[00:36] adam_g: whats up? [01:06] wheres the ubuntu development channel? [01:06] echosystm: development of what? [01:06] packages [01:06] #ubuntu-devel [01:07] thanks [01:23] i am trying to purge perl, http://pastebin.com/KH4qXthJ [01:23] however its messing up [01:24] i may have manually removed some files [01:24] and now i cant get it out of the apt database [01:24] what to do? [01:27] Reinstall from scratch [01:27] touch the files it's looking for [01:27] it works, I've done it [01:27] dpkg -r - --force-remove-reinstreq [01:27] worked just fine [01:35] any other way of making this dumb thing stop [01:36] 21st century.. we are not dealing with rpms here guys :0 [01:39] a1fa: making what stop? [01:40] a1fa: 21st century... don't "manually remove some files" [01:40] my bad dude ;) [01:40] but the files are bacvk [01:40] Still getting the error? [01:42] yes, i know why [01:42] POSIX.pm has not been reinstalled [01:44] can someone apt-file search POSIX.pm please? [01:45] $ dlocate POSIX.pm ==> perl-base: /usr/lib/perl/5.12.3/POSIX.pm [01:45] hm [01:45] what version are you on? [01:45] sid [01:46] doh [01:47] how about File.pm? [01:48] Same [01:48] You know packages.u.c has a dpkg -S equivalent [01:49] really [02:03] hello all, I've been trying to install LDAP on my server for a little while. Now I know you're probably as tired as I am of LDAP, but my question is simple [02:03] I was previously using ldap on 10.04 and recently moved up to a new install of 11.04... it seems that the back and frontends get populated by the post-install script... [02:04] how do I get rid of the configuration provided and replace it with the one I have? [02:05] free99: well, fun story [02:05] you go back to 10.04 [02:05] not to be mean, but seriously [02:05] it's going to be less of a headache [02:05] (facepalm) [02:05] and it has a longer support lifetime [02:06] not sure why you'd move to 11.04 for something like that in the first place [02:06] free99: wait, what do you want to repopulate -- the config database (slapcat -n0), or the "real" database, the one with the user objects (slapcat -n1) ? [02:06] qman__: because new versions = SHINY [02:07] shiny's great for desktops and fooling around, but not for the backbone of your network [02:07] twb: I need to do both, I assume... I have a nice tree setup, and users to go with it. Adding the users isn't a big deal, but the tree is where I'm having a problem, besides getting TLS to work properly (whole other story, forget I metnioned it) [02:07] You would be amazed how often I have to train people to avoid shiny by means of operant conditioning [02:08] ? [02:08] free99: I don't know what you mean by "tree is where I'm having a problem" [02:08] (sigh) I moved to 11.04 because my last system failed thanks to a drive failing despite it being raid 5... [02:08] a1fa: as in you hit them with a stick when they upgrade things [02:08] and I figured things with TLS had improved, perhaps [02:08] free99: that would be because bootdegraded defaults to no [02:09] regardless if it's better or not, with 11.04 you'd have to upgrade in 6 months, and again in another 6 [02:09] too much work [02:10] why would you do that? [02:10] Isn't the config database where the actual layout is, e.g. the root and its branches? The users and their data were in /var/lib/ldap I thought... [02:10] because that's the normal release schedule [02:10] which is why LTS exists, so you don't have to [02:10] free99: the config database is what used to be slapd.conf [02:10] besides which I have a bunch of specific enhancements and such that I want to put back in but can't seem to, especially using an accesslog overlay [02:11] free99: now it's like /etc/openldap/cn=config/ crap [02:12] I think with enough effort you could migrate your 10.04 cn=config tree to whatever 11.04 has, but I agree with qman__ that you shouldn't use anything but LTS [02:12] yeah, I know... I've been resisting the urge to move to slapd.conf very, very hard for the past month [02:12] twb: who do you hit? [02:12] a1fa: the users responsible [02:13] https://secure.wikimedia.org/wikipedia/en/wiki/LART [02:13] I'm going to blame my age and lack of experience for going with a non-LTS, just because I can :P [02:13] and then there's the companies that grab a non-LTS release and just leave it like that for years, and you end up with 9.04 shells you can't patch [02:14] qman__: you think that's bad? [02:14] at this point I already have several other services running successfully on it, so... I'm not rushing to reinstall everything despite