Ademan | ugh, anyone who's set up ubuntu server using libvirt, I'm trying to use virt-install. My current command line looks like sudo virt-install --connect qemu:///system --name server --ram 256 --disk path=/var/lib/libvirt/images/ubuntu-server-10.04.qcow2 --nographics --os-type linux -c /home/dan/Downloads/ubuntu-10.04.1-server-i386.iso --extra-args="text console=ttyS0,9600n8" but no matter what I've done I can't get any output on th | 00:06 |
---|---|---|
kirkland | RoAkSoAx: around? | 00:14 |
AMT-IT-Guy | any Samba experts around that can explain how I can reload smb.conf without restarting the services? | 00:14 |
SpamapS | kirkland: I think he's done for the day.. 30 minutes ago "* RoAkSoAx gone for the day" | 00:15 |
kirkland | SpamapS: heh, yeah, we banter back and forth long past work hours though :-P | 00:15 |
SpamapS | kirkland: true.. irc is funny that way | 00:15 |
AMT-IT-Guy | no one here uses Samba? | 00:16 |
SpamapS | AMT-IT-Guy: not if we can help it. ;) | 00:16 |
SpamapS | AMT-IT-Guy: service smbd reload should work though | 00:16 |
SpamapS | or it might be service smb .. or service samba.. not sure | 00:17 |
AMT-IT-Guy | that won't shut down the master services, so, if file transfers, etc are happening they won't be aborted? | 00:17 |
mtdemind | i believe it should just check for changes in config | 00:18 |
Ademan | :-/ no one has any idea regarding my virt-install issue? | 00:19 |
AMT-IT-Guy | i thought so too, but I've changed permissions on a directory, and it's not reloading | 00:19 |
mtdemind | HUP should work as well | 00:19 |
AMT-IT-Guy | i tried that as well | 00:19 |
AMT-IT-Guy | sudo kill -HUP PID and it's not working | 00:19 |
RoAkSoAx | kirkland: im here | 00:20 |
AMT-IT-Guy | see here's my problem.... I can replace upwards of 20 Windows servers at my office, BUT, i can't just reload samba in the middle of the day if a change needs to be made lol | 00:20 |
kirkland | RoAkSoAx: you should thumb your nose at SpamapS :-) | 00:21 |
RoAkSoAx | kirkland: discovered the issue, though there's other "issue" | 00:21 |
kirkland | RoAkSoAx: yeah? i saw the bug report updated | 00:21 |
kirkland | RoAkSoAx: glad to see you got those fixed | 00:21 |
RoAkSoAx | SpamapS kirkland : yeah I was gone.. though.. can't stay much time away from computer lol | 00:21 |
SpamapS | RoAkSoAx: no kidding me too | 00:22 |
kirkland | RoAkSoAx: okay, i have though thoroughly about powernap | 00:22 |
RoAkSoAx | kirkland: it was indeed issue with powerwake, I just change one value and it is fixed, though I need to test it against hw | 00:22 |
kirkland | RoAkSoAx: cool | 00:22 |
RoAkSoAx | kirkland: wanna have a quick chat? | 00:22 |
RoAkSoAx | cause I'm going to the movies in like 20 mins or so | 00:23 |
kirkland | RoAkSoAx: sure | 00:23 |
kirkland | RoAkSoAx: let's do it quick | 00:23 |
kirkland | RoAkSoAx: http://paste.ubuntu.com/556709/ | 00:23 |
kirkland | RoAkSoAx: skype me? | 00:24 |
RoAkSoAx | kirkland: http://pastebin.ubuntu.com/556710/ | 00:26 |
RoAkSoAx | kirkland: + data = ''.join(['FFFFFFFFFFFF', mac * 16]) | 00:39 |
Thirtysixway | is there a mod auth shadow package available on lucid? | 00:40 |
Thirtysixway | there seems to only be one for hardy and daper | 00:40 |
axisys | i am failing to compile filebech.. missing libtecla.h .. is there a pkg for available for that? | 01:33 |
hroberts | is there anyone here who is good with grub2 who can help me with an issue? | 01:42 |
momoz | hi all. I have a problem with my apache or ubuntu server install.. I have installed in two servers.. one is working fine the other has problems with utf-8 encoding. I have a web/xml/rss that says | 02:08 |
momoz | has errors and when I run a rss/xml validation it tells me ithe problem is: Your feed appears to be encoded as "UTF-8", but your server is reporting "US-ASCII" | 02:09 |
momoz | any ideas? | 02:09 |
mtdemind | probably MIME related | 02:13 |
momoz | thought that too checked many areas.. any suggestions? two servers one works one doesn't.. was thinking some global setting.. any areas to check? | 02:18 |
=== squishy is now known as SquishyNotHere | ||
mtdemind | momoz: http://httpd.apache.org/docs/current/mod/mod_mime.html#addtype | 02:24 |
mtdemind | add rss, and maybe xml | 02:25 |
mtdemind | search around for examples | 02:25 |
anzenketh | I want to install ubuntu server but I want the home directory to be a seperate parition how would I got about doing this? | 02:28 |
pmatulis | anzenketh: create a separate partition and use /home as it's mountpoint | 02:31 |
anzenketh | Ya the ubuntu server partition creating tools are confusing. | 02:32 |
anzenketh | I can't figure out how to create a seperate parition. | 02:33 |
pmatulis | anzenketh: choose manual partitioning during install | 02:33 |
anzenketh | I have done that. | 02:33 |
anzenketh | It gives me a screen I can not edit | 02:33 |
pmatulis | anzenketh: select 'free space' and hit enter | 02:34 |
anzenketh | There is no free space | 02:34 |
pmatulis | anzenketh: remove existing partition then | 02:35 |
anzenketh | That is what I can't figure out how to do | 02:35 |
pmatulis | anzenketh: select it and choose delete | 02:35 |
pmatulis | anzenketh: select it, hit enter, and choose delete | 02:35 |
axisys | what pkgs do I need to compile a something in ubuntu .. I already have build-essential ... but still saying inet/ip.h not found | 02:35 |
