zuladam_g: whats up?00:36
echosystmwheres the ubuntu development channel?01:06
twbechosystm: development of what?01:06
a1fa i am trying to purge perl, http://pastebin.com/KH4qXthJ01:23
a1fahowever its messing up01:23
a1fai may have manually removed some files01:24
a1faand now i cant get it out of the apt database01:24
a1fawhat to do?01:24
twbReinstall from scratch01:27
qman__touch the files it's looking for01:27
qman__it works, I've done it01:27
a1fadpkg -r - --force-remove-reinstreq01:27
a1faworked just fine01:27
a1faany other way of making this dumb thing stop01:35
a1fa21st century.. we are not dealing with rpms here guys :001:36
pmatulisa1fa: making what stop?01:39
twba1fa: 21st century... don't "manually remove some files"01:40
a1famy bad dude ;)01:40
a1fabut the files are bacvk01:40
twbStill getting the error?01:40
a1fayes, i know why01:42
a1faPOSIX.pm has not been reinstalled01:42
a1facan someone apt-file search POSIX.pm please?01:44
twb$ dlocate POSIX.pm ==> perl-base: /usr/lib/perl/5.12.3/POSIX.pm01:45
a1fawhat version are you on?01:45
a1fahow about File.pm?01:47
twbYou know packages.u.c has a dpkg -S equivalent01:48
free99hello all, I've been trying to install LDAP on my server for a little while. Now I know you're probably as tired as I am of LDAP, but my question is simple02:03
free99I was previously using ldap on 10.04 and recently moved up to a new install of 11.04... it seems that the back and frontends get populated by the post-install script...02:03
free99how do I get rid of the configuration provided and replace it with the one I have?02:04
twbfree99: well, fun story02:05
qman__you go back to 10.0402:05
qman__not to be mean, but seriously02:05
qman__it's going to be less of a headache02:05
qman__and it has a longer support lifetime02:05
qman__not sure why you'd move to 11.04 for something like that in the first place02:06
twbfree99: wait, what do you want to repopulate -- the config database (slapcat -n0), or the "real" database, the one with the user objects (slapcat -n1) ?02:06
twbqman__: because new versions = SHINY02:06
qman__shiny's great for desktops and fooling around, but not for the backbone of your network02:07
free99twb: I need to do both, I assume... I have a nice tree setup, and users to go with it. Adding the users isn't a big deal, but the tree is where I'm having a problem, besides getting TLS to work properly (whole other story, forget I metnioned it)02:07
twbYou would be amazed how often I have to train people to avoid shiny by means of operant conditioning02:07
twbfree99: I don't know what you mean by "tree is where I'm having a problem"02:08
free99(sigh) I moved to 11.04 because my last system failed thanks to a drive failing despite it being raid 5...02:08
twba1fa: as in you hit them with a stick when they upgrade things02:08
free99and I figured things with TLS had improved, perhaps02:08
twbfree99: that would be because bootdegraded defaults to no02:08
qman__regardless if it's better or not, with 11.04 you'd have to upgrade in 6 months, and again in another 602:09
qman__too much work02:09
a1fawhy would you do that?02:10
free99Isn't the config database where the actual layout is, e.g. the root and its branches? The users and their data were in /var/lib/ldap I thought...02:10
qman__because that's the normal release schedule02:10
qman__which is why LTS exists, so you don't have to02:10
twbfree99: the config database is what used to be slapd.conf02:10
free99besides which I have a bunch of specific enhancements and such that I want to put back in but can't seem to, especially using an accesslog overlay02:10
twbfree99: now it's like /etc/openldap/cn=config/ crap02:11
twbI think with enough effort you could migrate your 10.04 cn=config tree to whatever 11.04 has, but I agree with qman__ that you shouldn't use anything but LTS02:12
free99yeah, I know... I've been resisting the urge to move to slapd.conf very, very hard for the past month02:12
a1fatwb: who do you hit?02:12
twba1fa: the users responsible02:12
free99I'm going to blame my age and lack of experience for going with a non-LTS, just because I can :P02:13
qman__and then there's the companies that grab a non-LTS release and just leave it like that for years, and you end up with 9.04 shells you can't patch02:13
twbqman__: you think that's bad?02:14
free99at this point I already have several other services running successfully on it, so... I'm not rushing to reinstall everything despite having made a script that does the majority of security and such02:14
twbqman__: yesterday I recovered a server from 2002, running Mandrake 10, with *XFS* filesystems, an empty fstab and a 100% full root filesystem due to years of SQL dumps in /home/merlin/public_html/cron/data/backups02:15
free99but in retrospect, yeah, bad plan on my part02:15
twbWhen the customer regained conciousness, I gently explained that he should migrate to a supported OS02:15
twbOh, and the machine allows password-based root logins and wasn't behind a NAT :-/02:16
qman__and apparently is storing backups in public_html02:16
twbqman__: the whole web app was in there02:16
twbAnd of course it's PHP/MySQL02:16
free99pass me some of what that guy who setup the box was smoking02:17
twbHe was probably a work experience student or an indian rent-a-coder or some shit02:17
free99so... is there a way for me to wipe out the default config and replace it with mine? I have two LDIFs, that should take care of everytihng...02:18
twbfree99: just apply the LDIFs, then02:18
a1fatwb: you hit people at work?02:19
twba1fa: sure02:19
twba1fa: otherwise they do not learn02:19
a1fawhere do you work?02:19
a1faHR loves you :)02:19
free99ldapadd and slapadd both complain that the databases already exist02:19
twbfree99: so presumably your LDIF assumes the database is empty02:20
twbfree99: in which case you need a different LDIF02:20
free99I mean I suppose I can have two databases, but why? the LDIF specifically points to {1}hdb which already exists... I know if I get rid of the {1} it'll increment to create a new database, but..02:21
twbSo write an LDIF that modifies the {1}hdb object instead of trying to create it02:24
free99that's a good idea twb, I'll look into it :)02:32
twbPersonally I think it would be easier to give up and redo it in lucid02:33
twbLDAP is a massive pain in the arse02:33