having made a script that does the majority of security and such [02:15] qman__: yesterday I recovered a server from 2002, running Mandrake 10, with *XFS* filesystems, an empty fstab and a 100% full root filesystem due to years of SQL dumps in /home/merlin/public_html/cron/data/backups [02:15] wow [02:15] but in retrospect, yeah, bad plan on my part [02:15] who [02:15] what [02:15] When the customer regained conciousness, I gently explained that he should migrate to a supported OS [02:16] Oh, and the machine allows password-based root logins and wasn't behind a NAT :-/ [02:16] and apparently is storing backups in public_html [02:16] qman__: the whole web app was in there [02:16] And of course it's PHP/MySQL [02:17] pass me some of what that guy who setup the box was smoking [02:17] He was probably a work experience student or an indian rent-a-coder or some shit [02:18] so... is there a way for me to wipe out the default config and replace it with mine? I have two LDIFs, that should take care of everytihng... [02:18] free99: just apply the LDIFs, then [02:19] twb: you hit people at work? [02:19] a1fa: sure [02:19] a1fa: otherwise they do not learn [02:19] where do you work? [02:19] HR loves you :) [02:19] cyber.com.au [02:19] ldapadd and slapadd both complain that the databases already exist [02:20] free99: so presumably your LDIF assumes the database is empty [02:20] free99: in which case you need a different LDIF [02:21] I mean I suppose I can have two databases, but why? the LDIF specifically points to {1}hdb which already exists... I know if I get rid of the {1} it'll increment to create a new database, but.. [02:24] So write an LDIF that modifies the {1}hdb object instead of trying to create it [02:32] that's a good idea twb, I'll look into it :) [02:33] Personally I think it would be easier to give up and redo it in lucid [02:33] LDAP is a massive pain in the arse [02:34] dude, I burned 4 hours today trying to get ldap to tell me when someone successfully binds to the server so I can make a script that prunes old accounts [02:34] and it still doesn't work lol [02:34] You know how I did that? [02:35] I gave $boss a list of accounts and said "tick the ones that should continue to exist" [02:36] ah I wish I could do that, I'm trying to do this for a unix lab where new students show up all the time, old ones leave... [02:36] my boss has been doing it that way for a while [02:36] Surely your uni knows which students are still there [02:36] he's currently running the network on an NIS box setup in....95 I think [02:36] Well, NIS just works [02:37] it seems pretty insecure from what I've heard.. [02:37] It's only real downsides are that it's completely insecure, and that newer services can't talk speak it. [02:37] twb: NIS rocks like elvis, somewhat out of style... [02:39] Grr, so now I have an "urgent" task to work out why my apache reverse proxy is breaking prayer (webmail) attachments [02:40] At my last job we still used NIS for automount maps and groups heh. [02:41] I'm glad I have LDAP working now, but I would've been happier if I could've stuck with nIS [02:41] the only prob with LDAP is all the different implementations ... [02:42] openldap is a little behind the commercial ones [02:44] I wouldn't know about proprietary solutions [02:44] Except that all the kerberos people seem to have an attitude of "AD or GTFO" [03:15] twb, really? There's lots of unix "kerberos people" [03:15] Not on #kerberos AFAICT [03:16] well AD is by far the most widely used implementation [03:16] so that isn't surprising [03:16] You say something like "I just want krb to work without the hassle of running a 2k3 server" and they are all "what are you talking about, Windows is the bestest, unix is for fags" [03:17] ugh [03:18] sounds like "idiocracy" [03:18] I have noted that windows folks rarely understand the underlying technologies they use very well [03:18] I have never met a windows admin that understood kerberos very well [03:19] So anyway, what I have now is a nice simple openldap server with authorization performed by means of bind attempts, no root bind at all (only local root user has rw privs), and the ppolicy overlay to deal with password expiry and such. [03:19] or for that matter, DNS, or pretty much anything else [03:19] twb, great! [03:19] And no samba support because dealing with bullshit like "machine accounts" would've meant giving write access to LDAP to the samba host [03:19] if it's all unix you have no use for samba [03:20] The main downside is that without kerberos, there only really