/srv/irclogs.ubuntu.com/2014/12/08/#ubuntu-server.txt

kevindfDoes any of you have tried Zentyal before?00:19
kevindfWould you guys recommend using Webmin on a Ubuntu home server?00:40
pmatuliskevindf: nope, webmin is considered hostile to ubuntu.  do not use it00:40
kevindfok, thank you :)00:40
pmatulis!webmin | kevindf00:41
ubottukevindf: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.00:41
kevindfthanks00:41
pmatulisnp00:41
qman!webmin00:42
ubottuwebmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.00:42
qmanoh, whoops00:42
qmanI'm blind00:42
acmehandlewhats the difference between python3 and python3m?00:50
=== Lcawte is now known as Lcawte|Away
lnxmenDoes anyone know how to debug memcached?01:08
lnxmenI have set it on VPS01:08
lnxmenAdded appropiate options to productive server01:09
lnxmenPHP does not return any error in case of connection01:09
lnxmenbut I get dozens of error when PHP tries to get phrases from cache01:09
lifelessacmehandle: 3m is the python3-minimal binary01:10
lvmerwhat's the difference between name & iname?  I see examples with both, like$  find /share/pictures/1-Camera/ -name 'Test.tif'01:16
lnxmenIt's strange because I have two almost identical configs on two VPSes.01:21
lnxmenFirst works, but second not.01:21
=== zz_DenBeiren is now known as DenBeiren
dustinspringmananyone here familiar with disabling a service from the files on a non-booting OS?02:36
dustinspringmanI've crashed an important box with apt-get upgrade... =/02:36
dustinspringmani've got access to teh files via mounting the disk with another vm, but.... I'm not certain how to kick out services that I don't want to start so I can troubleshoot which one is locking the vm on boot...02:37
pmatulisdustinspringman: look into preventing upstart jobs from starting02:49
dustinspringmanpmatulis: I just ran across a thread about that!!02:49
dustinspringmanmy problem appears to be that when the server boots now, it's flooding itself with smtp attempts/failures... I think I can get back into the vm if I can just stop postfix at boot for now..02:50
Patrickdkjust move the file out of /etc/init/02:50
Patrickdkthen after boot, slowly move them back in02:50
dustinspringmanPatrickdk: Was thinking about that, the upstart threads are saying to "echo manual >/etc/init/service~name.override02:51
pmatulisdustinspringman: so edit the postfix upstart job02:51
dustinspringmanI can just rename it right?02:51
pmatulisdustinspringman: what release is this?02:52
dustinspringman12.04.302:52
Patrickdkrename won't work02:52
dustinspringmanPatrickdk: rgr that02:53
dustinspringmanso, do I move it out of init or init.d ?02:53
Patrickdkif it's upstart, init02:53
Patrickdkif it's non-upstart init.d02:53
dustinspringmanit appears some of the services are upstart and some are not... is that accuratE?02:53
Patrickdkdepends02:54
dustinspringmanappears to be the case on this box..02:56
pmatulisdustinspringman: postfix is not an upstart job on precise02:59
Patrickdkit is for me :)02:59
dustinspringmanpmatulis: rgr that02:59
* Patrickdk doesn't use the ubuntu postfix init script though03:00
pmatulisdustinspringman: http://paste.ubuntu.com/9420952/03:04
=== zz_DenBeiren is now known as DenBeiren
dustinspringmanw00p w00p, killing that service fixed it!03:10
dustinspringmanthanks pmatulis and Patrickdk for the help! saved me a ton of time03:10
pmatulisdustinspringman: i'm glad it worked out for you.  w00p w00p!03:12
dustinspringmanBTW this was an Amazon EC2 instance... Otherwise I'd have had a much easier console access through a physical terminal or esxi console... Just to get to the files to be able to nix that faulty startup item, I had to launch a new EC2 instance, detach/attach the EBS volume from broken instance to the temp instance, mount the disk in the temp instance....... edit the init.d stuff and then re-attach to the original instan03:14
dustinspringmantime for a beer!03:15
riz0nHello, I am getting a "permission denied" error in cron, for awstats, my logfiles are in /var/log/apache2/custom ... What do I need to set the permissions for there to not be a permission errors?03:35
riz0ncd ..03:40
riz0noops ;)03:40
=== markthomas|away is now known as markthomas
=== markthomas is now known as markthomas|away
