[00:00] !rtl8187b [00:01] thank you guys for the help [00:02] :)) [00:02] there was no help bro [00:02] smokesmoko i want webmin to configure for ipv6 router [00:02] but i cant too [00:02] cause i use ubuntu server [00:02] im assuming that i can solve this problem the same as i did for wireless drivers on 10.04, that is using backports correct? [00:03] can someone point me to a .deb of any of the latest kernels for hardy? [00:03] Hellz_Bellz, only if said driver exists, is compatible with the older kernel, and has been backported [00:04] many drivers are not, I ran into that problem on a hardy server when I installed an intel gigabit NIC [00:05] solution was upgrading to lucid [00:05] whats the newest ubuntu server version that uses grub1 [00:05] nertil: anything is better than nothing, so I appreciate any reponse big or small [00:05] grub 2 is not an option on this machine [00:05] Hellz_Bellz, if you upgrade, grub1 will continue to be used [00:05] 9.10 onwards uses grub2 by default, but can still use grub1, and upgrades will continue using grub1 [00:05] well i cant get any NIC working so that isnt an option [00:06] wait [00:06] i have a cd of 9.10 can i upgrade from that? [00:06] not directly [00:06] you can only directly upgrade to 8.10 (unsupported) or 10.04 [00:06] im sorry its 10.04 [00:06] command plox [00:07] :D [00:07] qman__: may i have the command to update from /dev/cdrom ? [00:07] https://help.ubuntu.com/community/LucidUpgrades [00:08] i knew downloading all those iso's was a good idea [00:11] im sorry that page says absolutley nothing about upgrading on a machine not connected to the internet [00:12] \and the iso is not able to be put on the hdd [00:18] airtonix, perhaps its b/c i am listining for dhcp on a bridge interface [00:19] will .debs for the desktop 10.04 be functional on on the server edition because i have a LARGE dvd of my apt- archives for my laptop [00:26] okay lsusb shoews the driver is loaded but its still not giving the interface on iwconfig or ifconfig [00:31] Hellz_Bellz, actually, it does tell you how to do it offline, under the "upgrading using alternate CD/DVD" section [00:32] well it also assumes you are using a desktop manager which server edition has not [00:33] ie it asks for a gui [00:34] I was under the impression that it was a normal shell script, but oh well [00:35] I would try adding a lucid CD to your repositories with apt-cdrom(?) and see if do-release-upgrade will work with that [00:35] don't know if it would work though [00:36] ive already upgraded [00:36] atp-cdrom [00:36] then an upgrade [00:36] im downloading a 2.6.32-22 kernel to a usb now [01:47] iis replacing every instance of "hardy" with "lucid" in /etc/apt/sources.list a good or bad idea? [01:48] ive already updated and its not letting me install xorg saying it depends on x11-common though x11-common is already installed [01:49] !hardy->lucid [01:49] !upgrade [01:49] For upgrading, see the instructions at https://help.ubuntu.com/community/UpgradeNotes - see also http://www.ubuntu.com/desktop/get-ubuntu/upgrade [01:49] Hellz_Bellz: there is a detailed upgrade procedure; you should follow it. [01:50] hello [01:50] too late :D [01:51] hehehe lets see how this breaks :D [01:51] Hellz_Bellz: then you can consider this a "learning experience" [01:51] Like public whippings [01:51] on a apache server folder. I need a writable folder for a PHP script. [01:51] it's better to add the www-data user or group or both? [01:52] twb i updated my server distro from a cd because if you read up .... i didnt have access to the internet on this machine [01:52] Hellz_Bellz: OK. [01:52] I was thinking adding www-data user as howner for every things [01:52] and admin group [01:52] im certain that a update and then an upgrade will suffice [01:52] Hellz_Bellz: there are usually edge cases [01:52] gagarine: thats a bad idea [01:52] a REALLY bad idea [01:52] Hellz_Bellz why? [01:53] like MONUMENTALLY BAD IDEA [01:53] Hellz_Bellz: e.g. make sure you upgrade apt/aptitude first, then the kernel and udev and libc, then reboot, then everything else. [01:53] because then ANYONE on the internet can do admin things on your computer [01:53] IE the internet owns your compruter [01:53] Hellz_Bellz I don't get how? [01:53] twb wont dpkg handle the order in which things need to be worked? [01:54] because www-data is the user the server runs under [01:54] the users on the internet are www-data [01:54] I speak only about the htdocs folder [01:54] you are the admin [01:55] "the users on the internet are www-data"? [01:55] if i got on your server via a webpage [01:55] i would be www-data [01:55] apache process run as www-data that's doesn't mean you have any right on my computer... [01:55] ya i do [01:56] all scripts and processes that apache runs, run as www-data [01:56] and as such have all the permissions www-data is given on your system [01:56] a badly written script is all it takes [01:56] so, www-data's permission should be limited to the least needed [01:56] and www-data should never be added to a group that is not carefully controlled [01:56] a simple eval function with a GET inside it [01:56] qman__ Hellz_Bellz ok I get this point. But I was speaking about /var/www only [01:57] omfg you are toast [01:57] doesnt matter [01:57] then everyone on the internet has everything in that folder to play with [01:57] including things like passwords of other users [01:57] Hellz_Bellz: yes, in general, but the point of upgrade documentation is that Bad Things can happen because of edge cases. [01:57] if they are stored there [01:57] Hellz_Bellz ok but how you handle writing process? [01:57] from apache... [01:58] (throw PHP) [01:58] chmod +w the particular file or folder you wish to allow [01:58] .htaccess [01:58] ya that too [01:58] Hellz_Bellz: e.g. migrating hardy to lucid will change the default behaviour of recommendations. If you don't upgrade apt first, you'll miss out on that until after the upgrade [01:58] and be very careful about what you put in it [01:59] okay upgrading apt first [01:59] qman__ so is better to give +w to every one... than adding www-data user howned this specific folder and write only for the owner? [01:59] ... I don't get it [01:59] no [01:59] !google apache security [01:59] I have no google command, use http://www.google.com/ [01:59] Hellz_Bellz: but that's just an example from memory. I don't remember the whole hardy->lucid upgrade issue list [01:59] www-data can own the folder [02:00] you asked about adding www-data to another group [02:00] which is a very bad idea [02:00] qman__ ok [02:00] www-data normally should own all the files in the web-served directory [02:00] but changing the group of this folder to admin is also a bad idea? [02:00] gagarine: if this is a privvate testing server off the internet itrs okay to do whatever you want but make sure you learn proper securitty [02:01] Hellz_Bellz is not private :) [02:01] if you put this server on the internet...make sure its a dedicated computer with no provate information [02:01] well, it wouldn't cause any direct problems [02:01] NO private info AT ALL [02:01] Hellz_Bellz: he's running PHP. He's screwed regardless. [02:01] lol [02:01] but using the admin group to grant permission could lead to issues later, since it's normally used to allow sudo [02:01] Even if there's no confidential data, it'll still be compromised enough to act as a zombie [02:02] ive got my www-data allowed to sudo without a pass [02:02] qman__: er, %sudo is used for that [02:02] but i use web frontends ive written in ruby [02:02] ok to resume I put www-data user ownen every thing [02:02] and ive got it locked down with iptables [02:02] and witch group? [02:02] * twb sighs [02:02] www-data too? [02:02] * patdk-lap wonders how you can lock something down with iptables? [02:02] yes [02:02] if one port is open, that is enough [02:03] allow only local host [02:03] patdk-lap: presumably his crappy NIH'd webmin equivalent is listening on a high port [02:03] if a particular user needs access to a file, you can change the owner to that user and leave the group www-data [02:03] if multiple users need access, leave the owner www-data and create a group for those users [02:03] and change the group-owner to that group [02:03] how can you NOT lock down traffic with iptables? [02:03] qman__ Hellz_Bellz thank for your help [02:03] lot [02:04] normally iptables is used to make sure something isn't accidentally opened [02:04] not to *lock down* [02:04] ive got it so only localhost can access anything [02:04] iptables