trustworthy network filesystem you can use is sshfs [03:20] that would be correct [03:20] I have to get around to NFS4 [03:21] NFSv4 on its own (i.e. krbless) is obviously not a big win re security [03:21] You can still just get any old client and say "sudo -u twb cat ~twb/.netrc" or whatever [03:21] it was really meant to work with it [03:21] dammit... I really have to get kerberos working too? [03:21] nfs3 is kind of horrifying wrt security [03:22] I do still use NFSv3 for /home on a subset of the local LAN which (hopefully) has better physical security. [03:22] Which is to say, the servers in the machine room [03:22] nfs3 is in very wide use in the unix world [03:22] we have an exciting problem with nfsv3 atm where secondary group permissions are totally ignored [03:23] thankfully v4 has acls [03:24] Which breaks an otherwise perfectly adequate posix permission like ceo:officers 750 /srv/nfs/agm-minutes/ [03:25] I'd rather use document management than nfs for general office crap. there's good free ones [03:25] web UIs? DO NOT WANT [03:26] twb, webdav or web ui [03:26] I am slowly increasing the amount of stuff we keep in git-backed rest/markdown [03:26] it does keep users from making a mess of the system [03:28] I'm only allowing apache with bad graces, and PHP and MySQL not at all [03:29] So if your DMS is sitting on top of, like, tomcat, it can just FOAD [03:30] For my customers' systems, I feel differently because they're all idiots and, as you say, they'll make a mess if given the chance [03:32] it also puts a crimp on "that one guy in the office who knows MS Access really really well" and that persons penchant for creating zillions of shitty little databases for everyone to use [03:32] No windows here :-) [03:32] Well, there is one that we have to use to talk to the stupid federal tax people :-/ [03:32] where do you work? university? industry? [03:33] cyber.com.au [03:33] basically a rent-a-sysadmin shop [03:34] the only all unix job I ever landed was at a (US) fed that did geological/ seismic analysis [03:34] Most of our customers have windows desktops, but dealing with those is farmed off to whichever poor bastard we just hired [03:35] s/just/last/ [03:35] there is definitely a certain amount of happiness that comes with never having to even look at windows, and actually being able to solve their problems [03:35] *the users problems [03:36] my job is pretty similar but unfortunately it's mostly windows environment, small companies and local governments running windows SBS servers [03:36] I love unix, but christ I hate ldap [03:38] my linux-ward progress so far includes a machine to store/scan infected systems' files, and a remote backup solution with backuppc [03:39] without drop-in DC capability, linux just won't work its way into the customers' shops [03:40] and even then, some of them have custom software [03:40] you'd think some company out there would work up a proprietary solution just because of that [03:40] though I guess likewise is trying that out [03:40] free99: proprietary solution for what? [03:41] a drop-in domain-controller? [03:41] We have a proprietary solution for that [03:41] built on top of linux and samba :-) [03:41] samba 4 is supposed to do the job, if/when it ever gets done [03:42] samba integrates just fine as an AD member, and of course can be an (old type) DC [03:42] the other biggie is exchange for contacts and calendars [03:42] mail is no problem, but the other stuff is harder [03:42] qman__, we sell a product call zimbra to our clients, it's a unix based exchange clone [03:42] works very well with outlook [03:42] nice [03:43] they can't tell the diff [03:43] how's the system requirements on that [03:43] oh it's all hosted off site [03:43] qman__: samba 3 is a DC, it's just not an AD DC [03:44] we've got customers with quad cores and 8 gigs of RAM crawling with SBS2011, they just keep making it impossibly huge [03:44] qman__, we have one client using their own server, the app seems pretty well bahaved [03:44] and don't even think about using blackberry enterprise [03:44] that basically doubles the RAM requirement, by itself [03:44] god I hate SBS [03:44] and all it's stupid restrictions [03:44] Re "groupware", we roll out ZCS (zimbra), and we've rolled out scalix in the past and we've dealt with sogo and thingy as well. [03:44] They're all abysmally shite [03:45] twb, heh [03:45] ZCS compiles all of ubuntu in /opt with custom patches and CVS snapshots of upstream codebases [03:45] I mean, what's the point in selling a small business package, when