=== markthomas|away is now known as markthomas
=== markthomas is now known as markthomas|away
=== markthomas|away is now known as markthomas
=== markthomas is now known as markthomas|away
lordievaderGood morning.08:34
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
yossarianukhi - we have a script on a server (java based) that sometimes dies - what would be the best way of ensuring the process gets automatically restarted?10:40
yossarianuki.e watchdog ?10:41
lordievaderUpstart has the ability of respawns.10:41
yossarianuklordievader: thanks - I would have to upstartify my init script first though ?10:44
=== Lcawte|Away is now known as Lcawte
lordievaderSuppose so, yes.10:45
yossarianukok thank you10:49
pmatulismorning12:04
=== Lcawte is now known as Lcawte|Away
NigeySDoes anyone know if its possible to set rsyslogd to output via a different eth interface? i want to bind it to eth1 not eth012:54
sarthorHi, I have extracted some .deb file, that became 3 files, control.tar.gz, data.tar.gz and debian-binary, How can I make this again file.deb, HELP12:58
=== Lcawte|Away is now known as Lcawte
sarthorHi, again , I have 3 directories, in one folder, naming. DEBIAN  etc  usr , I want them as somefile.deb How can I do it, And where i got these files, I extraced some .deb file, made some changes, now I want these same as before. HELP, googled buy failing.14:23
=== Lcawte is now known as Lcawte|Away
=== MeltedDed is now known as MeltedLux
=== robher_ is now known as robher
caribouIs there an easy trick to boot a vivid cloud image with systemd as PID 1 ?14:55
cariboulooks like changing /etc/default/grub is not cutting it14:55
jamespagecaribou, you would need to update-initrd afterwards15:00
RoyKjamespage: update-initramfs -u15:00
cariboujamespage: ah, that's the trick, update-grub just isn't enough15:00
jamespageas RoyK says15:00
cariboujamespage: RoyK: thanks working fine15:01
=== Lcawte|Away is now known as Lcawte
acmehandleI'm getting a pam.d cant open /etc/default/locale error in one of my logs.  I did a search and found a bug submt going back to 2010.15:46
acmehandleHow was it resolved recently?15:46
acmehandleI'm on 1415:46
acmehandleIs this related to sudo?15:47
hxmis possible to create a sh script with fdisk instructions?16:17
rbasakhxm: look into sfdisk(8)16:18
hxmok thanks16:18
hxmi have other question16:48
hxmwhat is the file in the system which starts up the enviroment?16:48
hxm/boot/?16:48
hxmif there is no grub, what other thing i can use16:48
hxmuboot? that's binary, how can i select the kernel ?16:49
qmanhxm: grub is the default and supported bootloader16:52
hxmah, ok16:52
qmanOthers exist such as lilo (old and not likely to work) and syslinux (usually used for cd or netboot)16:53
hxmso what is uboot for? only embebed systems?16:54
qmanNever heard of it16:54
jhobbsit's really popular for ARM16:55
jhobbsfor embedded systems and more16:55
jhobbsphones, servers16:55
hxmah, those devices16:55
jhobbsbut it supports many architectures16:55
jhobbsyou're almost certainly not running it on an x86 system16:56
hxmsuper correct16:56
=== markthomas|away is now known as markthomas
=== Loque2002 is now known as Locke2002
acmehandleHow do I set vims system wide settings?17:46
lordievaderacmehandle: According to the manual /usr/share/vim/vimrc17:50
deeverhi17:59
deeverfor mysql-server, can i somehow change datadir right upon installation?17:59
semiosisjamespage: i'd like to get that process moving again, yes.18:21
semiosisjamespage: i need to sync up my PPA package changes with debian experimental, then merge that into ubuntu.  the upstream devs did a bunch of work fixing static analysis issues raised by the MIR security review but i think some still haven't been backported to release branches18:22
smbhallyn, So fwiw, I just uploaded a qemu to vivid which gives back the kvm-spice link18:57
=== markthomas is now known as markthomas|away
=== bilde2910|away is now known as bilde2910
jsmith-argotecSamba question - Had the SSL cert expire for my LDAP server and all samba auth stopped working.  Corrected the cert issue but now getting a different auth issue with any user: "init_sam_from_ldap: Entry found for user: jake smith, passdb/lookup_sid.c:1684(get_primary_group_sid) Failed to find a Unix account for jake smithUser jake smith in passdb, but getpwnam() fails!20:06