free99dude, I burned 4 hours today trying to get ldap to tell me when someone successfully binds to the server so I can make a script that prunes old accounts02:34
free99and it still doesn't work lol02:34
twbYou know how I did that?02:34
twbI gave $boss a list of accounts and said "tick the ones that should continue to exist"02:35
free99ah I wish I could do that, I'm trying to do this for a unix lab where new students show up all the time, old ones leave...02:36
free99my boss has been doing it that way for a while02:36
twbSurely your uni knows which students are still there02:36
free99he's currently running the network on an NIS box setup in....95 I think02:36
twbWell, NIS just works02:36
free99it seems pretty insecure from what I've heard..02:37
twbIt's only real downsides are that it's completely insecure, and that newer services can't talk speak it.02:37
RoyKtwb: NIS rocks like elvis, somewhat out of style...02:37
twbGrr, so now I have an "urgent" task to work out why my apache reverse proxy is breaking prayer (webmail) attachments02:39
kellnolaAt my last job we still used NIS for automount maps and groups heh.02:40
twbI'm glad I have LDAP working now, but I would've been happier if I could've stuck with nIS02:41
kellnolathe only prob with LDAP is all the different implementations ...02:41
kellnolaopenldap is a little behind the commercial ones02:42
twbI wouldn't know about proprietary solutions02:44
twbExcept that all the kerberos people seem to have an attitude of "AD or GTFO"02:44
kellnolatwb, really? There's lots of unix "kerberos people"03:15
twbNot on #kerberos AFAICT03:15
kellnolawell AD is by far the most widely used implementation03:16
kellnolaso that isn't surprising03:16
twbYou say something like "I just want krb to work without the hassle of running a 2k3 server" and they are all "what are you talking about, Windows is the bestest, unix is for fags"03:16
kellnolasounds like "idiocracy"03:18
kellnolaI have noted that windows folks rarely understand the underlying technologies they use very well03:18
kellnolaI have never met a windows admin that understood kerberos very well03:18
twbSo anyway, what I have now is a nice simple openldap server with authorization performed by means of bind attempts, no root bind at all (only local root user has rw privs), and the ppolicy overlay to deal with password expiry and such.03:19
kellnolaor for that matter, DNS, or pretty much anything else03:19
kellnolatwb, great!03:19
twbAnd no samba support because dealing with bullshit like "machine accounts" would've meant giving write access to LDAP to the samba host03:19
kellnolaif it's all unix you have no use for samba03:19
twbThe main downside is that without kerberos, there only really trustworthy network filesystem you can use is sshfs03:20
kellnolathat would be correct03:20
kellnolaI have to get around to NFS403:20
twbNFSv4 on its own (i.e. krbless) is obviously not a big win re security03:21
twbYou can still just get any old client and say "sudo -u twb cat ~twb/.netrc" or whatever03:21
kellnolait was really meant to work with it03:21
free99dammit... I really have to get kerberos working too?03:21
kellnolanfs3 is kind of horrifying wrt security03:21
twbI do still use NFSv3 for /home on a subset of the local LAN which (hopefully) has better physical security.03:22
twbWhich is to say, the servers in the machine room03:22
kellnolanfs3 is in very wide use in the unix world03:22
twbwe have an exciting problem with nfsv3 atm where secondary group permissions are totally ignored03:22
kellnolathankfully v4 has acls03:23
twbWhich breaks an otherwise perfectly adequate posix permission like ceo:officers 750 /srv/nfs/agm-minutes/03:24
kellnolaI'd rather use document management than nfs for general office crap. there's good free ones03:25
twbweb UIs?  DO NOT WANT03:25
kellnolatwb, webdav or web ui03:26
twbI am slowly increasing the amount of stuff we keep in git-backed rest/markdown03:26
kellnolait does keep users from making a mess of the system03:26
twbI'm only allowing apache with bad graces, and PHP and MySQL not at all03:28
twbSo if your DMS is sitting on top of, like, tomcat, it can just FOAD03:29
twbFor my customers' systems, I feel differently because they're all idiots and, as you say, they'll make a mess if given the chance03:30
kellnolait also puts a crimp on "that one guy in the office who knows MS Access really really well" and that persons penchant for creating zillions of shitty little databases for everyone to use03:32
twbNo windows here :-)03:32
twbWell, there is one that we have to use to talk to the stupid federal tax people :-/03:32
kellnolawhere do you work? university? industry?03:32
twbbasically a rent-a-sysadmin shop03:33
kellnolathe only all unix job I ever landed was at a (US) fed that did geological/ seismic analysis03:34
twbMost of our customers have windows desktops, but dealing with those is farmed off to whichever poor bastard we just hired03:34
kellnolathere is definitely a certain amount of happiness that comes with never having to even look at windows, and actually being able to solve their problems03:35
kellnola*the users problems03:35
qman__my job is pretty similar but unfortunately it's mostly windows environment, small companies and local governments running windows SBS servers03:36
free99I love unix, but christ I hate ldap03:36
qman__my linux-ward progress so far includes a machine to store/scan infected systems' files, and a remote backup solution with backuppc03:38
qman__without drop-in DC capability, linux just won't work its way into the customers' shops03:39
qman__and even then, some of them have custom software03:40
free99you'd think some company out there would work up a proprietary solution just because of that03:40
free99though I guess likewise is trying that out03:40
twbfree99: proprietary solution for what?03:40
free99a drop-in domain-controller?03:41
twbWe have a proprietary solution for that03:41
twbbuilt on top of linux and samba :-)03:41
qman__samba 4 is supposed to do the job, if/when it ever gets done03:41
kellnolasamba integrates just fine as an AD member, and of course can be an (old type) DC03:42
qman__the other biggie is exchange for contacts and calendars03:42
qman__mail is no problem, but the other stuff is harder03:42