pmatulis | axisys: build-deps command? | 02:36 |
axisys | pmatulis: multi_client_sync.h:31: fatal error: inet/ip.h: No such file or directory | 02:37 |
axisys | pmatulis: this is the error | 02:37 |
axisys | pmatulis: dont see build-deps.. i see build-rdeps tho | 02:38 |
pmatulis | axisys: are you trying to build a package? | 02:38 |
axisys | pmatulis: no just compile filebech | 02:38 |
axisys | filebench* | 02:38 |
pmatulis | axisys: the ubuntu way is to build a package | 02:38 |
anzenketh | Ok I have a LVM using 999.9GB Insite that LVM VG home I have two root ans swap | 02:39 |
anzenketh | I want to create another how do I do that | 02:39 |
axisys | pmatulis: i am trying to compile this http://sourceforge.net/projects/filebench/ | 02:39 |
axisys | pmatulis: never did build a pkg | 02:39 |
axisys | pmatulis: i also had to download and compile this | 02:40 |
axisys | pmatulis: http://www.astro.caltech.edu/~mcs/tecla/ | 02:40 |
axisys | pmatulis: to get libtecla.h | 02:41 |
axisys | pmatulis: which is needed for filebench | 02:41 |
pmatulis | anzenketh: if i understand you well, you'll need to resize the root logical volume in order to accommodate a third (for /home) | 02:41 |
anzenketh | I think I figured it out | 02:42 |
anzenketh | Warning messages were scaring me from continueing to where I can edit | 02:42 |
axisys | pmatulis: i am compiling it like this http://pastebin.com/yJxfSJCD | 02:52 |
axisys | as suggested in INSTALL of filebench src | 02:52 |
pmatulis | axisys: dunno, sorry | 02:55 |
axisys | hmm.. wonder if there is a ubuntu pkg where inet/ip.h available | 02:57 |
dku | I have a dhcp3-server running, which has a number of clients. I'd like to be able to do 'ssh user@hostname' from my machine, given 'hostname' as the client's hostname. How can I make it resolve? | 03:01 |
mtdemind | dku: dhcp3-server should be able to use ddns to update bind | 03:15 |
dku | so i also have to run a dns server alongside the dhcp server? | 03:16 |
mtdemind | that's how i'd do it | 03:16 |
axisys | DEAD_BEEF: may be I should change this #include <inet/ip.h> for linux | 03:17 |
dku | okay, thanks mtdemind | 03:17 |
axisys | it is written by four sun guys.. may be opensolaris has the inet/ip.h that I can copy over here | 03:17 |
mtdemind | dku: you're welcome | 03:17 |
axisys | pmatulis: this one worked .. http://www.fsl.cs.sunysb.edu/~vass/filebench/ | 03:23 |
axisys | pmatulis: thanks for your help | 03:23 |
=== rgreening_ is now known as rgreening | ||
RoAkSoAx | kirkland: ping | 03:47 |
meltingwax | does ubuntu server have any firewalls by default? I have all ports forwarded to it but i can't access my IRC server, even from a LAN address | 04:37 |
meltingwax | although i can access it locally on that machine | 04:39 |
thesheff17 | meltingwax: yea I have seen iptables setting now on my default. | 04:48 |
thesheff17 | try iptables -L | 04:48 |
thesheff17 | meltingwax: here is my bash script that turns off all iptables http://paste.ubuntu.com/556739/ | 04:49 |
=== SquishyNotHere is now known as squishy | ||
ball | I find myself torn between Ubuntu Server and something like Solaris for a small virtual desktop rollout. Linux has some advantages that I can think of, but... I dunno. | 04:55 |
thesheff17 | ball: what do you mean about virtual desktop rollout? | 05:13 |
ball | thesheff17: A move from desktop PCs running MS Windows to thin client hardware (graphical terminals, we used to call them), with everything running on the server. | 05:16 |
thesheff17 | ball: well I haven't used many thin client stuff. So you want the client running basically a remote X server? | 05:20 |
ball | thesheff17: Depends which type I went with. VNC and Sun Ray don't use X across the wire. X terminals (e.g. ltsp) do. | 05:23 |
thesheff17 | I would actually check out http://edubuntu.org/ | 05:23 |
thesheff17 | you can run a single instance as a server and everything is loaded on the clients automatically...booting and everything. | 05:23 |
* ball nods | 05:24 | |
ball | Edubuntu uses ltsp afaik. | 05:24 |
thesheff17 | ball: well you can always run vnc stuff | 05:25 |
ball | VNC lets people hot-desk and is cross-platform, but lacks the video accelleration of X window and Sun Ray. | 05:26 |
ball | ...come to think of it, X can do 3D over the wire too, though I'm not sure whether ltsp supports that. | 05:27 |
thesheff17 | true. I have used forwarding X which works really good. | 05:27 |
ball | (not that we do much 3D at the office) | 05:27 |
thesheff17 | ball: I guess its more on what you want to accomplish and the advantages/disadvantages of each option. | 05:36 |
=== oubiwann_ is now known as oubiwann | ||
ball | I should sleep on it. I can't see straight to write anyway. | 05:37 |
meltingwax | how can i determine which version of ubuntu server i am using? | 06:17 |
qman__ | meltingwax, cat /etc/issue | 07:41 |
meltingwax | qman__: thanks | 07:41 |
=== bgupta_ is now known as bgupta | ||
=== Arkonova is now known as arkonova | ||
arkonova | Installed gitosis via apt-get and was wondering why the post-install script creates the user "gitosis" instead of simply "git". Is there any reason i am missing? Should i avoid renaming that user to "git"? | 09:40 |
vrana-_ | hi all | 10:07 |
vrana-_ | is here somebody ? | 10:07 |
chovynz | I got my first ever server up and running the other day :) IT was a rush to see "It works! you have reached this page that is on the web server. There is, however, no content on it yet." I want to know how I can make a music streaming server. | 10:08 |
