/srv/irclogs.ubuntu.com/2011/02/10/#ubuntu-server.txt

SpamapSRoAkSoAx: hrm.. "  * debian/control: Switch to python-support; Add missing Dependencies." .. did you mean switch to dh_python2 ?00:35
twbI thought dh_python picked either, and defaulted to -support00:35
SpamapSYes unfortunately the default is support, but there is a migration underway to eliminte everything except dh_python200:36
SpamapSActually in debian/control I don't think anything has to be done.. dh_python2 is in the python package00:37
RoAkSoAxSpamapS: right but still it depends on python-support00:46
RoAkSoAxhggdh_: is there a way someone can generate test data for http://iso.qa.ubuntu.com/qatracker/dllist00:47
hggdh_RoAkSoAx: I dont know -- stgraber or ara would be the best bets00:48
RoAkSoAxhggdh_: ok cool :)00:48
RoAkSoAxstgraber: still around?00:48
SpamapSRoAkSoAx: hrm? What from python-support are you depending on?00:50
RoAkSoAxSpamapS: build-depends00:52
twbSpamapS: is dh_python2 the recommended way by the debian-python policy?00:52
SpamapStwb: yes00:53
twbOkey dokey.00:53
SpamapSdh --with python2 .. or dh_python2 if you're old school00:53
twbI don't package python stuff for the main archive, but I'll try to remember that in future.00:53
SpamapSIts a transition that only started a few months ago00:53
twbpost-squeeze?00:54
SpamapSBut its now policy in the DPMT that if you touch a package, you migrate it to dh_python200:54
SpamapSfor squeeze it was optional00:54
twbShiny00:54
SpamapSwheezy I believe they plan to not have pysupport or pycentral anymore00:54
RoAkSoAxSpamapS: that's why the changelog says switch to python support :P00:54
twbAnd the win is that we end up with a single python support framework?00:54
SpamapSRoAkSoAx: but the point is, python-support will be *gone*.00:55
SpamapStwb: a single one, with all of the lessons learned over the last few years, yes. ;)00:55
SpamapS;)00:55
SpamapSjust in time for python 300:55
RoAkSoAxSpamapS: it doesn't really matter in my package cause im installing in debian/tmp/usr/lib/python*/*/00:56
twbYeah, I remember what it was like when debian-haskell were trying to get a working support structure.00:56
twbWhile arch had a completely automated build whenever upstream made a new release :-P00:57
SpamapSRoAkSoAx: why doesn't that matter? you're breaking w/ policy by putting files directly there. They're supposed to go into /usr/share/pyshared01:00
SpamapSRoAkSoAx: which, dh_python2 handles01:00
SpamapSessentially as long as setup.py lists your modules.. you shouldn't need to do anything01:01
RoAkSoAxSpamapS: do ytou hve  a link to the policy for dh_python201:02
SpamapSHeh.. it would appear that this is all "mailing list policy" from the wiki's and web pages. How frustrating. Let me dig a little deeper.01:04
RoAkSoAxSpamapS: cause dh_pysupport is "dh_pysupport is a debhelper program that will scan your package, detect public modules in /usr/lib/pythonX.Y/site-packages,"01:04
RoAkSoAxobviosly the manpage is outdated01:05
RoAkSoAxbut that's why I'm installing there01:05
SpamapShow embarassing. ;)01:05
SpamapSfor me I mean. ;)01:05
RoAkSoAxlol01:06
RoAkSoAxSpamapS: anyways, first time trying testdrive?01:06
SpamapSRoAkSoAx: No I was looking at the changelog. I won't have time to try testdrive for a while.. the work is piling up01:07
SpamapSRoAkSoAx: http://wiki.debian.org/Python/Packaging  is all I have.. a newbie guide which suggests only dh_python201:08
RoAkSoAxk thanks for the link01:08
SpamapSRoAkSoAx: I'm quoting the mailing list for debian python modules team that they're working to replace all pysupport/pycentral w/ dh_python2 .. it seems they haven't quite made it canon law yet01:08
RoAkSoAxSpamapS: and I personally use TestDrive for everything that involves downloading ISO's or quick tests as it is quick and simple01:09
RoAkSoAxSpamapS: indeed01:09
RoAkSoAxanyways, I gotta go check the mail01:09
SpamapSRoAkSoAx: cool. :) I know it will be useful for some things I need to do soon. :)01:11
SoulPropagation1hey, how can I get into a root shell automatically on login? I tried putting sudo -s in my .bashrc but that made it impossible to exit01:25
SpamapSSoulPropagation1: uh, don't do that01:30
SoulPropagation1SpamapS: why? I only log in for administrative stuff01:31
DaBeastyes, but linux has exploits from time to time01:32
JanCyou don't care about security?  ;)01:32
SoulPropagation1No, not really01:32
DaBeastwhy not?01:33
SpamapSSoulPropagation1: you can do administrative stuff without root01:33
SoulPropagation1I don't feel like spamming sudo01:33
JanCeh01:33
SoulPropagation1because there's nothing on the box worth securing01:33
JanCsudo lovesto be spammed01:33
SpamapSSoulPropagation1: there's the other boxes it can connect to. ;)01:33
SoulPropagation1nothing of value on there either01:34
SpamapSsudo is like a fat hawaiian surfer.. eats spam all day!01:34
SpamapSSoulPropagation1: so its not on the internet?01:34
DaBeastSoulPropagation1: well, hackers can still exploit your server to use it as a spamserver, botnet or even ddos server01:34
JanCSoulPropagation1: sudo's whole purpose of existence is to be spammed  ;)01:35
DaBeastand if thats at home, your isp might disconnect you :p01:35
SoulPropagation1right and if they could access it I don't think it would be that hard to forge my password twice01:35
DaBeastwell, like i said, there are exploits too01:37
SoulPropagation1yeah I'm pretty sure there are easier better targets01:40
DaBeasttrue01:40
SoulPropagation1I mean.. I understand that most servers are relatively juicy targets, what with all sorts of backups on them and stuff and it's probably a good idea that you promote that level of security01:43
SoulPropagation1but I don't exactly have much in the liquid assets department, nor do I have anything particularly useful worth taking from me. SO01:45
SoulPropagation1can someone please tell me how to automatically go into interactive sudo when I log in without breaking bash?01:45
lifelesssudo su -01:46
SoulPropagation1in .bashrc?01:46
JanCSoulPropagation1: the most valuable asset of your server would be to install a spam mail server or a proxy on it behind your back, not whatever data is on it...01:48
SoulPropagation1JanC: I'm sorry but that's just not a big concern of mine. if I notice any devious shenanigans then I'll reconsider.01:50
qman__juicy targets are easy targets01:50
qman__and doing something like that would make you an easy and therefore juicy target01:50
JanCSoulPropagation1: if you don't care, others will care (blacklist your and ask your ISP to disconnect you)01:51
qman__yep01:51
nandemonaiSome spammers are smart too. You wouldn't even necessarily notice the missing bandwidth.01:51
JanCright, you'll only notice after being disconnected  ;)01:52
nandemonaiYup, seen it happen before.01:52
JanCat which point fixing things gets difficult  :P01:52
nandemonaiheh indeed.01:52
SoulPropagation1so you're saying that right now I can log into any server I want without needing to know a username or password?01:53
qman__if you knew a new 0day exploit01:53
qman__and they happen01:53
qman__see the not-so-random SSH key fiasco a few years back01:54
nandemonaiMay I pm you SoulPropagation1?01:54
SoulPropagation1nandemonai: sure01:54
DaBeastnandemonai has teh hax D:02:14
nandemonaihuh?02:14
DaBeast"so you're saying that right now I can log into any server I want without needing to know a username or password?" where you say a couple of lines further "may i pm you" xD02:15
nandemonailol02:15
nandemonaiNot quite.02:15
airtonixi am jacks twicthing elbow02:15
DaBeasti know, it was a joke02:16
DaBeasti'm so funny hurrr02:16
nandemonaiI'll say.02:16
DaBeastanyways, sorry =)02:17
nandemonaiNa buddy all good.02:18
DaBeastk :p02:18
Kiallhumm - does anyone have a maverick system they can test something for me on (what does "invoke-rc.d plymouth status" output?) .. it *should* give output but i'm not getting any :/02:41
=== Kiall is now known as Kiall|AFK
=== Kiall|AFK is now known as Kiall
donvito2i just noticed03:03
donvito2that my ubuntu-server is hacked03:03
donvito2via ipv603:03
donvito2i found this03:03
donvito2root@Maverick:~# ls03:03
donvito2f  replay_arp-0119-010828.cap  tmp03:03
donvito2is it possible to be hacked ?03:03
airtonixhow did you find it ?03:07
airtonixdid this "server" have a complete hard drive format before being installed with maverick ?03:08
donvito2yes03:11
donvito2i typed w03:11
donvito2so my username donvito03:11
donvito2was loged in from ipv6 ip that i dont own03:11
donvito2i saw in bash history the commands are wroted03:11
donvito2i found sudo su -03:11
donvito2so than i foudn this ls03:11
donvito2f  replay_arp-0119-010828.cap  tmp03:11
airtonixisn't that an ettercap capture file ?03:15
airtonixor an aircrack capture03:15
airtonixdoes your server have a wifi interface ?03:17
donvito2yes03:20
