[00:58] <plk> Hi everyone... this is a long shot but does anyone know why postfix smtp would pass shadowauth and fail SASL auth?
[06:40] <lordievader> Good morning.
[07:00] <YamakasY> morning!
[11:03] <pmatulis> morning
[12:38] <smoser`> hallyn, is there any cost to subuid/subgid mappings being complex
[12:40] <smoser> as in 'lxc-usernsexec' -m b:0:32000:1 -m b:1:33563:1 -m b:2:45191:1 ... ...
[12:41] <smoser> as opposed to just: lxc-usernsexec -m b:0:65535:65534
[13:12] <hallyn> i haven't measured it
[13:47] <smoser> hallyn, does that end up being something in the kernel that is utilized real-time ?
[13:47] <smoser> or does -m b:0:65535:65534 just end up in the kernel as 65534 individual mappings.
[13:47] <smoser> that would esem expensive
[13:47] <smoser> seem
[13:48] <hallyn> it's in mappings by ranges
[13:48] <hallyn> it should be very fast
[13:49] <smoser> so its possible then that 65535 individual mappings would perform poorly compared to a range
[13:49] <smoser> unless something went in and realized it coudl re-write that.
[14:09] <dav1dp0101> Does anyone have experience or advice on how to change permissions on an apache2 web server? I put some files on my server at /var/www/html/archives and I can't access the files through a web browser (I get a 403 error). Checking my /var/log/apache2/error.log, I get: (13)Permission denied: AH00132: file permissions deny server access. I have changed the user and group owners to a default user, but still I don't have it working. Any thoughts?
[14:25] <thegoat> i am trying to configure smtp auth on 12.04 server, but everytime i try to pass my creds when sending an email it comes back with login failed and i can't find any logging as to why
[14:28] <patdk-wk> well, what *does* the logs say?
[14:28] <thegoat> i can't find any logging as to why
[14:28] <thegoat> nothing in mail.log or auth.log
[14:28] <thegoat> or daemon.log
[14:30] <thegoat> is there a way to run sendmail in the foreground in a non daemon mode so i can can get some verbose output?
[14:35] <darkside_> hey guys
[14:37] <darkside_> keep getting this message while accessing a NAS using CIFS: "CIFS VFS: bogus file nlink value 0", any ideas what it can be?
[14:38] <pmatulis> thegoat: what smtp server are you using?
[14:39] <thegoat> sendmail
[14:40] <pmatulis> oof
[14:40] <zul> hallyn:  libvirt 1.2.7 is building in  my libvirt testing ppa (ppa:zulcss/libvirt-testing)
[14:41] <thegoat> pmatulis: yeah i know ;-)
[14:41] <pmatulis> thegoat: have you considered postfix?  sendmail is so 1980's
[14:41] <pmatulis> (good music in the 80's though)
[14:42] <thegoat> the milter i use seems to require sendmail, so i am kind of stuck
[14:42] <pmatulis> ah, milters, that brings me back
[14:43] <pmatulis> thegoat: not many people here will have experience with sendmail as an MTA i'm afraid
[14:44] <thegoat> i am using sendmail out of the box, trying to tweak things from what i get from searches, but i am at my witts end.
[14:45] <pmatulis> thegoat: tell your people to get into 21st century?
[14:45] <thegoat> yeah i know.....but it's an upstream provider so that might not work too well ;-)
[14:46] <thegoat> no biggie, i'll keep digging
[14:49] <streulma> finally running Ubuntu Server 14.04.1 fresh install from Virtualbox on Hosting server VPS in the cloud.
