[00:11] <The_Paco> Hi. I'm trying to get nmbd/smbd to restart properly when I make changes, but I wind up having to kill them because upstart wants me to use "service smbd restart" or "service smbd stop" and then says "restart/stop: unknown instance"
[00:12] <The_Paco> how can I get smbd/nmbd to restart properly without resorting to kil?
[00:16] <armenb> hello...what's the fundamental difference between ubuntu-server and ubuntu-desktop?
[00:16] <armenb> err, desktop and server versions of ubuntu
[00:17] <The_Paco> server is stripped down, no X interface
[00:17] <armenb> I'm trying to install a *-dev package in Desktop, and it can't find it
[00:17] <armenb> whereas my server instance can...
[00:17] <armenb> is there something I'm missing?
[00:17] <The_Paco> check to see if they're using the same sources in apt-get?
[00:19] <The_Paco> they're largely identical, afaik. So they should be able to find and install the same packages. Be careful that you're not committing yourself to loading x11 if you use aptitude, though, as it tries to resolve dependencies
[00:19] <qman__> ubuntu server and desktop use the same apt repositories, so you have one enabled on your server that is not enabled on your desktop
[00:20] <qman__> the biggest difference is the default package set
[00:20] <qman__> the kernels are slightly different too
[00:20] <qman__> but they're the same core OS, and everything from one can be installed on the other
[00:21] <qman__> The_Paco, you're looking for "service samba restart"
[00:22] <armenb> gah, lame. I needed to apt-get update first.
[00:22] <qman__> or maybe not
[00:22] <qman__> that's what it is on karmic
[00:23] <qman__> on lucid both smbd and nmbd exist
[00:24] <The_Paco> ah
[00:24] <The_Paco> well
[00:24] <qman__> a whole lot of names changed in lucid, very frustrating
[00:24] <The_Paco> ... no, says unrecognized service
[00:25] <qman__> but anyway, that error means that upstart is attempting to stop a PID that doesn't exist
[00:25] <The_Paco> is there some kind of better place for learning about upstart than that anemic wiki of theirs?
[00:25] <The_Paco> I'm feeling that the community has yet to get behind it, despite it now almost completely replacing init for us
[00:26] <qman__> it completely replaced init a long time ago
[00:26] <qman__> ubuntu's been using it in sysv compatibility mode since, I want to say, 6.10
[00:26] <qman__> it's only just now to the point where a lot of services have native upstart scripts
[00:27] <The_Paco> fun
[00:27] <The_Paco> where are the upstart scripts held, then?
[00:27] <qman__> I'm really not a fan of upstart
[00:27] <qman__>  /etc/init/
[00:27] <The_Paco> I'm starting to understand that mindset
[00:28] <The_Paco> okay, so same place
[00:28] <qman__> no
[00:28] <qman__> sysv scritpts are/were in /etc/init.d/
[00:28] <The_Paco> oh yeah that's right
[00:28] <qman__> in my opinion upstart overcomplicates things
[00:28] <qman__> not that it's a bad idea at its core
[00:30] <qman__> if you're interested in some reading, I found this idea to be brilliant  http://0pointer.de/blog/projects/systemd.html
[00:30] <The_Paco> it's fighting with itself
[00:31] <The_Paco> yeah, I'll read it
[00:32] <The_Paco> I've got to learn how to manage these things properly. Init.d was annoying but at least by the time I was slightly familiar with it it was consistent. Trying to run the smbd upstart script puts me in an endless loop admonishing me to use certain commands while ignoring the ones I give and spawning more smbd's
[00:32] <qman__> yeah
[00:33] <qman__> somehow, your smbd is running outside of upstart
[00:33] <qman__> a reboot would probably fix it, though you should be able to just kill it and start a new one
[00:33] <qman__> if it's not working, something else is getting in the way
[00:36] <The_Paco> it's been a while since a reboot, what could it hurt. Few mins.
[00:40] <The_Paco> huh, actually seems to be behaving now, funny that
[00:40] <The_Paco> just goes to show that even with linux, the first troubleshooting step is always to restart and see if that fixes it
[00:41] <qman__> well, that's the easy way
[00:41] <qman__> but it's also almost never actually necessary
[00:41] <qman__> question is, is it worth the time to figure it out
[00:41] <The_Paco> I'm extraordinarily good at breaking things
[00:42] <The_Paco> couldn't hurt, wave of the future and all that. Thanks. Later
[01:48]  * freeflying 
[01:51] <paul_whipp> Is this a good place to ask a beginner question about postfix?
[01:52] <Amgine> Reasonably ok, paul_whipp.
[01:52] <paul_whipp> thanks Amgine - it looked a bit quiet;
 It's quite quiet, but you'll never know unless you ask your question.
[01:53] <paul_whipp> I am a web developer and I've been using ssmtp but I need to change it to postfix. I can probably deal with the installation and configuration once I understand what it means by hostname - does this need to be a known domain for the mail server?
[01:55] <qman__> the hostname it asks for in the debconf menu is the domain you want that server to receive mail for
[01:55] <Amgine> http://www.postfix.org/VIRTUAL_README.html#canonical
[01:55] <paul_whipp> I want it to receive email for lots of domains though
[01:55] <qman__> then think of it as the primary domain
[01:56] <qman__> you can add more though additional configuration
[01:56] <paul_whipp> ok, thx
[01:56] <paul_whipp> <looking at link>
[01:56] <Amgine> painful, but you should be able to work through it.
[01:57] <paul_whipp> it is - I just want it to send the mail for each domain (and not route it through gmail like I had ssmtp doing)
[01:58] <qman__> mail is a lot of work
[01:59] <qman__> local mail is no big deal, but mail on the internet has to be done right, otherwise your messages will just get marked as spam
[01:59] <qman__> and you don't want to get your IP blacklisted
[02:00] <paul_whipp> Yes - I've been dragged into this by clients sticking around on my 'test' server in the cloud. Their email forms all come from 'me' as the gmail sender.
[02:01] <paul_whipp> I guess I'm just going to have to plough through it.
[02:04] <paul_whipp> Is there any reason I can't try postfix out by installing it on my desktop machine (it has a static IP)?
[02:10] <qman__> no
[02:10] <paul_whipp> thanks qman, I'll try it there first.
[02:10] <qman__> I actually run postfix in a smarthost configuration on mine to forward SMART messages and such
[02:11] <paul_whipp> I've been using ssmtp there too but I can afford to break it <grin>
[02:11] <qman__> pumped to my main server, which sends them through a gmail account to me
[02:11] <qman__> I know postfix is overkill for that use, but it's what I know
[02:11]  * ScottK has postfix on ~every computer he owns down to and including his netbook.
[02:11] <qman__> yep
[02:12] <paul_whipp> Wow. OK - I think I'll have more questions soon. I'm going to work through the installation and configuration locally now.
[02:12] <qman__> that extra few K of RAM is insignificant compared to the hundreds of megs web browsers leak
[02:13] <paul_whipp> ssmtp has served me well for forwarding to my gmail account for system stuff and it only took a few minutes to install and set up. I'm going to miss it.
[02:14] <qman__> postfix is easy to set up that way for the clients, just pick smarthost and point to your server
[02:14] <ScottK> Postfix is at least as easy to install for a relay (as qman__ says)
[02:14] <qman__>  the server took a little more time to set up, but not more than a couple hours
[02:15] <qman__> google time included
[02:15] <ScottK> Longest it ever took me to set up a Postfix server was about 3 hours.
[02:15] <ScottK> And that was starting from boxes of parts on a table.
[02:16] <qman__> it only gets complicated with a 'real' server on the internet
[02:16] <paul_whipp> Hmm... I will need a 'real' server for the clients although it only needs to send mail so far.
[02:16] <qman__> yeah
[02:17] <qman__> but you still need to get it right, because fishy headers equal spam, and that means blacklist
[02:17] <paul_whipp> <googling smarthost>
[02:17] <paul_whipp> Is there an easy way to 'know' I've got it right (no fishy headers or open relay)?
[02:19] <qman__> open relay is easy to test
[02:19] <qman__> and sending test mail to your own personal accounts, and checking the headers should factor in the anti-spam measures
[02:20] <paul_whipp> qman: thx, how do I test open relay?
[02:20] <qman__> telnet in on 25 and attempt to send mail without authenticating
[02:20] <paul_whipp> qman: thx. I can do that.
[02:21] <qman__> by default, I'm pretty sure it allows open relay on the local subnet
[02:21] <qman__> so you'd have to change that
[02:21] <paul_whipp> ok. I'm going to try installing it and see if I can put some of this into practice.
[02:22] <_Techie_> how to disable TLS in postfix?
[02:22] <ScottK> It's not enabled by default.
[02:22] <ScottK> paul_whipp: By default, Postfix is not an open relay, so you don't need to worry about that much unless you edit configuration files.
[02:23] <paul_whipp> thx ScottK
[02:27] <electrofreak> Did ubuntu cut out the adaptec driver from the kernel?
[02:27] <electrofreak> in 10.04
[02:28] <electrofreak> all the things I'm reading on adaptec's Linux blog seem to indicate (for previous ubuntu versions) that the code is already included...
[02:28] <electrofreak> but it doesn't appear to be for 10.04?
[02:42] <SpamapS> electrofreak: "the adaptec driver" ?
[02:43] <electrofreak> aacraid
[02:44] <electrofreak> SpamapS, ^^
[02:45] <SpamapS> linux-image-2.6.35-22-generic: /lib/modules/2.6.35-22-generic/kernel/drivers/scsi/aacraid/aacraid.ko
[02:45] <SpamapS> its in maverick
[02:45] <electrofreak> is maverick 10.10? (I don't keep up with these silly names)
[02:45] <SpamapS> electrofreak: yes, 10.10
[02:45] <SpamapS> which is out in 4 days ;)
[02:46] <electrofreak> wait a second... I have it in my libs, too...
[02:46] <electrofreak> why isn't my card being seen?
[02:47] <electrofreak> lspci sees it... but I'm not getting any /devs for my array
[02:47] <SpamapS> electrofreak: I'm always fuxzy on how initrd's work .. but maybe its not in there?
[02:47] <SpamapS> electrofreak: lsmod | grep aacraid
[02:48] <electrofreak> well, I just modprobed it... and it inserted...
[02:48] <electrofreak> what would the devs come up as?
[02:49] <SpamapS> I forget
[02:49] <electrofreak> wait... there it is
[02:49] <electrofreak> I'm so sorry... this appears to have been a retard moment, brought to you by electrofreak. everything is working....
[02:50] <electrofreak> it is /dev/sda... so it must have been there at boot.
[02:50] <SpamapS> :-D
[02:50] <SpamapS> actually
[02:50] <SpamapS> the modprobe would have created it
[02:50] <electrofreak> SpamapS, nothing printed out recently in dmesg....
[02:51] <electrofreak> and now that I look more closely at dmesg, I do see it initializing... about 2.2 seconds after kernel started timing.
[02:51] <electrofreak> so, my bad.
[02:52]  * SpamapS drums fingers waiting for AT&T EDGE speeds.. 
[02:52] <electrofreak> now what we need is ASM/arcconf in apt...
[02:53] <electrofreak> adaptec is working on improving support for debian based distros...
[02:53] <electrofreak> so I was able to get it setup from a build they mentioned in their blog.
[02:53] <electrofreak> now I need to reboot though. flashed new firmware to my card. Thanks SpamapS!
[03:08] <paul_whipp> more postfix questions: I installed it fine on my local machine and I set it up to relay to gmail but how do I specify the port?
[03:16] <paul_whipp> postfix trouble: I just tried using smtp.gmail.com:587 but then I get a certificate failure message in the log. Don't really want a certificate. How do I get relay to gmail to work?
[03:22] <twb> apt-get install  ca-certificates
[03:22] <twb> that cert's in the default list
[03:23] <paul_whipp> twb: why do I need a cert?