kellnolaqman__, we sell a product call zimbra to our clients, it's a unix based exchange clone03:42
kellnolaworks very well with outlook03:42
kellnolathey can't tell the diff03:43
qman__how's the system requirements on that03:43
kellnolaoh it's all hosted off site03:43
twbqman__: samba 3 is a DC, it's just not an AD DC03:43
qman__we've got customers with quad cores and 8 gigs of RAM crawling with SBS2011, they just keep making it impossibly huge03:44
kellnolaqman__, we have one client using their own server, the app seems pretty well bahaved03:44
qman__and don't even think about using blackberry enterprise03:44
qman__that basically doubles the RAM requirement, by itself03:44
kellnolagod I hate SBS03:44
kellnolaand all it's stupid restrictions03:44
twbRe "groupware", we roll out ZCS (zimbra), and we've rolled out scalix in the past and we've dealt with sogo and thingy as well.03:44
twbThey're all abysmally shite03:44
kellnolatwb, heh03:45
twbZCS compiles all of ubuntu in /opt with custom patches and CVS snapshots of upstream codebases03:45
qman__I mean, what's the point in selling a small business package, when it'll only run on a four grand server03:45
twbI found the guy who makes the ZCS packages, and it was clear he didn't understand why distros even exist03:45
kellnolatwb, all I've ever seen from them is tarballs03:45
twbHe just thought everyone should have a linux kernel and then his huge ZCS blob03:45
twbkellnola: I use "package" loosely03:46
kellnolatwb, MOST commercial unix devs are just like that03:46
twbkellnola: yeah, it's a bloody crock03:46
twbAnd on Linux it's unforgivable03:46
kellnolathey do not have the deep understanding of systems, or discipline, that OSS devs have03:46
twbI could understand people doing it on Windows or SCO where there is no package infrastructure or anything03:47
twb(Yes, I have to deal with SCO and SunOS and crap sometimes :-(03:47
kellnolatwb, thankfully we just have them use ZCS hosting03:47
twbkellnola: out on some VPS in "the cloud" somewhere, a la buying a commercial gmail contract?03:48
kellnolaI don't want them running mail in-house anyway, unless they're huge03:48
kellnolatwb, yes it's cloud03:48
twbYeah, I think we avoid that because of concerns about data sovereignty and such03:48
qman__the prospect of going entirely down when the comcast modem craps out is not appealing to our customers03:48
twbOr just because users want to keep reading mail when their shitty .au DSL falls over for a week03:48
kellnolawell we have other concerns like frequent evacuations, hurricanes, etc.03:48
qman__and actually, we've been trying to get people to move their mail in-house because of how terrible the SBS POP3 connector is03:49
twbI'm about to switch from ADSL2+ to "naked" ADSL2+ at home, and the migration time for Telstra to do their part is FOUR WEEKS03:49
qman__and how difficult it is to get email to phones when all they have is pop to some other host03:50
twbFor what amounts to unplugging a cable from one DSLAM and patching it into a different DSLAM03:50
twbqman__: well, IMAP/MAPI/webmail, not POP03:50
kellnolahow fast is ADSL2+?03:50
twbkellnola: theoretical maximum is something like 24mbps down, 4mbps up03:51
free99does this look like a correct ldif to modify the pre-existing database?03:51
free99dn: olcDatabase={1}hdb,cn=config03:51
free99changetype: modify03:51
free99add: olcDbIndex03:51
free99olcDbIndex: uid pres,eq03:51
kellnolawe're almost all HFC, some metro ethernet, a couple of DS103:51
twbfree99: that all depends03:51
qman__unfortunately one of the hosts most of our customers are on does not offer any of that, only POP03:51
twbfree99: here's a working one for lucid, that shuts up slapd syslog some: http://paste.debian.net/122044/03:51
qman__they're stuck in the 90s, and keep getting on spam lists03:51
twbfree99: but I don't know what your current cn=config database contains, or what you want it to contain03:52
qman__it's been a nightmare03:52
kellnolawow I haven't seen anyone using POP in quite some time ... and I live in a backwater03:52
twbkellnola: but in .au a privatized ex-government company has a monopoly on the copper, and they're letting it rot because they want to migrate to FTTH at the government's expense03:52
twbkellnola: so it's usually more like 2-6mbps down03:53
kellnolano so bad03:53
kellnolaDSL here is just terrible03:53
kellnolathe support won't even speak to you if the modem's bridged03:53
free99twb: it doesn't have the right suffix, it got picked based on my FQDN which isn't good enough03:54
twbYeah, well, I expect better connectivity in the continent's second biggest city...03:54
free99that script you linked me is a big help though, thanks03:54
twbfree99: ah, well, that's a major pain in the arse to fix03:55
kellnolasamba 4 is becoming like Duke Nukem 3D03:55
twbfree99: because you will have to rename all the dn's in the {1}hdb03:55
kellnolaI am so sick of waiting for it03:55
free99kellnola: I thought it came out already03:55
kellnolathough I didn't give a crap about Duke Nukem 3D03:55
twbfree99: btw, you should read the ldapmodify and ldif manpages and such03:55
free99duke-nuke 'em forever?03:55
free99I'm working through a tutorial right now actually, and trying to adapt it lol03:56
kellnolafree99, LDAP is wonky but once you get used to it you'll appreciate it03:56
free99I already have big plans for it, but that's if I can get the SOB running03:56
twb"the game was released in 2011 but had been in development since 1996."03:56
kellnolayeah "Forever" sorry03:56
kellnolaso, you folks that service outside clients, how do you deal with the crap of users running their desktops as administrator? Most of ours insist on it03:58
kellnolawindows users I mean03:58
kellnolawe are thinking of moving to an SLA based system where the price would be less the more restrictive it is03:58
qman__the software they run requires it03:59
qman__it's the only option03:59
kellnolaqman__, much of the time, yes ... thinking about having them run a dedicated terminal server for garbage like that03:59
qman__tried terminal services with one, it's a total mess03:59
qman__and expensive, really expensive04:00
qman__a server and some CALs costs enough, but then they want office04:00
kellnolaI don't know, we're doing that with one of them, it's working out pretty well04:01
kellnolaso far04:01