doesn't really have any bearing on what's contained in the packets [02:04] just on what ports are open [02:04] it can inspect packets [02:04] ah one last question... adding myself in www-data is not a good idea? Instead of creating a new group? [02:05] Hellz_Bellz: pastebin your iptables-save -c output [02:05] (please don't kill me) [02:05] lol im in windows atm [02:05] you can, but it's not a good idea from an administration standpoint [02:05] as it gets more difficult to track what users have what access [02:05] if you're the only user it's fine [02:06] If you care about that sort of thing you are better off rolling out an LSM MAC layer [02:06] qman__ ok [02:07] The basic posix dac layer isn't granular and expressive enough [02:07] http://www.symantec.com/connect/articles/iptables-linux-firewall-packet-string-matching-support [02:07] http://www.eeggs.com/items/37085.html [02:07] wait lol wrong one [02:07] Someone have a website about LAMP security? [02:07] Oh gods, that's horrible [02:07] ... so I can learn... [02:08] I find a lot with google of course... [02:08] but also a lot of crap [02:08] Don't deeply inspect every packet. [02:08] ummmmm [02:08] yeah ever heard of rule based inspection? [02:08] like..if it matches THEN inspect [02:09] and what if you have a freakin powerful computer? [02:09] and that it doesn't scale [02:09] just because you can, doesn't mean you should [02:09] no matter what, it will cause latency [02:09] good security comes in layers [02:09] wow... ever heard of having fun? [02:09] you do the best you can at every level [02:09] qman__: ahahaha, FPA "lawyers" [02:09] or maybe [02:09] learning [02:10] relying on only one system to keep you from getting owned is always a bad idea [02:10] * patdk-lap imagines implementing mod_security into iptables rules [02:10] IMO having only one RPC (to wit: ssh, no dynamic web content) is a bloody good idea. [02:11] * patdk-lap also wonders about that, part of stuff would be in two or more packets, so you can't inspect anything useful anyways [02:11] I'm not a fan of nrpe either :-/ [02:12] patdk-lap: how does mod_security work internally? I can't see any discussion on wikipedia or their site [02:13] I'm not really sure, haven't really cared [02:13] but the rules look like regex [02:13] To prevent the “drop table” SQL injection attack with mod_security, add the following to your Apache configuration: SecFilter “drop[[:space:]]table” [02:13] ..WTF? [02:13] It's checking POST headers or something? [02:14] it can check anything [02:14] post/get/ anything [02:14] lol .. it obv filters URLs and maybe post data for that regex, and discards the request if it matches [02:14] I was assuming it was more like Venema's tcpwrappers, only per-"app" within the single 80 listener. [02:14] na, it's an apache module [02:14] Yes, obviously, otherwise it wouldn't be per-thingy [02:14] I use it for one person, reverse proxy to *iis* [02:15] patdk-lap: could you pastebin the .conf for that? I'm curious. [02:15] I rolled out a reverse-proxy using apache last week, and I haven't locked it down much. [02:17] nothing really special about it at all [02:19] btw.... it worked [02:20] just appt-get update && apt-get upgrade [02:20] no need to update apt [02:20] twb: http://ubuntuserver.pastebin.com/ZpR6KDwV [02:20] *upgrade [02:21] did have to make a few adjustments to the modsecurity rules, but you won't know that till you run your app though it some [02:26] Interesting [02:26] Why do you set nokeepalive, then turn it on further down? [02:29] different config files [02:29] global config is off [02:29] per proxy site, turns it back on [02:30] OK [02:30] last 3 lines came out of the virtualhost section [02:31] it has blocked a lot of crap [02:31] most crap gets blocked for other things first also [02:31] The ruleset looks pretty insane [02:31] but I'm paranoid of things making it to iis :) [02:32] ya, the ruleset is annoying [02:32] If it were me I'd prefer to operate default-deny [02:32] but atleast reading the log file and finding the correct rule that matched isn't too hard [02:32] It seems to work mostly by listing every attack they could think of [02:32] yep [02:33] or any that have been attempted [02:33] my problem is, I dunno the application behind this [02:33] or how it changes :( [02:33] I guess [03:41] Perhaps someone can help em out here, is there a better way to see all the network traffic going through my network connection [03:42] There are some .. weird connections going on if I run netstat -a but Im not really sure on what Im seeing [03:42] Like.. "beluga:44856 beluga:afs3-fileserver ESTABLISHED" shows up perhaps 40-50 times [03:42] wtf is that? [03:43] That is you talking to port 7000, so perhaps talking to an IRC server's SSL port. [03:43] .. I dont run a IRC server o.O [03:43] grep af3-fileserver /etc/services [03:44] Or this one "tcp 0 0 beluga:52944 8.15.246.57:https ESTABLISHED" [03:44] Is that outgoing.. incomming [03:44] You run something on port 7000, apparently [03:44] .. no o.O [03:44] And that grep command returns nothing [03:44] use sudo netstat -ntlp | grep :7000 to see what is listening on that port (beluga is your machine, right?) [03:45] Aye [03:45] grep afs3-fileserver /etc/services # my mistake, typo earlier [03:45] Ohh.. Privoxy [03:45] that peice of crap [03:45] if you really want to see the actual traffic, use tshark or tcpdump or ssldump ... [03:46] I just wish it was *clearer* on what its doing [03:46] so all that afs3-server is Privoxy? [03:47] Clearer? It says there is a TCP connection from beluga on port44856 to beluga on port afs3-fileserver which is in the ESTABLISHED state. How much clearer do you want it to be? [03:47] Why its doing that, where the connection orignated from.. wtf is afs3-fileserver [03:47] You define what ports are named what in your /etc/services file. That file defines port 7000 as being used by afs3-fileserver [03:48] Apaprently you picked port 7000 for privoxy yourself? And did not realize it was a well known port number for a different service. [03:49] Mmm [03:49] Well, is there anything else other than netstat -a? [03:50] Well, I already said there is sudo netstat -ntlp ... and there is also tshark, tcpdump and ssldump... you can also try ntop or jnettop or any number of other tools. It depends what info you are seeking. [03:52] if you have a workstation available to you, you can capture the traffic with tcpdump on the server, then move the capture file to your workstation and analyze it in detail using wireshark, if you need to do so. [03:53] Im more just intrested in keeping a eye on things, on occasion network performance will just die wihtout clear reason why, the router shows that Im transfering shitloads of data (enough to saturate the connection) [03:53] But cant figure out why === cmagina-afk is now known as cmagina [04:05] Slyboots: to see what is using up bandwidth in real time, jnettop is probably a good starting point [04:05] Mm.. does seem handy [04:06] Slyboots: You could also use argus to record minimal data on all TCP connections and then look at its collected data using ra at a later time; kind of the opposite approach to jnettop. [04:07] * Slyboots nods "I'll try that, with luck cna find out wtf is going on" [04:07] Or just tcpdump -w/tmp/tmp.pcap [04:07] Then analyse it later [04:27] Is packages.u.c under heavy load or something? [04:35] I installed ubuntu-server to a VM last night. byobu is reporting 51 errors. Can someone help me to find/correct said errors? These are crashing the system about every 4 hours [04:38] danny_: pastebin them [04:39] twb where are they though? I'm in the byobu channel as well trying to find what file that indicator is pointing to. [04:40] Once I know where they are I can make them accessible. [04:40] ls [04:40] oops... wrong screen. [04:50] twb would the syslog file be the most likely to show where the crashes are occurring? [04:50] hi - how can i open port 80 for non-root ? [04:56] okay... http://s3rv3rn3rd.cc.cz has the syslog. echosystm you mean open port80 for ufw? [05:10] is there no shutdown command? shutdown just send the system into recovery mode. Is the only way to powerdown to hit the power? [05:11] this should work: shutdown now [05:11] as either root or sudo [05:11] qman__ thanks for you help before I have my server up now :) and hopefully more secure. I documented every how my modification and will show that to an expert (that's not my job... I'm a programmer). [05:11] EvilPhoenix: shutdown -h now [05:11] that sent it into a reboot to