sarnoldjsmith-argotec: on first guess that sounds like something that might go away if you restart samba and associated daemons; I could imagine "replaced an expired LDAP certificate" might not be commonly tested20:08
jsmith-argotecI did restart ldap and samba (a few times now).  Checked nsswitch file - was files ldap - tried swapping without any change.20:10
sarnolddang20:11
jsmith-argotecyeah!20:11
jsmith-argotec:-(20:11
sarnoldjsmith-argotec: if it were my problem to debug I'd either (a) go reading through the source to find one of those error messages or (b) break out strace and find the systemcalls samba makes when reporting those errors; neither one would be much fun but they might let you find variables we're missing20:12
jsmith-argotecsarnold: ouch... might start getting outside my abilities to decipher what I would find but I will head that way20:14
pmatulisjsmith-argotec: that sounds like a samba error.  look for slapd errors.  possibly run slapd in debug mode (add '-d -1')20:14
pmatulisjsmith-argotec: also, did you ensure slapd started up properly?20:14
jsmith-argotecpmatulis: you mean that sounds like an ldap error?20:15
jsmith-argotecslapd rather?20:15
sarnoldpmatulis: oo20:15
pmatulisjsmith-argotec: i meant, it sounds like an error found in the samba logs20:15
pmatulisjsmith-argotec: check the slapd logs20:15
jsmith-argotecpmatulis: it is an error from the samba logs.20:16
jsmith-argotecok20:16
pmatulisjsmith-argotec: also try authenticating to slapd re TLS using a command line tool (ldapwhoami).  get samba out of the way20:17
jsmith-argotecpmatulis: is this a similiar test?  ldapsearch -xLLL -vvv -H ldaps://192.168.x.x -b dc=domain,dc=com ou=people uid20:19
jsmith-argotecpmatulis: nss_ldap: failed to bind to LDAP server ldaps://192.168.x.x/: Can't contact LDAP server20:21
jsmith-argotecpmatulis: just found I still have an auth error around ldap ^^^20:21
pmatulisjsmith-argotec: add -ZZ to enforce TLS20:22
NigeySDoes anyone know if its possible to set rsyslogd to output via a different eth interface? i want to bind it to eth1 not eth020:22
pmatulisjsmith-argotec: and you should really not be using LDAP over TLS (ldaps) but StartTLS instead20:22
jsmith-argotecpmatulis: ldapsearch -xLLL -vvvvvv -ZZ -H ldap://192.168.x.x -b dc=argotec,dc=com ou=people uid20:23
jsmith-argotecsuccessful ^^20:23
pmatulisjsmith-argotec: very good20:24
pmatulisjsmith-argotec: so slapd is running and TLS is working20:24
jsmith-argotecpmatulis: that's good...20:25
pmatulisjsmith-argotec: you can try starting slapd in high debug mode or try to find a less verbose debug mode, and then try connecting from samba20:26
jsmith-argotecpmatulis: could it have really been that nscd cache was stale?!?!?!20:26
pmatulisjsmith-argotec: oof20:27
jsmith-argotecpmatulis: ??20:28
pmatulisjsmith-argotec: sorry, i thought you got it running by restarting nscd20:29
pmatulisjsmith-argotec: or flushing its cache20:29
jsmith-argotecpmatulis: looks like I did!  just thought of it because of the nss-ldap error and restarted nscd... seems to be good now20:29
jsmith-argotecpmatulis: I think that makes sense...?20:30
pmatulisjsmith-argotec: good.  with nscd nothing makes much sense.  it's a piece of used jet trash20:30
jsmith-argotecpmatulis: hahahaha!20:30
hadifarnoudfor some reason, we need to setup our own DNS servers. there are many options out there. since it's a critical part of our Saas app, I'd like to know your opinion on how to do it20:32
hadifarn_for some reason, we need to setup our own DNS servers. there are many options out there. since it's a critical part of our Saas app, I'd like to know your opinion on how to do it20:34
=== markthomas|away is now known as markthomas
pmatulishadifarn_: choose you poison, bind or dnsmasq and go from there20:55
hadifarn_pmatulis: since I want to add domains to it via a php app on another server, which one you recommend?20:56
pmatulishadifarn_: no idea about PHP, sorry20:57
hadifarn_pmatulis: which one is easier to setup?20:58
hadifarn_no djbdns?20:58
zzxcHey I'm creating a new SSL keyfile. Does anyone know how to specify to use a SHA-256 signature?21:02