[14:50] <streulma> booted in recovery, wiped hda1 and copied over with NC my Ubuntu Server 14.04.1 tar.gz
[14:52] <patdk-wk> milters don't require sendmail
[14:52] <patdk-wk> milters require a sendmail milter interface, that postfix supports
[14:52] <patdk-wk> though personally, I dislike milters :)
[15:38] <thegoat> pmatulis: got it working :-D
[16:09] <irv> erm, i'm getting W: Failed to fetch http://ca.archive.ubuntu.com/ubuntu/dists/raring-backports/multiverse/binary-i386/Packages  404  Not Found [IP: 91.189.92.200 80]
[16:09] <irv> when trying to sudo apt-get update
[16:11] <cfhowlett> !raring | irv,
[16:11] <irv> oh kk
[16:11] <irv> so i need to dist upgrade?
[16:11] <irv> preferably to an LTS
[16:11] <irv> as this is my production webserver :P
[16:11] <irv> i was on the bleeding edge lol
[16:11] <irv> not the best idea but hwatever
[16:12] <irv> so to upgrade to 14.04?
[16:12] <irv> it's telling me i can do-release-upgrade to go to 13.10
[16:12] <irv> do i have to do that before going to 14.04?
[16:13] <cfhowlett> irv, 13.10 is also dead.  easier to download and clean install 14.04 but you can do an eolupgrade if you wish
[16:16] <irv> yeah there's a decent amount of customization to the webserver so i don't wanna start from a fresh install this time
[16:16] <irv> i'll look eolupgrade, thx :)
[16:24] <irv> hmm, so seems the simplest way is something like sudo apt-get update sudo apt-get dist-upgrade sudo update-manager -d sudo do-release-upgrade
[16:24] <irv> but i can't even run the update without errors since hte old repos are down
[16:24] <irv> hmmmmmm
[16:24] <irv> lol
[16:25] <genii> irv: Change the repo names from ca.archive.ubuntu.com  to old-releases.ubuntu.com
[16:25] <irv> thx
[16:28]  * RoyK sticks to LTS releases unless he's testing stuff
[16:31] <irv> what about the security ones
[16:31] <irv> same thing?
[16:31] <genii> Yup
[16:32] <pmatulis> irv: google for 'ubuntu old-releases'
[16:32] <pmatulis> there is a wiki page
[16:33] <irv> cool, thanks
[16:33] <irv> it's going now
[16:33] <irv> :)
[16:33] <RoyK> :)
[16:38] <irv> i'm just toying with awstats before i upgrade
[16:38] <irv> taking a while to do it's initial run
[16:43] <cfhowlett> irv, that's why I suggested you get the 14.04.1 iso and just clean install.
[16:44] <RoyK> cfhowlett: may be easier to upgrade if you have configured a lot of stuff, or if you're somewhat new to linux/ubuntu, or both...
[16:45] <irv> yeah, i probably will stand up a new VM alongside
[16:45] <irv> and migrate over
[16:45] <irv> but because this is a production server
[16:45] <irv> i can't afford the downtime to set up all that stuff from scratch heh
[16:45] <irv> so i'll just throw it up to 14.04.1 upgrade then stand up a freshie and take my time moving stuff over
[16:45] <irv> :)
[16:51] <YamakasY> guys which keyring am I missing ? Ign http://nl.archive.ubuntu.com:80 trusty Release                             No keyring installed in /etc/apt/trusted.gpg.d/
[16:52] <RoyK> irv: If I were you, I'd start with a new VM instead of upgrading something in production. Things sometimes break during upgrades, and it's not always easy to fix them without a reinstall
[16:54] <irv> yeah i have a full copy of the VHDX
[16:54] <irv> so if something goes wrong i'll simply flip over to that
[16:54] <irv> but yeah i feel ya
[16:56] <RoyK> yuch - hyper-v :P
[16:57] <irv> ahah, yeahhh
[16:58] <irv> i know i know :P
[16:58] <irv> but it's 95% windows infra
[16:58] <irv> just my webservers and a few other random servers are on linux :(
[16:58] <irv> and ubuntu actually runs quite nice on hyperv now a days
[16:58] <irv> it's hyperv 2012 too heh
[16:59] <RoyK> haven't used that - ubuntu didn't run too well on 2008r2's hyper-v - in fact - it just disconnected from the network when traffic was high, without anything in the logs on either ubuntu nor windows
[17:06] <irv> lol sounds like a fun issue to diagnose
[17:06] <irv> :P
[17:06] <irv> i've had 400 days of solid uptime on these boxes
[17:14] <RoyK> irv: 400 days of uptime? although that may seem nice, it doesn't seem very good regarding security patching :P
[17:15] <irv> lol yeah
[17:15] <irv> hence why i need to upgrade to a modern LTS distro :D
[17:15] <irv> most of those are just internal web servers tho for things like security cams etc :)
[17:15] <irv> but i do see your point
[18:19] <lordievader> Good evening.