it'll only run on a four grand server [03:45] I found the guy who makes the ZCS packages, and it was clear he didn't understand why distros even exist [03:45] twb, all I've ever seen from them is tarballs [03:45] He just thought everyone should have a linux kernel and then his huge ZCS blob [03:46] kellnola: I use "package" loosely [03:46] twb, MOST commercial unix devs are just like that [03:46] kellnola: yeah, it's a bloody crock [03:46] And on Linux it's unforgivable [03:46] they do not have the deep understanding of systems, or discipline, that OSS devs have [03:47] I could understand people doing it on Windows or SCO where there is no package infrastructure or anything [03:47] (Yes, I have to deal with SCO and SunOS and crap sometimes :-( [03:47] twb, thankfully we just have them use ZCS hosting [03:48] kellnola: out on some VPS in "the cloud" somewhere, a la buying a commercial gmail contract? [03:48] I don't want them running mail in-house anyway, unless they're huge [03:48] twb, yes it's cloud [03:48] Yeah, I think we avoid that because of concerns about data sovereignty and such [03:48] the prospect of going entirely down when the comcast modem craps out is not appealing to our customers [03:48] Or just because users want to keep reading mail when their shitty .au DSL falls over for a week [03:48] well we have other concerns like frequent evacuations, hurricanes, etc. [03:49] and actually, we've been trying to get people to move their mail in-house because of how terrible the SBS POP3 connector is [03:49] I'm about to switch from ADSL2+ to "naked" ADSL2+ at home, and the migration time for Telstra to do their part is FOUR WEEKS [03:50] and how difficult it is to get email to phones when all they have is pop to some other host [03:50] For what amounts to unplugging a cable from one DSLAM and patching it into a different DSLAM [03:50] qman__: well, IMAP/MAPI/webmail, not POP [03:50] how fast is ADSL2+? [03:51] kellnola: theoretical maximum is something like 24mbps down, 4mbps up [03:51] does this look like a correct ldif to modify the pre-existing database? [03:51] dn: olcDatabase={1}hdb,cn=config [03:51] changetype: modify [03:51] add: olcDbIndex [03:51] olcDbIndex: uid pres,eq [03:51] - [03:51] we're almost all HFC, some metro ethernet, a couple of DS1 [03:51] free99: that all depends [03:51] unfortunately one of the hosts most of our customers are on does not offer any of that, only POP [03:51] free99: here's a working one for lucid, that shuts up slapd syslog some: http://paste.debian.net/122044/ [03:51] they're stuck in the 90s, and keep getting on spam lists [03:52] free99: but I don't know what your current cn=config database contains, or what you want it to contain [03:52] it's been a nightmare [03:52] wow I haven't seen anyone using POP in quite some time ... and I live in a backwater [03:52] kellnola: but in .au a privatized ex-government company has a monopoly on the copper, and they're letting it rot because they want to migrate to FTTH at the government's expense [03:53] kellnola: so it's usually more like 2-6mbps down [03:53] no so bad [03:53] DSL here is just terrible [03:53] the support won't even speak to you if the modem's bridged [03:54] twb: it doesn't have the right suffix, it got picked based on my FQDN which isn't good enough [03:54] Yeah, well, I expect better connectivity in the continent's second biggest city... [03:54] that script you linked me is a big help though, thanks [03:55] free99: ah, well, that's a major pain in the arse to fix [03:55] samba 4 is becoming like Duke Nukem 3D [03:55] free99: because you will have to rename all the dn's in the {1}hdb [03:55] I am so sick of waiting for it [03:55] kellnola: I thought it came out already [03:55] though I didn't give a crap about Duke Nukem 3D [03:55] free99: btw, you should read the ldapmodify and ldif manpages and such [03:55] duke-nuke 'em forever? [03:56] I'm working through a tutorial right now actually, and trying to adapt it lol [03:56] free99, LDAP is wonky but once you get used to it you'll appreciate it [03:56] https://secure.wikimedia.org/wikipedia/en/wiki/Duke_Nukem_Forever [03:56] I already have big plans for it, but that's if I can get the SOB running [03:56] "the game was released in 2011 but had been in development since 1996." [03:56] yeah "Forever" sorry [03:58] so, you folks that service outside clients, how do you deal with the crap of users running their desktops as administrator? Most of ours insist on it [03:58] windows users I mean [03:58] we are thinking of moving