pmatulisyes, google for 'ARP Request Replay Attack'03:21
airtonixyeah its an aircrack replay capture03:21
airtonixcheck if you have aircrack installed03:21
pmatulisand change the root password, *now*03:21
donvito2all ports03:23
donvito2are closed now03:23
donvito2box is under NAT03:23
pmatulisdonvito2: you should seriously consider re-installing03:29
donvito2yep03:30
donvito2doing that now03:30
airtonixand install that thing that auto creates iptable drop rules on ip addresses which are the source of failed X number of logins within a certain time period03:42
stgraberRoAkSoAx: I can't add any data there without sending an e-mail to everyone who's subscribed to these builds, sorry04:06
=== _TechAway_ is now known as _Techie_
hallynSpamapS: around?04:25
uvirtbotNew bug: #716248 in sheepdog (universe) "lsb functions not being source in init script" [Undecided,New] https://launchpad.net/bugs/71624804:36
donvito2how can i know what root typed04:44
donvito2what actually user loged as root did to my server04:44
donvito2what kind of commands etc04:44
thesheff17donvito2: history04:46
thesheff17donvito2: but there are ways to clear that as well04:46
donvito2just found04:48
donvito2what he did04:48
donvito2what for is command less04:50
thesheff17usually less is pipped to file so you scroll the file in the terminal example cat /var/log/auth.log | less04:51
* twb hits thesheff17 with the UUOC bat04:53
thesheff17twb: what does that mean?04:53
donvito2how can i get complete log04:53
twbhttp://en.wikipedia.org/wiki/Useless_use_of_cat04:53
donvito2what he did04:53
donvito2i get only screen log04:54
donvito2nothing more04:54
donvito2i need more04:54
thesheff17twb: thx...I have used that command for years: less < /var/log/auth.log :)04:57
thesheff17donvito2: all I know is history...and what do you mean screen log?04:58
donvito2well when i type history04:58
donvito2i get just some commands04:58
thesheff17usually it is limited to 1000 commands...maybe he executed more commands under a different user?04:59
twbthesheff17: UUO <04:59
twbthesheff17: less can open a file04:59
twbIt can even open >1 file, and use :n and :p to move between them04:59
thesheff17twb: lol didn't know that either04:59
airtonix_i'm having problems getting nfs-kernel-server to start : http://pastebin.com/ZsLdVg4P05:35
airtonix_gah nvm05:36
=== airtonix_ is now known as airtonix
airtonixactually... it still doesn't want to start, citing : Cannot register service: RPC: Unable to receive; errno = Connection refused05:38
Enderhi i'm trying to set up a samba share on my ubuntu server05:50
Enderdoes anybody have a recommended guide they can point me to? i've seen a few posts on the forums but they can't seem to agree on what parameters to set05:51
twbEnder: the Ubuntu Server Guide covers it05:51
Enderkk05:52
airtonixawesome! nfs-kernel-server won't start05:57
twbairtonix: is it a VM or container?06:01
airtonixtwb: this is not a virtual-machine06:01
twbDunno then06:01
airtonixhttp://pastebin.com/LLVZ6GsG06:03
jmarsdenairtonix: Does your kernel have the nfsd.ko module available to it?  "Won't start" is a bit generic... check logs for details?06:03
airtonixjmarsden: i did : sudo apt-get install nfs-kernel-server06:03
airtonixi expect a working nfs-server06:04
jmarsdenairtonix: That does not answer the questions I asked, though.06:04
twbA novice was trying to fix a broken Lisp machine by turning the power off and on.  Knight, seeing what the student was doing, spoke sternly: “You cannot fix a machine by just power-cycling it with no understanding of what is going wrong.”  Knight turned the machine off and on.  The machine worked.06:04
airtonixjmarsden: because i don't know how to work out if it does im going to say "don't know"06:05
airtonixjmarsden: http://pastebin.com/xkJAqT9U06:06
jmarsdenHe went away?06:08
jmarsdenairtonix??06:08
airtonixok looks like something else is running on port 204906:12
jmarsdenairtonix: sudo netstat -ntlp |grep :2049       # might tell you what that something is06:14
twbjmarsden: rpcinfo -p06:14
twbOr is that just for clients?06:14
twbObviously he'll also need an entry in exports(5)06:14
jmarsdenNot sure... but yes, i was wondering if the issue he has is lack of RPC myself.06:15
airtonixnfsd[14745]: nfssvc: Address already in use06:15
airtonixnfsd[1707]: nfssvc: Setting version failed: errno 16 (Device or resource busy)06:15
* airtonix rages06:15
jmarsdenAh, so you are running the userland nfs server and now trying to install the kernel one at the same time?  This may not be wise.06:15
twbHear, hear06:16
Enderwould i be better off, performance wise, running a virus-scanned nat through a VM on a windows vista computer with a core 2 duo processor or directly on a p4 system?06:18
Enderjust anecdotally based on your experience or guesstimates is fine06:19
Enderi'm sorry, i meant virus-scanned NAS, not NAT06:20
jmarsdenEnder: I wouldn't run VMs on Vista to start with :)  Having said that: If you expect the bottleneck to be CPU, and the VM has enough RAM, then the modern dualcore would probably win.  But if the bottleneck for your scanning is disk I/O... it'd be more even, I'd guess.  Can you install on both and then do some performance measurements? :)06:21
Enderyes actually i can06:23
Enderand i will06:23
Endereventually06:23
Enderhaha06:23
Enderbut right now i'm still learning the background on the task i have at hand06:23
Enderstarted with the ubuntu server samba guide, but i didn't understand some stuff - so now i'm all over wikipedia, learning about ldap06:23
Enderdoes anybody in here have any experience with or knowledge of openERP06:32
airtonixjmarsden: ok assuming a fresh start, i removed all traces of nfs from my server that i was able to with apt-get06:39
=== airtonix_ is now known as airtonix
Enderif i'm preparing to create a samba nas on my school's network so that my co-workers can  have a local networked storage location, i should NOT configure Samba to be a WinNT Domain Controller right?06:45
jmarsdenEnder: Correct.  Also, for the sake of your own reputation, test SAMBA in your home or on a test LAN first, and get familiar with it, before deployment in a production setting such as a school.06:53
Enderyeah that's what i'm trying to do06:54
Enderbut naturally the brilliant researchers in my lab bought a 215k piece of equipment to analyze their data without thinking about how they're going to transfer files to their workstations06:54
Enderthe euqipment is up and running but they all have to crowd around the damn thing like kids in  a lunch line to use it for analysis06:55
Enderso i kinda need this running asap06:55
Enderbut your point is very, very well taken. and i'm currently working on it at home and i'm using a vm at work to test.06:55
EnderThe reason i ask about domain controllers is that the ubuntu server guide assumes you want to set it up as a domain controller and dives into setting up LDAP06:57
Endersince i'm doing this test on my home server, is it a good idea to go ahead and do that just so i know that procedure too06:57
Ender?06:57
airtonixEnder: if you've not played with ldap before then you're in for a learning curve06:58
airtonixEnder: as a start, google for ubuntu bloke ldap samba06:58
Enderok i'm on that. one of the pre-requisites is "An NFS server exporting the users' home direcories"06:59
EnderI don't think i have that.07:00
airtonixi think the ubuntu bloke blog has a post on that too07:00
airtonixbut hey, i wouldn't know since i can't get nfs server to even run07:00
Enderlolll07:01
Enderblind leading blind07:01
airtonixyeah so awesome hey07:01
airtonixafter removing nfs-kernel-server and restarting, there is still nfs-kernel-server files all over the place07:01
Enderso in order to set up a windows-readable network share i have to run an nfs server, ldap server, and samba server?07:01
airtonixno07:02
airtonixyou just need a samba server07:02
airtonixyou only need ldap if you want centralised authentication07:02
Enderwell i need the share to only be accessible to poeple in my lab07:02
airtonixand you only need nfs if you want a network file share system that has less network traffic overhead than samba07:02
Enderbut all the workstations are independent, they don't authenticate over the network at all07:03
airtonixyou only need samba then07:03
Enderwhy does the ubuntu server guide assume you need ldap?07:03
Enderit says ldap is a means of managing users; without it you need custom scripts or some other method fo rmanaging users.07:04
Enderso if not ldap, what then?07:04
airtonixno07:04
airtonixwhat are you reading by the way ?07:04
Enderhttps://help.ubuntu.com/10.10/serverguide/C/samba-ldap.html07:04
airtonixhttps://help.ubuntu.com/10.10/serverguide/C/windows-networking.html07:05