[18:26] <pmatulis> lordievader: evening
[18:28] <lordievader> Hey pmatulis, how are you doing?
[18:29] <pmatulis> flying high again
[19:12] <webfox> Hello folks!
[19:13] <webfox> I was trying to change the ssh port at my machine but it is not working as it should.
[19:13] <RoyK> webfox: how did you change it? got a firewall?
[19:13] <webfox> What I did is change Port 22 to 2222 at /etc/ssh/ssh_config.
[19:13] <lordievader> webfox: Define 'not working as it should'
[19:14] <webfox> Is that enough? I don't have a active firewall.
[19:14] <sarnold> did you restart sshd?
[19:14] <RoyK> webfox: ssgd_config would be better
[19:14] <RoyK> sshd_config, even
[19:14] <sarnold> sigh
[19:14] <sarnold> RoyK++
[19:14] <webfox> let me see it, just a sec.
[19:15] <RoyK> ssh_config is the client config
[19:15] <genii> webfox: I think you wanted sshd_config and not ssh_config
[19:18] <webfox> Great, now it is working just fine! Thank you guys!
[19:40] <webfox> how do I find squid version?
[19:40] <sarnold> webfox: dpkg -l '*squid*'
[19:41] <RoyK> webfox: squid -v
[19:42] <webfox> squid proxy, path is not default installed here.
[19:42] <webfox> sarnold: strangely it shows version 3.3.8
[19:43] <webfox> I was expectins something as 7.04 to 7.10
[19:43] <webfox> expecting
[19:43] <webfox> weird
[19:43] <sarnold> webfox: you can aim a browser right at the squid port, e.g. localhost:3128, mine reports "Generated Wed, 27 Aug 2014 19:43:01 GMT by hunt (squid/3.3.8)"
[19:44] <webfox> sarnold: do you still using default port?
[19:44] <RoyK> webfox: latest version is 3.4.6
[19:44] <sarnold> webfox: what 'squid' are you expecting? wikipedia reports their most recent version is 3.4.6, released in june 2014
[19:44] <YamakasY> i'm trying to find the right debian-installer source for 14.04.1 LTS
[19:44] <webfox> well, not sure now. I was reading  https://help.ubuntu.com/community/Squid
[19:45] <sarnold> webfox: funny enough I am. no idea why, I thought the debian mirror setup I used had it on 8000, but I'm apparently listening on both.
[19:45] <sarnold> "surprise!"
[19:45] <RoyK> webfox: the current version probably works :P
[19:45] <webfox> I am quite new on using it. And is seems to be blocking everything by default.
[19:45] <sarnold> webfox: oh, that appears to be talking about ubuntu versions from seven years ago :)
[19:46] <webfox> sarnold: :P
[19:46] <RoyK> webfox: did you change the squid config? ;)
[19:46] <webfox> RoyK: not sure how, yet ;)
[19:46] <RoyK> webfox: vi /etc/squid3/squid.conf
[19:47] <RoyK> webfox: or change 'vi' to 'nano' if you're a newbie
[19:47] <webfox> No, I use vim
[19:47] <sarnold> webfox: don't worry, the first time I set up squid was back in 96 or 97, it seems fairly similar.. :)
[19:47] <RoyK> sarnold: more or less the same ;)
[19:48] <webfox> I would like to allow an specific IP full access.