qman__and they can't use the office they already bought and have the license to, you have to get a volume license04:01
qman__and then when their proprietary app needs an update04:01
kellnolathe app itself is so expensive they don't notice the CAL's really :-/04:01
qman__an administrator has to log on to the server console directly and update it04:01
qman__because it won't update over TS04:01
qman__just all the licensing bull you have to work around is insane04:02
kellnolaqman__, well that goes for anything with windows04:03
kellnolawho can figure that BS out it is total insanity04:03
kellnolanot to mention the "upgrade paths"04:03
qman__trying to explain to a customer that they bought the wrong version of the software04:04
qman__despite it being the right software they need, just not licensed for the other software they're running04:04
qman__and that the version they need costs five times as much04:04
qman__just because04:04
kellnolaqman__, yes that's lovely04:04
kellnolaI'm thinking of trying to get out of all this and maybe develop and sell POS systems for people ... something where I would not be pulling my hair out every day04:05
kellnolaover retarded shit04:05
riz0nI have an Ubuntu Server, and have some email aliases in the aliases file. Is there a way to create a wildcard alias? (like, for instance, account-??? would accept from account-000 or account-123 etc. to the address accounts)04:07
kellnolariz0n, don't think so, at least not in /etc/aliases. There might be an MTA that does that04:08
twbriz0n: that is called "sub-addressing"04:08
twbFor example foo+bar@gmail.com will be delivered to foo@gmail.com04:09
kellnolawow ... jellyfish have shut down the second nuclear plant in two weeks04:10
DougJis there a way to run the explorer with admin powers04:10
DougJso I don't have to use a terminal to manipulate files in system directories?04:11
twbriz0n: I think it's $recipient_delimiter in postfix04:11
qman__DougJ, not a server question, but the answer is gksudo nautilus04:11
twbDougJ: what is "explorer"04:11
twbqman__: nooo, current gvfs will have something like "sudo://" I expect04:11
twbqman__: better than running the whole app with escalated privds04:12
DougJtwb, it's nautilus, you did not know what I was talking about?04:12
qman__I suppose04:12
twbDougJ: I don't use GUIs04:12
qman__command line is better anyway04:12
twbqman__: +104:12
riz0nright i am familiar with the "+" subaddressing, but thats not what im going after04:12
riz0nill just make some aliases for the #'s i need04:12
DougJtwb, you never have ever?04:12
twbriz0n: well, that's all you can have AFAIK, though obviously you can use "-" instead of "+"04:12
qman__and as said before, that is not a server question04:12
qman__as server does not have a GUI04:13
qman__so if you want to reliably get answers to GUI questions, you're asking in the wrong channel04:13
DougJqman__, your answer was plenty reliable thanks04:13
DougJqman__, I don't have access the the regular support channel as I am banned04:14
twbDougJ: that is no excuse to ask the wrong channel04:14
DougJtwb, but it is a reason04:14
qman__and probably a good way to get banned in more channels04:14
twbHear, hear.04:15
DougJqman__, any way to get unbanned?04:15
qman__dunno, I'm just a user04:15
DougJwell, I don't have many options then do I04:15
twbDougJ: the freenode documentation probably discusses the general process04:15
DougJhow can you speak to an op if you arn't in the channel?04:17
qman__find out who they are, and /msg directly04:17
qman__as for who the ops are, it's definitely documented somewhere04:18
DougJoh really I didn't know that worked when you weren't in a channel with someone04:18
twbqman__: the page I linked to shows how to list ops04:18
DougJyeah, that link twb...04:18
free99so this ldif is getting very tedious. considering that the package installer for slapd uses the FQDN to make the choice of domain *for* me, can I temporarily change my FQDN?04:21
free99I mean, how can I change it temporarily04:21
free99oh, wtf?04:22
free99I did a dpkg-reconfigure and first thing it asks is if I want to skip having it configure ldap for me04:23
hackeronhey, question - how do I connect to a wireless access poing using a WPA passcode from the command line?04:25
qman__last time I tried to do that was years ago, and I didn't succeed04:26
qman__it required wpa_supplicant and some significant handwriting of configuration files04:27
qman__the situation may or may not have improved since, but I don't know04:27
twbfree99: with priority=low it asks IIRC04:27
twbfree99: ICBW, because currently I disable auto-setup04:27
free99auto-setup is what got me chasing my tail for the past week lol04:28
twbhttp://paste.debian.net/122047/ shows the server side of my setup; NOTE that client-side setup is already done, so the ldap utilities are already looking at/for slapd before it exists.04:28
free99so if I want the autosetup to ask all the questions the first time around, how do I do that in one shot?04:28
hackeronqman__: yeh, the guides are can find look unreasonably hard :( -- except for this one: http://modelr.wordpress.com/2009/06/01/how-to-get-wireless-network-on-ubuntu-server/ - but that one is kind of hard coded to just 1 wireless access point04:28
twbhackeron: WPA2 PSK or Enterprise?04:29
hackerontwb: just WPA PSK04:30
twbInstall hostapd.  Write hostapd.conf.  You are done.04:30
free99hackeron: I know network-manager, as crappy as it can be, has a good CLI system that almost nobody uses, and it's good at roaming04:30
twbWriting hostapd.conf is about as easy as writing wpa_supplicant.conf, i.e. trivial.04:30
twbfree99: it doesn't have a good CLI system.04:30
twbfree99: NM uses wpa_supplicant, and since wpa_supplicant has perfectly good roaming and CLI functionality, there is absolutely no reason to use NM04:31
twbhttp://paste.debian.net/122048/ <-- NM-less WPA2-PSK client with pre-defined networks04:32
hackerontwb: so you would recommend hostapd?04:32
twbhackeron: hostapd is really your only choice04:32
hackerontwb: what about http://paste.debian.net/12204 you just posted?04:32
twbThat's the client side04:32
hackeronI am talking about the client side04:33
free99that's a good script04:33
twbDo you want to configure an AP or a client04:33
twbOh right04:33
hackeronmy "server" is an access pont04:33
free99the ldap one you sent me I mean04:33