recovery [05:12] thanks twb === oubiwann is now known as oubiwann_ [07:09] how do i update clamav automatically [07:11] how to change an existing group to primary group [07:22] hey all [07:27] anyone around [08:06] i'm trying to set up an ubuntu8.04 client to authenticate over ldap from a debian squeeze server. prior to that,the ubuntu8.04 client was cofigured to auth on an 8.04 server. what files do i look for to edit and have the 8.04 client auth on the debian server? [08:07] !8.04 [08:07] Ubuntu 8.04 LTS (Hardy Heron) was the eighth release of Ubuntu. Downloading: http://releases.ubuntu.com/8.04 - See !lts for more details. [08:07] for a second i thought it was EOL [08:15] 5 years on lts, takes 8 to 13 [08:16] (5 years on base & server packages anyway) [08:18] okay, so I installed ubuntu server on this system because I couldn't get ubuntu desktop to install properly. got most everything working, now I'm just trying to get X to work. sudo dpkg-reconfigure xserver-xorg doesn't work (10.04) and when I start gdm it tells me to configure or get bent, but it won't let me configure it will only let me get bent. why is this and why can't I just configure X properly like the docs say how to do? [08:20] i take it you installed X? [08:21] yeah, ubuntu-desktop itself is installed on there [08:21] I can startx and get a desktop, but can't configure anything [08:23] !lts [08:23] LTS means Long Term Support. LTS versions of Ubuntu will be supported for 3 years on the desktop, and 5 years on the server. The current LTS version of Ubuntu is !Lucid (Lucid Lynx 10.04) [08:23] hopefully that wasn't for me... [08:24] :p nah. just wanted to poke ubottu [08:25] :) [08:26] init: dbus pre-start process (2318) terminated with status 1 [08:26] dbus won't even start....ugh [08:31] stupid upstart, why did this thing have to be used? [08:33] ! [08:34] EvilPhoenix: I discovered /var/lib/dbus/machine-id and filled it with what was in /var/lib/dbus/machine-id.J8fudisof, went to do a: service dbus start, and it started up! But now the screen is blank, there's a non-blinking underscore-style cursor on the upper-left of the screen, and the capslock and scrolllock keys are blinking [08:35] totally hardlocked, can't even sysrq-b [08:35] morgen [08:44] according to this, it's been fixed, yet I don't see that being the case: https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/526390 [08:44] Launchpad bug 526390 in dbus "dbus pre-start fails" [Undecided,Fix released] [08:45] I call schenannigans on that 'fix' [08:51] okay, so I did a dbus-uuidgen > /var/lig/dbus/machine_id and then: service dbus start, the following was caught in syslog: http://paste.ubuntu.com/566880/ [08:51] and then the kernel paniced [08:52] got it to show a bunch of panic info the main screen, none of it's really easily parsed, but the last thing it said was: [ 812.0100005] [drm:drm_fb_helper_panic] *ERROR* panic occurred, switching back to text console [08:53] after that point, the capslock and scrolllock keys are blinking again [08:53] and yes, I meant: dbus-uuidgen > /var/lib/dbus/machine_id [08:54] and now it's kernel panicing on startup [08:55] is simplehttpserver a ubuntu package ? [08:55] if I pass 'nomodeset' to the kernel, it does the same thing again, but without the blinking lights this time [08:55] !info simplehttpserver [08:55] Package simplehttpserver does not exist in maverick [08:55] avis: I'm gonna say 'no' to that [08:56] i have this nautilus script that i cannot make functional i gave up on irc and posted to ubuntuforums.org but no response [08:57] http://ubuntuforums.org/showthread.php?t=1687261 [08:57] it has to do with zenity and sharing over the web using nautilus scripts [08:57] I'm trying to get dbus to behave [08:58] avis: interesting, why not use dropbox then? [08:58] i'm broke :) [08:58] Why does mountall depend on plymouth? [08:59] dude, dropbox is free :p [08:59] require space [08:59] phsi: because there are retards within the ranks of the ubuntu devs? [09:00] avis: gotcha, haven't done that sort of thing with nautilus before, but I'd like to check it out if I could get my system to work... [09:00] Earlier today I noticed that plymouth handles LUKS password input during boot [09:00] Jees, I thought this thing was supposed to display a splash screen [09:00] plymouth is like, the bastard child of 10 generations of inbreeding [09:00] lol...? [09:01] plymouth is showing the splash screen here... and if I go nomodeset, it scales everything down, but dbus is still getting loaded....time to init [09:04] okay, got the system back up [09:04] but dbus is still teh broke [09:07] why does everyone have to be asleep? it's only 3am on a monday morning :P [09:08] 'monday'. [09:08] :) [09:12] I'm asleep because I'm at work [09:12] 3am? BURN THE WITCH [09:45] i have libnss-ldap installed but `dpkg-reconfigure libnss-ldap` returns nothing [09:45] jargon-: what did you want it to do? [09:46] jargon-: are you just trying to reconfigure ldap itself? [09:46] twb: to let me reconfigure libnss-ldap? [09:46] It's a .so file. You can't reconfigure it. [09:46] Gnea: the 8.04 client authenticates on an 8.04 ldap server. i need it to auth to a debian squeeze one [09:47] aah [09:47] jargon-: then you need to edit /etc/ldap.conf and/or /etc/ldap/ldap.conf [09:47] jargon-: if you have a binddn, the bindpw will be in /etc/ldap.secret. [09:48] twb: ok trying that [09:48] I don't know offhand which package configures this in its postinst, possible ldap-auth-client [09:48] dbus just will not work right, no matter what I try... this is extremely frustrating. [09:48] Gnea: that's because it's a crappy RPC protocol [09:49] twb: yes, but I need it to get gdm to work [09:49] gdm's kinda offtopic here. [09:49] well, I'll show you what's really offtopic. [09:50] see, I initially wanted to put ubuntu desktop on this system, but I couldn't get it or the alternative release to install [09:50] twb: what about PAM? do i need to change anything there? [09:50] but I got server to install like a champ [09:50] jargon-: what release? [09:50] then I ran into problems, turned out I needed a bios update - got it updated, so now I'm trying to turn this server install into a desktop install [09:50] Gnea: just reinstall the desktop. [09:51] twb: that would make sense, wouldn't it? [09:51] Gnea: or "apt-get install ubuntu-desktop" and possibly change kernels, which should achieve the same thing. [09:51] twb: libpam-ldap Version: 184-2ubuntu2 [09:51] jargon-: i mean of ubuntu [09:51] 8.04 [09:51] Blargh [09:51] 8.04.4 [09:51] yeah [09:52] IIRC you want auth-client-config -S or so to inspect the system, then if necessary -p lac_example to configure it [09:52] the raw files are in /etc/pam.d/common-* and /etc/nsswitch.conf [09:53] twb: ok [09:53] Hi [09:55] twb: there's already the linux-image-2.6.32-28-generic installed and currently running. the problem is with dbus. [09:55] twb: I tried generating a /var/lib/dbus/machine-id but that caused the system to kernel panic [09:55] Gnea: did you install ubuntu-desktop? [09:55] twb: of course I did [09:56] arrgh. i'd have to change to ldap config of the production fileserver too. can't do that,of course. damn [09:56] might as well do something else until i get more hardware [09:56] Can ubuntu desktop, login to a remote account? (instead of the local account) [09:57] twb: thanks for your help [09:57] Gnea: the pre-start script for dbus, as at 10.04, is mkdir -p /var/run/dbus; chown messagebus:messagebus /var/run/dbus; exec dbus-uuidgen --ensure [09:57] Gnea: work out which command is failing. [09:57] Gnea: then work out why. [09:57] twb: been there, done that, those parts all work. [09:57] matteppi: via XDMCP, yes. But that's probably not what you meant. [09:57] Gnea: so what is the current error? [09:59] twb: well, it's like I said, the kernel panics, I can't even sysrq-b out of it, I have to press the reset button on the case. [09:59] Gnea: then fix that first. [09:59] twb: you're just full of helpful hints, aren't you? [10:00] twb: that's what I'm *trying* to fix, that's why I'm *asking* the question [10:00] You said it broke after you created a file in /var/lib. Did you remove the file again? [10:00] I had to, obviously [10:00] And it's still panicing? [10:00] no, I'm back to square one. [10:00] dbus is not working. [10:01] So you've worked out which of the three pre-start lines is failing? [10:01] root@iacon:~# service dbus start [10:02] start: Job failed to start [10:02] That is not what I asked. [10:02] Feb 14 04:01:48 iacon init: dbus pre-start process (4893) terminated with status 1 [10:02] pretty sure I answered the question already... [10:02] That is also not what I asked. [10:02] 20:57 twb: been there, done that, those parts all work. [10:02] precisely. [10:02] now. [10:02] Clearly that is a contradiction. [10:03] If upstart says the pre-start script fails, and you say it doesn't, then one of you is wrong. [10:04] i have a lab with 15 desktops, connected to a server. everything is working with windows, and i want to switch to ubuntu, both the server and the desktops. I need a lot of accounts, (one for each class, we are in a school), on the server. the desktops need to log in with the accounts. [10:04] matteppi: so you simple need centralized authentication? [10:04] twb: I'm not going to repeat myself: having the /var/lib/dbus/machine-id in place causes the system to panic, it halts, it does not work. thus, exec dbus-uuidgen --ensure is not going to work, that much was blatantly obvious. [10:05] I give up. [10:05] yes, you should [10:05] because you obviously have little skill at helping people solve complex problems. [10:05] Gnea: go read , write a proper problem report, and either pastebin it or send it to launchpad. [10:05] twb: yes.. [10:06] Plonk. [10:06] !coc | twb [10:06] twb: The Ubuntu Code of Conduct is a community etiquette document to which we ask all Ubuntu users to adhere, and can be found at http://www.ubuntu.com/community/conduct/ . For information on how to electronically sign the CoC, see https://help.ubuntu.com/community/SigningCodeofConduct . [10:06] twb: I signed mine, did you sign yours? [10:08] matteppi: OK, then you probably want to look at NIS (old, insecure, but very easy), or LDAP (newer, more secure, but harder). [10:08] matteppi: if you still need Windows machines to work, you might instead need to look at winbind and friends, but I advise you to avoid that. [10:08] yup, looks like you did: https://launchpad.net/~twb [10:10] matteppi: https://help.ubuntu.com/10.04/serverguide/C/network-authentication.html documents LDAP on the server side. The client side ought to be pretty trivial. [10:11] matteppi: oh, alternatively, you might look into LTSP, which provides a more turn-key way to manage the whole network from the server side. It *will* require a 100mbps network and a grunty (say, pentium 4) machine, though. [10:13] llutz: hi [10:14] twb: with NIS, can i create accounts, and then access them from the desktop, without login into the local account? [10:14] Gnea: hi you made me courious ;) [10:14] llutz: may I pm? [10:14] sure [10:18] matteppi: yes [10:45] matteppi: yes, but you might want to consider using ldap instaed [10:45] since NIS is old and not very shiny [11:16] New bug: #718664 in autofs5 (main) "upstart config fo file autofs5 requires space" [Undecided,New] https://launchpad.net/bugs/718664 === FkCek is now known as FkCek|a === oubiwann_ is now known as oubiwann [13:51] Daviey: done [13:53] Uh.. [13:53] What the heck is "Stack Smashing" [13:54] sounds like bad programming [13:55] overflowing the stack, making it quite easy for an attacker to insert bad code [13:55] oh? not someone getting pissed at the current network stack, and making their own? [13:57] Weird; jnettop crashed **Stack Smashing detected! Jnettop exited** === oubiwann is now known as oubiwann_ [14:06] morning all [14:09] hey RoAkSoAx [14:09] zul: heya! how's it going? [14:11] RoAkSoAx: good tired though [14:13] zul: likewise [14:29] hi everyone ... i have a local server for some clients with windows xp (samba domain). we got a new printer here which makes some problems. cups->socket works, windows maschine -> socket, too. windows maschine -> samba -> cups -> socket makes this: http://i55.tinypic.com/5kf34h.jpg [14:29] -> in log theres no error [14:29] -> where to start debugging this? [14:31] sounds like wrong print driver [14:31] its a dell color laser 1320c [14:32] wrong printer driver on samba -> cups side you mean? [14:32] na, samba->cups is just raw I believe [14:32] probably windows -> samba ->cups [14:35] JamesPage: ping [14:38] zul: pong [14:39] JamesPage: for your hudson-fixes branches are you sending the patch back to debian? [14:39] patdk-wk: so you mean the problem is windows -> samba? [14:39] patdk-wk: because cups test sites work excellent [14:39] zul: yep - as I raised each as a bug in LP I'm also submitting back to Debian. [14:40] JamesPage: cool...ill upload them (patch pilot today) [14:41] zul: marvellous; I'll look to re-sync at the start of the next release cycle with manual requests. [14:41] TheInfinity, it's been awhile, but I think your suppost to use the cups print driver in windows for that [14:41] unless you attach the printer in raw mode in cups, then you can use the normal print driver in windows (I couldn't get this working though last time I tried) [14:42] I have no attached printers anymore, all network based, so doesn't matter to me anymore [14:42] patdk-wk: i want to share the printa via samba -> logon scripts, thats why i need samba :) [14:42] patdk-wk: *printer [14:43] you can do that without a samba based printer [14:43] zul: can you just let me check them over; I think some may have already gone to unstable in Debian [14:43] but you do need to be able to access the printer via the network somehow [14:43] JamesPage, [14:43] JamesPage: sure [14:43] * JamesPage starts to look through his email [14:44] patdk-wk: yea, its a socket printer. direkt setup is impossible via scripts, you have to install windows packages, make sockets etc [14:44] no idea what a socket printer is [14:45] lpt [14:45] lpt as in parallel port? [14:46] uh. no. hum. damn translation. in cups its accessed by socket://, thats why i called it socket printer. [14:47] it was LPD [14:48] zul: bug 715688 (joda-time) should go as is - we can't sync the latest from Debian as it uses maven to build which is not in main. [14:48] Launchpad bug 715688 in openobject-client-web "[PS] web client : bank statement : import invoice doesn't work" [Low,Confirmed] https://launchpad.net/bugs/715688 [14:49] OK not that one. [14:49] zul: bug 715668 [14:49] Launchpad bug 715668 in libjoda-time-java "Package does not install Maven artifacts" [Low,In progress] https://launchpad.net/bugs/715668 [14:49] JamesPage: ok that was next on my list [14:49] patdk-wk: thats why i want to use it via cups. lpd is not supported by windows (except you make lots of things in gui) [14:50] zul: bug 715640 and bug 715652 have already been accepted into Debian and uploaded to unstable. [14:50] Launchpad bug 715640 in libezmorph-java "Package does not generate Maven artifacts" [Low,In progress] https://launchpad.net/bugs/715640 [14:50] Launchpad bug 715652 in libcommons-jexl-java "Package does not install Maven artifacts" [Low,In progress] https://launchpad.net/bugs/715652 [14:50] zul: I'll take down the proposed merges [14:51] TheInfinity, no idea, but this might help: http://pastebin.com/F5mqF5XJ [14:51] JamesPage: thanks...less work for me ;) [14:51] zul: can I re-use these bugs to sync or should I generate new one? [14:51] you should be able to re-use them [14:53] patdk-wk: there are no cups *mime files here (ubuntu 10.04) [14:53] i want to remove everything postgresql related and reinstall. how do i do that? [15:04] TheInfinity, ya, dunno :) I haven't done it in a long time [15:05] patdk-wk: hmm ,... okay. thanks for the use client driver = yes tip - lets see what i can do with this :) [15:05] has anyone had any luck getting things like FreeNX to run? [15:05] Need basicl OpenGL rendering working over VNC [15:06] I can get the "Session" to connect, but only xterm [15:08] you do know that opengl won't work over vnc [15:08] and freenx is not vnc [15:12] New bug: #718787 in apr (main) "Please sync apr 1.4.2-7 from Debian Unstable." [Undecided,New] https://launchpad.net/bugs/718787 [15:17] smoser: what do you think of https://bugs.launchpad.net/ubuntu/+source/ec2-api-tools/+bug/715818 ? [15:17] Launchpad bug 715818 in ec2-api-tools "ec2-api-tools FTBFS in natty" [Undecided,New] [15:18] ummm... i think it FTBFS in natty ? [15:18] i need to fix it. i want to look at that today [15:18] just updated it [15:18] is there any known issue at the moment with accessing the EBS backed ubuntu 10.04 images on EC2? [15:28] smoser: cool beans [15:28] geekbri, accessing ? [15:29] smoser: i was trying to create an EC2 ebs backed instance of 10.04 LTS on us-west-1, but for some reason i couldn't locate the proper ami, even though i was using the one listed on ubuntus page. I ended up just launching on in