vrana-_ | great mam | 10:09 |
vrana-_ | man | 10:09 |
vrana-_ | I really dont know how to set up music streaming server | 10:09 |
chovynz | what have you got setup on your server? | 10:09 |
vrana-_ | recently nothing mush, just purchased virtual privite srever with ubuntu | 10:10 |
vrana-_ | and tried to run java server for chat, but its not working very well | 10:11 |
vrana-_ | its crashing all the time | 10:11 |
chovynz | Do you know why it's crashing? | 10:11 |
vrana-_ | I want to replace java chat server for a IRC or jabber | 10:12 |
vrana-_ | but I dont decide yet what is better for me | 10:12 |
chovynz | how far have you got? | 10:12 |
vrana-_ | so Im just lurking around IRC, because I dont know IRC in fact. This is first time Im using it :) | 10:12 |
chovynz | welcome then :) | 10:12 |
vrana-_ | Thanks. :) | 10:13 |
chovynz | so how far have you got on setting up a irc or jabber? | 10:13 |
vrana-_ | im just deciding what is better for that | 10:14 |
vrana-_ | what you think | 10:14 |
chovynz | No idea. What's your setup for security like? | 10:14 |
vrana-_ | I dont care fo a security :) | 10:15 |
vrana-_ | I want to tr to make a facebook game with chat | 10:15 |
chovynz | you will care once your server is hacked. | 10:15 |
vrana-_ | you are right | 10:15 |
chovynz | so, what troubleshooting have you done to determine why the java chat wasn't working? | 10:17 |
chovynz | (I don't know anything, I'm just trying to ask questions that might help you on your journey) | 10:18 |
kerozene | apticron.conf: if I don't explicitly set $SYSTEM, can I still use it in $CUSTOM_SUBJECT ? | 10:18 |
uvirtbot | New bug: #697601 in keepalived (main) "Keepalived version bump to 1.2.1" [Undecided,New] https://launchpad.net/bugs/697601 | 11:06 |
uvirtbot | New bug: #700050 in net-snmp (main) "snmpd binds to 127.0.0.1 by default" [Undecided,New] https://launchpad.net/bugs/700050 | 11:14 |
arief1 | hi All | 13:14 |
=== Cyber_Rock is now known as ankit_1992s | ||
=== ankit_1992s is now known as Cyber_Rock | ||
njbair | For some reason I can't get dnsmasq to assign 192.168.1.2 to a dhcp-host. If I change the 2 to anything else in range, it works fine. Could this be a bug? | 14:59 |
RoyK | no idea | 15:02 |
* RoyK uses a dhcp server for serving dhcp | 15:03 | |
ejat | anyone can help me with heartbeat + apache .. i manage to get it work .. but how do the 2nd node take over while apache service stop | 15:07 |
shaggy2 | hey is there anyway I can make a complete image of my ubuntu server install with everything on it and working, so if I have a failure I can just reload the image? | 15:18 |
shaggy2 | my server has a DVD burner in it | 15:19 |
gobbe | dd | 15:25 |
njbair | I've got an ubuntu server guest OS in virtualbox and I'm trying to remember what package I installed to be able to mount shared folders. Does anybody know? | 15:31 |
mfraz74 | If I have ssh to only allow keyed entry, can someone hack into my server if they don't have a key? | 15:32 |
gobbe | njbair: mount shared folders from virtualbox-host? | 15:36 |
gobbe | mfraz74: of course it's possible, but not without somekind of bug or security hole | 15:37 |
njbair | gobbe: yes, I know I didn't install the full guest-additions package, but I have it working on one system | 15:37 |
gobbe | mfraz74: there is no 100% sure thing what it comes to computer connected to internet | 15:37 |
mfraz74 | gobbe: i've seen a few login attempts in the auth log, but they don't get in | 15:38 |
ejat | anyone can help me with heartbeat + apache .. i manage to get it work .. but how do the 2nd node take over while apache service stop | 15:41 |
gobbe | mfraz74: yep, that's because they try with password | 15:52 |
=== kiall is now known as kiall|AFK | ||
RoAkSoAx | kirkland: ping | 17:17 |
kirkland | RoAkSoAx: working outside around the house today | 17:37 |
kirkland | RoAkSoAx: wassup? | 17:37 |
RoAkSoAx | kirkland: so I've been thinking, and you mentioned yesterday that each monitor (even process monitor) should track activity regardless of the INTERVAL SECONDs, this means, to continiously track activity not depending on when to check for it every INTERVAL SECONDS, right? | 17:43 |
=== kiall|AFK is now known as kiall | ||
RoAkSoAx | kirkland: so the idea is to run each monitor in a thread within its own class (specially for ProcessMonitor, IOMonitor - InputMonitor and RemoteMonitor already do - WOLMonitor, TCPMonitor will be threaded) to get "ACTIVITY" regardless of the interval seconds. Because right now, every INTERVAL_SECONDS (in ProcessMonitor, IOMonitor), powernapd checks for activity (they do the lookups in that moment). So, I believe that to get better results (Proce | 17:55 |
kirkland | RoAkSoAx: yeah, that sounds okay to me | 17:56 |
RoAkSoAx | kirkland: this, however, will be heavier because the check for "activity" will never stop, rather than just check every interval seconds | 17:57 |
kirkland | RoAkSoAx: right | 17:58 |
kirkland | RoAkSoAx: let's try it and see how bad it is? | 17:58 |
kirkland | RoAkSoAx: and let's try to move as many monitors as possible from polling -> event based, over time | 17:59 |
RoAkSoAx | kirkland: by event based, you mean when something happens, the monitor will signal powernapd daemon?? | 18:00 |
kirkland | RoAkSoAx: yes | 18:00 |