twbhostapd is for the AP, wpa_supplicant is for the client side.04:33
hackerontwb: ah, awesome :) - thank you!04:33
twbThey are built from the same codebase04:33
twbfree99: note that it's rather peculiar in places, e.g. no root bind dn04:34
free99that's mine04:35
hackerontwb: is there a script that will join a know SSID if it can find one, otherwise try all the open ones one by one until it can find one that has access to the internet?04:36
hackeronjoin a known*04:37
free99lol hackeron, that'd be pretty cool04:37
hackeronheh, indeed :P - especially in a car04:38
free99so when I run apt-get install, is there a way to get an in-depth configuration screen?04:38
twbhackeron: I don't know about open APs, because I've never encountered one04:38
twbI don't think that's particularly on-topic for -server tho04:39
twbfree99: dpkg-reconfigure debconf ?04:39
hackerontwb: why not? - if I ask on #ubuntu they'd say network manager, heh - but I'm doing this on ubuntu-server :P04:40
free99ok, that's for all of 'em04:40
free99but what about doing it for only packages I'm interested in?04:40
hackerontwb: the info in your link worked beautifully btw, thank you!04:40
twbWell, Ubuntu users are idiots04:40
hackeronheh, that's another reason why I ask here, heh04:40
free99hey man, when I was a BSD head, I got everything done and well04:41
twbfree99: then you need to set... DEBCONF_PRIORITY=low, I think, prior to your apt-get run04:41
free99but hal killed everything04:41
twbfree99: you can't do it per-package, you can do it per-run, or you can invoke dpkg-reconfigure on a package AFTER it's installed04:41
twbIf hal is still alive, you should kill it04:41
free99I heard debian was doing something like bringing their packages over to freebsd or something of that nature...04:42
twbThe useful functionality was rolled into udev, and the stupid XML RPC crap is still present, but in the newer equally dumb udisks/uthingy04:42
free99including udev04:42
twbfree99: debian supports two kernels -- linux and freebsd's04:43
free99wait, there's got to be a caveat or three there04:43
twbThere's also nexenta, which was nominally Debian/kOpenSolaris, but due to the cuddle of death, I think it's pretty denatured now.04:43
twbfree99: well, Debian/kFreeBSD has a lot fewer eyeballs than Debian GNU/Linux or FreeBSD.04:44
free99freakin' awesome, I got it04:53
poseidonSo I have a long script on my local computer.  It's in bash.  I want to be able to ssh into a server, run the script, then go into a terminal (while being able to see that info).  So far all I've been able to do is something along the lines of ssh host command && bash.05:24
poseidonAny ideas?05:24
twbssh host -t /path/to/script ?05:25
poseidontwb: the script is on the local computer05:27
poseidonNot on the remote05:27
twbEither scp it across, or do something evil and wrong like { cat script; cat; } | ssh -t host05:28
free99wth does it mean when you get "ldap_modify: Insufficient access (50)" despite having the system set to allow local root to do anything/05:31
free99hmm, I am doing -Y EXTERNAL05:48
twbSame thing05:51
free99I mean I'm doing that and it's still not working05:53
free99as root: ldapadd -x -D "cn=admin,dc=itech,dc=portal,dc=baruch,dc=cuny,dc=edu" -W  -H ldapi:/// -f test2.ldif05:54
twbI see no -YEXTERNAL there.05:55
free99oh, right, that's my attempt w/o it lol05:56
free99ldapadd -Y EXTERNAL -H ldapi:/// -f test2.ldif05:56
free99that's the ldif I'm trying to add in05:58
free99I appreciate the help a lot twb05:59
twbfree99: you probably should not tell us your hashed passwords06:01
free99I messed with it a little just in case, don't worry06:01
twbAnd if you intend to only use -YEXTERNAL, don't set an oldRootPW at all06:01
twbLines 1 and 2 are pointless06:02
twbAnd you can omit "changeType: modify" if you're passing it to ldapmodify06:02
free99well... I'm going to need a web front-end for the server, we have several people who are going to be adding/removing users06:02
twbldapadd and ldapmodify are basically identical except for the default ChangeType06:02
twbfree99: fair enough06:02
twbfree99: although you could theoretically give object creation rights to those users, and have the web app "sign in" to ldap as them to make changes06:03
free99(sigh) you know that feeling where you're at the limit of your knowledge and stuff keeps getting piled on you?06:03
twbMost existing web apps don't operate that way, they just assume they have full root access06:03
free99I've been working on this for about 3 weeks straight, bootstrapped06:03
twb(Where "root" means ldap root bind dn, not unix root user)06:03
twbfree99: yep, BTDTBTTS06:04
free99what's that mean?06:04
twbBeen There, Done That, Bought The T-Shirt.06:05
free99yeah man..06:05
twbOr, you know, JFGI06:05
free99lol do I even want to know?06:06
free99aw maan06:21
free99JFGI, you have no idea how much I'm going to wear that word out and bring further shame to unix peeps everywhere06:21
twbNot saying "peeps" would be a start.06:26
free99oh werd? I'm getting sleep drunk...06:26
free99I think I should read a book06:26
free99so I guess I'll see you later06:26
free99and thanks again for your help twb06:26
twbOh *awesome*.07:29
twbNew client, they have a machine accepting password-based root logins from the internet, with a dictionary-based password, and they are running... Debian 4.007:30
twbAhaha, and proftpd instead of vsftpd07:30
greppywhat's wrong with proftpd?07:31
twbIt's not vsftpd07:31
greppythat's not a helpful explanation.07:31
twbOr better than either, would obviously be OpenSSH's SFTP07:31
twbgreppy: the short version is that vsftpd cares about security more than anything else, and proftpd doesn't.07:32
twbgreppy: ICBF digging up the MITRE security history of both07:32
twbw00: yes, I know07:39
twbThough that doesn't affect Ubuntu or Debian.07:39
twbI should be very clear that I recommend OpenSSH, and I only recommend vsftpd if SFTP is not an option for stupid non-technical reasons.07:41
* greppy feels the same way, just s/vs/pro/ :)07:43
twbI dunno about proftpd, but one thing I like about vsftpd is that every feature is off by default07:43
twbSo you have to opt into e.g. rw or auth07:44
greppyI almost never trust defaults, even if they are default in the current version, I explicitly set things.07:44