jmarsdenEnder: So you are reading a guide section that starts out "This section covers configuring Samba to use LDAP for user, group, and machine account information and authentication."  -- and now asking why it needs LDAP ??? :)07:05
airtonixEnder: https://help.ubuntu.com/10.10/serverguide/C/samba-fileserver.html07:06
* Ender feels like an idiot07:06
airtonix:)07:06
airtonixreading slowly is required07:06
Enderwell at least i learned a lot about ldap from wikipedia (:07:07
airtonixEnder: if you do bother to do something with ldap, i recommend this first : http://tuxnetworks.blogspot.com/2010/07/howto-samba-ldap-on-1004-lucid-short.html07:07
jmarsdenEnder: If possible, read all of Chapter 17 of the Server Guide, and then use the parts that are actually relevant to what you are trying to do.07:07
=== pan1nx is now known as info
airtonixjmarsden: ok apparently removing nfs-kernel-server doesn't actually remove it07:08
=== info is now known as pan1nx
jmarsdenairtonix: You can try sudo apt-get purge nfs-kernel-server07:09
jmarsdenairtonix: Or you can rmmod the loaded kernel module, if that is your issue?07:10
Endersudo /etc/init.d/samba stop is not working. how do i stop samba so i can alter the smb.conf file07:12
Enderoh nvm i figured it out07:12
jmarsdenEnder: sudo service smbd stop07:12
Enderhad to sotp the smbd instead07:12
Enderyeh thx07:12
Enderoh, service?07:13
Enderi just used sudo stop smbd07:13
airtonix_its a shortcut07:13
airtonix_doesn't work with all services07:13
Enderbut sudo service <name> stop will work with all services?07:13
airtonix_pretty much07:13
twbRather, service is a backwards compatbility layer for RHEL refugees07:13
Enderso the real way uto do it is use /etc/init.d/<name> stop07:14
Ender"real" *07:14
Ender?07:14
Enderthe no-i'm-not-a-RHEL-refugee way07:14
airtonix_sudo apt-get remove nfs-kernel-server && reboot, (some time later) , sudo apt-get update && sudo apt-get upgrade && sudo reboot, (some time later), sudo apt-get install nfs-kernel-server : http://pastebin.com/4MkrUfEd07:15
airtonix_yay for fail07:15
airtonix_:(07:15
Enderdid you try the purge07:16
airtonix_yes07:16
Enderdid you try to remove nfs-common07:16
Enderpurge* nfs common07:17
airtonix_yes07:17
Endertry to just install nfs-common07:17
Enderhow do you trigger the nfs-common configuration07:18
=== oubiwann_ is now known as oubiwann
Ender"dpkg --reconfigure nfs-common"??07:18
airtonix_ok nfs-common isntalled and no errors yet07:19
airtonix_http://pastebin.com/xJTRzJh107:19
Enderkayyyyyy07:20
Enderand nfs-server??!07:20
Enderwhat's the vi command to start editing at the end of the current line07:20
xamparta(ppend)?07:21
Enderno dice, that's to add at the current cursor location07:21
Enderhow's "a" different from "i"07:22
airtonix_i prefer pico or nano07:22
airtonix_less fluffing around07:22
airtonix_then you actually use the home and end keys for what they were intended for07:22
xampartmy bad...not really comfortable with vi07:22
Enderyeah but all the cool kids use vi07:22
Enderlol07:22
airtonix_only the ones that like to cut themselves07:22
xampart=)07:22
Enderoh, it's A not a07:23
Enderon the right track to xampart07:23
Enderthx07:23
xampart\o07:23
Endertho*07:23
airtonix_so installing nfs-kernel-server on ubuntu lucid is impossible07:26
airtonix_that makes me so happy07:26
Enderlol07:26
Enderwhat happened? it was fine after nfs-common wasn't it?07:26
airtonix_no07:27
airtonix_i still have the problem with rpc07:27
xampartimpossible?07:28
airtonix_apparently07:28
Ender!impossible07:28
Enderwhat is that?07:28
Ender<ubottu> Sorry, I don't know anything about impossible07:28
airtonix_it's where it can't be done07:28
* Ender experiences a segfault07:28
Enderdoes not compute07:28
Endernah man it can be done07:28
Endermaybe not tonight07:28
Enderbut it can and will be done07:29
jmarsdenairtonix_: (a) What makes you think you need the nfs-kernel-server in the first place?  What is so wrong about using a userspace nfsd ?07:29
airtonix_pardon ?07:30
jmarsdenEither way should work fine... both at once probably won't.07:30
airtonix_i'm pretty sure i haven't install any kind of nfs prior to this07:30
airtonix_so why should somethin you call "user space nfs" be installed ?07:30
jmarsdenI've set up NFS on Ubuntu 10.04 before, it worked then... but you are claiming it is "impossible"?07:31
airtonix_apparently it is07:31
airtonix_http://dpaste.com/401214/07:31
airtonix_refuses to start07:31
airtonix_or rather refuses to install07:31
twbjmarsden: the main thing wrong about it, is the speed07:31
jmarsdenOK, I'll create a Ubuntu server VM and install it... just to check...07:31
twbFWIW nfs-kernel-server works on lucid just fine07:31
twbAlso hardy.07:31
jmarsdenThat's what I thought too.07:32
jmarsdenBut if airtonix_ says it is impossible for him, he can use the userspace one... he call.07:32
jmarsdens/he/his/07:32
airtonix_well why won't it install the lucid machine i have here ?07:32
airtonix_ok so you think i have the user space nfsd installed. how do i remove it07:33
jmarsdenI'm not sure what you have and have not got installed, at this point :)07:33
jmarsdenDo you have a working portmapper?07:33
airtonix_it restarts with out errors07:33
twbairtonix_: if you haven't actually used this host for anything yet, it might be easiest to just reinstall from scratch, rather than us trying to work out how you screwed it07:35
Enderis a mask like some kind of permissions facade or is it just a term to descibe the process of assigning permissions?07:35
airtonix_twb: not an option07:35
airtonix_twb: and btw i didn't "screw it"07:35
airtonix_i just tried to install nfs-kernel-server07:35
twbairtonix_: well it's screwed, and *I* didn't do it07:36
airtonix_so then apparently nfs-kernel-server is broken on lucid at the moment07:36
twbEnder: in what context?07:36
twbairtonix_: plonk.07:36
Endersmb.conf's [share] section parameters07:37
airtonix_i fear to install anything else from ubuntu now07:37
twbEnder: do you mean a umask?07:37
jmarsdenairtonix_: Failure to take responsiblity for your own actions => unlikely to get help here.07:37
Enderthe serverguide says set the "create mask" parameter to 075507:37
airtonix_jmarsden: ? i admit i ran " sudo apt-get install nfs-kernel-server"07:37
twbEnder: OK, that's not a umask.07:38
twbEnder: what that's saying is, if you don't ask for specific permissions, by default they will be 0755, i.w. rwxr-xr-x.07:38
twbA umask is basically the same except the bits are reversed, e.g. in your case they would be 022.07:39
Endertwb, right, so all files moved onto the smb share will be rwx by owner, rx by group, rx by everybody07:39
twbEnder: unless the thing creating them further restricts it, yes07:39
Endertwb, where is a umask useful07:39
twbEnder: umasks are how unix does the same thing07:39
twbEnder: e.g. if you run "umask" in your shell, it'll tell you that shell's current umask07:39
twbEnder: it defines the (maximum) default permissions of newly created files07:40
Endertwb, files created by the current user, i presume07:40
twbEnder: in that shell, yes07:40
twbumask is process-specific, and inherited from the parent process.  Typically it's set from some default when you initially log in, e.g. in /etc/profile or ~/.bash_profile07:41
Enderwhy's the umask 0022 in a root-owned direcory like /etc the same as in my home directory07:41
twbEnder: er, umask is PER PROCESS, not per directory.07:42
Enderprocess specific.07:43
Enderso if i run umask and it tells me 0022, that means what07:43
Ender"any process you run here will operate with 0022 permissions"?07:44
Enderermmmm lemme do some reading on t his first07:44
jmarsdenAny new file you create here will not have group write or other write permission bits set07:44
twbEnder: I was about to suggest that07:44
twbEnder: http://en.wikipedia.org/wiki/Umask07:44
Enderalready there (:07:45
twbEnder: if you don't already understand how binary and octal work, go learn those first.07:45
Enderwell i generally understand what binary is07:45
Enderoh isee07:50
Enderyes actually i did know that, but i've never used binary to specify file permissions07:51
jmarsdenairtonix_: http://paste.ubuntu.com/565266/07:51
twbUgh07:52
twb"# do not edit this file, it will be overwritten on update"07:52
twbSo how am I supposed to disable you, you darn udev persistent-net-generator.rules?07:52
* twb tries a dpkg-divert07:52
airtonix_jmarsden: thats good07:52
jmarsdenairtonix_: Exactly.  So... you messed with your server such that it breaks, and then refused to take responsibility for doing so.  Remember: "<airtonix_> so then apparently nfs-kernel-server is broken on lucid at the moment" ?07:54
airtonix_jmarsden:  um no?07:54
airtonix_jmarsden: i just tried to install an nfs server.07:54
Enderis it better to use upstart than init.d to manage services that have been converted to upstart jobs?07:56
Enderit keeps complaining when i use /etc/init.d to start/stop smbd07:56