us-east and it works so whatever. [15:30] what ami were you trying to use ? [15:30] i'd like to know if somethings broken [15:31] hold on let me get it. [15:32] smoser: im starting to suspect i must have just done something wrong but i was trying to use ami-a403f7cd [15:32] wait thats the instance store one. hold on [15:33] ami-ebbfefae [15:33] as listed on http://uec-images.ubuntu.com/releases/10.04/release/ [15:35] is it possible you did not specify region? [15:35] if you do not specify region it defaults to us-east-1, and the ami id 'ami-3e02f257' wont exist there. [15:35] i used --region us-west-1 but let me try again to make sure there was no typo. [15:35] ec2-run-instances --region us-east-1 --instance-type t1.micro --user-data-file=/home/smoser/data/mini-userdata.txt ami-3e02f257 [15:36] i just ran that [15:36] yeah it works for me now too... [15:36] oops [15:36] i must have made some sort of typo. [15:36] ami-3e02f257 is us-east-1 [15:36] but.. .ok. good [15:36] glad you're sorted out. [15:36] although now its telling me my keypair doesn't exist which is a bit odd. [15:36] but thats a whole other issue :) [15:40] i want to cleanly reinstall postgresql [15:40] and ideas? [15:40] Alan: not an expert but i think you need to use purge [15:41] errr [15:41] aliverius: apt-get --purge remove [15:48] JamesPage: is it possible to configure hudson to do iso testing for 10.04.2? [15:49] zul: maybe - do the cdimages get published somewhere nice? [15:49] JamesPage: im thinking the same places as the regular iso, im just thinking outload really but ill find out more today [15:49] like here: http://cdimages.ubuntu.com/ubuntu-server/lucid/daily/current/ [15:49] yeah [15:50] zul: lemme have a look - it might.... [15:56] zul: whilst I'm doing that any chance you can sponsor bug 715640 and bug 715652 for me [15:56] Launchpad bug 715640 in libezmorph-java "Sync libezmorph-java 1.0.6-3 (main) from Debian unstable (main)" [Unknown,Fix released] https://launchpad.net/bugs/715640 [15:56] Launchpad bug 715652 in libcommons-jexl-java "Sync libcommons-jexl-java 1.1-2 (main) from Debian unstable (main)" [Unknown,Fix released] https://launchpad.net/bugs/715652 [15:56] JamesPage: sure [15:56] ta [15:57] zul: ocf RA's fixes are to be released on wednesday ;) [15:57] RoAkSoAx: nifty [16:03] James: done [16:12] zul: ta [16:12] New bug: #229646 in spamassassin "spamassassin chokes when using PostgreSQL as Bayes store" [Medium,Fix released] https://launchpad.net/bugs/229646 [16:12] New bug: #257405 in spamassassin "cron.daily job results in "error: GPG validation failed!"" [Medium,Fix released] https://launchpad.net/bugs/257405 [16:14] hello [16:14] i have configured a webdav server but it wont enable the https [16:14] just http [16:28] http://pastebin.com/fLje9Dtf [16:28] it's the apache config file [16:28] i have created the certificate and it exists [16:29] i try to access the web and i receive an error like this: firefox cant establish a connection with the hostname [16:29] without 's' works [16:33] hggdh: ping are you still using my SRUtracker? [16:33] zul: I am _still_ to move it over to QA [16:34] hggdh: ok because its broken right now i have to fix it...ill let you know when its working again [16:34] zul: heh, no problems at all :-) [16:39] how to check if lightttpd has user dirs enabled or not [16:40] check if mod_userdir is activated azizLIGHTS [16:40] yes.. how to check this [16:40] azizLIGHTS: grep lighttpd.conf or mods_enabled [16:40] how i can check if mod_userdir is enabled or not [16:40] oh [16:41] ty [16:41] conf-enabled [16:43] this should be under server.modules ? [16:44] yes [16:45] azizLIGHTS: or "ls -l /etc/lighttpd/conf-enabled/10-userdir.conf" [16:46] ls: cannot access /etc/lighttpd/conf-enabled/10-userdir.conf: No such file or directory [16:47] azizLIGHTS: so if its not enabled in lighttpd.conf, its not enabled at all [16:47] azizLIGHTS: you can't make a toast with water. [16:48] oh so what precodure to take to enable userdirs [16:48] *procedure [16:48] stop lighttpd how? [16:48] ln -s /etc/lighttpd/conf-available/10-userdir.conf /etc/lighttpd/conf-enabled/ // service lighttpd restart [16:48] && not // [16:51] i am am writing a set of two packages that configures a machine to use our company ldap server for authentcation. package 1 uses debconf-set-selections in the preinst to set values for ldap-auth-config (including debconf/priority=critical). package 2 predepends on pkg 1 and depends on ldap-auth-config. The result is that ldap-auth-config still prompts me with its default values, but if I accept defaults, the /etc/ldap.conf file end up wi [16:51] th the values that I specified. So if I could just suppres the dbconf prompts it would be fine [16:54] hggdh, zul: http://hudson.qa.ubuntu-uk.org/job/lucid-server-amd64_lvm/1/console [16:54] this *should* run against the ISO image of your choice; just testing it now.... [16:54] bear in mind that we have never run the automated ISO test suite against lucid - only maverick + [16:54] muhahaha [17:04] kirkland: qemu-0.14.0 is built at ppa:serge-hallyn/virt, and running just fine on my workhorse laptop [17:04] hallyn: i'll install that just as soon as I finish this email [17:04] i'll need to ask bdrung to verify that capslock does what he wants there [17:05] kirkland: cool, thanks [17:08] hallyn: after last week's update of kvm the load is not that high anymore, though now couple of last week ISO's hanged during installation and that couse 100% CPU utilization [17:08] RoAkSoAx: this is on natty? [17:08] (host) [17:08] hallyn: yes [17:09] RoAkSoAx: you might just try out ppa:serge-hallyn/virt which has 0.14.0 [17:09] RoAkSoAx: (which will be going into natty hopefully really soon) [17:09] hallyn: ok! cool! ;) [17:11] New bug: #718868 in beautifulsoup (main) "Sync beautifulsoup 3.2.0-1 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/718868 [17:14] zul, hggdh: well that seemed to work just fine! [17:16] heh [17:16] JamesPage: BTW -- did you get my message that the hudson server was hit by an OOM? [17:17] hggdh: yes - nearly missed it; it did that once before; not sure why but a reboot seems to sort it for a few months [17:17] not ideal.... [17:17] but workable ;-) [17:18] agreed [17:18] JamesPage: also there are some updates to be installed on the server. I did not run any because I was unsure on dependencies with Hudson [17:18] its pretty neutral so should be OK; however we may want to consider a switch to Jenkins at some point in time. [17:18] anybody know who I can make www-data echo to /dev/ttyUSB0 ? I have added the group dialout, and it is working when I su www-data [17:19] hggdh: hmmm - may have just confused things as the changes I made to make the lucid regression ISO test work are not thread safe! [17:19] staale: when is it not working? [17:20] uh-ho [17:20] when I use system, exec, passthru from php [17:20] hggdh: may be OK.... [17:21] * hggdh crosses fingers and toes [17:21] JamesPage: BTW, I added a view for Lucid amd64 [17:21] hggdh: also need to bear in mind that the preseeds are for natty not lucid - they should work as I don't think anything has changed significantly. [17:21] nice [17:22] I think we need a design review and session at UDS to take this forwards; we need a nice way of maintaining preseeds on a per-release basis outside of the main iso-testing codebase. [17:23] staale: and what does happen? an error? silent failure? [17:23] JamesPage: Agrred [17:23] s/rre/ree/ [17:23] :-) [17:24] @Spamaps apache log: /var/www/shs/test.sh: line 4: /dev/ttyUSB0: Permission denied [17:25] hggdh: I pushed a new branch of ubuntu-server-iso-testing to trunk [17:26] hggdh: it has a new script - setup-hudson-regression.py - which takes two params - the URL of the hudson server + the URL of the ISO to test. [17:26] hggdh: it will reconfigure if the test already exists. [17:26] cool [17:26] Anyone acny suggestions for a decent file-manager for linux? (cli) [17:26] *very* cool [17:28] hggdh: ./setup-hudson-regression.py --help will give you the other options - they need to match the details for the ISO url or it will break. [17:28] staale: interesting... maybe do a 'whoami' right before that and make sure you are who you think you are at that point in the script execution. [17:28] hggdh: fast not elegant today - may refine tommorow.... [17:28] JamesPage: fast is good enough, elegance depends on time :-) [17:29] hggdh: agreed - we can always refactor when we have decided where to go with this project next. [17:29] JamesPage: yes, even more given that this is growing