[19:48] <webfox> Others than that completly blocked.
[19:48] <RoyK> webfox: just read the config file - it's got lots of comments - look for ^acl
[19:49] <webfox> Ok. let me try it.
[19:56] <YamakasY> anyone and idea about this when building an image ?
[19:56] <YamakasY> cp /usr/lib/syslinux/pxelinux.0 ./tmp/netboot/dir_tree/ubuntu-installer/amd64
[19:56] <YamakasY> cp: cannot stat '/usr/lib/syslinux/pxelinux.0': No such file or directory
[19:56] <YamakasY> this is on the 14.04.1 source
[19:57] <sarnold> YamakasY: install syslinux-common?
[19:58] <YamakasY> sarnold: is installed
[19:58] <YamakasY> it was all pain to get the right packages :)
[19:58] <YamakasY> when I pull a recent one from git it goes well, but that one is too new for LTS
[19:58] <YamakasY> so won't boot
[20:00] <YamakasY> sarnold: so is that source missing parts ?
[20:01] <sarnold> YamakasY: I'm not sure; is the 'cp' running in a chroot or lxc container or sometihng similar?
[20:01] <YamakasY> sarnold: I do a fakeroot
[20:02] <sarnold> YamakasY: apt-file search pxelinux.0  reports that path is owned by syslinux-common, so if the package is installed, it should be there
[20:02] <sarnold> YamakasY: hmmm. fakeroot LD_PRELOADs some libraries, which might not work depending upon the programs that are executed
[20:02] <YamakasY> sarnold: yeah I had some trouble with packages so I downloaded the latest stable ones for syslinux and so on
[20:02] <YamakasY> yeah running as root now
[20:02] <YamakasY> kinda fun to do
[20:03] <sarnold> oh okay
[20:03] <sarnold> hunh
[20:03] <YamakasY> there is a stupid preseed bug for netcf
[20:03] <YamakasY> netcfg
[20:03] <sarnold> YamakasY: well, when it doubt, add in strace :)
[20:04] <YamakasY> damn again
[20:04] <YamakasY> sarnold: should syslinux be too new ?
[20:05] <sarnold> YamakasY: no idea there. All I know is you've got an error saying the file doesn't exist, but you're confident the file is there, right? so break out strace and find out what's going on to change the filesystem view..
[20:05] <YamakasY> sarnold: nah I installed the package
[20:05] <YamakasY> that is
[20:06] <sarnold> lunchtime :) have fun YamakasY
[20:07] <YamakasY> damn my mirror server is becoming a hoo!
[20:07] <YamakasY> sarnold: have a nice lunch
[20:23] <YamakasY> sarnold: fixed, the package was too new to other location
[20:23] <YamakasY> the maintainer like to rename a lot btw
[20:27] <webfox> I am reading a tutorial about squid and there is a like as : "Get ready with the configuration file located at /opt/squid/etc/squid.conf"
[20:28] <webfox> I don't think it is for Ubuntu because I don't have any items inside /opt folder
[20:29] <webfox> But I don't know if it uses a different .config file other than the main default one.
[20:29] <qman__> On ubuntu, squid uses /etc/squid3/squid3.conf
[20:30] <webfox> yes, perhaps the book just uses the default .config file. I think I will make a backup of it. :D
[20:37] <scoutmastershake> Has anyone had a problem with 14.04 and proftpd where user auth just stops working for one user? I'm having this problem and the only work around currently is to reset the password with passwd.
[20:39] <scoutmastershake> ???
[20:39] <scoutmastershake> Helllo!!!
[20:57] <pmatulis> scoutmastershake: hello, how are you?
[21:10] <zzxc> Alright I got a question. I have someone wanting to to a SFTP connection in my machine (chrooted with a rbash shell to prevent anything but SFTP). The guy keeps insisting that I need to send him a public key. Is it just me or does that make absolutly no sense?