SlybootsHi07:57
SlybootsUh.. not quite sure whats ahppened but my proxy "squid" service seems to have stopped and I cant figure out why or.. how to restart it07:58
SlybootsOnly thing in the logs is this "Feb 10 07:50:40 beluga init: squid main process (1401) terminated with status 1"07:58
Enderhave you tried /etc/init.d/squid restart08:01
SlybootsNo such command, nor does service squid restart work (so such service)08:01
Enderdid you recently install anything that might have broken it08:02
Enderor uninstalled something08:02
SlybootsNothing for several days08:02
twbGoddammit, why is my interfaces(5) file filled with mtab entries08:02
Enderhave you restarted your system to see if that fixes it?08:02
SlybootsI was using it right up to the moment it crashed it .. just exited08:02
Endertwb, it's probably because your squid proxy service is broken like Slyboots08:03
Slybootswell the service has been running for two months without issue08:03
jmarsdenSlyboots:   What does    dpkg -S /etc/init.d/squid     output?08:03
Slybootsdpkg: /etc/init.d/squid not found.08:04
jmarsdenDid you install squid from the Ubuntu package?  or some other way?08:04
twbEnder: no it's because e2fsck is playing silly buggers08:04
SlybootsAhh.. think I installed it from the ubuntu repo08:04
Ender twb fsck added lines to your interfaces file?!?!08:05
Enderbaaaaaad08:05
jmarsdenSlyboots: OK, what does     dpkg -l squid      output?08:05
Enderwhy isn't my samba share showing uppppppp08:05
twbEnder: no it shuffled inodes around08:06
Slybootsii  squid            2.7.STABLE9-2ubu Internet object cache (WWW proxy cache)08:06
jmarsdenSlyboots: So... you installed it from a package, but something deleted the /etc/init.d/squid file.08:07
jmarsdenDo you have any idea what might have done that?08:07
SlybootsNot in the slightest08:07
Endermaybe it was just an fsck-shuffled inode08:08
twbjmarsden: no, squid is an upstart job in 10.0408:08
twblrwxrwxrwx 1 root root 21 2011-01-26 14:15 /etc/init.d/squid -> /lib/init/upstart-job08:08
twbOK, so that backwards-compatibility link should still be there...08:08
jmarsdentwb: I just installed it in a VM and   dpkg -S /etc/init.d/squid    works here ...08:08
Enderyeah, plus he already tried service squid restart08:08
Enderwhich is calling it as an upstart job right08:09
twbThrow down debsums or cruft and work out what else is missing08:09
twbEnder: yes08:09
Enderwell if it was installed from a package, why not just uninstall the package and install it from the repos?08:09
Enderwon't that re-generate the /init.d file?08:09
jmarsdenEnder: And we will have no idea what deleted bits of it, so most likely whatever did it will do it again...08:10
Enderah, yes, well...there's that, huh08:10
SlybootsMmm08:11
jmarsdenSlyboots:   sudo apt-get install debsums  && sudo debsums -g  && sudo debsums squid   # I think?08:12
SlybootsWhats that do?08:12
jmarsdenSlyboots: We need to find out what other bits of the squid package have been deleted or corrupted, so we install the debsums package, generate sums for packages that have none already, and then test the ones for squid against the installed squid files.08:13
SlybootsOKau08:14
jmarsdenSlyboots: But you can do just   sudo apt-get install debsums    and then read the man page, since you should not trust random people you meet in IRC, including me :)08:14
Enderkkjj08:16
jmarsdenEnder: IRC is not vi :)08:16
Enderrather, my samba share isn't working! why?08:16
Enderlol08:16
Enderseriously08:16
Enderi should be able to browse the samba share form a linux desktop right08:17
Enderor, for that matter, from a windows VM in side my ubuntuy desktop right08:17
twbEnder: test it with smbclient on the server, then smbclient on another host.  Only *then* try a GUI client08:17
twbjmarsden: I would be doing "debsums -S" or so, to ask it about ALL packages08:17
jmarsdenEnder: testparm /etc/samba/smb.conf  might also be wise08:18
SlybootsOkay; ran the program and created the checkcumns08:18
SlybootsBut says "No checksums for squid"08:18
airtonixjmarsden: btw, :) i didn't "screw anything up" nfs doesn't like ipv608:18
airtonixjmarsden: but hey thanks for your help08:19
Enderyou're using ipv6 on this server?08:19
airtonixno08:19
airtonixit's enabled by default08:19
Enderso you disabled it and now it's working?08:19
airtonixapparently08:19
Enderwow cool08:20
Enderhow'd you disable it08:20
airtonixhttp://www.webupd8.org/2010/05/how-to-disable-ipv6-in-ubuntu-1004.html08:20
airtonixbut obviously i'll need ipv6 at some point in the future so, not a foolproof plan08:20
airtonixmaybe i can disable it for the WAN interface only08:21
Enderhow do i run a samba client on the server08:21
SlybootsYea for some reason the system does not have the md5 sums for squid08:22
airtonixEnder: smbclient08:22
airtonixEnder: or did you mean something else ?08:22
Enderno that's right, but i need additional arguments08:22
Enderhow do i use smbclient08:25
jmarsdenSlyboots:  Try  sudo debsums -p /var/cache/apt/archives/ -g squid08:26
jmarsdenEnder: Did you read its man page?08:26
SlybootsNo md5 sum or deb avaibable heh08:26
Enderthe man page is terrible for smbclient08:26
Enderwell i'm sure it's fine but it's late, i'm tired, and it's very voluminous08:27
Enderbut i found a website with the correct information08:27
Enderand yes, i can see share on smbclient run from the server itself08:27
airtonixbut ?08:27
Enderbut i can't access it form other systems on the network08:28
jmarsdenSlyboots: sudo apt-get -d squid --reinstall08:28
jmarsdenSlyboots: And then   sudo debsums -p /var/cache/apt/archives/ -g squid08:28
Enderwtf i can view the share using smbclient from my ubuntu box but i can't open it in the gui08:29
jmarsdenEnder: There is a GUI on your server???  How did that get there?08:29
Enderi'm getting tired and being unclear. i apologize.08:30
Enderi'm running the gui on my desktop08:30
Slybootsjmarsden: Okay; it reports.. All OK08:30
jmarsdenOK.  Does the server run any kind of firewall/packet filter?  ufw maybe?08:30
jmarsdenEnder: ^^08:30
Slybootsjmarsden: Aye, I use ufw08:31
Enderi didn't install it08:31
Enderbut it appears to be installed08:31
jmarsdenEnder: So, did you makethe relevant holes in it for SMb traffic ?08:31
Enderi just ran ufw allow samba08:32
Enderand it worked08:32
Enderis that all i have to do?!?08:32
jmarsdenTry accessing your shares from a workstation to answer that question :)08:32
Enderwell i don't think it was a permissions issue, actually08:32
twbEnder: 19:17 <twb> Ender: test it with smbclient on the server, then smbclient on another host.  Only *then* try a GUI client08:32
Endertwb, i already did that, and smbclient reported the share when run from the server08:33
Enderin fact, smbclient reports the share when run from my desktop08:33
twbThat should've tipped you off that the firewall was the problem08:33
EnderAND i can SEE the share in firefox from my desktop08:33
Enderwait...the fact that i could see it with smbclient form my desktop indicates it's a firewall problem?08:34
twbNote that ufw is *installed* by default, but not *enabled* by default08:34
Enderoic, then it's disabled08:34
Enderi haven't enabled it, anyway08:34
twbEnder: sorry, I thought "19:32 <Ender> is that all i have to do?!?" was rhetorical08:34
jmarsdenEnder: sudo ufw status08:34
EnderStatus: inactive08:35
Enderso it's not a firewall problem08:35
jmarsdenOK, it is not that.  So... what is the issue?  smbclient works from the workstation, you said?08:35
Enderwell i type smbclient -L <serverip> and it kicks back a line naming my share and giving the description i loaded into smb.conf08:36
Enderi haven't used smbclient to touch a file or anything08:36
jmarsdenEnder: OK, so now test that smbclient can actually use the share to read and write files08:36
Enderwell yeah but i don't know how smbclient works yet08:36
Enderlemme fidn out08:37
* jmarsden retreats to bed... goodnight all.08:38
Endergnight jmarsden08:41
Enderok08:44
Enderso i have now been able to connect to the share on my server from my desktop and place a file from my desktop to my server using smbclient08:45
Enderwhy can't i connect using the Network location on gnome?08:45
jmarsdenEnder: I'd guess that Windows/SAMBA network browsing is not working on your network.  Are both workstation and server in the same workgroup ?08:57
jmarsden(But I really am going to bed!)08:57
=== FkCek is now known as FkCek|a
Enderno, but i told the share to be browseable08:59
Endershouldn't i be able to browse shares on other workgroups?08:59
Enderbesides, does ubuntu even have a workgroup?08:59
* jmarsden thinks you need to read up on widnows network browsing now, and to read /etc/samba/smb.conf to answer the last question.09:00
Enderlol09:00
Enderi'm done reading for tonight09:00
Endergoodnight!09:00
jmarsdenGoodnight.09:00