twbI guess I also haven't run an FTPd for about eight years...07:44
greppydue to running a shared hosting server, I have had to keep running one.07:45
twbAnyone too stupid to use SSH doesn't deserve access to your box07:46
twbEspecially since even windows ftp clients can speak SFTP07:46
greppyin a perfect world, yes, I certainly point people to sftp if it is an option for them.07:47
ruben23hi guys how do i set conjob to run every two days it will run a particular script07:54
twb* * */2 * *07:58
ruben23 twb: if i set at 12 noon time..?08:00
twbOh sorry08:01
twbIt should be more like 0 12 */208:01
twbI'm used to just writing @daily08:01
twbBut I don't htink you can write @daily/208:02
szpunicronetab -e will help you ;)08:03
ruben230 12 */2 /usr/share/astguiclient/AST_CRON_audio_3_ftp.pl --MP308:03
twbruben23: you need to supply all five fields08:03
ruben23like that..? that script will run every 2 days and 12 noon time08:03
szpunirather than have settings in separate daily monthly etc files08:03
twbruben23: have you read "man 5 crontab" yet?08:04
ruben23im reading with google now- but im confuse of what the meaning of /2..?08:04
twb"every second one"08:04
twbBecause third field is day of month08:05
ruben230 means..?08:06
twbruben23: please read the crontab(5) manpage in full THEN ask me if you still don't understand, I have other work to do right now08:07
piquadratHi! Does anybody know of a PPA with packages for solr 3.1, 3.2 or 3.3?09:45
kiranmuraripiquadrat: https://launchpad.net/~trevor/+archive/solr09:50
ed8hi, which software do I use to scan a server for viruses ?09:51
ed8I was serious~09:55
ed8or at least rootkit scan09:56
ed8I used chkrootkit, but still looking for free virus scanner10:04
ed8w00: any generic command for both of them ?10:07
=== mendel__ is now known as mendel_
van7huhow could I configure multi vhost in my machine? I mean using Apache11:04
linuxnizerhi everyone11:33
linuxnizercan Ubuntu Server support 32TB RAID setup? (I know ext4 can go up to 16TB only)11:34
uvirtbotNew bug: #806432 in backuppc (main) "package backuppc 3.2.0-3ubuntu4~lucid1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/80643211:36
asdfasdfi need help making a custom kernel11:58
smoserjamespage, around ?12:25
jamespagesmoser: sure am - just reviewing ec2 testing results12:26
jamespagesmoser: have you seen this udev error before?12:29
jamespageudevd[186]: failed to create queue file: No such file or directory12:29
jamespageudevd[186]: error creating queue file12:29
smoseri dont recall that.12:31
smoserso... the 20110706 failed to publish. i can re-run and it will continue12:33
Ursinhagood morning :)12:34
smosergood morning12:36
metap0dHi everyone, I want to see all services that boot with my Ubuntu Server .. s there a GUI or console tool or file etc I can edit to modify them?12:38
Ursinhametap0d: I believe you can do that with update-rc.d12:39
kim0Hi everyone, just letting you know we're having the Ubuntu Cloud Days irc event on the 25th/26th. Everyone is invited to add a session at https://wiki.ubuntu.com/UbuntuCloudDays/Timetable Please add your session as soon as you can, if unsure about the title, just write TBD. Ping me for any details, thanks12:39
pmatulismetap0d: right now there is a mix of sysvinit and upstart files12:39
smoserok. so i resumed the publish of the 20110706. looks like python, bind and libdrm2 changed12:39
pmatulismetap0d: update-rc.d works with most sysvinit-based services, but not all IIUC12:41
pmatulismetap0d: you need to edit upstart jobs directly AFAIK12:42
pmatulismetap0d: for sysvinit and upstart files, see /etc/init.d and /etc/init, respectively12:42
smoserjamespage, how did it go so far? on 20110705?12:42
jamespagesmoser: OK I will re-run the tests once it publishes out12:42
jamespageso generally OK12:42
jamespageor maybe not12:43
jamespagecloud-config still looks broken (all tests failed)12:43
jamespagefound bug 80645312:43
uvirtbotLaunchpad bug 806453 in udev "udevd fails with error creating queue file, instance fails to boot" [Undecided,New] https://launchpad.net/bugs/80645312:43
jamespageand I did not realised that ec2 endpoint IP addresses change so half the tests failed from the new QA lab12:44
smoseryeah, :-(12:44
metap0dpmatulis,Ursinha: This is my first server install so I'm not too familiar with everything yet, but thanks I think that should be enough to get started :)12:44
jamespagedamn those outbound firewall rules!12:44
smoserso, for 806453, i've seen the "falling back to /dev/udev on my system here even"12:44
smosermaybe something needs to create /run that is not12:44
smoseri have no /run on my system12:45
smoserjamespage, how is cloud-config failng ?12:45
jamespageyeah - I see that message all the time12:45
smoseri dn't recall why we were seeing that before12:45
jamespagejust looking at the cloud config stuff12:45
Ursinhametap0d: np :)12:45
smosera result of bug 784937 ?12:45
uvirtbotLaunchpad bug 784937 in cloud-init "/mnt not mounted, swap not used, disk is xvde" [Medium,Confirmed] https://launchpad.net/bugs/78493712:46
smoserare we able to see historic results in iso tracker?12:46
jamespagesmoser: http://paste.ubuntu.com/638881/12:47
smoserwhere does that happen ?12:48
smoserand is it reproducilbe12:48
smoseri understand the "can't mount"12:48
smoserswap is probably wrong12:49
smoserbut it shouldnt fail12:50
jamespagesmoser - so that one appears to happen on ebs storage12:50
jamespagethis one - http://paste.ubuntu.com/638884/ - happens on instance-store12:50
smosernot on all boot12:51
jamespageSo it looks like its always on the reboot after first boot12:51
jamespagecc contains:12:51
jamespage - [ ephemeral0, /opt , auto, "defaults,noexec" ]12:51
jamespage - [ swap, null ]12:51
uvirtbotNew bug: #806459 in bind9 (main) "package bind9 1:9.7.3.dfsg-1ubuntu2.2 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saída de erro 1" [Undecided,New] https://launchpad.net/bugs/80645912:51
smoserhappening after reboot would make sense.12:52
jamespageTBH the results are being clouded by the network issues to the ec2 endpoints12:52
smoserit is fall out of bug 78493712:53
uvirtbotLaunchpad bug 784937 in cloud-init "/mnt not mounted, swap not used, disk is xvde" [Medium,Confirmed] https://launchpad.net/bugs/78493712:53
jamespageI need to get that resolved and re-run against the new image12:53