to an SLA based system where the price would be less the more restrictive it is [03:59] the software they run requires it [03:59] it's the only option [03:59] qman__, much of the time, yes ... thinking about having them run a dedicated terminal server for garbage like that [03:59] tried terminal services with one, it's a total mess [04:00] and expensive, really expensive [04:00] a server and some CALs costs enough, but then they want office [04:01] I don't know, we're doing that with one of them, it's working out pretty well [04:01] so far [04:01] and they can't use the office they already bought and have the license to, you have to get a volume license [04:01] and then when their proprietary app needs an update [04:01] the app itself is so expensive they don't notice the CAL's really :-/ [04:01] an administrator has to log on to the server console directly and update it [04:01] because it won't update over TS [04:02] just all the licensing bull you have to work around is insane [04:03] qman__, well that goes for anything with windows [04:03] who can figure that BS out it is total insanity [04:03] not to mention the "upgrade paths" [04:04] trying to explain to a customer that they bought the wrong version of the software [04:04] despite it being the right software they need, just not licensed for the other software they're running [04:04] and that the version they need costs five times as much [04:04] just because [04:04] qman__, yes that's lovely [04:05] I'm thinking of trying to get out of all this and maybe develop and sell POS systems for people ... something where I would not be pulling my hair out every day [04:05] over retarded shit [04:07] I have an Ubuntu Server, and have some email aliases in the aliases file. Is there a way to create a wildcard alias? (like, for instance, account-??? would accept from account-000 or account-123 etc. to the address accounts) [04:08] riz0n, don't think so, at least not in /etc/aliases. There might be an MTA that does that [04:08] riz0n: that is called "sub-addressing" [04:09] For example foo+bar@gmail.com will be delivered to foo@gmail.com [04:10] wow ... jellyfish have shut down the second nuclear plant in two weeks [04:10] is there a way to run the explorer with admin powers [04:11] so I don't have to use a terminal to manipulate files in system directories? [04:11] riz0n: I think it's $recipient_delimiter in postfix [04:11] DougJ, not a server question, but the answer is gksudo nautilus [04:11] DougJ: what is "explorer" [04:11] qman__: nooo, current gvfs will have something like "sudo://" I expect [04:12] qman__: better than running the whole app with escalated privds [04:12] *privs [04:12] twb, it's nautilus, you did not know what I was talking about? [04:12] I suppose [04:12] DougJ: I don't use GUIs [04:12] command line is better anyway [04:12] qman__: +1 [04:12] right i am familiar with the "+" subaddressing, but thats not what im going after [04:12] ill just make some aliases for the #'s i need [04:12] twb, you never have ever? [04:12] riz0n: well, that's all you can have AFAIK, though obviously you can use "-" instead of "+" [04:12] and as said before, that is not a server question [04:13] as server does not have a GUI [04:13] so if you want to reliably get answers to GUI questions, you're asking in the wrong channel [04:13] qman__, your answer was plenty reliable thanks [04:14] qman__, I don't have access the the regular support channel as I am banned [04:14] DougJ: that is no excuse to ask the wrong channel [04:14] twb, but it is a reason [04:14] and probably a good way to get banned in more channels [04:15] Hear, hear. [04:15] qman__, any way to get unbanned? [04:15] dunno, I'm just a user [04:15] well, I don't have many options then do I [04:15] DougJ: the freenode documentation probably discusses the general process [04:16] http://freenode.net/faq.shtml#unban [04:17] how can you speak to an op if you arn't in the channel? [04:17] find out who they are, and /msg directly [04:18] as for who the ops are, it's definitely documented somewhere [04:18] oh really I didn't know that worked when you weren't in a channel with someone [04:18] qman__: the page I linked to shows how to list ops [04:18] yeah, that link twb... [04:18] yeah [04:21] so this ldif is getting very tedious. considering that the package installer for slapd uses the FQDN to make the choice of domain *for* me, can I temporarily change my FQDN? [04:21] I mean, how can I change it temporarily [04:22] oh, wtf? [04:23] I did a dpkg-reconfigure and first thing it asks is if