[03:23] <twb> YOU don't
[03:24] <twb> But postfix needs to be told to trust the cert that smtp.gmail.com is using
[03:25] <twb> If ca-certificates is installed and you haven't unchecked any options in the low-priority debconf prompts, that SHOULD be the default behaviour (unless postfix is very weird).
[03:25] <paul_whipp> I already have it installed
[03:25] <paul_whipp> I have no idea about prompts so I guess I did not uncheck any <grin>
[03:25] <twb> Then pastebin the full transcript and/or talk to #postfix about it
[03:25] <paul_whipp> ok, thx
[03:29] <twb> http://paste.debian.net/94002/ <-- you should have something like this
[03:38] <paul_whipp> thanks twb. It actually sent the mails in the end - it seems the certificate line was just a warning.
[03:38] <paul_whipp> I have a working postfix server :-D
[03:38] <twb> Whatever
[03:39] <paul_whipp> Now I just need to work out how "not to relay"
[03:40] <twb> That should also be the default behaviour
[03:42] <paul_whipp> twb: I hope so, I'm going to comment out the gmail relay configuration and give it a go.
[03:42] <Dravekx> Anyone have a fix for this error? status: Unable to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
[03:42] <Dravekx> it happens when I try to check status on a service
[03:43] <paul_whipp> Dravekx: are you checking in a login shell?
[03:43] <Dravekx> paul_whipp, no. checking samba status. but it gives me the error no matter what service status I check via SSH.
[03:43] <Dravekx> or lol. that's what you asked.
[03:44] <twb> Somewhere in postconf there are options on which domains you accept mail for
[03:44] <Dravekx> any idea on a fix?
[03:45] <paul_whipp> Dravekx: dbus is a pain. If you google you'll find some variables you need to set up for it to work.
[03:46] <paul_whipp> twb: Luckily I only want to send mail to begin with <takes baby step>
[03:46] <twb> If your 25 and 587 are closed, then you aren't an open relay
[03:46] <paul_whipp> Cool. I can fix that easily in the firewall to be certain.
[03:47] <twb> Except potentially in the more general sense, like having a "send this page to a friend!" feature on your website
[03:47] <paul_whipp> Dravekx: Hang on... I'll dig something up
[03:48] <Dravekx> paul_whipp, Ahhhh... nvm... I got it. I wasnt using root.
[03:48] <Dravekx> it's a samba issue now.
[03:49] <paul_whipp> Dravekx: ok cool.
[03:49] <zanthir> Hello, does anyone know how to add groups to groups?
[03:50] <zanthir> I'm running xfce on my ubuntu-server, and the groups for services (such as www-data) are well *ahem* groups, not users.
[03:51] <zanthir> On my Ubuntu (not server) machine, these users are users, not groups (www-data for example).
[03:51] <demonspork> zanthir, they are groups _and_ users
[03:51] <demonspork> zanthir, do they exists in /etc/passwd
[03:53] <zanthir> demonspork, I don't have an /etc/passwd...
[03:54] <demonspork> zanthir, then you are not usin Linux
[03:54] <demonspork> "cat /etc/passwd"
[03:55] <paul_whipp> twb: I think send it to a friend would still work. Having removed the relay I'm seeing the connection attempts time out e.g. "connect to gmail-smtp-in.l.google.com[74.125.155.27]:25: Connection timed out" for an email to my own gmail address
[03:55] <demonspork> should give you a list of users
[03:55] <zanthir> demonspork, I installed Ubuntu Server 10.04. I believe I am using Linux.
[03:55] <demonspork> zanthir, then there is a 100% chance that the file "/etc/passwd" exists
[03:56] <zanthir> You have an email? You can SSH in and look for yourself. Not there. Sorry...
[03:56] <twb> demonspork: it is theoretically possible to have a working system that doesn't use "files" or "compat" for name resolution.
[03:56] <demonspork> yeah, that is possible
[03:57] <demonspork> but only theoretically
[03:57] <demonspork> I didn't even bother mentioning it though
[03:57] <twb> Indeed, when I try it about four packages fail their postinsts
[03:57] <twb> Though those are bugs
[03:57] <demonspork> zanthir, do you have a terminal window open?
[03:57] <demonspork> type "cat /etc/passwd"
[03:58] <twb> Certainly *UBUNTU* is required by specification to have a specific set of users and groups present in /etc/passwd and /etc/groups
[03:58] <demonspork> or even just "stat /etc/passwd"
[03:58] <zanthir> oh, taht last one worked!
[03:58] <twb> zanthir: if /etc/passwd doesn't exist then your system is broken
[03:59] <zanthir> So, it's probably just hidden?
[03:59] <twb> zanthir: if you're using a GUI, I cannot comment on its behaviour.
[04:00] <zanthir> cat says "No such file or dir..." but stat finds it...
[04:00] <twb> That shouldn't happen.
[04:00] <zanthir> err... sry, I cat-ed for /etc/group, not passwd... Sorry.
[04:00] <zanthir> Right, ok. Cat finds everything.
[04:01] <zanthir> For some reason though, they only show up as groups in my users and groups GUI...
[04:02] <zanthir> Should I probably ignore that and just try adding them to groups as if they were users from the cmd line?
[04:03] <zanthir> Mm. Ok. Thanks twb.
[04:03] <zanthir> (about GUI)
[04:15] <zanthir> Thank you too demonspork.
[04:49] <RudyValencia> OK, so my server runs approx package caching, if I copy the contents of /var/cache/approx to another drive and then reinstall, will I be able to restore the cache by simply copying it back (along with the appropriate configuration)?
[05:02] <twb> IIRC, yes
[05:02] <twb> But I am emphatically NOT a fan of those apt cachers, they've caused me far more problems than they've solved.
[05:03] <twb> Nowadays I simply run debmirror, which consumes on average maybe 128MB a week to keep a complete mirror of lucid and hardy.
[05:06] <jcastro> squid-deb-proxy my friends
[05:06] <jcastro> squid ftw
[05:07] <twb> I've had problems with "optimized" squid cachers, too
[05:07] <jcastro> booo
[05:07] <twb> In particular, when they decide to cache Packages.bz2 (which is big) but not Release (which is small)
[05:08] <twb> So you get checksum errors
[05:08] <flock_> dear friends i am try to create a name based virtual host in my local machine, but it is not working,
[05:09] <flock_> I add the following lines in the configuration file
[05:09] <flock_> <VirtualHost *:80>
[05:09] <flock_> ServerName www1.example.com
[05:09] <flock_> ServerAlias kevin
[05:09] <flock_> DocumentRoot /test
[05:09] <flock_> <Directory "/test">
[05:09] <flock_> 	Options Indexes FollowSymLinks
[05:09] <flock_> 	AllowOverride None
[05:09] <flock_> 	Order allow,deny
[05:09] <flock_> 	Allow from all
[05:09] <twb> !paste
[05:09] <flock_>     </Directory>

[05:10] <twb> flock_: are you testing it with netcat?
[05:10] <flock_> i am using unutu 10.04
[05:11] <flock_> and using apache2
[05:11] <twb> That was not my question.
[05:11] <RudyValencia> I think I'll just reinstall from a disc
[05:12] <RudyValencia> which no longer fits properly on a CD-R
[05:12] <RudyValencia> (I have to use a DVD-R now)
[05:13] <qman__> I use squid
[05:13] <qman__> it's not perfect but it's effective when all my servers update at the same time
[05:14] <qman__> I blacklisted Packages.bz2 and Release and such from being cached
[05:17] <twb> qman__: in theory, I just have my servers point to the local quaternary mirror
[05:18] <twb> That hasn't actually happened yet because the debmirror is on a fucking 10baseT hub or something, so it's actually slower than the ISP's tertiary mirror...
[05:21] <RudyValencia> I'm backing stuff up right now, what else should I back up besides /etc ?
[05:21] <RudyValencia> (on my server)
[05:21] <RudyValencia> I know definitely userdirs
[05:21] <gravity1187> what service are your providing from your server?
[05:23] <RudyValencia> Samba shares (from folders on a separate drive mounted to /srv), Web serving (also from the separate drive mounted to /srv), PXE Ubuntu installation, approx package caching, DNS, DHCP, and printing services
[05:25] <gravity1187> and /srv are on their own drives
[05:25] <gravity1187> any custom scripts that you may have put in /usr/bin or /usr/sbin
[05:25] <gravity1187> any mysql databases
[05:25] <RudyValencia> /dev/sdb1 is attached to /srv
[05:25] <RudyValencia> I haven't made any scripts
[05:26] <RudyValencia> and I did back up the MySQL DB
[05:26] <RudyValencia> I decided just to copy /etc wholesale
[05:26] <gravity1187> yeah....any programs in /opt
[05:27] <gravity1187> that weren't installed from apt
[05:27] <RudyValencia> nothing in /opt
[05:27] <RudyValencia> that's probably good enough
[05:27] <gravity1187> then I would just be concerned with the /etc directory
[05:28] <RudyValencia> hm, my backup drive is ntfs though :(
[05:28] <gravity1187> what are you using for back up software?
[05:28] <RudyValencia> just cp -a
[05:29] <gravity1187> you may want to look at rsync
[05:29] <RudyValencia> (to preserve the files as they are, but I just realized that ntfs won't save permissions
[05:29] <gravity1187> lot better solution in the long run
[05:29] <gravity1187> no it won't
[05:29] <RudyValencia> I need to format the backup drive as ext3 or something
[05:30] <gravity1187> probably be the best way to go unless your zip or gun-zip the back-up first and then copy that to the ntfs partition
[05:32] <qman__> using ntfs is a bad idea anyway
[05:32] <gravity1187> so you could cp the entire etc directory into a backup directory and then gzip the directory and move it to your backup partition
[05:32] <qman__> the odds are one in a million, but you don't want it to be your partition that blows up
[05:32] <gravity1187> agreed
[05:32] <RudyValencia> I'm setting the backup drive up with ext3
[05:33] <gravity1187> qman__: an you think of any other important directories other than the obvious?
[05:33] <qman__> might want to take an ls of /var/cache/apt/archives, so you can look back at what packages were installed
[05:34] <qman__> or dpkg -l or whatever
[05:34] <gravity1187> I thought about that one
[05:34] <RudyValencia> I'm just reinstalling only what this server needs
[05:34] <qman__> have a look through /var to see if there's anything in there you need and missed
[05:35] <qman__> and your home directories
[05:35] <gravity1187> RudyValencia: you said you were using Samba are you also using LDAP
[05:35] <qman__> everything else important would be in /etc
[05:35] <RudyValencia> no, just workgroup mode
[05:36] <gravity1187> log files might also be good if you are worried about retention
[05:37] <RudyValencia> nah, this is my private server in my residence
[05:38] <gravity1187> etc it is then
[05:40] <RudyValencia> I guess just /etc, /var/lib/tftpboot, /var/cache/approx, and the MySQL dump
[05:40] <RudyValencia> (and possibly /srv for good measure, just in case something goes horribly wrong_
[05:46] <twb> A backup should include all of /etc and /var, and if used /opt and /srv
[05:56] <RudyValencia> ah
[05:56] <RudyValencia> ok
[05:57] <RudyValencia> will be backing up /etc and /var after /srv copies
[06:01] <twb> If I were you, I'd backup the whole filesystem
[06:05] <paul_whipp> I have a new working postfix install on a web server running a number of sites. The sites use forms that access sendmail via PHP (Joomla) and send emails to site staff etc. from the public. The PHP code changes the from email address so that the staff can reply directly to the person that sent them the mail if they choose to. Unfortunately, this results in the emails being put into the SPAM folder because "this message was likely forged and did not
[06:06] <gravity1187> have you tried whitelisting the From address?
[06:07] <paul_whipp> No.
[06:07] <paul_whipp> Is that something that has to be done on a per recipient basis?