RoAkSoAx | kirkland: wouldn't that be even more process intensive? | 18:00 |
kirkland | RoAkSoAx: rather than checking every X seconds, just sit there doing nothing, waiting, until an event happens | 18:00 |
kirkland | RoAkSoAx: it should be much cheaper | 18:00 |
RoAkSoAx | kirkland: not for the InputMonitor (USB) though | 18:01 |
kirkland | RoAkSoAx: i gotta run, for a bit | 18:01 |
kirkland | RoAkSoAx: i'll check back later ;-) | 18:01 |
RoAkSoAx | kirkland: alright, have a good one ;) | 18:01 |
StrangeCharm | what sort of file server should i use if i want data to be encrypted in transit, without being incredibly slow? | 18:04 |
thesheff17 | StrangeCharm: scp is secure and I believe it works pretty well...you can also pass the type of encryption you want to use to scp | 18:06 |
thesheff17 | I use scp -c arcfour which is weaker encryption but faster for transfer. | 18:08 |
=== may_psu is now known as [may_psu] | ||
StrangeCharm | thanks, thesheff17 i'll look into that | 18:09 |
thesheff17 | StrangeCharm: also you can use rsync tunneled through ssh so you only have to transfer files that have changed. | 18:09 |
StrangeCharm | thesheff17, i like rsync over ssh, but here i'm looking for an on-demand fileserver, rather than keeping two copies of the same data | 18:14 |
thesheff17 | StrangeCharm: well assuming the clients are windows you can use winscp as the client to connect to any ssh server. | 18:16 |
StrangeCharm | thesheff17, thankfully i have the joy that almost all clients are running ubuntu | 18:21 |
nhck | Hi, installed mpc & mpd via apt on an ubuntu server. Strange enough I get "error: directory or file not found" everytime I try to add a file - even when I am root. I can't find out whats happening, but I need mpd to work for an external package (mpd-upnp) I use in order to make it a media server. Any ideas? | 18:23 |
StrangeCharm | thesheff17, so, scp is faster than sftp for file transfers, but only does transfers, not any other file management? is there any way to easily use sftp for management, but switch to scp for bulk transfer? | 18:24 |
=== [may_psu] is now known as may_psu | ||
thesheff17 | StrangeCharm: ah well that is nice...in ubuntu you can just do Place->connect to server->select SSH and use nautilus as client. | 18:25 |
thesheff17 | sftp is just ftp tunneled through ssh | 18:25 |
StrangeCharm | thesheff17, wikipedia disagrees | 18:26 |
StrangeCharm | thesheff17, quote "SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group." from https://secure.wikimedia.org/wikipedia/en/wiki/SSH_file_transfer_protocol | 18:26 |
thesheff17 | ah ok...well almost all SFTP clients just support SSH or scp basically. | 18:28 |
StrangeCharm | thesheff17, thus far, i've just been using nautilus but it's incredibly slow, i was hoping to find a better way | 18:28 |
thesheff17 | StrangeCharm: I would do some command line testing with scp & scp -c arcfour | 18:29 |
StrangeCharm | thesheff17, is arcfour the name of an encryption protocol? | 18:30 |
thesheff17 | chances are the bottleneck is the encryption part and not the actual transfer | 18:30 |
thesheff17 | yea | 18:30 |
StrangeCharm | RC4 | 18:30 |
thesheff17 | StrangeCharm: samba is also very fast but I haven't tried to get encryption over the wire for that. | 18:31 |
StrangeCharm | thesheff17, do you have any info on the strength of arc4? i'm not sure that there are any standard samba implementations that do transport security | 18:32 |
StrangeCharm | thesheff17, samba is the standard for a network filesytem, right? it works pretty well xplatform? | 18:33 |
thesheff17 | StrangeCharm: well I would say SMB is the standard protocol for windows based clients...samba implements SMB...usually unix/linux have traditionally used NFS mounts like windows shares. | 18:34 |
StrangeCharm | thefish, i'm not familiar with nfs. acronym for 'netowrk filesystem'? how does it stack up to smb for speed and security? | 18:36 |
thesheff17 | StrangeCharm: samba is def been faster than nfs for me in the past. | 18:37 |
StrangeCharm | and neither have transport security? | 18:37 |
thesheff17 | StrangeCharm: I don't believe so...I was actually looking for some security over samba...which would be nice | 18:38 |
thesheff17 | StrangeCharm: though of course now I reading some stuff on nfs and people are saying it is faster than samba...so I could be wrong. | 18:38 |
StrangeCharm | nautilus does both nfs and smb shares nicely, right? | 18:39 |
thesheff17 | StrangeCharm: yea | 18:39 |
thesheff17 | StrangeCharm: well not nfs...nfs is usually mounted manually or through /etc/fstab on boot up. | 18:39 |
StrangeCharm | thesheff17, how does that work with devices that aren't always online? | 18:40 |
thesheff17 | once mounted you can easily browse with nautilus. | 18:40 |
StrangeCharm | do things break when an nfs share is disconnected? | 18:40 |
uvirtbot | New bug: #706368 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3ubuntu0.4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/706368 | 18:41 |
thesheff17 | StrangeCharm: it is tricky when it isn't mounted because then that directory is essentially on the local file system....I can't tell you the number of times I forgot to mount a usb drive and trasnfer a bunch of stuff from local disk to local disk. | 18:41 |
thesheff17 | if there are no files visible in the dir you mount to you know the nfs share isn't mounted correctly. | 18:42 |