tewardzzxc: you mean the actual key file that you need to provide for the cert to work?  or the CSR?21:04
zzxcteward: My understanding was you first generated a keyfile, then used the key to geneate the CSR21:05
avid_fanzzxc: Maybe this might help: http://itigloo.com/security/generate-an-openssl-certificate-request-with-sha-256-signature/21:06
tewardzzxc: i think the key is just the key, not the signature, and that the CSR is created/signed with that key - at least, from what I've seen21:06
tewardzzxc: you can define -sha256 when you generate the CSR21:06
avid_fanzzxc: Step 1 creates a key with a SHA-256 signature21:06
zzxcSo the inital keyfile, to answer your question teward.21:06
tewardahhh yes ,i was wrong21:07
tewardzzxc: -sha25621:07
tewardadd that to the arguments, forces the SHA-256 signature21:07
tewardalso provide it with the CSR21:07
tewardCSR command if you want to enforce sha256 signature21:07
teward(not necessary, I think, if the key is sha256, but i'm always overly paranoid about things not doing what I want)21:07
zzxcavid_fan: Yeah that was what I was using as a reference but everything after the block length seems to be ignored. I accidently misplaces the -dec3 flag and it skipped it without complaing that it shouldn't have been there.21:07
zzxcteward: Also if I add -sha256 to the arguements it complains that it doesn't know what the flag means.21:09
tewardheh, then the docs i have are old...21:11
* teward shrugs21:11
jsmith-argotecsarnold: pmatulis: Thank you both for your help!21:20
zzxcteward: *sign* man this is irksome. Well thanks I'll keep digging.21:20
tewardzzxc: i'm digging in the manpage now. but i'm going to poke ##openssl and ask21:22
zzxcteward: Haha I was actually just about to head over there and ask the same thing21:22
avid_fanzzxc: I'm not an expert in SSL, certs, keys, and the like, but I'm not sure that keys have a signature.21:22
qmanKeys have fingerprints or thumbprints, same idea, different name21:23
zzxcYeah. OpenSSL was complaing that my current key is sha1.21:24
zzxcSorry ssllabs*21:25
avid_fanzzxc: Gotcha21:26
=== cmagina_ is now known as cmagina
pmatulisjsmith-argotec: welcome21:27
JosephDuffyHi everyone. I feel like I'm on the very last steps of getting my mail server working and could use some help. I'm using postfix and courier and can't get SMTP to authenticate. Is anyone able to help?21:32
pmatulis!ask | JosephDuffy21:35
ubottuJosephDuffy: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience21:35
JosephDuffyOk, I don't have a specific issue since I'm struggling to get to that point. Here's what I know: I followed a tutorial (http://www.pixelinx.com/2013/09/creating-a-mail-server-on-ubuntu-postfix-courier-ssltls-spamassassin-clamav-amavis/). I'm using MySQL to store the users, and when I use the command "testsaslauthd -u joseph@domain.com -p password -s smtp" I get "0: NO "authentication failed"". I can connect a21:40
JosephDuffynd recieve mail via IMAP and POP. I have nothing in /var/log/auth.log and I can see the requests reaching MySQL. In /etc/pam.d/smtp I have http://pastebin.com/agABukjE21:40
pmatulisJosephDuffy: courier, interesting.  most 'buntu folks use dovecot21:42
JosephDuffyI'm willing to start over. I'm not much of a server admin so I went for the tutorial that looked easiest. Apparently it didn't go so well21:43
=== bilde2910 is now known as bilde2910|away
pmatulisJosephDuffy: well your choice but you are more likely to get further help on dovecot than courier21:43
pmatulis(if using Ubuntu)21:44
pmatulisJosephDuffy: but do things work with TLS turned off?21:44
pmatulisJosephDuffy: so everything works except the testsaslauthd command?21:45
JosephDuffyFor SMTP? I'm not sure I've checked, but I've been doing most of my tests by telnet port 25 so not secure. I just posted the testsaslauthd because that's the only sort of error message I can get21:45
pmatulisJosephDuffy: ok, so IMAP and POP3 work21:46
pmatulisJosephDuffy: but SMTP does not21:46
JosephDuffypmatulis: Yes. SSL over those doesn't seem to but that's not a big deal right now. SMTP fails on auth21:46
pmatulisJosephDuffy: does SMTP work with TLS turned off?  last time i used it, postfix and smtp-auth was a bit hacked together21:48
JosephDuffyI'll try turning it off21:49