[06:07] <gravity1187> yes and or per sender basis
[06:08] <paul_whipp> Per sender would be impossible because they are members of the public filling in a form
[06:08] <gravity1187> are you using spamassasin?
[06:08] <paul_whipp> I'll try the 'real' sender
[06:08] <paul_whipp> No
[06:08] <gravity1187> so what program is picking it up as SPAM?
[06:09] <paul_whipp> gmail
[06:09] <gravity1187> hmmmmm
[06:09] <gravity1187> is this a public facing server?
[06:09] <paul_whipp> Yes.
[06:10] <twb> Probably your MTA is misconfigured
[06:10] <paul_whipp> Whitelisting the real sender does not help
[06:10] <twb> e.g. it's HELO'ing with a hostname that doesn't resolve.
[06:10] <gravity1187> that was what I was going to ask next
[06:10] <paul_whipp> twb: very possibly since I barely know what I am doing
[06:10] <gravity1187> yep
[06:10] <gravity1187> what MTA are you using
[06:10] <twb> You mentioned sendmail.  Do you mean /usr/sbin/sendmail, or sendmail-the-MTA?
[06:10] <twb> You should be using postfix, not sendmail, as the MTA.
[06:11] <gravity1187> concur
[06:11] <paul_whipp> the mta is postfix I just installed isn't it?
[06:11] <gravity1187> nope sure isn't
[06:11] <gravity1187> goto http://www.howtoforge.com
[06:11] <paul_whipp> then the MTA is google gmail - its an online reader
[06:11] <twb> paul_whipp: wrong.
[06:12] <paul_whipp> so what is the MTA?
[06:12] <gravity1187> they have great tutorials on setting up postfix so that is secure and compiant
[06:12] <twb> smtp.gmail.com operates and MTA, but it is not YOUR MTA.
[06:12] <qman__> his MTA is postfix, he mentioned it in his original question
[06:12] <gravity1187> MTA stands for Mail Transport Agent it is the program that sends and receives mail
[06:13] <twb> Your MTA is a daemon running on your server.  Its job is to 1) receive mail from local users and send it to local/remote receipients; and/or 2) to receive mail from remote recipients for local users.
[06:13] <paul_whipp> Sorry - I'm filling in a form on a website that has my newly installed postfix sending the mail for it (via the sendmail php interface). When I receive the email as an end user via an online google gmail account it appears as spam.
[06:13] <paul_whipp> My postfix is not receiving any email - it doesn't need to.
[06:13] <gravity1187> what is your server hostname?
[06:14] <twb> gravity1187: tell him how to get the information, otherwise he'll give you the wrong datum
[06:14] <paul_whipp> How do I check the hostname? I think I entered samfordwebsites.com.
[06:14] <twb> paul_whipp: what does "cat /etc/mailname" return?
[06:14] <twb> paul_whipp: pastebin the output of "postconf"
[06:15] <paul_whipp> samfordwebsites.com.au (I was close ;))
[06:15] <twb> paul_whipp: pastebin the output of "ip addr"
[06:16] <paul_whipp> pastebin...
[06:16] <qman__> !paste
[06:17] <paul_whipp> Ah - whitelisting 3 times in google seems to have worked for the gmail account (guess they are using a heuristic)
[06:17] <paul_whipp> !paste
[06:18] <gravity1187> paul_whipp: Part of the problem is your server is blacklisted http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a174.129.39.156
[06:18] <qman__> you can use any pastebin you like, that's just one of them
[06:18] <paul_whipp> http://paste.ubuntu.com/507784/ for postconf
[06:19] <paul_whipp> http://paste.ubuntu.com/507785/ for ip addr
[06:20] <paul_whipp> At least I have a workaround by whitelisting the sender. I can tell my various clients that they have to do this so that the messages don't end up in their spam folders.
[06:21] <gravity1187> what is the public addy of this server?
[06:22] <paul_whipp> It does not have one.
[06:22] <twb> gravity1187: look at the ip a result
[06:22] <paul_whipp> I've always just used the IP
[06:22] <twb> paul_whipp: that doesn't help.
[06:22] <twb> Your network's mail gateway should have a public IP.
[06:22] <gravity1187> twb: I did not responding to ping and the domain ip is different
[06:23] <gravity1187> and that is probably y you got black listed
[06:23] <twb> It should also have valid A and PTR and MX records and your /etc/maildomain should correspond to them.
[06:24] <paul_whipp> I'm out of my depth here - Its just a machine in the cloud running a number of websites via apache. I DNS to the IP fine and everything (including ssmtp) worked fine.
[06:25] <paul_whipp> I do own the samfordwebsites.com.au domain but its just one (not set up) site on the server that happens to be mine.
[06:25] <paul_whipp> black listing seems strange since until now its only sent a few emails via my gmail account.
[06:25] <twb> paul_whipp: that you know about
[06:26] <paul_whipp> twb: fair point. I do look at the logs though.
[06:26] <twb> It's entirely possible that your PHP crap is allowing anyone to send mails to anyone, i.e. it is an open relay

[06:27] <paul_whipp> Scary thought - Its Joomla (latest version) so quite popular.
[06:27] <paul_whipp> I don't think that is possible though unless it can be hacked to change the recipient somehow.
[06:28] <twb> Yeah, well.  IME PHP hackers tend to excel at including that kind of feature in their code.
[06:28] <paul_whipp> twb: possibly, but Joomla seems pretty sound and being Open I haven't seen any sign of issues. Most security problems come from people leaving the doors open with it.
[06:29] <twb> "seems pretty sound" in what way?  Suddenly you're a security analyst?
[06:29] <paul_whipp> twb: No but I can read code and the mail part is pretty small. As for the rest I am dependent on the Joomla updates and feedback.
[06:31] <paul_whipp> As ssmtp has never had any kind of related records (not sure how it could) might the blacklisting be more to do with the IP range - its an amazon elastic IP
[06:32] <twb> Hmm, the latest relevant one I can see is
[06:32] <twb> CVE-2008-4103 The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.
[06:32] <paul_whipp> yes - I keep the updates going. 1.5.20 now.
[06:32] <twb> Most of the other vulnerabilites are SQL injection or information disclosure
[06:33] <twb> paul_whipp: you're using ssmtp as your MTA?
[06:33] <paul_whipp> I was until now.
[06:33] <paul_whipp> I only needed to send emails from the sites when user forms etc. are filled in.
[06:33] <twb> Last time I looked, that did the Wrong Thing when you tried to point it at the real world.
[06:34] <paul_whipp> Worked fine relaying through gmail. Its been running for a couple of years like that until now. Trouble was that with more client sites the recipients of the form emails would just click reply - sending an email back to me rather than to the user who filled in the form.
[06:34] <twb> Particularly when on a NATted box where dnsdomain and maildomain and friends don't match up with the smarthost's view of the world
[06:35] <twb> paul_whipp: that's what ssmtp is supposed to do
[06:35] <gravity1187> twb: look at private
[06:36] <paul_whipp> sorry - private?
[06:36] <gravity1187> I sent a private message to twb
[06:36] <paul_whipp> ok - I can't see that then.
[06:37] <gravity1187> nope sure can't
[06:37] <gravity1187> me and twb are having a sidebar
[06:37] <paul_whipp> np
[06:38] <gravity1187> paul_whipp: what is the from address that you are using
[06:39] <paul_whipp> I've been entering different ones on the forms - here is a form: http://174.129.39.156/~samford_state_school/index.php?option=com_contact&view=contact&id=1%3Apaul-whipp&catid=8%3Aadministration&Itemid=29
[06:41] <paul_whipp> That one sends emails to me (obviously) but they want to add lots more contacts on this and on one other Joomla site hosted on the same server.
[06:41] <qman__> if the messages you're sending aren't from a domain that points back to your mail server, they will get marked as spam
[06:41] <qman__> sooner or later
[06:41] <qman__> because that's how spammers work
[06:42] <paul_whipp> Yes, thanks qman, I think this is an unsolvable problem. If I could do it then I could effectively spoof emails to appear to come from anyone.
[06:42] <qman__> like twb said, you need A, PTR, and MX records identifying your server as part of the domain
[06:43] <paul_whipp> I will have to set up the one domain properly.
[06:43] <gravity1187> and then instead of using the mail php script due via an actual account
[06:43] <gravity1187> do it via an actual account
[06:43] <paul_whipp> Good idea. I like the form though because it keeps the destination email private.
[06:44] <gravity1187> and it still will be private it is just going to go through an actual account for sending to the authorized individual that needs to receive it
[06:44] <twb> paul_whipp: sending mail without meaningful DNS records *will* get you blacklisted
[06:45] <paul_whipp> ok - thanks very much for the help. I will configure one proper domain (one of mine) and then inform the clients they have to whitelist that. I think that will solve the problem. gtg now.
[06:45] <twb> "keep the destination private" is achieved by setting an envelope RCPT TO but not specifying a message To field, or by using BCC instead of To.
[06:46] <twb> Note that this will also often your message classed as spam.
[06:46] <paul_whipp> ok - thanks. Lots more reading (and configuring to do) then. l8r
[06:46] <gravity1187> If you need help come back and chat
[06:47] <gravity1187> also have a look in the wiki and http://www.howtoforge.com has great tutorials
[07:07] <Zeu5> anyone here can help me with my server set up? i am using ubuntu
[07:07] <Zeu5> my domain is correct. http://ombi60.biz/ but somehow its not pointing to my cakeapp
[07:17] <twb> cake is some ruby thing, right?
[07:21] <Zeu5> twb: hi its a php framework
[07:21] <Zeu5> twb: i have placed the files inside a folder inside /var/www/myapp/trunk
[07:22] <qman__> Zeu5, your domain is pointing to /var/www
[07:22] <Zeu5> i do have a index.html in /var/www but i am sure i pointed my virtual hosts to the new folder and restarted my apache. please advise
[07:22] <qman__> either modify the default site configuration to point to /var/www/myapp/trunk, or move your files to /var/www
[07:22] <Zeu5> qman__: thank u for help. shd i pastebin my apache conf file?
[07:22] <qman__> yes
[07:23] <Zeu5> hangon.
[07:25] <Zeu5> qman__: http://apache.pastebin.com/t5da94gY thank you
[07:26] <qman__> that's not the right way to do it in ubuntu
[07:26] <qman__> please undo the changes you've made, then modify /etc/apache2/sites-available/default
[07:27] <Zeu5> qman__: the only changes i have made are those line 10 onwards
[07:27] <Zeu5> qman__: are you asking me to remove them?
[07:27] <qman__> yes
[07:28] <qman__> in ubuntu, site configurations are in /etc/apache2/sites-available/
[07:28] <qman__> modifying the default is the easiest way
[07:28] <qman__> right now, the default site is overriding your configuration
[07:29] <Zeu5> qman__: how shd i correct it?
[07:29] <qman__> by creating the site the ubuntu way, either by modifying the default site, or creating a new site in /etc/apache2/sites-available/
[07:30] <Zeu5> qman__: i am not well-informed enough to make the distinction. would you mind advising me whether to modify default site or create new site?
[07:30] <qman__> modifying the default site will be easiest
[07:30] <Zeu5> and how to modify OR create
[07:30] <qman__> all you need to do is change the documentroot
[07:31] <Zeu5> i changed. i tried to restart i get a fail
[07:32] <qman__> what's the error?
[07:32] <qman__> see /var/log/apache2/error.log
[07:36] <Zeu5> [Thu Oct 07 06:35:40 2010] [error] (2)No such file or directory: could not open transfer log file /var/log/apache1/other_vhosts_access.log.