without bounds [17:31] * RoAkSoAx batalling with OCFS2 again :( [17:32] Right now Im using mc, but its kidna.. crap [17:35] SpamapS: it says www-data for both bash /var/www/shs/test.sh in console and system("bash /var/www/shs/test.sh" ); in php [17:36] When I get to the login screen on Ubuntu Server 10.04, it's printing "MASQUERADE: lo ate my IP address" over and over. Anyone know what this means? [17:37] mtkorb: bug #117303 [17:37] Launchpad bug 117303 in linux-source-2.6.20 "lo ate my ip address" [Undecided,Won't fix] https://launchpad.net/bugs/117303 [17:39] staale: thats very weird then! what are the perms on /dev/ttyUSB0 ? [17:40] SpamapS: crw-rw---- 1 root dialout 188, 0 2011-02-14 18:39 /dev/ttyUSB0 [17:41] SpamapS: tried with o+wrx, but nothing [17:43] JamesPage: so how would I push an ISO to hudson [17:47] jmarsden: I don't have that script on my machine so the launchpad bug doesn't apply. [17:53] staale: ahh did you stop/start apache after adding www-data to dialout? [17:53] staale: group memberships aren't picked up until a user logs in, or is su'd to. [17:55] Spamaps: nice, thank you very very much :D [18:01] staale: always a pleasure. [18:05] anybody good with radius certificates? I think I have the server done but I'm a little stuck on the CA part.... [18:06] New bug: #718902 in mysql-5.1 (main) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: подпроцесс установлен сценарий post-installation возвратил код ошибки 1" [Undecided,New] https://launchpad.net/bugs/718902 [18:27] anybody good with radius certificates? I think I have the server done but I'm a little stuck on the CA part.... [18:36] kirkland: feh, of course now lucid wont boot (vgabios i assume) [18:37] kirkland: out for lunch, will be updating bioses later [18:52] anybody good with radius certificates? I think I have the server done but I'm a little stuck on the CA part.... [18:55] Roasted: you should probably try another channel and/or a mailing list before you start re-asking a question every 30 minutes. [18:55] tried another channel. free radius has literally 0 talk [18:55] so, here I am. Thanks. :) [19:01] New bug: #718188 in dovecot "dovecot won't be restarted after failure" [Low,Triaged] https://launchpad.net/bugs/718188 [19:06] jjohansen, are you around ? [19:06] yep [19:07] smoser: whats up? [19:07] you built a kernel for hardy [19:07] yeah [19:07] and pasted links, but i dont think there were any modules [19:08] oh, hrmm right I need to kick off that portion separately [19:08] give me a bit, I'll kick it off and let it build [19:11] happy valentine :) i love you all [19:11] lol [19:11] ivoks: happy valentines to you too [19:12] lol [19:13] ivoks: no you dont :) [19:13] Roasted: You might want to look at the README in /usr/share/doc/freeradius/examples/certs/ [19:14] zul: but i do :) [19:14] I pretty much have it memorized by now, genii-around [19:14] but thanks for the idea. [19:14] ivoks: fine...then fix dovecot ;) [19:15] zul: what's wrong with it? [19:19] Roasted: Does /etc/freeradius/eap.conf point to wherever you put the certificate? [19:19] ivoks: dovecot-postfix messes with the configuration file when you update postfix. [19:20] genii-around, I'm trying to generate the certificate first. [19:20] ivoks: 717298 [19:20] genii-around, all of the guides I found on freeradius, to put it bluntly... suck. And I found one that was a little more descriptive, so I was using this guide from ground up. But it won't take my command I'm trying to issue it [19:20] bug 717298 [19:20] Launchpad bug 717298 in dovecot "dovecot-postfix upgrade overrides main.cf" [Undecided,New] https://launchpad.net/bugs/717298 === zul_ is now known as zul [19:21] jjohansen, could you just upload to a ppa ? [19:21] smoser: no [19:21] is that possible ? or do these have to be spun more manually [19:21] suck [19:21] zul: well, yes, we could add a warning [19:21] Roasted: If you are in that dir where the REAME is, all the files to make your cert are there. If you follow http://wiki.freeradius.org/Certificates those files are in /usr/share/doc/freeradius/examples/certs/ [19:21] zul: but the point of the package is to override all settings [19:22] jjohansen, could you then please update what needs to be done at https://wiki.ubuntu.com/UEC/Images/Publishing ? [19:22] i know in the end we get it into ubuntu-on-ec2 ppa, but i'm not sure of how it gets there. [19:22] smoser: well yes it is possible but its going to a long time to get anything out of a ppa [19:22] well, in the end it needs to get to one [19:22] genii-around, I'm doing this by command line. The command I am issuing (as per the guide) is not working. [19:23] smoser: hrmm, okay I'll talk to smb about it [19:24] Roasted: You just need to issue: sudo make in that dir. Then you can either leave the certificate in there or move it somehwere else. Either way you need to then edit the eap.conf file to point to where it is. Then restart freeradius [19:26] genii-around, hang on a second. what does sudo make do? I'm trying to generate a cert from ground up with a command through openssl. what would sudo make do for me? [19:32] Roasted: You need to use sudo to execute the certicate-making script in /usr/share/doc/freeradius/examples/certs/ because regular user does not have write priveleges in that directory [19:38] Roasted: From the freeradius wiki page I already referenced: "make" .. "And the new certificates will be generated. There is no need to run any special OpenSSL commands." [19:40] genii-around, lol... so wait... are you telling me sudo make *IS* the cert making command? [19:40] Roasted: Exactly [19:40] What's the trick to it? Do I just have to be CD'd into that cert directory for sudo make to take on that usability? [19:40] because when I think sudo make I don't think "oh hey it makes certificates" [19:41] Roasted: There is a Makefile in that examples directory which creates your certificate when you issue the: sudo make [19:42] genii-around, what the... you gotta be kidding me. if it's that easy I'm going to be so angry. [19:42] Roasted: But since it will create it in the directory in which you issued the command, you then need to tell the main config file for your cert ( which is eap.conf ) where to now look for it [19:43] genii-around, yeah, that just requires editing it with gedit or something and changing hte path though, right? [19:45] Roasted: Yup [19:46] genii-around, looks like I got an error [19:46] genii-around, I can't paste from vmware but I'll retype best I can. [19:47] writing new private key to 'server.key' .................. problems making certificate request. error (insert long code here) encoding routines:ASN1_mbstring_ncopy:string too long. Make: *** Error 1 [19:53] Roasted: Check the clients.cnf file in the examples directory and make sure it has proper 2-letter countryName value (eg: the top-level domain name for your country), and that the value countryName_min is set to 2. then try the make again [19:54] genii-around, client.cnf in examples or in the actual freeradius dir under /etc? [19:54] Roasted: In examples. Since that is where the script is drawing the values from to make the certificate [19:55] does anyone know why logrotate rotates postgre logs with 'copytruncate'? [19:55] countryName just says "match" [19:55] hmm... [19:57] New bug: #251139 in apr (main) "backport apr 1.2.12 to Hardy" [Undecided,Won't fix] https://launchpad.net/bugs/251139 [20:04] Hello [20:04] I'm trying to install another hard drive, and I've been able to mount it [20:05] I editted Fstab but upon reboot I had some sort of error [20:05] mistakes in fstab are dangerous [20:05] ivoks: I noticed. :D [20:06] jdstrand: does tests/qemuxml2argvtest failing in libvirt ring a bell? [20:06] ivoks: I think the problem is that I put "ext3" for the type instead of "ntfs" [20:06] :) [20:06] then boot in recovery mode and fix it [20:07] ivoks: I was given conflicting results, one program said the drive was "ext3" and another "ntfs" [20:07] ivoks: Could you possibly help me through this process? [20:07] if you didn't format it, i doubt it's ext3 [20:08] sure, boot into recovery [20:08] hallyn: no. not at all. that sounds like a potential problem [20:08] I just did a fresh install >.