smoserwhat is in /etc/fstab ?12:53
smoserwell.... i really need to be going for a couple hours.12:54
Deeslhello... has anyone got an idae about why the Ubuntu installer would be unable to find a cdrom after it has booted off it inside a domU?13:34
=== Bilge_ is now known as Bilge
=== sidnei-away is now known as sidnei
jamesiarmes_I am trying to create an AMI on EC2 built from the Ubuntu 10.10 x86_64 instance-store AMI (ami-08f40561). I am having issues launching an instance from my custom AMI. In an attempt to track down the issue, I launched an instance from the original AMI and immediatly created a new AMI by running euca-bundle-vol follwed by euca-upload-bundle on the instance and registering the new AMI through the console. However, when I launch an instance from my14:00
jamesiarmes_new AMI, it goes from pending to terminated with a reason of "Client.InstanceInitiatedShutdown" and no console output available. Could I be doing something incorrect when I create my new AMI?14:00
Deeslanyone around?14:14
uvirtbotNew bug: #799973 in tftp-hpa (main) "package tftpd-hpa 5.0-11ubuntu2.1 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück" [Undecided,New] https://launchpad.net/bugs/79997314:17
ppetrakiDeesl, what's your question?14:19
Deeslppetraki: I am trying to get a Ubuntu server domU working in a gentoo dom0.. I am mounting the ISO as xvdc and using pvgrub and the VM boots up fine... but once its through the initial phases, the installer says it could not mount the cdrom and cant proceeed14:20
DeeslI am clueless about what is happening here..14:20
ppetrakiDeesl, it had to be Xen...14:21
ppetrakiDeesl, do other domUs find the cdrom fine? like fedora?14:22
Deeslppetraki: I have a Gentoo domU. I can check14:22
Deeslbut the question is, if it was xen, then how come the Ubuntu domU even booted up14:23
Deeslit actually booted up and allowed me to select the language and the Country14:23
ppetrakiDeesl, well, it would be an installer bug, though it helps to verify.14:23
ppetrakiDeesl, how is xvdc defined?14:23
Deesldisk = [ 'tap:aio:/home/subhro/ubuntu-11.04-server-amd64.iso,hda:cdrom,r' , 'phy:/dev/VolumeGroup00/pocVolume,xvda,w' ] ... This is the precise line14:24
ppetrakiDeesl, dump the tap, just use "file://"14:24
DeeslI just changed xvdc to hda as an attempt14:24
Deeslwith file also does not work14:25
Deeslhang on let me check once14:25
Deesldisk = [ 'file:/home/subhro/ubuntu-11.04-server-amd64.iso,xvdc:cdrom,r' , 'phy:/dev/VolumeGroup00/pocVolume,xvda,w' ] this is what it says now14:25
ppetrakiDeesl, ok, that's better.14:26
Deesljust created it14:26
Deeslhang on14:26
Deeslit booted off the CD GRUB and allowed me to select country and Language14:26
Deeslnow its stuck... absolute blank screen14:27
Deesland it tells me that its unable to find a CDROM to mount14:27
Deeslwant a screenshot?14:28
ppetrakibeen a while since I've debugged xen, that's all14:29
Deeslis there a way to get a install shell?14:30
DeeslI am old hands at Gentoo but brand new to Ubuntu.14:30
ppetrakiDeesl, alt Fx14:31
Deesldoes not work14:32
DeeslI am just SSHed in to the dom014:32
Deesland connecting over xl console14:32
Deeslso probably my alt and function keys dont reach the domU14:33
ppetrakiDeesl, what we want to see is how the guest is interpreting the block device14:33
Deeslso what could be a way?14:33
Deeslthere is an option to get a shell in the install menu...14:34
Deeslbut there is no /dev/xvd? or /dev/[hs]d? inside the devfs for that install shell14:34
ppetrakiDeesl, could create an ftp install, using the dom0 as the host14:35
DeeslFTP is so much of a trouble :(14:36
Deeslhow can I do a net install?14:37
ppetrakiDeesl, retry with --scsi option14:37
Deesl--scsi where?14:37
ppetrakiDeesl, in the VM cli, when you start the machine14:37
ppetrakiDeesl, http://wiki.debian.org/Xen#DomU_.28guests.2914:38
Deeslam I just using pygrub......14:38
ppetrakiDeesl, I don't know whether our kernel has xen block support compiled in or not14:38
Deeslmy host is Gentoo though14:38
binBASHHi there, what is correct way of reporting kernel crashs like this one? http://imgur.com/a/75ACq14:38
ppetrakiDeesl, I'm talking about the guest. that would explain why no xvd devices are found14:39
Deeslppetraki: I wonder how to translate a xen-create-image that works on Debian to one on Gentoo14:39
ppetrakiDeesl, got me14:39
Deeslppetraki: let me see how to pass --scsi to create-image14:40
Deeslsince I am NOT creating an image14:40
Deeslmy main disk is completely empty.. I am trying to boot off the CDROM (ISO) and install14:41
Deesllater on will paravirtualize it14:41
Deeslppetraki: still didnt find anything :(14:45
ppetrakiDeesl, hmmm.14:45
ppetrakiDeesl, would really help if I had a xen host handy.14:45
DeeslI dont have any spare play dom0s to offer you :(14:45
ppetrakiDeesl, you could try an expert install, drop to a shell, and try to modprobe the xen blockback drivers14:45
ppetrakiDeesl, err blockfront14:46
Deeslppetraki: can you guide a little bit on that?14:46
ppetrakiDeesl, it's just "F6" at the installer menu, select expert, and boot from there. you get a drop down menu from there14:46
Deeslokay I am on the menu which starts off with Change LAnguage, country etc14:47
Deeslthe third one says Detect CDROM14:47
Deeslwhcih obviously is going to fail14:47
ppetrakiDeesl, so drop to shell, and modprobe xen-blkfront14:47
Deeslokay hang on14:48
ppetrakiDeesl, verify its loaded, then exit the shell, and try to detect the cdrom14:48
DeeslFATAL: Module xen_blkfront not found.14:49
Deeslso there is no such module...14:51
UrsinhaDaviey: hai :)15:03
UrsinhaDaviey: did you get to understand that keyring error you got with that launchpadlib script?15:04
Ursinhathat's insanely vague, I'm counting on your memory to know what I'm talking about :)15:04
zulouch :)15:05
DavieyUrsinha: hello and no15:09
Davieyare you experiecing it?15:09
DavieyI suspect it's related to the user wide launchpad auth?15:09
UrsinhaDaviey: yes, I am15:13
UrsinhaI'm trying to run a script in another machine15:13
Ursinhaso I wonder if that's requiring UI interaction of some kind...?15:13
Ursinhalike typing password in gnome keyring or something15:13
* Ursinha tries15:13
DavieyUrsinha: Well recently oneiric desktop started asking for a password when connecting to wireless.  I suspect it's the same issue.15:13