* Ender really IS going to bed, unlike jmarsden09:00
Ender(:09:00
jmarsden:)09:00
[diablo]morning all09:08
[diablo]I am looking to setup an installation mech. similar to Kickstart ... I have done those before on RHEL... whats the mech. for Ubuntu Server please?09:09
jmarsdenhttps://help.ubuntu.com/community/KickstartCompatibility  if you must.  https://help.ubuntu.com/10.04/installation-guide/i386/appendix-preseed.html for the "Debian way", preseeding09:11
twb+1 for preseeding09:11
twbI never understood why kickstart was ported to d-i09:11
[diablo]mmmm09:12
[diablo]thanks guys09:12
jmarsdenYou're welcome.09:12
[diablo]is preseed cuter than kickstart?09:16
[diablo]I remember KS was pretty nice09:16
jmarsdenIn the Debian/Ubuntu implementation, preseed is more functional than kickstart.  Cuteness is not relevant for server admins anyway :)09:17
[diablo]hahaha09:17
[diablo]will read thru the doc you linked me, and give it a whirl09:18
twb[diablo]: preseed is more elegant09:19
[diablo]cute09:19
twb[diablo]: in that it doesn't conflate multiple DSLs in a single translation unit09:19
[diablo]sorry, mean cool :P09:19
twbAnybody playing with this new elliptical curve stuff in openssh?09:22
twb(Just curious, rather than wanting technical support.)09:22
[diablo]twb, wot is it?09:26
uvirtbotNew bug: #716310 in openssh (main) "ssh connections disconnects automatically" [Undecided,New] https://launchpad.net/bugs/71631009:27
twb[diablo]: a new key type, like DSA and RSA, but "more betterer"09:28
[diablo]oh09:28
twbhttp://tools.ietf.org/html/rfc565609:28
[diablo]interesting...09:28
[diablo]did not know of that09:29
twbYou'll need natty; it's new as at 5.709:30
twbHuh.  Did you know that if you use the same passphrase to symmetrically encrypt your private keys, ssh-add will reuse it to decrypt all of the keys you pass it?09:36
maswantwb: I was curious and read up a bit on it, The SHA2 family consists of four variants -- SHA-224, SHA-256, SHA-384, and SHA-521 -- named after their digest lengths09:36
maswan"09:36
maswandon't they mean sha-512? :)09:37
twbEr, until it changes.09:37
twbI have two passphrases, but due to the ordering, it prompted me four times: http://paste.debian.net/107132/09:37
=== _Techie_ is now known as _TechAway_
rtyuiohello there10:34
rtyuiowhat this command do ?10:34
rtyuiosvn co file:///svnroot/master/ \ ~/repositories/10:34
tsimpsoncreates an SVN checkout of /svnroot/master/ to ~/repositories/10:37
tsimpsonfile:// is a URI schema for local files, just remove the "file://" to get the path10:37
sorenWell..10:43
sorenIt depends.10:43
sorenIf you write it on one line, it'll probably fail.10:43
sorenI don't think svn co can take three arguments.10:43
sorenOh, it does work.10:44
sorenWell, it doesn't work, but svn co does accept three arguments. It wants the second one to be a url. " " isn't.10:45
rtyuioi can't cd to /svnroot tsimpson10:46
tsimpsonrtyuio: I don't know where you got the command from, so I can't comment on how to fix it10:47
rtyuioi ask the question in general10:48
tsimpsonsoren: I assumed that the paste was 2 lines concatenated to one for the paste10:48
rtyuiohow work a command like that ?10:48
tsimpsonyou are giving the arguments "co file:///svnroot/master/ \     ~/repositories/" to the svn command10:49
sorentsimpson: I've been here for too long to make assumptions like that :)10:49
sorenrtyuio: That command will checkout from svn at /svnroot/master to ~/repositories/ (if typed correctly).10:50
rtyuiocheckout what ?10:55
tsimpsonrtyuio: see http://en.wikipedia.org/wiki/Apache_Subversion for a description of what svn is11:07
Roastedhas anybody set up openldap on ubuntu? I'm at a step that's hanging and I'm not sure why.12:55
=== SquishyNotHere is now known as squishy
kobrienAnything change in 10.04 that'd make the network slower for dual nic setup?13:00
kobrienany reason at all the my network would be slower on 10.04? any setting's I can tweak to make it go faster?13:10
=== lionel__ is now known as lionel
takamarouHi all.  I'm trying to connect a ubuntu server 10.10 to a Iomega Storecenter NAS with NFS enabled.  I was able to connect to the NAS a couple days ago, but after a reboot I am having issues.  I'm not sure which version of NFS the storcenter uses, but everything I try gives me an error.  NFSv3 says the requested nfs version is not supported... NFSv4 says Protocol Not Supported.  Any ideas?13:37
twbtakamarou: rpcinfo -p?13:41
takamarouany certain line you are looking for?  Or should I pastie it?13:43
twbThe latter13:43
twbI'm just triaging man13:44
takamarouhttp://pastie.org/154891513:45
uvirtbotNew bug: #298823 in exim4 (main) "Exim mail failure messages go to local address, even if no local delivery is available" [Undecided,Incomplete] https://launchpad.net/bugs/29882314:07
RoAkSoAxmorning all14:09
airtonixtakamarou: what is in /etc/default/portmap ?14:11
takamarouairtonix, looks pretty empty14:11
uvirtbotNew bug: #702714 in exim4 (main) "package exim4-base 4.71-3ubuntu1 failed to install/upgrade: subprocess new post-removal script returned error exit status 1" [Undecided,Incomplete] https://launchpad.net/bugs/70271414:12
takamarouairtonix, OPTIONS="" and a bunch of comments14:12
airtonixtakamarou: wait is your ubuntu machine the nfs-kernel-server or the Iomega machine ?14:12
takamarouubuntu machine is the client connecting to the NFS.  The Iomega Storcenter is the one the NFS Server14:13
airtonixthat changes things14:13
airtonixbecause now, you have to seek support from iomega14:14
takamaroudamnit14:14
takamarouIt's not an error on the Iomega.. I think.  I can mount the NFS just fine from my local ubuntu box14:15
airtonixwhich is version ?14:15
airtonix10.04 or 10.10 ?14:15
takamarou10.0414:15
airtonix;)14:15
airtonixwhat reason is there to have 10.10 on the server ?14:16
Japje+614:16
takamarouNone.. Actually, I intended to have 10.04 on it, but hit the wrong download.14:16
takamarouBut now it's in production..  can't take it down at this point14:16
RoyKairtonix: none at all unless you hit bugs that aren't fixed in 10.04, or if you need newer hardware support or features14:17
airtonixi'm out of ideas14:17
takamarouOK.  Thanks for your help :)14:17
JamesPageDaviey: this might sound like an odd question but would you expect the 127.0.0.1 address on the loopback device to be disabled in ipv6 only installations?14:39
DavieyJamesPage, i know what bug you are talking about...14:40
Daviey:)14:40
DavieyJamesPage, I only have mixed ipv4 and ipv6 machines, so i need to disable ipv4 and test that bug14:40
DavieyWith ipv4 disabled, i wouldn't expect lo to have 127.0.0.114:41
Daviey...and ubuntu (ntp) still work14:41
JamesPageDaviey: doing some testing at the moment - the only way I can find to get rid of the ipv4 address is to manually remove it (ip addr del)14:41
JamesPageis there a way of globally disabling ipv414:41
Davieyyeah14:41
Daviey::1 <-- ipv6 localhost14:42
Daviey(shortage notation)14:42
rcaskeyany hints on my my 10.04 install's terminal is very slow when used in kvm?14:48
zulhey spdw14:56
spdwhowdy zul14:56
zulwhats the error again?14:56
spdwsendmail gives me this when an email does not go out: Feb 10 14:12:28 arkli sm-mta[13934]: p1AECCKH013934: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v414:56
zulDaviey: seen that before: ^^^14:57
spdwit is intermittent, the same message a few minutes later to the same address went through fine14:57
Davieyinteresting..14:57
zulspdw: i dunno use postfix ;)14:57
zulspdw: actually you can grep p1AECCKH013934 in the same log file and see what it is doing14:58
* RoyK thought sendmail went out of style some time before y2k14:58
spdwzul: I know how you lean.  Sendmail came for free when rackspace commissioned the server.  At least that's what I'm being told.14:58
Davieyspdw, Are you using auth to the relay server?14:58
spdwDaviey: is there an easy way to find out?  I did not setup sendmail14:58
spdwI don't like sendmail14:59
Davieyspdw, If you have root, i would consider switching to ubuntu favoured mta which is postfix, or debian's which is exim414:59
spdwDaviey: I definitely do and if that's the easiest fix then I'm good with that.  I was hoping this was a small misconfiguration problem but it doesn't appear to be that way.15:00
sorenThere's no such thing with sendmail :)15:00
Davieyspdw, many agree that sendmail is a world of pain15:00
spdwsoren: that has been my experience in the past too.  Hence my comment about not liking sendmail15:00
zuli still have my bat book but its collecting dust15:00
Davieyspdw, i would try sending mail via telnet to port 25...15:00
spdwzul: you live in the middle of nowhere, I'm not stopping by to pick that thing up :)15:01
spdwDaviey: trying now15:01
Davieyspdw, How is the mail getting to sendmail... some app?15:01
zulspdw: its light reading15:01
Davieyhah15:01
spdwDaviey: telnet is fine15:03