StrangeCharm | thesheff17, right, but it doesn't fundamentally break (like unplugging a usb disk which is still mounted)? the data isn't accessible, sure, but if it's just data data, (as opposed to data applications or the OS need) then that shouldn't be a problem, right? | 18:44 |
thesheff17 | yea there is no problem like that. | 18:45 |
thesheff17 | nfs might also scale better with many users. | 18:45 |
StrangeCharm | thesheff17, sweet, though it still doesn't address the question of transport security | 18:46 |
StrangeCharm | i assume that nfs is secure 'at rest' (as in, when there are no users, an attacker can't list the filesystem or access files) | 18:47 |
thesheff17 | StrangeCharm: username pass I believe is passed to nfs during the mount...unless that person has read/write then it will deny by default. | 18:48 |
thesheff17 | it does look like samba supports some encryption now: http://news.samba.org/announcements/3.2_press_release/ | 18:49 |
thesheff17 | though I have never used it. | 18:49 |
StrangeCharm | thesheff17, is user authentication at least secure on nfs and smb? | 18:49 |
=== Alan_ is now known as Alan | ||
StrangeCharm | thesheff17, is that was released in 2008, then it's surely filtered down by now? | 18:50 |
thesheff17 | StrangeCharm: yea I believe it would...the problem is finding how to do it...maybe the samba site would know more....everytime I search google for encryption and samba I just get encrypting the local disk which is not what we want. | 18:52 |
StrangeCharm | thesheff17, likewise | 18:53 |
thesheff17 | http://www.oregontechsupport.com/samba/security.php lol tunneling samba through SSH :) | 18:55 |
StrangeCharm | thesheff17, hmn, according to http://blog.permabit.com/index.php/2009/08/deduplication-and-encryption/ nfs supports transport encryption 'First and foremost, transport encryption is used wherever possible. If the application protocol (i.e. NFS, CIFS) supports an encrypted connection, we will deliver that. ' | 18:55 |
thesheff17 | StrangeCharm: so yea it looks like NFS & samba rely on external tools to do encryption over the wire. All username/pass though should be encrypted. | 18:57 |
StrangeCharm | thesheff17, right, that's food for thought. i particularly like nfs, and i'm looking at http://www.linuxsecurity.com/content/view/117705/49/ | 19:00 |
Patrickdk | heh, just use ipsec, done :) | 19:10 |
Patrickdk | for me, samba just encrypts by default | 19:11 |
Patrickdk | and I know it works, cause my workstations are set to only talk to servers that support encryption | 19:12 |
Patrickdk | when I talk to old samba, v2.x, it won't connect, cause no encryption support | 19:12 |
StrangeCharm | Patrickdk, i had considered that, but i have no idea where to start | 19:13 |
=== kiall is now known as kiall|AFK | ||
dku | If nslookup hostname works (gives back an IP), but telnet hostname or ping hostname respond with 'unknown host hostname', what does that mean? | 19:32 |
N2Deep | you might look at your /etc/nsswitch.conf | 19:36 |
N2Deep | specifically the "host" line | 19:36 |
dku | "hosts: files dns" | 19:36 |
N2Deep | are you using FQDN for hostname? | 19:38 |
dku | nope, is that required? | 19:38 |
ded0 | hi. is there any server gui for managing DNS and CIFS shares? i found gbindadmin and gsambad, but they might be pretty old, also seems not to be in the repo. any suggestions? | 19:39 |
N2Deep | dku: it really depends on how your DNS server is setup to respond to queries. | 19:40 |
N2Deep | dku: since I know nothing about your setup, it's hard to diganose. | 19:41 |
dku | N2Deep: i'm using dnsmasq, default setup. seems when I enable FQDN, it resolves fine | 19:41 |
chovynz | Newbie here : What type of applications should I be using to serve music to my network? | 19:42 |
chovynz | type of = deleted | 19:43 |
N2Deep | dku: cool. So you made a change to the dnsmasq config, or you did "ping hostname.fqdn" from the client? | 19:43 |
=== kiall|AFK is now known as kiall | ||
dku | N2Deep: i enabled fqdn in dnsmasq, and now ping/ssh/telnet hostname.fqdn works, but ping hostname still does not. | 19:44 |
N2Deep | dku: the machine running dnsmasq, do you have shortnames or the full hostname.fqdn in /etc/hosts? | 19:45 |
dku | N2Deep: i haven't touched /etc/hosts, should i have? | 19:46 |
N2Deep | dku: if you are setting static addresses in dnsmasq, then yes. | 19:49 |
dku | N2Deep, well, I'm having dnsmasq acting as a DHCP server as well, so the addresses aren't static | 19:49 |
N2Deep | you should also check the section for expand-hosts in /etc/dnsmasq.conf | 19:50 |
N2Deep | ...make sure it's not commented | 19:50 |
dku | it's not, i uncommented it so that FQDN would work | 19:51 |
N2Deep | dku: if you are wanting to use dhcp and get hostnames, you need to check /etc/dnsmasq/dhcp.conf | 19:52 |
N2Deep | that's where you assign a hostname to a MAC address, and a address from your dhcp range to a hostname. | 19:53 |
N2Deep | dku: have you done any reading?? | 19:54 |
N2Deep | right in /etc/dnsmasq.conf there is a line. | 19:54 |
N2Deep | Always set the name of the host with hardware address 11:22:33:44:55:66 to be fred | 19:55 |
N2Deep | ... dhcp-host=11:22:33:44:55:66,fred | 19:55 |
dku | that doesn't work for me, though | 19:55 |
dku | my hosts dynamically send their hostnames with the DHCP lease | 19:56 |
dku | the DNS server has them, and responds correctly | 19:56 |