=== med_out is now known as medberry
=== medberry is now known as med_out
=== koolhead17 is now known as koolhead11|Afk
=== mendel__ is now known as mendel_
=== mendel__ is now known as mendel_
jamespagejhunt: around? I have an upstart question re differences in behaviour lucid->maverick->natty16:25
DarkLordZimhas anyone worked with ettercap on a 64bit ubuntu based install? i'm getting the following error: "Dissector "dns" not supported (etter.conf line 70)" i've tried to google it, and i keep finding everyone saying it has to do with 64bit systems, would it work if just installed a 32bit OS?16:25
jhuntjamespage: hi16:25
jamespagejhunt: so it relates to how upstart deals with non-zero return codes in the pre-start block of a configuration16:26
ronniei have one server, with 3 virtual machines. One for static media, one for the database and one for the web-application. How can i best connect to the database, if all the servers have an own IP?16:27
jamespagebascially on lucid it looks like it ignores them; but on natty it definately is not - i.e. the pre-start fails as a result16:27
jamespageany thoughts?16:27
jamespageI'm specifically talking about the samba nmbd.conf which calls testparam during pre-start16:27
marruslRoAkSoAx, o/ .... do know of any ubuntu-specific cobbler documentation?16:31
RoAkSoAxmarrusl: yes16:33
jhuntjamespage: checked the code and can't see a change post-lucid. Also, a quick pre-start test that does "exit 1" correctly fails on lucid.16:34
jhuntjamespage: and hi to you! :)16:34
RoAkSoAxmarrusl: we have basic documentation https://help.ubuntu.com/community/Cobbler16:35
RoAkSoAxmarrusl: what are you looking for exactly >?16:35
marruslRoAkSoAx, no that should do!  just looking for a customer.  I didn't think we did.16:35
RoAkSoAxmarrusl: hehe yeah it's still very basic16:36
jamespagejhunt: so its more related to the return code of something the pre-start block calls rather than what it specifically exits with16:36
marruslRoAkSoAx, that will work, anything more detailed and they can still just hit up the upstream cobbler docs.  thanks!16:36
RoAkSoAxmarrusl: ;)16:36
jhuntjamespage: if you change "exit 1" to "/bin/false" (full path to avoid shell builtins), you still get the expected behaviour.16:38
jhuntjamespage: I pulled apart nmbd.conf and tried a basic test on lucid+natty, but I can't see the problem you're describing. Could you come up with a minimal test case?16:48
jamespagejhunt: sure can16:52
smoserjamespage, around ?18:28
smoserDaviey, where are we wrt the uec images ?18:28
Davieysmoser: hola.. jamespage gave them a sniff earlier and reported success.18:33
Davieysmoser: although, he found one bug which i think he raised.. and also had to update for the new ec2 endpoint.18:34
smoserok. i asked in -release to populate iso with 20110706 images18:35
smoserand am pre-publishing those right now18:35
Davieysmoser: seems he discovered an issue with i386 images.. but can't see the bug18:37
zookoAnybody have a trick for finding a fast package mirror without the GUI MirrorTest.py?18:39
smoserDaviey, https://bugs.launchpad.net/ubuntu/+source/udev/+bug/80645318:39
uvirtbotLaunchpad bug 806453 in udev "udevd fails with error creating queue file, instance fails to boot" [Undecided,New]18:39
Davieysmoser: thassim18:40
Davieysmoser: Do you want to add that to the release notes, or should i?18:40
=== med_out is now known as medberry
smoseryou please.18:42
smoserits minor18:42
smoseri *think* not 100%18:42
Davieysmoser: ok, thanks.18:48
Davieysmoser: now get back to the beach.18:48
=== oubiwann is now known as oubiwann-lunch
jamespagesmoser, Daviey: around now18:56
smoserjamespage, just see above.  the iso tracker being populated with images as soon as someone in -release sees it.18:58
jamespageI ran tests against 20110705 and 20110706 - I found bug 806453 only in i386 instance-store instances18:58
uvirtbotLaunchpad bug 806453 in udev "udevd fails with error creating queue file, instance fails to boot" [Undecided,New] https://launchpad.net/bugs/80645318:58
jamespagesmoser: also reconfirmed those issues during reboot with the cloud-config tests that mount swap/ephemeral as being repeatable18:59
jamespagedo you want me to update that previous bug report with more information?18:59
smoserjamespage, please do.19:01
smoserreally i want the kernel issue fixed.19:01
jamespagekey difference was that we saw it on ebs and instance-store types this time; also got different results between i386 and amd6419:03
jamespageI'm going todo it tomorrow.19:03
=== oubiwann-lunch is now known as oubiwann
=== mendel__ is now known as mendel_
hggdhsmoser: we still are being hit by cloudconfig, correct? If so, do you remember the bug #?21:29
flybackwhat's the boot option or installer option to force assume a 586 cpu instead of installing 686 versions of the kernel and glibc22:05
flybackubuntu server 10.04LTS22:05
flybackI know the newer ones are 686 only22:05
yeasonI'm trying to configure openvas in 11.04 but can't seem to get it to listen on any address. I found that these changes need to be made /etc/default/openvas-<servicename> but I'm not sure how to get it to listen to anything other than
yeasonanyone know how to get it to listen any address?22:15
alamarhttp://manpages.ubuntu.com/manpages/natty/man8/openvasd.8.html -a option looks good..22:16
yeasonI know about starting it manually, I'm trying to figure out how to get the automatic startup scripts working this way22:17
yeasonI've tried removing that particular field from the conf file as well as setting it to a blank but it still errors22:17
alamarwhat field?22:18
yeasonwithin the configuration file for each service (there's 3 or 4) there are fields such as "ADMINISTRATOR_ADDRESS=" which provides the script in the init.d folder with the parameters for starting the server22:19
yeasonin that case when starting the openvasad service it fills in localhost for the -a option22:19
yeasonffs... the ONLY thing I didn't try... good call and thanks22:22
alamardid it work?22:23
alamarwell np ;)22:23
yeasonyep, netstat -tlp shows *:<theport>22:23
yeasonit's one of those that in hindsight is obvious but I never would have thought of it22:23
ralliascan someone help me install mod_gzip on my server?23:06
=== medberry is now known as med_out

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!