[07:36] <Zeu5> Unable to open logs
[07:36] <Zeu5> i got this when i restarted apache
[07:36] <qman__> run the following command and pastebin the result (if it's more than one line)
[07:37] <qman__> sudo grep -R other_vhosts_access /etc/apache2
[07:38] <qman__> also, paste the result of
[07:38] <qman__> sudo ls -l /var/log/apache2/other_vhosts_access.log
[07:38] <Zeu5> http://pastebin.com/p4ZGnh1P
[07:39] <Zeu5> http://pastebin.com/XzajJrpu
[07:39] <qman__> ah, there's the problem
[07:39] <Zeu5> i am sorry i dun get it
[07:40] <qman__> it's a typo
[07:40] <Zeu5> can u please teach me
[07:40] <qman__> see how it says "apache1"
[07:40] <Zeu5> yes
[07:40] <qman__> edit apache.conf and change that line to "apache2" instead of "apache1"
[07:41] <qman__> apache2.conf*
[07:42] <Zeu5> YES!
[07:42] <Zeu5> qman__: thank u very much
[07:42] <Zeu5> there are other errors but i think those are application levels rather than at server.
[07:43] <qman__> probably
[07:43] <qman__> if apache started and didn't complain on-screen, that's likely the case
[07:54] <Zeu5> qman__: how do i check for mod_rewrite? i am not tat familiar with apache in ubuntu server
[07:54] <qman__> it is not enabled by default
[07:54] <qman__> if you need it, run
[07:54] <qman__> sudo a2enmod rewrite
[07:55] <qman__> then restart apache
[08:01] <Zeu5> qman__: the people over at #cakephp insists i look at the apache config to check that mod_rewrite is turned on. i have told them i have run that command you gave me. is there a way to doublecheck?
[08:02] <qman__> if you ran that command and restarted apache, and there were no errors, it is enabled
[08:02] <qman__> you can double check by running 'ls /etc/apache2/mods-enabled/
[08:02] <qman__> rewrite should be present
[08:03] <qman__> also, ensure that these lines exist in /etc/apache2/apache2.conf
[08:03] <Zeu5> qman__: i got this http://pastebin.com/iXNQEHHT
[08:04] <qman__> # Include module configuration:
[08:04] <qman__> Include /etc/apache2/mods-enabled/*.load
[08:04] <qman__> Include /etc/apache2/mods-enabled/*.conf
[08:04] <qman__> rewrite.load is present there
[08:05] <Zeu5> the lines you told me they are indeed inside apache2.conf
[08:06] <qman__> then, provided there were no errors, rewrite is loaded
[08:06] <qman__> the only other way to test is to create a script which utilizes it
[08:06] <qman__> but that's a little more complex
[08:08] <Zeu5> thanks qman__
[08:08] <Zeu5> qman__: i am toggling between here and the #cakephp channel. hopefully i can get this resolved soon.
[08:20] <Zeu5> qman__: i got it resolved. thanks. its a apache allowoverride issue.
[08:20] <Zeu5> qman__: you have a good day ahead :)
[08:21] <qman__> ah
[08:26] <SpamapS> gah.. I have to wake up in < 4 hours and I just can't fall asleep :P
[08:34] <twb> SpamapS: read a sendmail .cf
[08:34] <twb> Or just, you know, bull on through to the point where the fatigue toxins make you feel warm and fuzzy and lucid
[08:36] <qman__> I know the feeling
[08:37] <SpamapS> twb: that will be about the time I need to wake up anyway. ;)
[08:37] <twb> I watched Fight Club again last week
[08:38] <twb> SpamapS: for a meeting, or something actually important? :P
[08:38] <SpamapS> I drank a wheat beer and had a piece of bread + butter.. the insulin shock should push me over the edge enough to get a couple of hours of sleep. :)
[08:38] <SpamapS> twb: I have to board a plane in < 6 hours.
[08:39]  * SpamapS has decided to fix RC bugs in squeeze to lull himself to sleep
[08:40] <twb> I can't help thining any still open are gonna be hard
[08:40] <SpamapS> yep
[08:40] <SpamapS> http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=595120
[08:41] <SpamapS> I think turning off name resolution (which is, IMO, a really stupid feature of mysql) is the right way to go. Even if its not turned off, I think its fair to think that requiring $named to start before mysqld is a bit weird.
[08:43] <Zeu5>  i got this error Invalid command 'VirtualDocumentRoot', perhaps misspelled or defined by a module not included in the server configuration and this was the line VirtualDocumentRoot /var/www/ombi60/trunk/%1/app/webroot
[08:43] <Zeu5> please advise
[08:43] <Zeu5> how do i check if i have truned on the right module for this to work.
[08:44] <qman__> mysql making use of name services is one thing, but it shouldn't _require_ them
[08:44] <qman__> just fall back to IPs if named is not available
[08:44] <Zeu5> hi qman__
[08:44] <Zeu5> :)
[08:44] <SpamapS> qman__: Yeah.. it does that, but it does it *really* slowly. ;)
[08:45] <qman__> Zeu5, looks like it requires mod_vhost_alias
[08:45] <qman__> sudo a2enmod vhost_alias
[08:46] <Zeu5> qman__: thanks! i gooogled ard but cannot find the right command. is there a reference to all these a2enmod commands?
[08:48] <qman__> a2enmod is simply a frontend, it creates symbolic links in /etc/apache2/mods-enabled/ for modules installed in /etc/apache2/mods-available/
[08:48] <qman__> so everything in /etc/apache2/mods-available/ can be enabled or disabled with a2enmod and a2dismod
[08:51] <Zeu5> qman__: thanks!
[08:51] <Zeu5> a2enmod simply means apache2 enable mod
[08:51] <Zeu5> got it
[08:57] <Zeu5> qman__: would you mind if i ask u more specific apache questions?
[08:58] <qman__> ask away
[08:58] <Zeu5> qman__: i am trying to set up a multi site  platform kinda like blogspot.com ,etc and i came across this article telling me how to optimize without using htaccess
[08:58] <Zeu5> http://bakery.cakephp.org/articles/view/boost-performance-by-removing-htaccess-plus-multi-site-with-virtualdocumentroot
[08:58] <qman__> this is exactly the place for that
[08:58] <Zeu5> scroll down to his part 2
[08:59] <Zeu5> i modified my default to look like this http://pastebin.com/KLeBK3Mv now. it does not work. i wonder what i did wrong.
[09:09] <Zeu5> qman__: erm did i say something wrong?
[09:10] <qman__> sorry, I was busy for a moment
[09:11] <Zeu5> qman__: oh sorry am i disturbing?
[09:11] <normanm> hi there.. I'm using ubuntu 10.04 and see "java.io.IOException: File too large" messages
[09:11] <normanm> is there some os file limit with ext4 ?
[09:11] <qman__> no, just multitasking
[09:11] <normanm> I never saw this before on earlier rleases
[09:11] <qman__> I notice you're missing the section where he sets up the directory statement for the multiple directories
[09:12] <qman__> <Directory "/opt/leagues/sites/*/app/webroot/">
[09:12] <\sh> normanm: how large is your file?
[09:12] <qman__> and the following bits
[09:12] <qman__> where * is the user directories
[09:12] <normanm> \sh, eno clue as it happens within a mailserver
[09:13] <\sh> normanm: humm? you are running a java mail server?
[09:13] <normanm> \sh, yep.. development server
[09:14] <SpamapS> normanm: ext4's max file size is in the terabytes, maybe even petabytes actually
[09:14] <\sh> SpamapS: wait...
[09:14] <\sh> I found a bug with the same error
[09:14] <qman__> the java file limit might be the problem
[09:14] <normanm> \sh, the max file size ?
[09:14] <\sh> https://bugs.launchpad.net/gnome-split/+bug/580901 <- the guy says, he's using ext4 and the other guy tried it with ntfs and there it works
[09:14] <qman__> I know I ran into open file handle and open network connection limits in java before
[09:14] <ttx> hggdh, JamesPage: great job on ISo testing guys... hopefully we won't respin
[09:14] <twb> Max file size    16 TiB (for 4k block filesystem)
[09:15] <\sh> normanm: can you change your fs from ext4 to xfs or whatever else you could have?
[09:15] <JamesPage> ttx: no problem; automated ISO testing ran through completely cleanly so all I had todo was update with test results!
[09:15] <normanm> \sh, I even can reproduce it with dd
[09:16] <ttx> We might respin if we find a fix for Bug 641259
[09:16] <normanm> \sh, http://pastie.org/1204813
[09:17] <normanm> \sh, let me try ext3
[09:19] <twb> Just because the *OS* supports 16TiB files doesn't mean *java* does
[09:19] <normanm> twb, see my paste.. it even happens with dd
[09:19] <twb> Cf. Emacs, which has a file size limit of 2**(word size - 3)
[09:19] <twb> normanm: hum, OK
[09:20] <SpamapS> ttx: wow, that grub bug is nasty
[09:21] <ttx> SpamapS: yes, cjwatson needs to reproduce on bare hw
[09:21] <qman__> Zeu5, ah, I see the part where you put it
[09:21] <ttx>  /some/ servers have 100% failure
[09:22] <Zeu5> qman__: i think i know why. i did nt create 1 directory per user hence it didnt work
[09:22] <ttx> we just hope we can get our hands on one failing example around here
[09:22] <SpamapS> normanm: http://www.cyberciti.biz/faq/file-size-limit-exceeded-error-under-linux-and-solution/
[09:22] <SpamapS> normanm: check ulimit -a
[09:22] <qman__> Zeu5, that would do it :)
[09:22] <Zeu5> my implmentation is slightly different from the article author. i got it to work though. :)
[09:23] <Zeu5> qman__: you are very friendly and patient. thank you. have a nice day :)
[09:23] <qman__> I haven't used that module in any capacity myself, so just looking for more obvious things
[09:23] <\sh> normanm: and eventually check your ulimit for that particular user you are running your dd / java app
[09:23]  * SpamapS is starting to feel some possible sleepiness
[09:23] <normanm> \sh, I run at root
[09:23] <normanm> just to make sure
[09:24] <normanm> ulimit -a shows unlimited
[09:25] <qman__> normanm, I have run into similar problems with java applications hitting limits that don't apply to the rest of the system
[09:25] <qman__> never found the solution, just stopped using java
[09:25] <normanm> qman__, again.. it happens with dd too
[09:25] <twb> qman__: good man!
[09:26] <qman__> with dd, though, there is a problem
[09:26] <twb> normanm: this is an ext4 filesystem?
[09:26] <normanm> twb, yep
[09:26] <normanm> twb, will try to get ext3 on it
[09:27] <twb> normanm: please pastebin the output of "tune2fs -l /dev/sdAB" and "df /usr/local", where AB are the letter and number of the filesystem
[09:27] <twb> normanm: also, if this is a VM or jail, specify the flavour thereof.
[09:27] <qman__> normanm, do you have any quotas enabled?
[09:27] <normanm> qman__, no quotas
[09:27] <qman__> or special mount options
[09:27] <normanm> twb, yeah its a vm
[09:27] <twb> qman__: if he did, it SHOULD give a quota error
[09:27] <normanm> vmware
[09:28] <qman__> at precisely 10MB, something is almost certainly interfering with an artificial limit
[09:28] <twb> normanm: do you have hgfs installed?
[09:28] <twb> normanm: that is the vmware thing that provides file sharing with the host os
[09:28] <normanm> twb, even don't know what it is ;)
[09:28] <normanm> so I guess no
[09:29] <qman__> oh, nevermind
[09:29] <qman__> I read that wrong
[09:29] <twb> Do you have the "vmware server tools" or so installed?
[09:29] <qman__> so it's between 10MB and 100MB
[09:29] <twb> Also, pastebin those things I asked for
[09:29] <ttx> SpamapS, JamesPage: Another small issue I just detected on the ISOs: they still show "Ubuntu maverick (development version)" where they should say "Ubuntu 10.10" or something like that
[09:29] <normanm> twb, http://pastie.org/1204832
[09:30] <qman__> using vmware, did you preallocate the disk? if not, check the host OS for free space
[09:30] <normanm> qman__, there is about 2tb free space
[09:30] <qman__> ok
[09:30] <ttx> We won't respin just for that though, we might go for a 0-day SRU on lsb-release
[09:30] <normanm> twb, vmware tools are installed
[09:31] <twb> normanm: that includes hgfs
[09:31] <normanm> twb, ok
[09:31] <normanm> should I stop the tools ?