JosephDuffypmatulis: That didn't seem to help21:52
pmatulisJosephDuffy: well, make sure non-TLS works before moving on to TLS21:52
pmatulisJosephDuffy: you might find better help on #postfix . be prepared to provide a pastebin of 'postconf -n' and a chunk of postfix log messages21:52
JosephDuffypmatulis: Thanks, didn't even realise that was a room. I'll move myself over there. Thanks :)21:53
pmatulisJosephDuffy: welcome21:53
=== keithzg_ is now known as keithzg
=== txspud|afk is now known as txspud
NTQHi. I have some problems installing a mailserver with postfix, postfixadmin, dovecot and roundcube on Ubuntu 12.04.5 LTS Server. Here are some more information: http://nopaste.info/ede8334a86.html22:55
NTQI used a german-speaking tutorial: http://wiki.nefarius.at/linux/der_perfekte_mail-server22:58
keithzgNTQ: When you say you're trying to connect with Thunderbird, do you mean to your mailbox via IMAP, or to send a message via SMTP?23:00
patdk-wkwell, fix all those errors and warnings23:00
patdk-wknothing can work, when it says FATAL ERROR23:00
keithzgYeah, "fatal: no SASL authentication mechanisms" seems pretty definitive about that, heh.23:01
NTQI am new to set up a mail server. This is my first try. ;) So I have no idea where to look first when I see such errors.23:02
patdk-wkgoogle!23:02
patdk-wkhttps://www.google.com/?gws_rd=ssl#q=ubuntu+fatal+no+sasl+authentication+mechanisms23:03
NTQGoogle is my friend, but there is also an IRC23:03
* keithzg currently has a postfix-related issue of his own, trying to figure out how to minimally filter out all messages with "X-Spam-Flag: YES" via postfix, on a server where SpamAssassin can't really be installed (but it's getting messages already flagged by spamassassin on another server, it just needs to notice and shelve or delete them)23:03
patdk-wksure there is irc23:03
patdk-wkI just googled it for you23:03
patdk-wknow you just need to read and fix it :)23:03
patdk-wkkeithzg, header_checks23:03
keithzgpatdk-wk: aha, thanks, all *my* google searches were overflowing with folks saying "of course, you just use this script that calls spamc . . ." which doesn't work when the server in question resists compiling the damn thing, heh23:04
NTQThe directory /var/spool/postfix/private/auth does not exist. I was hoping you can lead me to the right direction to find the misconfiguration.23:05
patdk-wkntq, fix dovecot23:05
NTQMaybe I should reset all dovecot config files and start from the beginning. ;)23:07
=== Locke2002 is now known as Guest78914
NTQOr simply use a simple dovecot.conf and not that whole bunch of files in conf.d23:08
patdk-wkboth sound kindof insane23:09
patdk-wkyour using postfixadmin23:10
patdk-wkyou should have configured dovecot the way postfixadmin required23:10
patdk-wkthen you should have configured dovecot how postfix requires for sasl and lmtp23:10
patdk-wkit looks like your using dovecot lda, that is not a very good option, but your using 12.04, and I can't remember if you have lmtp in that version or not23:11
patdk-wkthe fix is like 2 lines to dovecot23:11
patdk-wkhow many other problems? not sure23:11
patdk-wkhow many other problems will you have if you start over? not sure23:11
patdk-wkif I must do your google for you: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL23:12
NTQI already found that link, thank you. I'll give my best. :)23:14
=== Lcawte is now known as Lcawte|Away
NTQNow the path /var/spool/postfix/private/auth exists. I tried a new login attempt with Roundcube and in mail.log there are now some failed login attempts. But i think the problem is here that the method was PLAIN. I will try it with thunderbird now.23:31
NTQI got now this errors: http://paste.ubuntuusers.de/420773/23:36
patdk-wksounds like you have tls/ssl configured incorrectly23:45
IronlennyHas anyone dealt with nat port forwarding in kvm?23:46
patdk-wkreally funky you have pipelining disabled on submission port though23:48
patdk-wkwhoa, that tutorial you used is old as hell23:49
patdk-wkdovecot 1.2? postfix 2.5?23:49
patdk-wkwhat does your master.cf file look like?23:50
ScottKIIRC the Ubuntu server guide has rather more up to date instructions.23:52

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!