N2Deep | well I'm using the /etc/dnsmasq-dhcp.conf file in my network, and it works fine. | 19:56 |
dku | i.e. nslookup hostname @localhost works fine | 19:57 |
chovynz | I have ubuntu-server, how do I rip my music onto it so that it can serve music to the network? I'm reading up on daap and things, but I don't really know my way around teh command line | 19:57 |
N2Deep | dku: you are aware that you have to restart dnsmasq any time you make a change to a conf file? | 19:58 |
dku | sure am, N2Deep | 19:58 |
N2Deep | ok cool, just making sure. | 19:58 |
dku | it's not that DNS doesn't know about it | 19:58 |
dku | DNS responds correctly | 19:58 |
dku | it's that ubuntu doesn't qualify hostname to hostname.fqdn | 19:59 |
dku | isn't that a /etc/resolv.conf thing? | 19:59 |
dku | ah yes | 19:59 |
N2Deep | it's a high possibility | 19:59 |
dku | adding 'search fqdn' to resolv.conf seems to fix it | 19:59 |
N2Deep | nice good work. | 20:00 |
monteith | can someone chat briefly with me about file permissions with an apache server? | 21:47 |
monteith | just need to clarify some confusions | 21:48 |
guntbert | monteith: ask away, there can always be somebody who knows | 21:50 |
monteith | anyways... i've used aptitude to install apache and a number of its components, and so it runs its processes on the www-data user and group | 21:50 |
monteith | in this case, should "others" be given permission for anything within the web server? who would the "others" be? | 21:50 |
=== kiall is now known as kiall|AFK | ||
guntbert | monteith: I'd see no need - "others" might be shell users, ftp users, another server... | 21:55 |
monteith | ty | 21:56 |
guntbert | monteith: but I'm no expert server management | 21:57 |
guntbert | so see it as opinion only | 21:58 |
monteith | right | 21:58 |
mrmist | in that configuration I couldn't see any need for it either | 21:58 |
mrmist | it being "others" access | 21:59 |
monteith | i'm really just trying to understand permissions and ownership in the larger picture | 21:59 |
monteith | and if an apache process is being run by a www-data user, i was wondering how an "other" would access it | 21:59 |
guntbert | monteith: every file has two owning entities: a user and a group, every user who is neither the owner nor a member of the owning group counts as "other" | 22:02 |
monteith | guntbert: i'm not being specific, sorry. my train of thought was on users accessing my website. it would be encapsulated to the www-data user/group | 22:03 |
mrmist | Yeah don't worry about users coming in over the web | 22:04 |
mrmist | the apache processes serve them and they run in the www-data context | 22:04 |
guntbert | monteith: yes, users from the web-site are covered by www-data, and the server checks what they may do | 22:05 |
monteith | on that thought though... the two entities don't necessarily need to relate to eachother? ie. chown user1:group2 ... user1 doesn't need to be part of group2? | 22:05 |
dku | sshd on my server is starting before the NIC gets an address from DHCP, so sshd restarts around a minute after booting (isn't available right away, as it should be). How can I fix this? | 22:05 |
mrmist | monteith: the user and the group can be completely independant of each other | 22:06 |
monteith | ok | 22:06 |
StrangeCharm | if a file's group is somegroup, and someuser is a member of somegroup, can they access that file? | 22:07 |
monteith | ...yes? | 22:07 |
RoyK | StrangeCharm: chmod g+w | 22:08 |
mrmist | It depends on what the "group" perms are, but "yes", possibly | 22:08 |
RoyK | are tee eff emm | 22:08 |
StrangeCharm | RoyK, that that allows anyone who's in the file's group to write to it? | 22:08 |
RoyK | yes | 22:09 |
talat | Can i use two host computer resource for one vm | 22:10 |
talat | is it possible ? | 22:10 |
StrangeCharm | RoyK, i'm having trouble then. i have a directory which has "drwxrwx--- 1 user1 group1". i'm signed in as a user which is a member of group1, but i can't read that dir. what might i be doing wrong? | 22:14 |
guntbert | StrangeCharm: you need read permission for the complete path | 22:17 |
StrangeCharm | guntbert, the file is in the home directory of the user i'm signed in as, and that user owns their home directory | 22:18 |
w0rse | Hello! Are newbie questions acceptable here? | 22:18 |
guntbert | StrangeCharm: please look at or pastebin the output of stat <thatfile> and of id | 22:19 |
guntbert | w0rse: as long as they pertain to server specific problems - yes | 22:20 |
bereta | hello can anyone tell me how to change the port on apache2 | 22:21 |
bereta | i have changes the "listen" directive in the port.conf file.... i also need to enter this somwhere else | 22:21 |
guntbert | bereta: did you restart apache? | 22:22 |
bereta | how do i cange the girtual host statement | 22:22 |
bereta | yes i did | 22:22 |
rychu_pl | Hmmm is this directive is also in apache2.conf ?? | 22:22 |
rychu_pl | fix me if Im wrong ;) | 22:22 |
lenios | https://httpd.apache.org/docs/current/bind.html ? | 22:22 |
StrangeCharm | guntbert, id seems to shed some light on the problem. it shows a different list of groups from groups <user>. why might that be? | 22:23 |
w0rse | yes, I've got a server related problem. I have a vps hosting with 9.04 running in openvz. And there's a strange issue when I try to install any database engines that work via localhost connections. It looks like localhost isn't responding at all. All conections to it just hang. I checked the /etc/network/interfaces and the loopback interface is there. | 22:23 |
