-gd | MTecknology [22:05] MTecknology: php5-gd (source: php5): GD module for php5. In component main, is optional. Version 5.3.2-1ubuntu4.2 (lucid), package size 33 kB, installed size 152 kB [22:07] guntbert: thanks :) [22:07] MTecknology: you're welcome :-) [22:07] anyone here use munin? [22:09] Kream: why don't you ask your real question? (I myself know nothing about munin though) [22:09] Kream: I use nginx, it has some of the same letters. :) [22:10] when i do port based routing (mark..ip route...ip rule...etc), traffic routes fine outbound, but inbound syn/ack packets are not forwarded to the client from the linux firewall? [22:11] i can see the packets hit the prerouting chain, but they never get to the forward chain [22:11] any ideas? [22:12] problem similar to http://linux.derkeiler.com/Newsgroups/comp.os.linux.networking/2007-09/msg00095.html [22:28] how hard would it be to retrofit this to ubutun [22:28] ubuntu* [22:28] http://www.server-world.info/en/CentOS_5/lsync/1.html === dendrobates is now known as dendro-afk === metcalfc_ is now known as metcalfc === Wandrewvious is now known as WALoeIII [23:15] Am I missing something, or why is escape not letting me enter grub settings (looks like likewise open broke AGAIN - and I can't log in using any username/password combnations) [23:15] * theacolyte needs to get into init 1 [23:18] No amount of mashing escape is working [23:23] Eh, nevermind, I'm just going to roll back to 8.04 [23:23] 10.04 has been extremely painful [23:32] how can i make a init.d script start at boot [23:47] webPragmatist, update-rc.d [23:47] aww eff LOL [23:48] well i don't feel as bad… it just uses the start-stop-daemon too … i just created an init.d that was already somewhere on the interweb http://code.google.com/p/lsyncd/source/browse/package/debian/init.d?r=73 [23:51] well [23:51] that doesn't even seem to specify runtimes?