[09:31] <normanm> its esx 4
[09:31] <twb> It won't hurt to try, I suppose
[09:32] <SpamapS> ttx: That seems like a pretty serious problem.
[09:32] <SpamapS> ttx: I mean, its cosmetic, but.. you install 10.10 official, and it claims to be the dev release?
[09:33] <elisa871> hi
[09:33] <elisa871> do you use citrix?
[09:35] <normanm> twb, ok.. tools stopped same problem
[09:35] <twb> I'm out of ideas
[09:36] <normanm> twb, funny enough.. if I create 10 files of 10mb it work
[09:36] <normanm> if I want to create one of 100mb it fails
[09:36] <normanm> so WTF!
[09:36] <twb> talk to your vmware vendor?
[09:37] <normanm> well with 9.04 I don't see this problems
[09:37] <normanm> but its ext3
[09:37] <normanm> so let me try this first
[09:38] <normanm> same with ext3
[09:38] <normanm> I don't get it
[09:38] <twb> apparmour?
[09:39] <twb> dmesg, logfiles?
[09:39] <ttx> SpamapS: I'd leave it to skaet... but you can voice your opinion on #ubuntu-release
[09:39] <normanm> twb, apparmour disabled
[09:39] <normanm> nothing in dmesg / logfiles
[09:39] <ttx> i've mixed opinions
[09:40] <twb> pastebin the output of stracing the dd
[09:41] <normanm> let me cool vm admin first
[09:45] <normanm> cool/call
[09:52] <normanm> twb, http://pastie.org/1204860
[09:55] <normanm> same with xfs
[09:55] <normanm> so it must have something todo with the os
[09:55] <normanm> or vm
[09:55] <normanm> or whatever
[09:56] <normanm> need to test more
[09:56] <normanm> will come back later again
[10:00] <twb> normanm: OK.
[10:00] <twb> I wonder if dropping to single-user mode would help
[10:00] <twb> I guess there's a lot of random shit in whatever upstart calls rcS
[10:01] <normanm> true enoguh
[10:01] <normanm> enough
[10:07] <JamesPage> ttx:  who's the resident postfix/amavisd expect on the team?
[10:08] <JamesPage> ttx: ^expert
[10:10] <ttx> JamesPage: In the "Ubuntu server team" that would be ScottK
[10:11] <ttx> Noone in the canonical team is the 'expert', but I guess SpamapS or mathiaz know a bit about it
[10:15] <JamesPage> ttx: OK - just wanted a second option on whether AV scanning with a postfix 'Local only' config was a common use-case;  I don't think it is (bug 656048)
[10:20] <twb> JamesPage: what would be the point?
[10:21] <JamesPage> twb: I can't think of one :-); I guess you could send you (or someone else) on the same system a virus infected email
[10:22] <twb> Wouldn't matter, since the system, being linux, doesn't really do the virus thing
[10:36] <crb> nscd doesn't cache DNS requests in Debian/Ubuntu
[10:37] <crb> therefore every time anything wants a DNS response on my local network, it goes to my DNS server
[10:37] <crb> (tcpdump port 53 is very loud!)
[10:37] <twb> crb: did you install it?
[10:37] <crb> every now and then, under load, there's a 5 second delay on looking up names, which I suspect is related to running out of sockets
[10:38] <crb> twb: install nscd?  I have it installed as I'm using LDAP for user auth
[10:38] <crb> but it's the DNS traffic I'm concerned about at the moment
[10:38] <twb> nscd definitely does *something*, because without it, lucid's pam_ldap fails to talk to hardy's slapd due to some bizarro bug that I can't remember
[10:39] <crb> I had to install nslcd to work around a bizarro bug with pam_ldap
[10:39] <crb> but the LDAP part is fine
[10:40] <twb> PADL needs to get their shit together
[10:40] <crb> I'm seeing 80 DNS requests a second from a given web server in production
[10:41] <crb> multiply that by lots, and it makes me think some local caching might not hurt
[10:41] <crb> what's the general feeling on that?
[10:41] <twb> Shrug
[10:41] <crb> honest :)
[10:42] <twb> Note that nscd only affects nsswitch users
[10:43] <qman__> a caching secondary would likely solve that problem, but I'm wondering why a web server is making DNS requests at all
[10:43] <twb> Some retarded programs, like firefox and polipo, do their own DNS resolution.
[10:43] <twb> qman__: PTRs
[10:44] <crb> qman__: resolving internal services
[10:44] <crb> it does a SOAP call to our SSO
[10:44] <qman__> ah, ok
[10:45] <twb> single sign-on?
[10:45] <crb> authentication backend, yes
[10:46] <twb> SOAP's a funny way to spell LDAP/krb
[10:46] <crb> LDAP is for UNIX users
[10:46] <crb> SOAP is for web users (Atlassian Crowd)
[10:46] <twb> And windows users
[10:46] <crb> And dirty people
[10:47] <crb> anyway, I didn't pick the applications
[10:47] <crb> (the web ones)
[10:47] <twb> Yeah, fair enough
[10:47] <qman__> well, installing a DNS caching server on the web server with a reasonably short cache life (an hour or so) would solve the network bottleneck
[10:47] <twb> OpenID needs to die and be replaced by krb
[10:48] <twb> qman__: isn't that what nscd is?
[10:48] <crb> qman__: you have any preference? dnsmasq?
[10:48] <qman__> I don't know what nscd is
[10:48] <crb> my understanding is nscd would do it transparently, at system call level
[10:48] <twb> I wouldn't think 80 hits per second is exactly a bottleneck
[10:48] <qman__> and I don't really have a preference, I haven't done anything extensive to have an opinion on performance of them
[10:49] <twb> crb: yes, but only for stuff that uses those syscalls
[10:49] <crb> true
[10:49] <twb> crb: if your app is doing them directly then it'll ignore nscd
[10:49] <twb> You could try asking ss/netstat what's connecting (-p)
[10:51] <crb> nothing appears out of the ordinary
[11:06] <soren> nscd doesn't work at the syscall level, but at libc level.
[11:07] <soren> syscalls are the interfaces to the kernel. The kernel doesn't care about DNS (or usernames, etc.).
[11:08] <twb> soren: sorry, I was a bit confused
[11:15] <bigbrovar> Hi guys, am using kubuntu 10.04 and am thinking of upgrading to 10.10 I setup ssh passwordless login keys on my current system to couple of servers I admin. can I just backup and save my .ssh file in my home and use it on the new install. would it work? or I would have to setup ssh-keygen again on the new system?
[11:20] <a_ok> Is there a way I can boot ubuntu without networking?
[11:50] <milx> my hosting provider sent me this log of suspicious activity on my account http://pastebin.com/bAU7RkeM - how would I generate such a log on my own server?
[12:13] <hggdh> ttx: a question -- the server ISo does not have 'reinstall Grub' anymore on the rescue option?
[12:13] <ttx> hggdh: no clue... it used to have that ?
[12:14] <hggdh> ttx: it did, yes
[12:14] <hggdh> ttx: but it is not there now. The Alternate CD has it still
[12:15] <ttx> strange... I see no reason why it would have disappeared specifically on the server CD... maybe ask on #ubuntu-release
[12:15] <zoopster> bigbrovar: as long as you have your private AND public SSH keys...no need to recreate via ssh-keygen
[12:16] <bigbrovar> zoopster: thanks :)
[12:21] <zoopster> a_ok: not sure the context, but ubuntu runs fine sans network...a server is rather useless w/o networking, imho, but it will run
[12:30] <hggdh> ttx: My fault, I only tested LVMs yesterday...
[12:31] <a_ok> zoopster: I disabled the NICS in bios, I wanted it to start without network active to prevent ipconflicts
[12:32] <spiralis> Maedox. Probably not a good idea, but - not my hardware :(. Thanks for the channel info.
[12:33] <elmuerte> I have an interesting issue with a newly installed 10.04 server on an asus eeebox 1007: after a few seconds of network inactivity it looks like it falls a sleep, and needs a second packet to wake up
[12:33] <spiralis> Hi all, I am having problems with installing ubuntu-server due to failing to install grub.
[12:33] <zoopster> a_ok: well...disabling in the bios will do it.
[12:33] <spiralis> This is a standard PC with two SCSI RAID drives.
[12:33] <a_ok> zoopster: was looking for some kernel option to acceve that (like startt in some runlevel that does not enble netork stuff)
[12:34] <a_ok> zoopster: yeah I was in luck it was on board stuff
[12:34] <a_ok> I have no physical access
[12:40] <zoopster> a_ok: ah I see...so you have a ILO board or something then...not sure what runlevel removes networking...2 maybe? Never had a need so it's been purged from my memory banks. upstart manages that so a quick search on it may yield what you want faster
[12:41] <jjman6_> does nfs4 not support ext4? i'm having problems exporting ext4 partitions. but ext3 seem to work
[13:04] <qman__> a_ok, recovery mode (single user) should accomplish that
[13:04] <qman__> though I haven't tested it
[13:04] <qman__> however it will have significantly reduced functionality
[13:05] <qman__> if all you wanted to do was change network configuration while offline and reboot, recovery mode would work
[13:09] <qman__> jjman6, I don't see any reason why it shouldn't
[13:09] <qman__> nfs doesn't directly access the filesystem AFAIK, so it should work with any
[13:10] <jjman6> qman__: well i've tried on several partitions & 2 machines and i keep getting "... does not support NFS export"  error
[13:13] <qman__> google says you're not the only one
[13:18] <zul> morning
[13:18] <qman__> no real results though
[13:19] <qman__> is your desired export directory doing anything special or unusual? mount -o bind? encrypted home? symbolic link?
[13:19] <ttx> smoser: we might respin -- that would affect cloud images too, at least to change the lsb-release name
[13:20] <ttx> Current finals still  shows "Ubuntu maverick (development release)"
[13:20] <ttx> fixed in archive
[13:27] <hggdh> ttx: the only change would be that?
[13:27] <ttx> hggdh: no, we also get others
[13:28] <hggdh> ttx: OK, back to testing then
[13:29] <ttx> hggdh: we still try to fix the "grub broken on some servers" issue
[13:29] <ttx> that's what's holding up the potential respin
[13:30] <hggdh> ttx: you mean not being in the rescue option, or other brokeness?
[13:30] <ttx> no, other brokeness. bug 641259
[13:30] <ttx> it's not really fixreleased yet.
[13:31] <ttx> we also have bug 656037 in the queue
[13:31] <ttx> that affects d-i, so server
[13:34] <hggdh> yes, and a nasty one
[13:42] <elmuerte> ok.. the problem I had is a local machine issue... other machines have no issues connecting to the new ubuntu server
[14:03] <linuxawi> !release
[14:06] <jjman6_> qman__: no,  i finally got a mount to work tho.  just still have no luck with any directories in my users home dir.  always says not support NFS export
[14:07] <jjman6_> qman__: and the other intersting part is using nfs4  os the type no longer seems to work.  i have to use straight -t nfs
[14:07] <binBASH> someone knows how to edit a file in a qcow2 kvm image?
[14:07] <smoser> ttx, :-(
[14:08] <smoser> ttx, i ran tests already. oh well, run them again if we respin
[14:08] <ttx> smoser: it's not as if it wasn't automated ;)
[14:08] <binBASH> I found this http://libguestfs.org/virt-edit.1.html but it's not shipped with ubuntu unfortunately
[14:08] <smoser> ttx, no, but it does cost $50
[14:09] <nijaba> SpamapS: nice https://wiki.ubuntu.com/CloudLoadbalancingHowto, but shouldn't it be help.ubuntu.com/community/ wiki ?