[21:12] <zzxc> as I understand it private keys should always be on the client side and public keys should always be on the client side. Otherwise you have a private key that is shared on a shared resource.
[21:16] <fridaynext> I'm having an email issue.
[21:16] <fridaynext> My WordPress installs are supposed to send me emails to notify me of new sales.  They are, indeed sending out the emails,
[21:16] <fridaynext> but those emails are going directly to the Postfix/dovecot install that I switched away from 2 weeks ago, instead of my Google Apps address.
[21:16] <fridaynext> Do you folks know how php mail() works, to get it to route outside of my Ubuntu 12.04 (Linode) server?
[21:17] <catbus1> Hi, I am getting the hash sum mismatch error from the apt-get update around package bzip2. I found an irclog about the same error message on this channel, and learned that this might be temporary, but I have encountered this issue several times. I am wondering if someone can point me to the right direction to get this solved.
[21:29] <scoutmastershake> pmatulis: hellp
[21:29] <scoutmastershake> pmatulis: hello
[21:30] <pmatulis> scoutmastershake: yes?
[21:31] <scoutmastershake> Has anyone had a problem with 14.04 and proftpd where user auth just stops working for one user? I'm having this problem and the only work around currently is to reset the password with passwd.
[21:31] <pmatulis> zzxc: the person logging in needs to have his public key on the server he's logging in to
[21:31] <zzxc> pmatulis: Yeah thats what I was thinking.
[21:32] <pmatulis> zzxc: did you test logging in with keys to the chrooted environment?
[21:33] <pmatulis> scoutmastershake: so after resetting the password everything works?  sounds like the user forgot the original password
[21:34] <RoyK> scoutmastershake: I stopped using proftpd some years back - vsftpd is nice - and if you need it secure, use sftp
[21:35] <RoyK> scoutmastershake: don't use cleartext login as with ftp, use sftp, it's supported on most platforms, windows included (filezilla is a good sftp client)
[21:36] <catbus1> W: Failed to fetch bzip2:/var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_precise_main_source_Sources  Hash Sum mismatch
[21:36] <catbus1> this is on 12.04.5
[21:37] <zzxc> pmatulis: I've set this up serveral times before. I have a few users that already have jail and I've had no issues. I've even had other companies have me walk them through how to set up there own.
[21:37] <zzxc> pmatulis: Issue is he's not giving me a public key
[21:40] <sarnold> catbus1: is it still there after a fresh apt-get update?
[21:40] <catbus1> sarnold: yes. and I just did the apt-get update again, it's still there.
[21:44] <sarnold> catbus1: can you grab the IP address (netstat -antp | grep http) while downloading the package lists?
[21:47] <catbus1> sarnold: 91.189.92.201 and 91.189.91.14.
[21:47] <scoutmastershake> never used vsftp how does it compare to proftpd
[21:47] <scoutmastershake> ?
[21:48] <sarnold> catbus1: thanks!
[21:48] <scoutmastershake> does it allow my to lock users in ther home directories
[21:48] <scoutmastershake> ?
[21:59] <fridaynext> mail sent from my ubuntu server to an email address attached to a domain on the same server isn't making it out to my google apps account - any ideas how to fix this?
[21:59] <fridaynext> I've already deleted references of the email address from virtual domains, forwardings, etc.
[22:01] <sarnold> fridaynext: check server logs to see if the googleapps server reported any errors
[22:02] <fridaynext> sarnold: mail works going to google apps, as long as it originates off of this server.
[22:03] <fridaynext> sarnold: ah - found it.
[22:03] <fridaynext> it's getting marked as spam now.
[22:04] <fridaynext> thanks for that tip! made me check the logs, which proved to me that it was indeed getting delivered.
[22:05] <sarnold> :)
[22:43] <pmatulis> catbus1: dunno, try changing mirrors