Davieyspdw, That error seems to happen if you just 'ehlo server' and 'quit' with no payload.15:03
spdwDaviey: the email is sent through php15:03
Davieyspdw, i think it's your php app to blame TBH.15:03
Davieyspdw, if you run those two commands quoted, do you see the same error in your mail logs?15:04
spdwchecking15:04
=== oubiwann is now known as oubiwann_
spdwDaviey: yep, you're right15:05
Davieyspdw, So, that indicates sendmail IS working15:05
Davieybut the PHP app is failing to send a payload.15:05
spdwDaviey: cool, I'll take a look from that side then15:05
Davieyspdw, super15:06
Davieyspdw, I'd love for you to feedback what caused it.15:06
spdwDaviey: sure.  I believe, but will verify, that we're just using the mail() method.15:07
zulspdw: ill bring the bat book tomorrow for you15:08
spdwDaviey, zul: Thanks for the help15:15
zulDaviey: np15:15
zuler...spdw15:17
=== guampa is now known as guampafk
Davieyspdw, np15:18
* RoAkSoAx time for rhcs3.1 testing 15:24
zulhallyn: do you have a doc or a pointer to setup lxc and libvirt?15:26
hallynzul: there is http://s3hh.wordpress.com/2010/09/07/easier-creation-of-libvirt-lxc-containers/ if that's what you mean15:42
hallynzul: but that's all15:43
hallynzul: did you have q, or are you thinking for release notes?15:43
zulhallyn: no i was just looking for a general guide15:43
JenniferB2hi folks... I have an svn repo on a ubuntu-server... and I need to change the password.. but when I do on the server.. I am having trouble logging again from ssh ... how do I update my key locally ? entering the new password doesn't seem to be enough15:43
zulhallyn: but if im using you lxc-guest package do i need to do half of those things in the script there?15:44
hallynzul: checking the scripts, cause i don't recall offhand what all i had to do15:47
hallynzul: all right, you're starting with a full uec guest image, right?15:49
hallynzul: the one thing I expect you to have to do is provide a console service on /dev/pts/0, bc that's where libvirt-lxc offers console15:49
zulhallyn: yep unmodified as of right now15:49
zulgotcha15:49
zulthanks15:50
zulill ask if i have any more questions15:50
RoAkSoAxgreat between kvm and python my CPU is 100%15:51
DavieyRoAkSoAx, that sounds great!15:52
DavieyRoAkSoAx, have you tried starting kvm with --don't-abuse-me?15:52
hallynzul: ok - yeah all the rest looks ok.  You can still use my base.xml as a template if you haven'te already devised your own15:52
zulhallyn: thanks15:53
RoAkSoAxDaviey: lol... seems virt-manager issue15:56
DavieyRoAkSoAx, ahh15:58
Davieyvirt-manager is a troubled soul at times.15:58
RoAkSoAxDaviey: indeed16:00
RoastedIs a "complete removal" in synaptic = sudo apt-get remove --purge *package* ??16:01
DavieyRoasted, try #ubuntu ... i imagine most here don't use synaptic.16:02
xdse cineva ;))16:03
xdshttp://problemepc.team-forum.net/16:03
RoastedDaviey, good point :P16:04
mdeslaurDaviey: unfortunately, there have been humungous fixes to bind for DNSSEC support between 9.7.0 and 9.7.2P316:11
mdeslaurDaviey: I don't know if it's sanely possible to pick them all out and try to backport them16:11
Roastedif sudo killall -9 freeradius is the wayt o kill the freeradius process, how can I restart it without rebooting?16:11
mdeslaurDaviey: and it kind of sucks that Lucid doesn't have working DNSSEC support16:11
RoAkSoAxhallyn: have you seen KVm using 100% CPU lately?16:12
mdeslaurDaviey: maybe we should try and get a one-time SRU of 9.7.2P3 into lucid and maverick16:12
RoAkSoAxhallyn: or at least more than 50%16:13
zulhallyn: yay it works16:14
hallynRoAkSoAx: on natty?16:15
hallynRoAkSoAx: it sounds familiar, can you search lp bugs?  i think someone else had that with virtio16:15
hallynthough i thought that was maverick16:15
RoAkSoAxhallyn: right now with maverick, I'm launching a VM with testdrive and in somepoints doing IO it goes all the way to 100% CPU usage, and for a while was around 50%16:16
highvoltagey/win 2616:16
RoAkSoAxhallyn: launching it with virt-manager, it does stay in 100% even though I close virt-manager, kvm stays in 100%16:17
hallynlemme check my list16:17
hallynRoAkSoAx: no, i was thinking https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/703811 but this sounds different16:22
uvirtbotLaunchpad bug 703811 in kvm "kvm guest's cpu usage with virtio storage driver goes up to 100% because of flush process" [High,Incomplete]16:22
hallynRoAkSoAx: is it doing anything in the meantime?16:22
hallyni.e is the VM moving along?16:22
RoAkSoAxhallyn: yeah. let me get you a quick video16:23
Roastedif sudo killall -9 freeradius is the wayt o kill the freeradius process, how can I restart it without rebooting?16:23
=== airtonix is now known as jadakren
RoAkSoAxhallyn: yeah I think that's the one!! I'm crrently installing a new VM and while installing the base system and things that do disk IO apparently, that's when the load goes up16:31
jmarsdenRoAkSoAx: maybe kill -HUP   would reload its config file?  I don't have it installed here, what does the man page say?16:33
jmarsden^Roasted16:33
uvirtbotjmarsden: Error: "Roasted" is not a valid command.16:33
jmarsdenBah.16:33
RoastedI got it16:34
Roasted:)16:34
Roastedfacing a new problem now16:34
Roastedbut I doubt any of you guys have tinkered with freeradius. It's a specific error to freeradius itself.16:34
SpamapShallyn: did you resolve whatever it was you needed last night?16:35
hallynSpamapS: i sent the email to upstart-devel instead16:37
hallynSpamapS: no replies yet, and i've had no brilliant ideas16:37
hallynSpamapS: so i think i'll just end up having to special-case cgred in /etc/init/libvirt-bin16:37
RoAkSoAxhallyn: http://me.roaksoax.com/kvm.ogv (ignore the sound :) )16:37
hallynlol, now i gotta go watch :)16:38
hallynRoAkSoAx: but your fflush-N aren't showing high usage?16:39
RoAkSoAxhallyn: nope, just the CPU and the graph in vrit-manager is half load16:39
SpamapShallyn: oh I did see that email16:40
hallynRoAkSoAx: pls file a new bug, mention it MIGHT be a dupe of that one, and upload your .xml's so i can take a look16:41
hallynRoAkSoAx: you're sure you're using kvmand not plain qemu right? :)16:42
RoAkSoAxhallyn: yeah i;m using KVM lol :)16:42
uvirtbotNew bug: #559307 in exim4 (main) "Local delivery hard link vulnerability" [Low,Fix released] https://launchpad.net/bugs/55930716:47
hallynSpamapS: were you drafting a reply? :)16:50
SpamapShallyn: will later for sure.16:51
zulRoasted: you do know there is a specific channel for freeradius right? #freeradius16:56
Roastedoh believe me, I know16:56
Roastedgo ahead and hang out there and see how many people talk in 72 hours time16:56
Roasted;)16:56
SpamapSRoasted: thats a good sign that maybe its time has passed.. ;)16:56
patdk-wkI haven't used freeradius in atleast 5 years16:56
RoastedSpamapS, you're telling me.16:56
Roastedbut isn't freeradius still more secure than standard WPA2?16:57
RoAkSoAxhallyn: what other xml's should I upload besides the VM's one?16:57
SpamapSRoasted: there is no wifi security. ;) Use VPN and/or SSL at all times.16:57
RoastedSpamapS, well, you know what I mean...16:57
RoastedIs radius still "more" secure than WPA2?16:58
patdk-wkthey have nothing to do with each other16:59
RoastedI thought they did...16:59
patdk-wknope16:59
patdk-wkwpa2 is a wifi encryption thing16:59
patdk-wkit can use radius auth, or psk auth16:59
Roastedhow does radius auth differ from psk?16:59
hallynRoAkSoAx: the VM ones, and the storage ones16:59
Roastedpsk = personal right? passphrase, etc.16:59
patdk-wkno17:00
patdk-wkpsk means preshared key, one password for everyone17:00
patdk-wkradius auth you have one per person17:00
hallynRoAkSoAx: virsh vol-dumpxml and virsh pool-dumpxml17:00
patdk-wkand you can limit with certificates too17:00
Roastedwell from that standpoint alone I would think radius would be far superior.17:00
patdk-wkso user must have valid cert to access17:00
patdk-wkya, but it has nothing to do with how secure wpa2 is17:01
Roastedso it's not how secure it is, it's the way it implements the authorization?17:01
patdk-wkya17:01
Roastedbut in a way I would think that would still aide in greater security, even though it's using the same level.17:01
Roastedit just goes about it in a more complicated way, it seems.17:01
patdk-wkyes, over all it would be more *secure*, but it doesn't make the encryption of the channel any better :)17:01
Roastedwell, I work in IT at a school district. One of the students last year got some program to reveal the passphrase we were using for wifi.17:02
Roastedas a result, they would get on our network on their phones, etc.17:02
RoastedI think that's why radius has something to offer us.17:02
RoastedIt's not entirely my decision. I'm just the one with the project that was assigned to me.17:02
patdk-wkif you use cert verification, that would block it17:02