I want to skip having it configure ldap for me [04:25] hey, question - how do I connect to a wireless access poing using a WPA passcode from the command line? [04:26] last time I tried to do that was years ago, and I didn't succeed [04:27] it required wpa_supplicant and some significant handwriting of configuration files [04:27] the situation may or may not have improved since, but I don't know [04:27] free99: with priority=low it asks IIRC [04:27] free99: ICBW, because currently I disable auto-setup [04:28] auto-setup is what got me chasing my tail for the past week lol [04:28] http://paste.debian.net/122047/ shows the server side of my setup; NOTE that client-side setup is already done, so the ldap utilities are already looking at/for slapd before it exists. [04:28] so if I want the autosetup to ask all the questions the first time around, how do I do that in one shot? [04:28] qman__: yeh, the guides are can find look unreasonably hard :( -- except for this one: http://modelr.wordpress.com/2009/06/01/how-to-get-wireless-network-on-ubuntu-server/ - but that one is kind of hard coded to just 1 wireless access point [04:29] hackeron: WPA2 PSK or Enterprise? [04:30] twb: just WPA PSK [04:30] Install hostapd. Write hostapd.conf. You are done. [04:30] hackeron: I know network-manager, as crappy as it can be, has a good CLI system that almost nobody uses, and it's good at roaming [04:30] Writing hostapd.conf is about as easy as writing wpa_supplicant.conf, i.e. trivial. [04:30] free99: it doesn't have a good CLI system. [04:31] free99: NM uses wpa_supplicant, and since wpa_supplicant has perfectly good roaming and CLI functionality, there is absolutely no reason to use NM [04:32] http://paste.debian.net/122048/ <-- NM-less WPA2-PSK client with pre-defined networks [04:32] twb: so you would recommend hostapd? [04:32] hackeron: hostapd is really your only choice [04:32] twb: what about http://paste.debian.net/12204 you just posted? [04:32] That's the client side [04:33] I am talking about the client side [04:33] that's a good script [04:33] Do you want to configure an AP or a client [04:33] Oh right [04:33] my "server" is an access pont [04:33] point* [04:33] the ldap one you sent me I mean [04:33] hostapd is for the AP, wpa_supplicant is for the client side. [04:33] twb: ah, awesome :) - thank you! [04:33] They are built from the same codebase [04:34] free99: note that it's rather peculiar in places, e.g. no root bind dn [04:35] http://paste.debian.net/122050/ [04:35] that's mine [04:36] twb: is there a script that will join a know SSID if it can find one, otherwise try all the open ones one by one until it can find one that has access to the internet? [04:37] join a known* [04:37] lol hackeron, that'd be pretty cool [04:38] heh, indeed :P - especially in a car [04:38] so when I run apt-get install, is there a way to get an in-depth configuration screen? [04:38] hackeron: I don't know about open APs, because I've never encountered one [04:39] I don't think that's particularly on-topic for -server tho [04:39] free99: dpkg-reconfigure debconf ? [04:40] twb: why not? - if I ask on #ubuntu they'd say network manager, heh - but I'm doing this on ubuntu-server :P [04:40] ok, that's for all of 'em [04:40] but what about doing it for only packages I'm interested in? [04:40] twb: the info in your link worked beautifully btw, thank you! [04:40] Well, Ubuntu users are idiots [04:40] heh, that's another reason why I ask here, heh [04:40] .... [04:41] hey man, when I was a BSD head, I got everything done and well [04:41] free99: then you need to set... DEBCONF_PRIORITY=low, I think, prior to your apt-get run [04:41] but hal killed everything [04:41] free99: you can't do it per-package, you can do it per-run, or you can invoke dpkg-reconfigure on a package AFTER it's installed [04:41] If hal is still alive, you should kill it [04:42] I heard debian was doing something like bringing their packages over to freebsd or something of that nature... [04:42] The useful functionality was rolled into udev, and the stupid XML RPC crap is still present, but in the newer equally dumb udisks/uthingy [04:42] including udev [04:43] free99: debian supports two kernels -- linux and freebsd's [04:43] really? [04:43] hot-damn! [04:43] wait, there's got to be a caveat or three there [04:43] There's also nexenta, which was nominally Debian/kOpenSolaris, but due to the cuddle of death, I think it's pretty denatured now. [04:44] free99: well, Debian/kFreeBSD has a lot fewer eyeballs than Debian GNU/Linux or FreeBSD. [04:53]