[14:11] <ttx> smoser: that's nothing compared to what devpay pays you every month, right ;)
[14:12] <smoser> well, no, but i like to spend canonical money as if it were my own and I *didn't* have an unlimited stream of money.
[14:22] <hggdh> smoser: do I understand that _you_ have an unlimited stream of money?
[14:30] <zul> hggdh: its his little pot of gold
[14:33] <smoser> ttx, so, to be clear, there is a lsb-release update ?
[14:33] <smoser> https://launchpad.net/ubuntu/+source/lsb
[14:33] <ttx> base-files
[14:33] <smoser> the latest i see in archive is 4.0-0ubuntu8
[14:33] <smoser> oh.
[14:33] <smoser> ok
[14:33] <ttx> /etc/lsb-release is shipped in base-files
[14:34] <smoser> ok. so i have to start a spin.
[14:34] <ttx> we should have a d-i update as well
[14:34] <smoser> will do.
[14:34] <ttx> smoser: not now... we might get a new grub as well
[14:34] <smoser> ok.
[14:34] <ttx> I'll let you know
[14:34] <smoser> just tell me when to push go
[14:34] <smoser> i will hold my breath
[14:35] <smoser> hggdh, well the "joke" is that every time someone runs an ubuntu instance on ec2, i get pennies
[14:35] <ttx> smoser: how did the "current" tests go ?
[14:35] <ttx> I see them all at 0/2 on the tracker so far
[14:36] <ttx> smoser: also there is no cloud image on the tracker yet
[14:36] <ttx> (tar.gz)
[14:36] <smoser> well, there doesn't need to be :)
[14:36] <smoser> i had asked that to be populated, but oh well.
[14:36] <ttx> hmmm
[14:37] <ttx> doing tests on the previous dailmy is not completly useless
[14:37] <ttx> as in.. it's the last time to catch a last-minute bug
[14:37] <ttx> Daviey, hggdh: did you test recent cloud images  ?
[14:37] <Daviey> ttx: yes, i tested the latest one
[14:37] <Daviey> 'current', this morning
[14:38] <ttx> ok.
[14:38] <hggdh> ttx: I certainly tested the UEC ones, on both amd64 and i386, but I did not test EC2
[14:38] <Daviey> The only thing that i noticed the hostname not being resolved... when sudo'ing
[14:38] <ttx> ok, so even if we have no results registered yet, it looks good, I assume
[14:38] <Daviey> I thought that wasn't an issue previously.
[14:39] <ttx> its been a long time since I last did sudo into a cloud image running on EC2, I must confess
[14:39] <ttx> s/EC2/UEC/g
[14:39] <hggdh> I am missing the UEC images tests from the ISo tracker, though -- where are they?
[14:39] <Daviey> ttx normally roots them via an unpublished kernel buffer overfill.
[14:39] <ttx> hggdh: <smoser> i had asked that to be populated, but oh well.
[14:40] <ttx> Daviey: who needs sudo anymore ?
[14:40] <smoser> ttx it was in the same request as for ec2 images so it just must have been lost.
[14:40] <Daviey> :)
[14:40] <hggdh> Daviey: I did not see any issue on sudo
[14:40] <ttx> smoser: those QA people are so unreliable
[14:41] <hggdh> oh, yes, don't trust them
[14:41] <hggdh> er
[14:41] <ttx> I mean, marjo left the remains of his lunch on the table, and it smells now
[14:41] <hggdh> LOL
[14:41] <hggdh> what, anchovies?
[14:42] <ttx> salmon
[14:42] <ttx> a bit of rice
[14:42] <Daviey> and a lemon
[14:42] <ttx> I'll flush that down the toilet now
[14:42] <ttx> done.
[14:42]  * Daviey watches ttx take it to the bin... i wonder if bin and toilet are lost in translation.
[14:43] <ttx> Daviey: you don't want to know
[14:43] <hggdh> TMI, TMI
[14:43] <Daviey> :)
[14:43] <ttx> Daviey: I got lazy on my way there
[14:43] <patdk-wk> texas medical industry? what do they have to do with anything?
[14:44] <ttx> yay, fire alarm
[14:44] <hggdh> actually, Too Much Info
[14:44] <patdk-wk> :)
[14:45] <hggdh> so, ~1.5 hours for the next ISO?
[14:46] <ttx> hggdh: no ETA
[14:46] <ttx> hggdh: cjwatson wrestling the grub situation in some obscure server room
[14:47] <ttx> see #ubuntu-release for progress
[14:50] <hggdh> ttx: ack
[14:54] <ttx> hggdh: just in case we end up keeping the current candidate, would be good to register your test results on cloud images on the tracker
[14:54] <hggdh> ttx: indeed, but we are missing the entries for UEC
[14:55] <ttx> hggdh: I thought you could fix that. Maybe ask ara ?
[14:55] <hggdh> will do
[15:09] <bpgoldsb> Kinda of tricky question.  I could be approaching this the wrong way, but this is a good crowd to ask.  I've got ~15 megs of PHP files for a webserver.  It's running in a VM, with less ram than I'd like.  Can anyone think of a way to force/trick Linux into keeping those files cached?
[15:10] <bpgoldsb> The goal is to avoid disk-hits for the majority of page loads
[15:21] <patdk-wk> bpgoldsb, cat /var/www/* > /dev/null
[15:21] <patdk-wk> in cron every min :)
[15:25] <JamesPage> ttx: Can you take a look at bug 656173?  Its a maverick bug related to multiple chained backing_files/qcow2 in libvirtd
[15:26] <ttx> JamesPage: that would be a new feature. At that point we just support the first level
[15:26] <JamesPage> ttx: its a regression from Lucid where this actually works
[15:26] <ttx> I'd wishlist it... maybe jdstrand has another opinion
[15:27] <ttx> JamesPage: ah?
[15:27] <ttx> that surprises me
[15:27] <JamesPage> Permissions in apparmor profile are incorrect but it parsers all three levels of file.
[15:27] <jdstrand> JamesPage: can you try setting 'allow_disk_format_probing = 1' in /etc/libvirt/qemu.conf?
[15:28] <JamesPage> Yeah - I'll give it a spin now.
[15:28]  * ttx didn't know that was supposed to work ;)
[15:28] <jdstrand> (it isn't in 0.8.3)
[15:28] <jdstrand> not without setting that option
[15:30] <bpgoldsb> patdk-wk: Interesting idea. ;)
[15:30] <patdk-wk> there is an even more interesting idea :)
[15:32] <JamesPage> jdstrand,ttx: that did the trick (after a restart of libvirtd); all three levels of disk are now detected correctly.
[15:32] <JamesPage> ttx: does this need to go into the release notes?  Could trick some people out.
[15:33] <jdstrand> JamesPage: as you read from the conf file, this is by design. it fixes a CVE
[15:33] <ttx> JamesPage: ask skaet on #ubuntu-release
[15:33] <jdstrand> I'll comment in the bug
[15:33] <patdk-wk> http://www.mythtv.org/wiki/User:Yeffetn
[15:34] <patdk-wk> scroll down to the nocat program
[15:54] <JamesPage> jdstrand: do you want to put some words together on this feature?
[15:56] <jdstrand> JamesPage: I can, but it'll be in a while
[15:57] <JamesPage> jdstrand: I can draft something for review if that would help; also need a pointer on where to put release notes (not done it before...)
[15:57] <jdstrand> JamesPage: I'll do it. I'd like it to be similar if not identical to the USN text I will be drafting
[15:58] <JamesPage> jdstrand: OK - let me know if you want a second pair of eyes over it.
[16:23] <smoser> hggdh, do you have any use for 20101007.1 images ? ie, should i get them to http://uec-images.ubuntu.com (even though thy're not completlye published yet)
[16:24] <hggdh> smoser: I would rather wait for the server respin -- then I can get it all done in one single swwep
[16:24] <smoser> good deal
[16:24] <hggdh> smoser: so, no hurry
[16:47] <elb0w> How do I update sources to fastest mirror from shell?
[16:57] <franksterville> http://www.debianadmin.com/howto-select-fastest-mirror-in-debian.html
[16:57] <franksterville> if ur deb.... that is
[16:59] <elb0w> k ty
[17:05] <ewook> elb0w: a university close to you? :)
[17:05] <elb0w> nyu
[17:07] <elb0w> franksterville, apt isnt finding that
[17:07] <elb0w> any other options?
[17:09] <franksterville> not finding netselect?
[17:10] <franksterville> ahhh crap its broken under ubuntu
[17:10] <franksterville> sigh
[17:10] <elb0w> :(
[17:11] <franksterville> you could ping them all rofl
[17:14] <elb0w> hahaha
[17:14] <elb0w> i have ubuntu gui here
[17:14] <elb0w> its not server though
[17:14] <elb0w> could I take those mirrors and change them?
[17:14] <franksterville> with gui ...  http://www.ubuntugeek.com/how-to-select-fastest-mirror-in-ubuntu.html
[17:15] <elb0w> yeah ive done it in gui
[17:15] <elb0w> but I cant move that over to server right?
[17:15] <franksterville> i dont actually know lol
[17:15] <franksterville> sheeshe
[17:15] <franksterville> ummmm
[17:15] <elb0w> im comparing the files
[17:15] <elb0w> ill check
[17:15] <elb0w> :)
[17:15] <franksterville> kk
[17:16] <elb0w> looks like i can
[17:16] <elb0w> lol
[17:17] <franksterville> they match up?
[17:17] <franksterville> nice
[17:18] <elb0w> could be that its a 32bit server
[17:18] <elb0w> and 32bit client
[17:18] <elb0w> would make sense
[17:18] <franksterville> ahhhh lucky lol
[17:19] <elb0w> yeah i have a 64bit server i have to do this for though
[17:19] <elb0w> :(
[17:19] <franksterville> i try to run headless but sometimes i have to cave to connecting a kb and monitor
[17:20] <franksterville> i hate it
[17:20] <elb0w> 1.2megs > 1.2B
[17:21] <elb0w> the server doesnt even have a gui
[17:21] <franksterville> install gnome
[17:21] <franksterville> lol
[17:21] <elb0w> lol
[17:21] <franksterville> startx :)
[17:21] <elb0w> no need actually
[17:21] <franksterville> yeyeye
[17:21] <elb0w> Install x server
[17:21] <elb0w> ssh -X
[17:21] <franksterville> ye that to
[17:21] <elb0w> oh I guess package manager is part of gnome
[17:21] <elb0w> that wouldnt work
[17:22] <franksterville> lolol
[17:22] <franksterville> pwned
[17:22] <elb0w> :(
[17:22] <franksterville> doh!!!:/
[17:37] <ttx> new ISOs on a mirror near you, maybe
[17:39] <ttx> go wild!
[17:40] <ttx> JamesPage, hggdh, SpamapS, Daviey, zul ^^
[17:40] <zul> ack
[17:41]  * hggdh goes suffer a bit more
[17:42] <hggdh> ttx: if smoser has published the UEC images, can you please re-enable them on the ISO tracker?
[17:43] <smoser> hggdh,
[17:43] <smoser> http://uec-images.ubuntu.com/server/maverick/20101007.1/ is populated with images (no ec2 info yet)
[17:44] <Daviey> \o/
[17:44] <hggdh> smoser: cool, thank you
[17:45]  * hggdh goes back to suffering a bit more
[17:55] <SpamapS> ttx: I'm on battery on shared wifi at puppetcamp.. probably shouldn't be downloading isos. ;)
[18:02] <ttx> ah! you're at puppetcamp too ? That's 3 of you, right ?
[18:23] <SpamapS> ttx: yes, just the intro to mcollective seems worth the 70 minute flight. ;)
[18:23] <ttx> mcollective?