guntbert | StrangeCharm: my crystal ball won't tell me tonight :-) | 22:24 |
bereta | i have resterted the server, when i go to host:8080 it tels me not found | 22:24 |
saliak | Anyone had luck getting digest authentication to work with apache? I have basic working, but for some reason digest doesn't. nto sure how to figure out why it's failing (are failed login attemps logged somewhere?) | 22:24 |
lenios | config file is /etc/apache2/httpd.conf | 22:24 |
bereta | lenios: the httpd.conf file is blank in apache2 | 22:25 |
lenios | w0rse, does it work with 127.0.0.1 ? | 22:25 |
guntbert | w0rse: does ping localhost work? | 22:25 |
lenios | bereta, add your config to it, and restart apache | 22:25 |
w0rse | guntbert: ping hangs too | 22:25 |
bereta | lenios: add my config to what? | 22:26 |
lenios | bereta, add the listen directive to this file | 22:26 |
bereta | lenios: isent that the same thing i did | 22:26 |
w0rse | lenios: ping 127.0.0.1 doesn't work too | 22:26 |
monteith | what files AREN'T included if you exclude -a from the ls command | 22:26 |
monteith | sorry, wrong chan | 22:27 |
lenios | w0rse, can you paste /etc/network/interfaces, and result of sudo ifconfig -a ? | 22:27 |
lenios | bereta, i don't know about your port.conf | 22:27 |
w0rse | lenios: one sec | 22:28 |
aaronb_houstx | monteith: that would be 'dot' files, files beginning with a period | 22:28 |
guntbert | w0rse: o.o, please pastebin the output of ip ad , of route and of cat /etc/hosts | 22:28 |
lenios | bereta, /etc/apache2/ports.conf should be read and used to configure listen port though | 22:29 |
guntbert | lenios: I'll leave this to you :-), no need for double teaming | 22:29 |
bereta | lenios: from my understanding apache2 does only uses the httpd.conf file for some stuff.... apache2 now uses the apache2.conf file for all the configuration except the port, for the ports it uses the ports.conf | 22:29 |
lenios | maybe | 22:30 |
bereta | lenios: in the apache2.conf there is a Include ports.conf dirrective that makes ports.conf part of the main config file.... right? | 22:31 |
lenios | i would have to check it to be sure | 22:32 |
w0rse | lenios: /etc/network/interfaces : http://pastebin.com/vL0Eyr8K and ifconfig -a : http://pastebin.com/DrrDPUTv | 22:32 |
w0rse | guntbert: here's etc/hosts: http://pastebin.com/eS2zNbGY , not sure I got the first command you provided | 22:34 |
w0rse | guntbert: ip ad: http://pastebin.com/muMuSMsj, route: http://pastebin.com/SWSJ884J | 22:36 |
guntbert | w0rse: I see no error, if lenios doesn't find anything you might want to ask the admins/support of your hoster | 22:36 |
w0rse | guntbert: is it ok there's no localhost in 'route'? | 22:37 |
guntbert | w0rse: yes, I don't have it either - just checked | 22:38 |
mrmist | local interface needs to be up not down really, if you want to use it | 22:39 |
w0rse | mrmist: how can I start it? | 22:40 |
guntbert | mrmist: look at venet0 please, that is assigned 127.0.0.1 | 22:41 |
guntbert | and is up | 22:41 |
mrmist | ahh right it's some virtual thingy is it | 22:42 |
aaronb_houstx | w0rse: have you checked listening ports with 'netstat -anp' to see if 8080 is active? | 22:42 |
guntbert | aaronb_houstx: he can't even ping localhost | 22:42 |
w0rse | aaronb_houstx: no, there's nothing on 8080 | 22:43 |
aaronb_houstx | w0rse, guntbert: aside from other networking issues, that means that it's not reading the port directive in apache config | 22:44 |
guntbert | aaronb_houstx: good catch | 22:44 |
w0rse | aaronb_houstx: I have no apache installed | 22:45 |
aaronb_houstx | sorry, reading wrong post above... | 22:45 |
guntbert | w0rse: who is your hoster? | 22:46 |
w0rse | guntbert: ideastack.com - I guess they're not leaders in business :) | 22:47 |
guntbert | w0rse: I don't see a forum, so just ask they support | 22:49 |
guntbert | *their | 22:49 |
w0rse | guntbert: will do. thanks for help, everybody! | 22:50 |
chovynz | ok, so I | 22:55 |
chovynz | I'm sucessfully running my web server. I have a few questions | 22:55 |
chovynz | as far as I know, 192.168.xxx.yyy is a private network correct? | 22:56 |
guntbert | chovynz: yes | 22:56 |
chovynz | So if I am using lets say this machine is 192.168.1.15, and I type in my web browser 192.168.1.30 (server) this is not using broadband correct? | 22:57 |
chovynz | it is only using the local network. | 22:57 |
guntbert | chovynz: normally, yes - why do you ask? | 22:59 |
chovynz | I | 22:59 |
jongbergs | hi, what dns record in bind9 should for me to be able to resolve example.com instead of www.example.com? | 23:00 |
chovynz | I'm trying to set up a more functional network in my home, behind my router/firewall. I dont want outsiders to access what I'm putting up on my "web server" but I do want the people in my home to be able to access the server. | 23:00 |
chovynz | one of these functions of the server will be to log all internet and netwrok usage, serve music to various users, and have a general storage places so thaty you can access teh family data from anywhere in the house. | 23:01 |
chovynz | e.g. Net to the kitchen or the recipe database. | 23:02 |
chovynz | while playing music in teh lounge | 23:02 |