Roastedcert verification with... radius right17:03
patdk-wkyou can only do cert verification with radius17:03
Roastedokay17:03
RoastedI thought so17:03
Roastedjust wanted to make sure we were on the same page17:03
Roastedyeah right now I'm trying to generate some certs for my test environment.17:03
patdk-wkI set that same thing up, years and years ago17:03
Roastedbut the guide is telling me to run "make" but that's it, which isn't working for me.17:03
RoastedIs there anything better to use than radius for our scenario, given you now know why we were aiming for radius?17:03
Roastedthis make thing is getting old. I have no idea how to work around this.17:07
Roastedtheir documentation sucks.17:07
kirklandlynxman: ping17:07
lynxmankirkland: pong17:07
kirklandlynxman: hey, i just uploaded a new mcollective fixing the two bugs you filed (thanks for the reminder, zul)17:07
kirklandlynxman: i need you to do one more thing ...17:07
uvirtbotNew bug: #716528 in qemu-kvm (main) "kvm 100% when performing apparently IO operations" [Undecided,New] https://launchpad.net/bugs/71652817:08
kirklandlynxman: create a .postrm script that removes the user17:08
lynxmankirkland: just updated the bug with the script17:08
kirklandlynxman: rock17:08
lynxman:)17:08
kirklandlynxman: i'll get another upload17:08
lynxmancool \o/17:08
kirklandlynxman: in the future, if you want credit in the changelog, send a debdiff ;-)17:09
kirklandlynxman: if you don't care, this works too :-)17:09
patdk-wkroasted, I dunno, I haven't used radius on unix for so long, I have one radius setup I use for everything just about, but it's windows based, cause they are running AD17:09
lynxmankirkland: I'll have it in mind, thanks ^^17:09
lynxmankirkland: just happy to see the package doing cool stuff :)17:09
hallynRoAkSoAx: so just to make sure, have you tried just running 'kvm -hda delme.img -cdrom ubuntu-10.04-server.iso -boot d -m 1G" and seeing what it does with your cputime?17:11
kirklandlynxman: mcollective_1.0.0-0ubuntu4 should be ready for your testing shortly17:11
kirklandlynxman: please test package installation and uninistallation for me ;-)17:12
lynxmankirkland: excellent, thank you ;)17:12
lynxmanwill do so17:12
SlybootsAhh! lol.. Figured ouy why my Squid Proxy kept crashing..17:12
Slybootsout of disk-space :P17:12
* SpamapS hands Slyboots the Sombrero of Glory17:13
* Slyboots glows with mighty uh.. mexican power?17:15
SpamapSOle!17:16
* SpamapS forgets how to do accents17:16
Roastedpatdk-wk, yeah, we have MS Radius set up now, but there's a bug with MS Radius that backfires with certain wifi cards. It just so HAPPENS that it's the card we have in 540 something laptops... which drops authentication after 30 days and doesn't regain it unless we hardwire them to re-authenticate. I've heard from numerous people FreeRadius doesn't have this issue, hence our interest.17:16
RoAkSoAxhallyn: by running kvm etcetc the load is not so high, so it is something related to libvirt17:18
RoAkSoAxor must be17:18
hallynRoAkSoAx: not necessarily - have you also tried17:19
hallynkvm -drive file=delme.img,if=virtio,index=0 -cdrom x.iso -boot d ?17:19
RoAkSoAxhallyn: im running the same isntalling through TestDrive (which uses the username you are logged in and rtuns a vm with virtio and kvm -etcetc) and the load is not that high17:19
RoAkSoAxs/same installing/same ISO installation/17:20
RoAkSoAxs/rtuns/runs17:20
Roastedpatdk-wk, I'm assuming that FreeRadius can integrate with MS LDAP... ???17:20
RoAkSoAxhallyn: this is the command used in testdrive: "kvm -m %s -smp %s -cdrom %s -drive file=%s,if=virtio,cache=writeback,index=0,boot=on %s"17:21
patdk-wkldap is ldap17:21
Roastedbut LDAP is where the users are, and we have nearly 2,000... that's where the user base is stored to authenticate "from".. right?17:21
RoAkSoAxhallyn: also note that the high load appears when apparently is doing intesive IO operations17:23
RoAkSoAxhallyn: and at the same step of the installation, the load is different between a kvm launched by libvirt than the one launched by testdrive17:24
hallynRoAkSoAx: pls use 'ps -ef | grep kvm' to get the full commands executed by both17:26
RoAkSoAxhallyn: libvirt /usr/bin/kvm -S -M pc-0.13 -enable-kvm -m 512 -smp 2,sockets=2,cores=1,threads=1 -name natty1 -uuid 31631c3c-a914-6365-12b7-9103b4e07a3b -nodefconfig -nodefaults -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/natty1.monitor,server,nowait -mon chardev=monitor,mode=readline -rtc base=utc -no-reboot -boot dc -drive file=/var/lib/libvirt/images/natty1.img,if=none,id=drive-virtio-disk0,boot=on,format=raw -device virtio-blk-pci,17:26
hallynRoAkSoAx: and paste in the bug.  i'll look there in a few mins17:27
RoAkSoAxhallyn:yeah that's what I'm doing :)17:27
hallynRoAkSoAx: thanks :)17:29
RoAkSoAx;)17:30
panfisti just rebooted and for some reason my root is mounted as a read only file system?17:34
patdk-wkprobably cause it's corrupted17:36
patdk-wkreboot into recovery mode, and try fsck'ing the fs17:37
panfistfor some reason my grub timeout is zero so i'm booting into a live cd now17:37
patdk-wkthta works17:37
panfistusing 10.04 by the way17:37
panfistit seems really hard to change the grub timeout... there is no more menu.lst file, and some script called 00-header or something has timeout stuff all over the place17:38
panfistnot sure what to touch in there17:38
patdk-wkheh, /etc/default/grub17:38
hallynRoAkSoAx: ///17:42
hallynsorry, internet connection fail17:42
hallynRoAkSoAx: is comment #5 correct?17:43
hallynRoAkSoAx: bc it shows 'if=none'.  it looks garbled17:43
* hallyn bbl17:45
RoAkSoAxhallyn: yeah something's weiord going on here :/17:46
lirakispanfist, grub has been updated to grub 2 which is different in the way in manages its config18:12
uvirtbotNew bug: #716576 in tftp-hpa (main) "package tftpd-hpa 5.0-11ubuntu2 failed to install/upgrade: ErrorMessage: il pacchetto tftpd-hpa non è pronto per la configurazione  impossibile configurarlo (stato corrente "half-installed")" [Undecided,New] https://launchpad.net/bugs/71657618:21
RoyKwe had a little accident at work the other day - a generator was started and pumped 1kV or so into our servers.... some 30% of them died, but all of the supermicro servers survived, some 12 boxes or so. According to the statistics, at least four of them should have died, but they are all running... Bad thing those Sun boxes that cost 4x the price of the supermicros died :P18:22
air^:)18:24
guntbertRoyK: testing emergency power supply gone bad?18:25
* alvin holds 1 minute of silence for those poor Sun boxes18:26
RoyKnot even testing - the power was to be shut down for an hour or so18:26
RoyKso we got a generator - we've done it before - but now, during startup, the generator generated a rather ugly surge18:27
RoyKalex_joni: make that a second :P18:27
RoyKor some milliseconds18:27
* RoyK doesn't like Sun^WOracle hardware18:28
patdk-wkya, I don't like *connecting* generators till they are warmed up18:28
RoyKI didn't18:29
alvinI was going to say: "why not, they're indestructible. But well,...."18:29
RoyKperhaps they should have warmed it up before they fused it?18:29
=== NG_ is now known as ng_
=== _TechAway_ is now known as _Techie_
=== hikeonpast___ is now known as hikeonpast
shaunoshouldn't the ups eat the overvoltage?18:55
shaunoah.  timestamp fail18:56
patdk-wkshauno, depends18:59
shaunowe typically feed both pole & genny into a transfer switch, and then into the ups from there.  let the ups handle the phase distribution, and eats the time between the pole going down and the genny coming up19:02
shaunothat way the ups would still do it's job if the genny's dirty19:03
patdk-wkhmm, could easily be a faulty ups part also19:06
patdk-wkmaybe it detected the large spike, and might of been too large for it to handle19:06
patdk-wkand that caused it to go into bypass mode?19:06
patdk-wkheh, electricity is fun, all kinds of unexpected things can happen :)19:06
shaunothat should go to battery19:06
shaunobypass is typically the ups can't give you juice, so it feeds you the wall and hopes it works19:07
shaunojust curious; I work with/for a particular brand of ups, so I have trouble picturing layouts that aren't what we deploy19:09
patdk-wkya :)19:10
patdk-wkI had a ups on my, just turning itself off cause of the generator19:10
patdk-wkfound the generator was bad19:11
* patdk-wk wonders if there is a wol issue I missed :)19:33
patdk-wkseeing thousands of wol requests flooding me from the inet19:33
uvirtbotNew bug: #716654 in postfix (main) "latest ubuntu updates killed mail delivery" [Undecided,New] https://launchpad.net/bugs/71665420:16
=== ng_ is now known as NG_
uvirtbotNew bug: #716659 in multipath-tools (main) "Root filesystem goes "Read only" after installing multipath-tools on Lucid" [Undecided,New] https://launchpad.net/bugs/71665920:31