[18:24] <SpamapS> http://marionette-collective.org/
[18:24] <SpamapS> messaging layer for puppet
[18:25] <ttx> ah, right. Teyo mentioned it to me
[18:26] <SpamapS> Described as an "Orchestration framework"
[18:27] <SpamapS> Only thing I don't like is activemq .. but I'm sure it can be made to not suck. ;)
[18:46] <ttx> JamesPage: did the hudson instance take up the new ISOs ?
[18:56] <illytacos> hi folks, i need some desperate help my job is literally on the line. I am having a hell of a time to get samba share working and I just need it to work for one user and one file just to show it works
[18:58] <illytacos> please please please help
[19:01] <RoyK> what's wrong?
[19:01] <RoyK> describe your config and pastebin smb.conf
[19:02] <RoyK> !pastebin
[19:05] <RoyK> illytacos: ?
[19:05] <jeiworth> yeah samba can be a pita in the beginning, but once you get the hang of it it's actually pretty straight-forward
[19:07] <illytacos> thanks RoyK I'm just trying to go back and fix some of the crap I already did wrong
[19:08] <RoyK> illytacos: you need to be a little more specific if you want us to help :)
[19:08] <illytacos> yeah for sure sorry just give me one sec
[19:08] <illytacos> I need to start from scratch
[19:09]  * RoyK would gladly spend some time helping illytacos to save his job
[19:09] <illytacos> I tried to migrate permissions from one file to another
[19:09] <RoyK> illytacos: start out by pastebinning the config
[19:09] <illytacos> and oh man did that not work out
[19:09] <RoyK> illytacos: posix ACLs?
[19:09] <illytacos> ok
[19:10] <illytacos> whew. sorry abotu that
[19:10] <illytacos> ok so now I'm followign this tutorial for now just give me a sec to modify the samba config file
[19:11] <ttx> closing for the day -- happy ISO testing everyone :)
[19:11] <illytacos> http://www.jonathanmoeller.com/screed/?p=1590
[19:11] <ttx> smoser: you should be able to find someone to post your EC2 AMIs to the ISO tracker on #ubuntu-release
[19:11] <RoyK> illytacos: no, pastebin /etc/samba/smb.conf
[19:11] <ttx> smoser: and start the automated tests
[19:12] <illytacos> ok hnx
[19:12] <ttx> JamesPage: please add your magic test results to the tracker when they are done as well :)
[19:12]  * RoyK waves his wand in ttx's direction
[19:12] <JamesPage> ttx: will do; they will take most of the night to spin through so will update in the morning.
[19:13] <ttx> JamesPage: works for me
[19:13] <illytacos> there done
[19:13] <illytacos> thank you
[19:13] <JamesPage> ttx: great
[19:13] <illytacos> http://paste.ubuntu.com/508176/
[19:17] <illytacos> I feel like I'm going to have a heart attack -_-''''
[19:17] <RoyK> illytacos: calm down :)
[19:18] <illytacos> thnx
[19:19] <RoyK> so cutting away the comments, here's the file http://paste.ubuntu.com/508178/
[19:20] <RoyK> what is [test]?
[19:20] <RoyK> your test share?
[19:20] <RoyK> if so, that needs at least a path
[19:20] <illytacos> sorry what are the comments?
[19:20] <RoyK> anything starting with # is a comment
[19:20] <RoyK> that is, not parsed
[19:21] <RoyK> by samba
[19:21] <illytacos> ok so I get rid of the # cool.
[19:21] <RoyK> er
[19:21] <RoyK> no
[19:21] <RoyK> don't
[19:21] <RoyK> what are you trying to do?
[19:21] <RoyK> make a test share to some dir?
[19:21] <illytacos> yes
[19:21] <illytacos> I can put the path in
[19:21] <RoyK> here's an example share http://paste.ubuntu.com/508182/
[19:22] <RoyK> from one of my test boxes
[19:22] <RoyK> everything not under [global] are treated as shares
[19:27] <RoyK> illytacos: or to detail it - first you have a [globals] section, then, after that, you have [myshare], [yourshare], [whateveryyouwannacallit]
[19:28] <illytacos> amazing!!!!!!!! i got it I got it
[19:28] <RoyK> :)
[19:28] <illytacos> ok now how on earth do I set up a new user?
[19:29] <illytacos> to access a few of the files
[19:29] <illytacos> oh my god I love you
[19:29] <RoyK> illytacos: smbpasswd -a someuser
[19:29] <illytacos> omg ok thnx
[19:29] <RoyK> iirc you need to create a unix user for it as well, but I'm not sure about that
[19:30] <RoyK> better just try with smbpasswd -a someuser first
[19:30]  * RoyK gladly accepts Islay whisky in payment
[19:31] <RoyK> s/in/as/
[19:31] <illytacos> sorry royk in terminal i type which smbpasswd -a user how do I set up a password
[19:33] <RoyK> illytacos: http://paste.ubuntu.com/508186/
[19:34] <RoyK> it needs a unix user, it seems
[19:35] <illytacos> cannot lock /etc/passwd...??
[19:35] <RoyK> illytacos: if you have a windows domain controller in the network, configure samba to use that
[19:35] <RoyK> illytacos: erm - are you root?
[19:36] <illytacos> omg sory I'm panicing and not thinking sorry
[19:37] <RoyK> :)
[19:37]  * RoyK hands illytacos a dram
[19:39] <illytacos> crap access denied
[19:40] <RoyK> illytacos: you don't have root access to the box?
[19:41] <hggdh> darn! Why does libvirt change the ownership of an ISO image?
[19:41] <illytacos> I need to access it from a windows machine
[19:41] <RoyK> illytacos: the shares can be accessed from a windows machine once you have created samba users
[19:42] <illytacos> ok so I just created a user
[19:42] <illytacos> and no dice
[19:43] <RoyK> both useradd -m username and then smbpasswd -a username?
[19:44] <illytacos> yeah
[19:45] <RoyK> perhaps setting a unix password for the user might help - 'passwd username'
[19:45] <JavaAtom> Trying to install 10.04 Server (x64) on a series of three RAID-0 devices (on two physical hard drives) -- Grub fails to install. How am I doing it wrong?
[19:46] <JavaAtom> ** The three raid devices are 100MB /boot, 16GB swap, and 4TB /
[19:46] <RoyK> erm ... three raid-0 devices??
[19:46] <JavaAtom> RoyK: Software raid.
[19:46] <RoyK> sure, but that's playing with matches and gasoline
[19:46] <JavaAtom> And hoping the server doesn't lose a drive, I get that.
[19:47] <JavaAtom> Should I just move to a RAID-1?
[19:47] <JavaAtom> For everything?
[19:47] <RoyK> dunno - never tried that - perhaps using a dedicated /boot partition will help
[19:47] <RoyK> I'd do that if I were you
[19:47] <RoyK> disk space isn't very costy atm
[19:48] <RoyK> I have a bunch of servers with linux software mirrors (raid-1) - works well
[19:48] <RoyK> a little tricky on old Hardy, but with Lucid, it's smooth
[19:49] <JavaAtom> RoyK: Getting these 2-TB drives (and the server) was hard enough. This is also for our wiki
[19:49] <JavaAtom> RoyK: * Enterprise wiki. Regular backups will be made and moved to a backup server.
[19:49] <illytacos> RoyK: sorry um how to I set a unix one?
[19:50] <RoyK> passwd username
[19:56] <illytacos> hm on the windows machine it says thatthe path can't be found but I navigated to it in explorer
[19:57] <RoyK> illytacos: pastebin smb.conf again, please, and make sure the path it points to is writable for that user
[19:57] <RoyK> or at least readable
[19:58] <illytacos> tnx
[19:59] <RoyK> chmod 777 /path/to/data
[20:02] <illytacos> http://paste.ubuntu.com/508206/
[20:03] <RoyK> illytacos: ls -ld /home/oecmsrvtst01/test/OECM_OFFICE_APR08
[20:03] <illytacos> RoyK: so chmod 777 ls -ld /home/blah/blah
[20:04] <RoyK> illytacos: ls -ld /home/oecmsrvtst01/test/OECM_OFFICE_APR08
[20:04] <RoyK> pastebin that
[20:05] <illytacos> oic
[20:05] <illytacos> http://paste.ubuntu.com/508218/
[20:06] <RoyK> illytacos: what is the username with which you are trying to connect to the server from the windoze box?
[20:08] <illytacos> RoyK: pm'd
[20:08] <illytacos> honestly after all this I don't even know if I care about staying
[20:09] <illytacos> if I didn't have bills I would walk out. RoyK you're awesome and thank you
[20:09] <RoyK> illytacos: try to chmod 777 that dir first
[20:09] <RoyK> see if that helps
[20:10] <illytacos> yes but now I can see everyone's everything
[20:10] <RoyK> what do you mean?
[20:10] <illytacos> the user name and pass help but I can see all files. I need the rest to be locked down except for the one I set permissions on
[20:10] <RoyK> illytacos: how many users are there in this network?
[20:11] <illytacos> just root, server and me
[20:11] <illytacos> for now
[20:11] <illytacos> oh hang on
[20:11] <illytacos> I think I made myself admin in error
[20:11] <franksterville> Is there a .conf file that handles all printers or are they separate somewhere
[20:11] <RoyK> if you create [homes], a special share is created for each user, pointing to that user's homedir
[20:12] <RoyK> franksterville: it's in the CUPS docs
[20:12] <franksterville> man?
[20:12] <illytacos> RoyK: er...
[20:12] <RoyK> illytacos: man smb.conf :)
[20:13] <illytacos> yes but... I have no idea what I type... I just type [homes]?
[20:13] <RoyK> illytacos: do you want to share all data, or do you want separate shares for private data?
[20:13] <illytacos> seperate shares for private
[20:13] <RoyK> well, a [homes] section in smb.conf will help you there
[20:13] <RoyK> illytacos: man smb.conf
[20:14] <RoyK> it's all there
[20:14] <RoyK> the docs
[20:14] <illytacos> I don't know what man is
[20:15] <RudyValencia> man is the linux manual viewer
[20:15] <RoyK> illytacos: on the command line in linux, type 'man smb.conf' and press <enter>
[20:15] <RoyK> without the quotes
[20:15] <illytacos> ohh ok
[20:15] <franksterville> just a random tidbit....  There are 5 members in the #webmin IRC
[20:15] <franksterville> thats it
[20:16] <JavaAtom> RoyK: Any suggestions on a "proper" way to use the space of two drives as one giant usable space?
[20:16]  * RoyK loathes web-based administration
[20:16] <illytacos> I'm sorry RoyK
[20:16] <illytacos> thank you
[20:16] <franksterville> RoyK:  werkin on headless and webless:  My terminal-foo is poor
[20:17] <RoyK> JavaAtom: I'd say 50 gigs for the root (which will be quite sufficient) and the rest for /home or perhaps a separate /data partition - you choose
[20:17] <RoyK> JavaAtom: if there is room for more drives in the box, make sure to set it up with LVM so that you can add another mirror later and add that space to the filesystem
[20:19] <RoyK> franksterville: not to be harsh, but learning basic administration is quite easy and once learned, it'll help a lot
[20:20] <franksterville> RoyK:  Oh I understand.  Real admins do just that, they dont muck around in a gui because it is too slow that way.  Bash is so much faster IF you know wtf ur doin
[20:20] <jeiworth> JavaAtom: if you want to creat just one big partition out of 2 hdds you might want to look into lvm or raid-0
[20:20] <jeiworth> although neither is really recommendable due to possible data loss in case of a single hdd failure
[20:21] <RoyK> franksterville: it won't take too long to learn that part
[20:22] <\sh> .oO(webmin, that's so 1990ties)
[20:22] <jeiworth> hehe
[20:22] <JavaAtom> jeiworth: That's what I thought -- I was just looking for some potential alternatives.