> I'm experimenting with different configurations [20:09] jdstrand: well, if i parse this right it's on test 'cpu-exact2', and this is on armel [20:09] genii-around, is match an acceptable answer? [20:09] hmm [20:09] you can boot into recovery by choosing that option in the boot loader [20:09] aka grub [20:10] hallyn: istr something with armel, but not that [20:10] Choosing that option when booting with the CD ? [20:10] hallyn: makes me curious if the linaro qemu is being pulled in, but other than that, nothing springs to mind [20:10] i wonder if that thing is actually testing the libvirt monitor [20:10] oh [20:11] ZacLnxNewb: no, from disk [20:11] Roasted: No. CA for Canada, DE for Germany, AU for Australia and so on [20:11] hm, no qemu on the system actually [20:11] ivoks: I don't get a boot menu when I boot [20:12] still getting this darn error genii-around [20:13] eh, when in doubt clean up and re-try build [20:14] ivoks: I only get a menu when I boot using the CD [20:16] ZacLnxNewb: hold shift (ubuntu 10.04+) [20:16] ZacLnxNewb: or Esc (ubuntu <10.04) [20:16] ah [20:18] ivoks: sudo blkid returns [20:18] ivoks: /dev/sdb1: UUID="b52edc28-264b-4869-9899-436197c5ea03" SEC_TYPE="ext2" TYPE="ext3" [20:18] ivoks: but I think the drive is NTFS [20:18] New bug: #520977 in apr (main) "Requires non-existant libuuid.la" [Undecided,Fix released] https://launchpad.net/bugs/520977 [20:18] just boot into the rescue and then you'll comment out your line [20:18] then we will go from there [20:19] ivoks: I've already reinstalled freshly the system [20:19] ivoks: Nothing important lost. :p I'm just learning [20:19] hahaha cause of the wrong line in fstab? [20:19] i see you are switching from windows :) [20:19] ivoks: months ago. >.> [20:20] ivoks: I've been running a fairly secure server for quite sometime, I decided to reinstall and reconfigure stuff faster, cleaner, etc [20:20] ivoks: How can I reliably tell whether the drive is ext2 ext3 or ntfs? [20:21] ext3 is ext2 + journaling [20:21] every ext3 can be mounted as ext2 [20:22] Actually, I'm happy to format this drive, but I left it as ntfs because I thought it needed to be that for samba shares or something [20:22] ivoks: What file system would you suggest? [20:24] ZacLnxNewb: for linux server? ext3 [20:25] for bigger disks (1+ TB) xfs [20:25] just because it fscks faster :D [20:25] and mkfs is faster [20:25] what is the recommended option in the ubuntu menu [20:26] in the past at least, xfs was pretty sensitive to mishandling, ie improper dismounts in the case of a power outage, things like that. If there's no battery backup, it might be better to use ext3/4 [20:27] New bug: #604753 in linaro-toolchain-misc "[eglibc] process shared mutex's fail on armel v7 (thumb)" [High,Confirmed] https://launchpad.net/bugs/604753 [20:28] Hello to all, i've assigned this bug report to linux package, is it right ? https://bugs.launchpad.net/ubuntu/+source/linux/+bug/712382 [20:28] Launchpad bug 712382 in linux "10.04 Software raid unbootable - HP Proliant G6 server - 2 X 500 GB drives / 2 X 250 GB are always fine - pretty major bug" [Undecided,New] [20:28] awesome, so formatting the drive to ext3 [20:28] next is adding the uuid to fstab. :D [20:28] yes [20:28] do I just add this line? [20:29] uuid mountpoint type [20:29] is that enough to mount it? [20:29] no, that's a broken line [20:29] uuid mountpoint type options 0 0 [20:30] options can be just 'defaults' for start [20:30] ah, hey [20:30] 0 0 - don't break the boot if fs is broken [20:30] I appreciate the help [20:30] I'll be back in 20 minutes, need to pick up brother from school [20:30] Thanks [20:31] np === zul_ is now known as zul [20:34] whats the best option in the menu [20:35] menu? [20:35] samael6: please be more specific [20:35] the installation menu when you start the process [20:35] jevidl: that's past ;) [20:35] 'Install'? :) [20:36] how are you lost i just explained it very clearly [20:36] samael6: choose "Install Ubuntu" [20:37] and then what i wanna know when i install the server [20:38] samael6: you want to know what? [20:38] whats next in the installation [20:39] ivoks: re: dovecot, please take a look at bug 715056 [20:39] Launchpad bug 715056 in dovecot "invalid ssl-certificates in /etc/postfix/main.cf after security upgrade" [Undecided,Confirmed] https://launchpad.net/bugs/715056 [20:40] ivoks: it's not supposed to overwrite settings on upgrade, but there's (IMHO) a bug in the postinst script [20:40] hm [20:40] zul: ^ that's the correct bug # [20:40] samael6: https://help.ubuntu.com/10.10/serverguide/C/installing-from-cd.html [20:41] yes, configure always replaces certificate [20:41] ivoks: sure. I haven't used it in a while, but I know that for a while it was a pretty big problem. I usually just go for ext4 anymore, though once btrfs is stable in linux that'll be my new favorite :) [20:42] jevidl: it was a problem in 2.6.16-2.6.18 [20:42] iirc [20:43] if [ -z "$2" -o ! -e "$POSTFIX_BCKFILE" ]; then [20:43] iirc, $2 is new version that's being installed [20:44] ivoks: it will hit "-o ! -e "$POSTFIX_BCKFILE" 100% of the time [20:45] ah, right [20:45] my bad [20:45] instead of move, we should cp with timestamp [20:45] ivoks: yeah [20:46] and then copy /etc/postfix/main.cf to $POSTFIX_BCKFILE [20:47] zul: I'll let you and ivoks sort it out [20:47] mdeslaur: thanks [20:47] ivoks, zul: thanks! [20:47] i'll have to look at the whole postinst [20:49] Firefox should have notification "Too many tabs starting with 'Bug'" [20:50] what about under the package tasks what are those options im confused [20:51] what confuses you? [20:51] look under package tasks [20:52] i've done at least 200 server installs, but i don't know exactly what's written [20:52] iirc, there are 'LAMP', 'openssh server' 'cups printing server', etc... [20:53] DNS server, Mail server... etc [20:53] for a social networking website what do i pick [20:53] you know what LAMP is? [20:54] many social websites run on LAMP [20:54] what do the other options do [20:55] if you don't know what mail, printing, dns and cloud are... well, then those don't mean anything [20:56] oh ok [20:57] I know what lamp dns cloud, openssh, print cups and stuff are. :D [20:59] is it ok that i install the pc without the server what would happen if i did [21:01] how do I fix cylinder overlap here http://pastebin.com/3xf8qiFB .. this is a fresh server install LTS [21:03] axisys: sda1 is /boot? [21:03] ivoks: yes [21:04] axisys: quick and easy; copy all from /boot to /root/boot_backup; umount /boot ; fdisk /dev/sda and delete sda1 ; create new sda1, mount it as /boot and copy data back [21:05] ivoks: ok [21:05] ivoks: here's the line I'm putting into fstab [21:05] ivoks: UUID=500fb029-28dd-4e3a-a7e1-55def6a8e930 /drive/ ext3 defaults 0 0 [21:05] /drive [21:06] ive enabled apache2 rewrite to point to another page using a 301, i remove the settings, restarted the server and its still doing so [21:06] any ideas, is there some rewrite cache? [21:06] there's no rewrite cache [21:06] cache is in your browser [21:06] test with w3m, it doesn't cache :) [21:07] rebooting [21:08] Success! [21:14] ivoks: did not quite work.. i recreate the /dev/sda1 using fdisk /dev/sda and mkfs.ext2 and blkid /dev/sda1 in fstab and copied the data back to /boot and mounted fine.. reboot takes me to grub rescue> [21:14] it is not in production [21:15] i can rebuild the system.. unless there is another option [21:15] boot from live cd and reinstall grub ? [21:16] ah, update-grub was needed too [21:17] you can boot install/live cd and choose rescue broken system [21:17] ivoks: anyway to bring it back from grub rescue> ? [21:17] there is, but i'm not sure with grub2 [21:18] let me see something [21:18] grub rescue> ls show (hd0) (hd0,2) (hd1) (hd1,1) (hd2) [21:18] i have three disks [21:18] sda, sdb and sdc [21:18] insmod part_msdos [21:18] insmod ext2 [21:19] set root='(hd0,msdos1)' [21:19] linux /vmlinuz-(hit TAB) root=/whatever/is/your/root ro [21:19] initrd /initrd.img-(hit TAB) [21:21] hitting tab gives me nothing.. [21:21] ivoks: Do you know how I can make a shortcut to another directory [21:22] so that user's home directories have a folder they can go into that's actually a folder on the new drive? [21:22] /whatever/is/your/root <-- is it / or /dev/mapper/blah ? [21:22] axisys: /dev/mapper/blah [21:23] ok.. i got that one.. but vmlinuz does not expand with tab [21:23] ZacLnxNewb: of course (ln -s) [21:23] may be look into another LTS server [21:23] and pick up the vmlinuz from there [21:23] axisys: doesn't expand? [21:23] ivoks: no [21:23] are you sure you didn't add /boot? [21:24] it's /vmlinuz-something not /boot/vmlinuz-something [21:24] yep... not /boot in there.. typing exactly you said [21:24] try with /boot then :) [21:25] maybe grub2 doesn't have autocompletion [21:26] ivoks: probably [21:26] ivoks: iirc it has [21:26] it