guntbert | chovynz: the logging will be tricky, but the access should work from the start | 23:02 |
chovynz | guntbert: access is working. I reinstalled it. However, now that I have teh "It works" message, where do I go from here? how can I make sure it's not accessible from outside? | 23:03 |
chovynz | access to teh server i mean, not microsfot access | 23:03 |
guntbert | chovynz: it cannot be accessible from outside, you are behind a router that hides what is behind from the outside | 23:04 |
chovynz | so unless i set up any portforwarding it should be "safe"? | 23:05 |
guntbert | chovynz: exactly | 23:05 |
chovynz | ok. well the next question i have for server is how do I get ...no, how should I set up my server / folders so that anyone in my home can access the music? | 23:06 |
chovynz | what would the first steps be, in making the server actually serve something? | 23:07 |
guntbert | chovynz: start here : https://help.ubuntu.com/community/Servers#UPNP%20Mediaserver | 23:08 |
chovynz | danke | 23:09 |
guntbert | gern geschehen :-) | 23:10 |
=== guntbert is now known as whoelse | ||
ToHellWithGA | is 47 days uptime too much? | 23:18 |
whoelse | ToHellWithGA: no, why? | 23:19 |
ToHellWithGA | when i ssh to my ubuntu box i'm told *** System restart required *** | 23:19 |
ToHellWithGA | perhaps a newer kernel was installed when i ran aptitude full-upgrade | 23:19 |
whoelse | ToHellWithGA: you probably installed a new kernel, then it neeed to reboot | 23:20 |
ToHellWithGA | so long as the existing kernel is running without errors, i can save that reboot for when i next change the hardware, right? | 23:20 |
whoelse | ToHellWithGA: but that only means that the newly download kernel won#t run until then | 23:20 |
ToHellWithGA | right on, i'm ok with that | 23:21 |
ToHellWithGA | thanks whoelse | 23:21 |
whoelse | ToHellWithGA: that seems a bot long - kernel updates usually are security related | 23:21 |
whoelse | *a bit | 23:21 |
Pici | Thats why I always install apt-listchanges, so I know what upgrades I'm getting when I do upgrade. | 23:22 |
ToHellWithGA | Pici: does that run within the aptitude interface? | 23:23 |
whoelse | Pici: apt-listchanges? I'm too lazy, does it notify you or do you ask it? | 23:23 |
Pici | ToHellWithGA: I'm not sure, I rarely bring up the full aptitude application. | 23:23 |
ToHellWithGA | i don't run aptitude as an application, just with its CLI arguments | 23:24 |
ToHellWithGA | i'm sure it's pretty enough in curses, but that seems kinda cumbersome | 23:24 |
Pici | whoelse: It sticks itself in right after you download packages but before you install them. And you can configure how it notifies you, either by displaying then, or emailing you and which changelogs you get. | 23:24 |
slim_ | hi, in case if installing a new server now , which version recommended ubuntu-server LTS or the latest version ? | 23:25 |
Pici | slim_: For a personal server I'd go with latest, anything production I'd use LTS. | 23:25 |
whoelse | Pici: thx | 23:25 |
slim_ | thanks Pici , it will be the company server | 23:26 |
ToHellWithGA | if you don't stay fairly current with the non-LTS releases you can be left behind | 23:27 |
Pici | 18 months can be a short time if you need to schedule downtime/testing for new versions... | 23:27 |
=== whoelse is now known as guntbert | ||
RoyK | ToHellWithGA: using non-LTS releases for production isn't very wise | 23:31 |
RoyK | there are tons of fixes never applied to the non-LTS releases | 23:32 |
Pici | CVEs do though. | 23:32 |
RoyK | CVE? | 23:32 |
Pici | hmm.. no factoid. | 23:33 |
RoyK | well, LTS works well | 23:33 |
RoyK | even my owld 8.04 work | 23:33 |
RoyK | no fancy stuff, just fixes | 23:33 |
ToHellWithGA | RoyK: i try to plan sysadmin/nerd by running the server version and LTS on my home network file server | 23:34 |
ToHellWithGA | not too much risk there ;) | 23:34 |
RoyK | for a home server, you can use anything | 23:34 |
RoyK | even fedora :P | 23:34 |
ToHellWithGA | hey now | 23:34 |
ToHellWithGA | i could use open solaris if i wanted to beat my head against the keyboard | 23:34 |
ToHellWithGA | has oracle killed that yet? | 23:35 |
RoyK | openindiana is the new project | 23:35 |
RoyK | oracle killed opensolaris, yes | 23:35 |
RoyK | I have a couple of 100TB servers on openindiana | 23:35 |
RoyK | works well | 23:35 |
uvirtbot | New bug: #706442 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/706442 | 23:36 |
ToHellWithGA | do you use it for the extra special filesystem? | 23:36 |
RoyK | ToHellWithGA: zfs for backup storage | 23:36 |
ToHellWithGA | it sounded pretty clever, something about keeping the original file and a series of timestamped changes, right? | 23:37 |
RoyK | ToHellWithGA: I've been working with zfs for a couple of years now, and it works well | 23:37 |
RoyK | ToHellWithGA: not really, but all data is checksummed at the block level, and you can make snapshots of filesystems whenever you like, filesystems, that is, a subset of the storage pool | 23:39 |
RoyK | ToHellWithGA: /j #openindiana :P | 23:39 |
=== kiall|AFK is now known as kiall | ||
boota2 | Hello. | 23:55 |
boota2 | Please point me (if any available) to a solution for accounting traffic and setting deaily traffic quota for users. | 23:56 |
boota2 | I'm intersted only in ready soulutions, with web interface, no half-baked scripts. | 23:57 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!