[20:22] <franksterville> RoyK:  I get frustrated when I have to stop and read the entire Man 3 times lol
[20:22] <RoyK> jeiworth: I think he's setting up a mirror of two 2TB drives
[20:22] <jeiworth> JavaAtom: well, as said, technically quite possible, but not recommendable
[20:22] <franksterville> bout to apt-get remove webmin
[20:22] <RoyK> franksterville: just use another terminal :)
[20:22] <JavaAtom> RoyK: Nope, trying to span/stripe across both still.
[20:22] <RoyK> !webmin
[20:23] <RoyK> JavaAtom: you're mad
[20:23] <RudyValencia> Will setting up SSH with OpenSSL keys stop login attempts from bad users that I get a lot of in my logs?
[20:23] <JavaAtom> RoyK: Either that or I figure out how to get this single application to spread its data over two dedicated partitions.
[20:23] <franksterville> the bot dont even like webmin sheeshe
[20:23] <franksterville> lol
[20:23] <JavaAtom> RoyK: Which do you think is harder? :P
[20:23] <jeiworth> RoyK: that's another way to put it.. ^^
[20:23] <RoyK> JavaAtom: just reinstall on a mirror
[20:23] <RoyK> franksterville: for good reason
[20:24] <\sh> webmail QMail Module Descr: Configure the popular Qmail mail server package | Author: Stephan '\sh' Hermann | Last Updated 2001-01-21 11:11:39 *lol*
[20:24] <RoyK> qmail????
[20:24] <JavaAtom> RoyK: You're not getting it -- I need more than the one 2-TB space I'd get out of that. Raid would work, but there's an error when I try to install GRUB on the raid-0.
[20:24] <franksterville> RoyK:  okok I'm gonna go cold turkey...  Mark this day....
[20:24] <franksterville> remove then purge?
[20:24] <franksterville> remove then clean?
[20:24] <RoyK> JavaAtom: then reinstall with a separate /boot fs
[20:25] <JavaAtom> RoyK: Okay -- that should work then.
[20:25] <RoyK> JavaAtom: I don't think grub likes raid0
[20:25] <\sh> RoyK: yes...I used qmail to spam DENIC (.de registry) with "REG: foobar.de" mails...I crashed their sendmail on sun os in 1998
[20:25]  * RoyK uses postfix
[20:25] <JavaAtom> RoyK: I was thinking that might help solve it -- again, thank you much.
[20:25] <jeiworth> grub doesn't seem to like any raid, tried to set up raid 1 on a running system with multiple partitions and all worked fine except for boot partition, that still boots from a "normal" one
[20:25] <Dev^Null> Hey all I have a disk image of ubuntu 9.10 that I replicate to about 500 different machines. I am having an issue with the 70-persistent-net.rules becuaes it wants to name the nic based of the mac address while this changes with each machine. I would like to set it up to look if ATTR{operstate}=="up" then  call that car eth1 I have 2 nic's in each box and only one is ever used. how would I do this.
[20:26] <\sh> RoyK: and I installed qmail on any customer server we sold these days, and the cusomters wanted to have webmin, so I wrote a qmail plugin...the very first ;)
[20:26] <RoyK> JavaAtom: just keep in mind that when one of the drives die, the shit hits the fan
[20:26] <JavaAtom> RoyK: Absolutely.
[20:26] <guntbert> RudyValencia: not by itself, but after setting that up correctly you can turn off password based logins in ssh entirely
[20:26] <JavaAtom> RoyK: That's why I have backups pushed to a diff server.
[20:27] <RoyK> JavaAtom: and with the current pricing of drives, wtf don't you use a raid5 or something?
[20:27] <jeiworth> raid6!
[20:27] <\sh> Dev^Null: image based os deployment is a bit complicated with udev and nics on board...use FAI :)
[20:27] <JavaAtom> Case only holds two drives for now. And I'm on a budget.
[20:28] <jeiworth> Dev^Null: that's a good question, i have the same problem here every time i clone a test-vm, always changes the eth interface number :-/
[20:28] <RoyK> RAIDz2 ftw
[20:28] <\sh> jeiworth: raid6 costs license fees on HP G6/G7 Hardware with p410 smartarray on board ;)
[20:28] <jeiworth> \sh: what's FAI, have a link? :)
[20:28] <\sh> jeiworth: http://www.fai-project.org/
[20:28] <jeiworth> \sh: yuck, license what? ;)
[20:28]  * RoyK is planning two new servers with 11 7-drive (2TB) RAIDz2s in a zpool
[20:28] <jeiworth> \sh: thx!
[20:29] <\sh> jeiworth: debian project, 10 years old but very heavy maintained...very good, very fast...is being used all around the world
[20:30] <\sh> jeiworth: together with (DC)² (http://dc2.sourcecode.de/ + http://launchpad.net/dc2 ) the better solution for bare metals and vms with pxe boot then preseeding, imaging or kickstarting :)
[20:30] <\sh> jeiworth: 100 VM servers in less then 5 mins with a full blown ubuntu server setup
[20:31] <jeiworth> \sh: wow, cool! thanks again, will give it a closer look :D
[20:31] <\sh> jeiworth: if you need help or need infos join #fai@oftc and / or ask me in here.../me needs to leave now...going home :)
[20:31] <RudyValencia> guntbert: maybe even denyhosts to stop more than three attempts?
[20:31] <\sh> cu tomorrow
[20:31] <jeiworth> \sh: 'aight, take care :)
[20:32] <guntbert> RudyValencia: to be honest: I really don't care about attempts that *cannot* succeed
[20:32] <RudyValencia> I'll just block interactive login without the public-key then
[20:33] <RudyValencia> if that's possible - no public-key, no SSH
[20:33] <franksterville> RoyK:  thx for the push  webmin nuked
[20:35] <RoyK> :)
[20:36] <franksterville> :O  what have I done lol
   just a file/print server
[20:37] <guntbert> RudyValencia: exactly, there are two lines in /etc/ssh/sshd.conf where you can do it, they are well commented
[20:37] <RudyValencia> ah
[20:37] <RudyValencia> and turning off password auth should reduce the number of attempts I see in my logs, right?
[20:38] <RudyValencia> (also, it won't prevent me from accessing my SSH on the road because I have the other half of the key, right?)
[20:38] <guntbert> RudyValencia: not necessarily - people can still *try*, but they cannot succeed
[20:38] <RudyValencia> ah, there'll still be attempts in my logs, ugh
[20:38] <RudyValencia> I hate my logfiles getting so big from them
[20:39] <RudyValencia> but I also hate putting SSH on an alternative port
[20:39] <guntbert> RudyValencia: just choose a *very good/long* passphrase for that key
[20:40] <RudyValencia> I have one that uses a mix of characers from the keyboard-typeable set
[20:40] <RudyValencia> *characters
[20:41] <guntbert> RudyValencia: okok - but make it long too if you take the key on the road with the risk to "loose" it :-)
[20:41] <RudyValencia> I rarely go out
[20:42] <guntbert> RudyValencia: *you* said "... accessing my SSH on the road ..."
[20:43] <RudyValencia> I rarely use it on the road
[20:44] <RudyValencia> for those few cases that I do, PuTTY is on my USB keychain, not the comptuer
[20:44] <RudyValencia> *computer
[20:44] <RudyValencia> and the USB keychain is encrypted
[20:48] <RoyK> illytacos: did you fix your problem?
[20:54] <rneese> afternoon guys
[20:54] <rneese> i need a good howto for unubtu-server custom iso
[20:55] <franksterville> RoyK:  Thats serious hardware
[20:56] <RoyK> franksterville: what?
[20:57] <franksterville> the 2 new servers u planning
[20:57] <RoyK> ah
[20:57] <RoyK> yeah
[20:57] <RoyK> fun :)
[20:57] <RoyK> franksterville: to be used for Bacula storage
[20:57] <franksterville> rename urself to BigRaid
[20:57] <RoyK> hehe
[20:58] <franksterville> You use Bacula?
[20:58] <RoyK> franksterville: two boxes with 110TB net storage and one small one with 10TB net storage, some SSDs for caching and a truckload of RAM
[20:58] <franksterville> I use Amazon S3 offsite
[20:58] <RoyK> franksterville: not now, but we will
[20:58] <RoyK> with tens of terabytes for a single backup, Amazon isn't really an option
[20:58] <franksterville> huge storage
[20:59] <elb0w> I am trying to build a Load balanced server setup with fail over. I was looking at Ultra Monkey but it looks like it hasnt been touched since 2007. Does anyone have any suggestions?
[20:59] <franksterville> must be pron lol
[20:59] <franksterville> or banking
[20:59] <RoyK> franksterville: not really - http://nilu.no
[20:59] <franksterville> ffs i cant read that
[20:59] <franksterville> what laung is that lol
[20:59] <RoyK> there's an 'english' link on top
[20:59] <franksterville> ahh lol
[21:00] <franksterville> ok hats better
[21:01] <franksterville> this kinda site reminds me of a friend of mine at rfmd.com
[21:03] <RoyK> franksterville: we got some press after us recently after the Eyjafjallajökull eruption - this scientist has constructed a sort of camera that can see volcanic ash ...
[21:03] <RoyK> (or even SO2, but the ash follows that cloud)
[21:04] <franksterville> wow insane stuff
[21:05] <RoyK> franksterville: I guess I could have gotten better payment from a consulting firm than working with NILU, but then, it's quite fun to work with these nerds :)
[21:05] <franksterville> more important to enoy life
[21:05] <RoyK> indeed
[21:05] <franksterville> this is why i decommisioned IIS in favor of ubuntu lol
[21:06] <elb0w> So what do you guys use for fail over?
[21:06] <RoyK> early IIS is a piece of crap, later they have added more of the good stuff
[21:06] <franksterville> i love the simplicity of linux
[21:07] <franksterville> so much easier to implement
[21:07] <RoyK> elb0w: I don't use any atm, but glusterfs is rumored to be quite good
[21:07] <RoyK> franksterville: ACK
[21:08] <RoyK> splittettisplatter
[21:08] <illytacos> hey RoyK I'm still having some challenges
[21:08] <illytacos> trying to work through it
[21:37] <nikolaj_basher> Hi :D is there any buddy how has set up an sms gateway?
[21:57] <alex88> if i want to use wget and then shutdown the pc..i have to use sudo to shutdown but i will asked after wget terminates..how to ask at starting?
[21:57] <alex88> like sudo (wget file && shutdown -P now)
[22:19] <RudyValencia> I'm trying to install Ubuntu Server from the CD, but it says libldap and some other packages are corrupt
[22:23] <RudyValencia> I burned the CD several times
[22:23] <RudyValencia> but it still gives the same errors
[22:52] <RudyValencia> I'm trying to install Ubuntu on my server but it keeps saying everything after libldap is corrupt, despite burning the disc two times.
[22:53] <SpamapS> RudyValencia: what version?
[22:53] <RudyValencia> 10.04.1
[22:53] <RudyValencia> ah
[22:53] <RudyValencia> no wonder
[22:53] <SpamapS> ?
[22:54] <RudyValencia> the md5sum of it is wrong
[22:54] <SpamapS> RudyValencia: it happens. ;)
[22:55] <RudyValencia> What I'll do is restart the torrent to "fix" the parts that did not download properly
[22:56] <RudyValencia> ah, truncated download.
[22:57] <RudyValencia> considering right now my backups are on a USB drive that I can't seem to mount with any Windows utility, I'm stuck until this finishes.
[23:15] <demonspork> how can I restrict a user so that they can only bind to a certain IP addresS?
[23:15] <demonspork> or, how do I monitor bandwidth usage on a per user basis
[23:59] <echosystm> hi guys
[23:59] <echosystm> i'm looking for a pretty transparent backup solution
[23:59] <echosystm> essentially i just want to a plug a hard drive in and have it automatically clone the entire system to that hard drive
[23:59] <echosystm> whats the best way to do this?