has [21:27] axisys: https://help.ubuntu.com/community/Grub2#Fallback%20mode [21:27] ls (hd0,0)/* [21:28] why isn't there hd0,1 in your ls output [21:31] i am trying with live cd now [21:35] hallyn: okay, i'm just now getting to installing your qemu-kvm 0.14 package [21:36] hallyn: which PPA is it in? [21:36] hallyn: you have like 30 PPAs :-) [21:37] ivoks: zachary@ZACSERVER:/storage/home/zachary$ cd public -bash: cd: public: Too many levels of symbolic links [21:38] ZacLnxNewb: what did you do? [21:39] I made a directory on the drive [21:39] home [21:39] and made two directories in that, public and zachary [21:39] I linked public into zachary [21:39] so just run grub-install /dev/sda1 (/boot) ? [21:39] ivoks: ^ [21:39] axisys: no [21:39] axisys: update-grub [21:39] and I linked zachary into /root/home [21:40] but trying cd public [21:40] axisys: grub is already installed (on /dev/sda) [21:40] gave me that error [21:40] what? :) [21:40] ivoks: done.. let me reboot [21:41] axisys: check /boot/grub/grub.cfg first [21:41] ivoks: looks fine [21:41] ivoks: did you get what I said? [21:42] ZacLnxNewb: not really but i see mistakes [21:42] can you paste the commands you used on pastebin? [21:43] ivoks: I made a home directory on the drive with "zachary" and "public" in it, and linked public into zachary [21:43] ivoks: and then linked zachary to the home directory on the system drive [21:43] commands please [21:43] cause what you said makes no sense [21:43] k one moment [21:44] ivoks: I can't paste the commands [21:45] ivoks: I have the system drive, and the 2nd hard drive [21:45] you mounted 2nd drive as /storage? [21:45] on the new second hard drive, I created a directory labeled "home" in which I created a "public" directory, and a "zachary" [21:45] ivoks: Yes [21:45] that's bad practice, but ok [21:45] so [21:46] ivoks: What's better practice? [21:46] mkdir /storage/home [21:46] mkdir /storage/home/public [21:46] yes [21:46] mkdir /storage/home/zachary [21:46] ok [21:46] ivoks: mkdir -p :P [21:46] what's next? [21:46] then ln -s /storage/home/public /storage/home/zachary [21:46] wtf? :) [21:47] ZacLnxNewb: mount -o bind is better [21:47] what? why? what are you trying to do? [21:47] New bug: #709944 in apr (main) "package libapr1 1.3.8-1build1 failed to install/upgrade: le paquet libapr1 est déjà installé et configuré" [Undecided,Invalid] https://launchpad.net/bugs/709944 [21:47] ivoks: basically have the home directories on the 2nd hard drive, and have a public directory that all the users can access [21:48] then don't do that [21:48] move your home to /media/storage (but mount the disk there first) [21:48] change home path in /etc/passwd (command is vipw) [21:48] and you are done [21:49] as for public, just create /media/storage/public [21:49] and chmod 1777 /media/storage/public [21:49] that's it [21:50] or mount second disk as /home [21:50] :) [21:51] axisys: is it working? [21:51] ivoks: nah.. its cool [21:51] ? [21:51] ivoks: it is not in production.. i can just rebuild it [21:52] before I was getting grub rescue> .. not I get grub> [21:52] :/ [21:52] ivoks: I personally want the disk to remain as storage [21:52] but sinc emy root is LVM .. grub does not recognize it [21:52] grub2 is new to me too [21:52] ivoks: Why is it bad practice to do what I did though? [21:52] axisys: but /boot is on ext3? [21:52] /boot is ext2 [21:52] axisys: on /dev/sda1 [21:52] ivoks: yes [21:53] then grub should see it [21:53] the tab completion works now.. but i cannot point to a lvm disk [21:53] ZacLnxNewb: http://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/index.html [21:53] ls from shows the lvms but it says unknown fs for root.. which is ext4 [21:54] axisys: eh? you type in root=/dev/mapper/volumegroup-logicalvolume [21:54] ivoks: yes [21:54] axisys: and initrd after that? [21:54] ivoks: no [21:54] hehe [21:55] lvm module is in initrd [21:55] kirkland: ppa:serge-hallyn/virt [21:55] 22:19 < ivoks> linux /vmlinuz-(hit TAB) root=/whatever/is/your/root ro [21:55] 22:19 < ivoks> initrd /initrd.img-(hit TAB) [21:55] ivoks: oh ok.. let me try again.. [21:55] hrmf... so, three full ZFS VDEVs, slow-as-fuck fileserver, replacing 21+1 2TB drives soon with 3TBs, adding some 2,5TB worth of SSDs for L2ARC, some quick SSDs for SLOG, this will take some time............... [21:55] ivoks: Well, I'm going to have it remain storage, I guess I'll just chnage the home directories to be on the storage [21:56] zfs is fine, that's for sure, until the shit hits the fan [21:56] ZacLnxNewb: ok [21:59] so run it like this? [21:59] insmod part_msdos [21:59] insmod ext2 [21:59] set root='(hd0,msdos1)' [21:59] but my root is lvm [22:00] root in grub is not linux root [22:00] it's the root where grub config is [22:00] ivoks: so I shoudl type set root=(hd0,1) instead [22:00] yes [22:00] not set root='(hd0,msdos1)' [22:01] in my grub.cfg it's msdos1 [22:01] oh ok [22:01] why is that, i'm not sure [22:01] probably cause insmod part_msdos [22:01] msdos ftw! [22:02] no memory protection, no fancy memory management... [22:28] everytime i install a ubuntu-server from a cd iso, I need to modify the installation with hit F6 and remove quiet and add console=ttyS0,9600n8 to finish the install from serial.. how do I modify that line and re-iso the image ? [22:30] my servers iloms have a way to install or boot from remote iso.. but usually the gui is slow when installing remotely.. i rather do it from cli .. [22:30] i've done it only with pxe installer [22:31] ivoks: with pxe .. i have to have a dhcp on same network .. little difficult .. ilom -> cd iso works better.. [22:32] we have servers all over the country.. [22:32] all our servers have iloms [22:32] if i know which file has that command.. i could modify and re-iso it and give that a try [22:32] axisys: on install cd there's isolinux dir [22:32] in it there's text.cfg [22:33] cd /mnt/isolinux .. i am in there.. let me find the file [22:34] oh.. its in that dir [22:34] found the append line [22:34] you could also modify isolinux.cfg so that default is text.cfg instead of vesamenu.c32 [22:34] thanks [22:34] ivoks: even better [22:34] but test it with kvm or something [22:34] i've never tried changing default [22:34] ivoks: yep.. [22:35] i guess i need to add a serial on top .. so even the menu shows up in serial.. instead of blindly hitting enter twice [22:35] let me find the syntax for that [22:36] i will test it in virtualbox .. so to make a iso .. just mkisofs .. correct ? [22:38] https://help.ubuntu.com/community/InstallCDCustomization [22:38] skip to Burning the CD [22:39] ivoks: thanks a lot :-) [22:40] nice.. i could make changes to the preseed too [22:40] creating all these LVMs take a while [22:40] i have to do the same for two other servers [22:42] instead of serial, i like to start network console and just ssh into installer [22:44] ivoks: how? [22:45] ivoks: you mean with dhcp ? [22:45] or pxe rather ? [22:46] no... [22:46] you kickstart/preseed everything before partitioning [22:46] and add anna/network-console to kernel line [22:46] you have to preseed password [22:47] https://help.ubuntu.com/community/Installation/NetworkConsole [22:48] installer starts, sets the network, language, keyboard, hostname, all that [22:48] and then starts sshd [22:48] wow! [22:49] let me check it out [22:51] you can ssh to it [22:51] and then get the console in the installer [22:51] or just continue installation [22:56] New bug: #719056 in sg3-utils (main) "Sync sg3-utils 1.30-1 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/719056 [23:26] hallyn: using the qemu-kvm, qemu-common, seabios, and vgabios from your ppa: [23:26] $ kvm -m 1024 -smp 2 -hda natty-server.img -vga std [23:26] kvm: pci_add_option_rom: failed to find romfile "vgabios-stdvga.bin" [23:27] hallyn: same for -vga vmware [23:28] hallyn: -vga qxl dumps me to the qemu monitor, strangely === Kiall is now known as Kiall|AFK [23:44] hallyn: yeah, we just need to add a few more *.bin to debian/install: http://paste.ubuntu.com/567155/ [23:56] Hey all, i am having some Apache issues, i can't access my site without the WWW, can anyone give me a hand at debugging this? [23:57] marks: you probably need a ServerAlias without the www [23:57] assuming you don't already have one [23:58] BigRedS, how would i go about adding that? To HTTPD.conf? [23:59] my first guess would be /etc/apache2/sites-available/default [23:59] just under the line that says ServerName www.bigred'sdomainname, hopefully :-) [23:59] RoAkSoAx: testdrive -u file.img is broken (again)