NDROfTheLinehi there20:35
NDROfTheLinei've got samba working properly on my virtual server! yeahhhhh20:35
NDROfTheLinenow i need to set up some rudimentary security. how?20:35
NDROfTheLinefor example, i'd like to require all users to have to supply a password to access the sahre20:44
NDROfTheLinehow do i do that?20:44
SpamapShttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=61229620:56
SpamapSRuh roh20:56
uvirtbotDebian bug 612296 in wnpp "O: bacula -- network backup, recovery and verification - meta-package" [Normal,Open]20:56
NDROfTheLineruh roh20:56
NDROfTheLinebug=61229620:56
NDROfTheLinehow'd you get that to pop it up20:56
NDROfTheLinejust the URL?20:57
SpamapSthe URL20:57
NDROfTheLineic. cool.20:57
SpamapSzul: ^^ .. bacula has been orphaned20:57
NDROfTheLinewhy is swat refusing un:root and the root password?20:57
SpamapSNDROfTheLine: because it wants to protect you!20:58
zulSpamapS: hmmmm...20:58
SpamapSNDROfTheLine: you can define a non-root user as an administrator and use that20:58
NDROfTheLineSpamapS, well i understand the danger of root logins, i really do, but in order to create a new share and manage my existing shares i need root access don't i20:59
NDROfTheLineSpamapS, i've tried logging on with my account and all i can do is view information about my shares.20:59
SpamapSzul: does Canonical use it internally? Might be strategic for us to take up maintainership20:59
zulSpamapS: already one step ahead of you20:59
NDROfTheLineplanning open-world domination huh20:59
zulSpamapS: im not sure but we should take it over21:00
RoAkSoAxredhat cluster debian maintainer  is also looking for someone else to maintain it21:00
NDROfTheLinewhy can't i administer my samba shares with my normal login?21:01
NDROfTheLineon swat, that is21:01
zulSpamapS: just fired off an email to John21:02
SpamapScool21:02
zulSpamapS: thanks for pointing that out21:02
SpamapSNP.. just by chance saw it w/ the changelog for bug #689327 getting fixed21:03
uvirtbotLaunchpad bug 689327 in dbconfig-common "bacula-dir.conf shows syntax error when mysql dbname is left blank" [Low,Confirmed] https://launchpad.net/bugs/68932721:03
NDROfTheLineasdf21:03
NDROfTheLinesorry, i hit the wrong button. on the Ubuntu Community Swat page, it says "Log inas a user with proper priveleges"; how do i ensure my user has proper privelege to administer samba?21:04
zulSpamapS: replied to the bug as well21:08
samael6anybody here know where the ubuntu server guide is21:16
guntbert!serverguide21:16
ubottuThe Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/21:16
guntbertsamael6: ^21:17
samael6no i just installed it from the ubuntu software center and i cant find it21:17
guntbertsamael6: I'd look under/usr/share/doc....21:18
NDROfTheLinedoes anybody know how to set up a user with proper priveleges to use SWAt to manage my samba shares?21:19
guntbertsamael6: and you can always ask dpkg (-l  or -L,  not sure)21:19
NDROfTheLineit's -l21:19
NDROfTheLinewhat's the package name of the guide21:20
samael6ubuntu server guide21:21
guntbertubuntu-server-guide21:21
EvilPhoenixthere's a guide as a package?21:22
NDROfTheLinewell i can't install it with apt-get21:22
NDROfTheLineiuno, that's what samael6 is saying21:22
EvilPhoenixits ubuntu-serverguide21:22
guntbert!info ubuntu-server-guide21:22
ubottuPackage ubuntu-server-guide does not exist in maverick21:22
EvilPhoenix!info ubuntu-serverguide21:22
ubottuPackage ubuntu-serverguide does not exist in maverick21:22
EvilPhoenixor not21:22
EvilPhoenix:P21:22
NDROfTheLinewell it is actually ubuntu-serverguide21:23
NDROfTheLine!ubuntu-serverguide21:23
NDROfTheLine!info ubuntu-serverguide21:23
samael6i followed your advice and found the package bubt it wasent what i expected21:23
samael6its a log21:23
NDROfTheLineyeah me too21:24
guntbert!info ubuntu-server-guide lucid21:24
guntbert!info ubuntu-serverguide lucid21:24
ubottuPackage ubuntu-server-guide does not exist in lucid21:24
ubottuubuntu-serverguide (source: ubuntu-docs): The Ubuntu Server Guide. In component main, is optional. Version 10.04.3 (lucid), package size 371 kB, installed size 2608 kB21:24
NDROfTheLinemaybe you'll have to install ubuntu-docs21:25
NDROfTheLineto get the offline version installed in your docs directory21:25
guntbert!info ubuntu-serverguide lucid21:25
ubottuubuntu-serverguide (source: ubuntu-docs): The Ubuntu Server Guide. In component main, is optional. Version 10.04.3 (lucid), package size 371 kB, installed size 2608 kB21:25
NDROfTheLinebut anyway just google filetype:pdf ubuntu server guide and get the pdf21:25
guntbertno, the package exists21:25
NDROfTheLineyeah but it doesn't install the server guide in /usr/share/docs21:26
iclebytenon sever related but what are you guys using to player your music in on linux?21:26
iclebyte(it goes hand in hand with sever administration though)21:26
iclebyteserver*21:27
NDROfTheLineyou can ask that question in #ubuntu if you want recommendataions on desktop music players21:27
NDROfTheLinei just use rhythmbox21:27
iclebytefair enough21:28
guntbertit is installe in /usr/share/ubuntu-servguide21:29
guntbert*installed21:29
guntbertNDROfTheLine: ^^21:29
samael6thanks i got it21:30
guntbertNDROfTheLine: and its dpkg -L <package> which gives you a list21:30
guntbertNDROfTheLine: sorry, I forgot who asked the original question21:31
samael6but i thought it was a application thats shows the html files21:31
NDROfTheLineno prob it wasn't me21:36
NDROfTheLinedpkg -l by itself returns the entire list of isntalled packages21:37
NDROfTheLineanyway21:38
NDROfTheLinei'm still trying to get swat working. how do i configure a user that can administer samba??21:38
samael6im not looking for commands im looking for where this can be viewed21:40
NDROfTheLineopen firefox.21:42
NDROfTheLinein the location bar, type /usr/share/ubuntu-serverguide/html/C/index.html21:42
NDROfTheLineguntbert, how'd you figure out the storage location of the ubuntu-serverguide? google? dpkg?21:44
samael6NDROfTheLine hes probbaling dozing22:01
RoAkSoAxzul: /win 1922:01
RoAkSoAxarrrrgh22:01
NDROfTheLinewell i missed his logoff due to a timeout22:01
RoAkSoAxzul: quick questions. I have a init script I pass this in rules: dh_installinit -p gfs2-utils --no-start --no-restart-on-upgrade -- start 65 S . start 2 0 6 .22:02
samael6what languages do you guys under your belt22:02
samael6have22:02
RoAkSoAxzul: in the init script Default-Start: S and Default-Stop 0 622:02
RoAkSoAxzul: but when installing, this happens: update-rc.d: warning: gfs2-utils start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (S)22:03
RoAkSoAxupdate-rc.d: warning: gfs2-utils stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (0 6)22:03
RoAkSoAxideas?>22:03
RoAkSoAxSpamapS: ^^22:08
=== jadakren is now known as airtonix
KB1JWQWelcome to #ubuntu-server, psywiped22:45
psywipedtrying to set up a script to twitter my servers ip address but it keeps saying that gt is not a valid command using this page as a guide http://onthefencedevelopment.com/?p=28922:45
KB1JWQpsywiped: gt isn't defined as a command anywhere there.  Pastebin your script, redacting anything sensitive please.22:46
psywipedhttp://pastebin.ubuntu.com/565591/22:48
KB1JWQpsywiped: And the exact, copy pasted error you get? :-)22:48
shaunoheh; line 1122:49
shauno$CURRENT_IP &gt; $IPFILE22:49
KB1JWQAh, tere it is.22:49
shauno&gt; is the html entity for >22:49
KB1JWQThere we go. :-)22:49
KB1JWQI wondered why they were backgrounding something.22:49
psywipedhttp://pastebin.ubuntu.com/565593/22:50
psywipedo hell22:51
psywipedthat would make sense22:51
psywipedso echo $CURRENT_IP >; $IPFILE22:51
shaunowithout the ;22:52
psywipedok now im getting this http://pastebin.ubuntu.com/565597/22:54
shaunoI think that's just because of the space between -- and user22:55
psywipeduse # to comment out in bash?23:00
shaunocorrect23:04
psywipedit looks like the space between -- user was causing the problem23:06
shauno:)  -- alone means something very specific to most commands23:07
psywipednow to figure out why its not updating twitter23:08
psywipedmy issue is that i dont trust the dynamic dns im using right now to update if my servers ip address changes and i want a backup method23:09
psywipedbut the script doesnt look like its working23:10
psywipedhttp://pastebin.ubuntu.com/565605/23:11
psywipedbut no update in twitter23:11
psywipedthis is what i'm going off of http://onthefencedevelopment.com/?p=28923:14
psywipedforever alone23:17
SpamapSRoAkSoAx: re the update-rc.d warning.. that just means that the postinst is override the LSB header.23:20
SpamapSoverriding23:20
uvirtbotNew bug: #716767 in clamav (main) "clamav-daemon does not start because of "Malformed database" daily.cvd" [Undecided,New] https://launchpad.net/bugs/71676723:37

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!