[00:19] <kevindf> Does any of you have tried Zentyal before?
[00:40] <kevindf> Would you guys recommend using Webmin on a Ubuntu home server?
[00:40] <pmatulis> kevindf: nope, webmin is considered hostile to ubuntu.  do not use it
[00:40] <kevindf> ok, thank you :)
[00:41] <pmatulis> !webmin | kevindf
[00:41] <kevindf> thanks
[00:41] <pmatulis> np
[00:42] <qman> !webmin
[00:42] <qman> oh, whoops
[00:42] <qman> I'm blind
[00:50] <acmehandle> whats the difference between python3 and python3m?
[01:08] <lnxmen> Does anyone know how to debug memcached?
[01:08] <lnxmen> I have set it on VPS
[01:09] <lnxmen> Added appropiate options to productive server
[01:09] <lnxmen> PHP does not return any error in case of connection
[01:09] <lnxmen> but I get dozens of error when PHP tries to get phrases from cache
[01:10] <lifeless> acmehandle: 3m is the python3-minimal binary
[01:16] <lvmer> what's the difference between name & iname?  I see examples with both, like$  find /share/pictures/1-Camera/ -name 'Test.tif'
[01:21] <lnxmen> It's strange because I have two almost identical configs on two VPSes.
[01:21] <lnxmen> First works, but second not.
[02:36] <dustinspringman> anyone here familiar with disabling a service from the files on a non-booting OS?
[02:36] <dustinspringman> I've crashed an important box with apt-get upgrade... =/
[02:37] <dustinspringman> i've got access to teh files via mounting the disk with another vm, but.... I'm not certain how to kick out services that I don't want to start so I can troubleshoot which one is locking the vm on boot...
[02:49] <pmatulis> dustinspringman: look into preventing upstart jobs from starting
[02:49] <dustinspringman> pmatulis: I just ran across a thread about that!!
[02:50] <dustinspringman> my problem appears to be that when the server boots now, it's flooding itself with smtp attempts/failures... I think I can get back into the vm if I can just stop postfix at boot for now..
[02:50] <Patrickdk> just move the file out of /etc/init/
[02:50] <Patrickdk> then after boot, slowly move them back in
[02:51] <dustinspringman> Patrickdk: Was thinking about that, the upstart threads are saying to "echo manual >/etc/init/service~name.override
[02:51] <pmatulis> dustinspringman: so edit the postfix upstart job
[02:51] <dustinspringman> I can just rename it right?
[02:52] <pmatulis> dustinspringman: what release is this?
[02:52] <dustinspringman> 12.04.3
[02:52] <Patrickdk> rename won't work
[02:53] <dustinspringman> Patrickdk: rgr that
[02:53] <dustinspringman> so, do I move it out of init or init.d ?
[02:53] <Patrickdk> if it's upstart, init
[02:53] <Patrickdk> if it's non-upstart init.d
[02:53] <dustinspringman> it appears some of the services are upstart and some are not... is that accuratE?
[02:54] <Patrickdk> depends
[02:56] <dustinspringman> appears to be the case on this box..
[02:59] <pmatulis> dustinspringman: postfix is not an upstart job on precise
[02:59] <Patrickdk> it is for me :)
[02:59] <dustinspringman> pmatulis: rgr that
[03:00]  * Patrickdk doesn't use the ubuntu postfix init script though
[03:04] <pmatulis> dustinspringman: http://paste.ubuntu.com/9420952/
[03:10] <dustinspringman> w00p w00p, killing that service fixed it!
[03:10] <dustinspringman> thanks pmatulis and Patrickdk for the help! saved me a ton of time
[03:12] <pmatulis> dustinspringman: i'm glad it worked out for you.  w00p w00p!
[03:14] <dustinspringman> BTW this was an Amazon EC2 instance... Otherwise I'd have had a much easier console access through a physical terminal or esxi console... Just to get to the files to be able to nix that faulty startup item, I had to launch a new EC2 instance, detach/attach the EBS volume from broken instance to the temp instance, mount the disk in the temp instance....... edit the init.d stuff and then re-attach to the original instan
[03:15] <dustinspringman> time for a beer!
[03:35] <riz0n> Hello, I am getting a "permission denied" error in cron, for awstats, my logfiles are in /var/log/apache2/custom ... What do I need to set the permissions for there to not be a permission errors?
[03:40] <riz0n> cd ..
[03:40] <riz0n> oops ;)
[08:34] <lordievader> Good morning.
[10:40] <yossarianuk> hi - we have a script on a server (java based) that sometimes dies - what would be the best way of ensuring the process gets automatically restarted?
[10:41] <yossarianuk> i.e watchdog ?
[10:41] <lordievader> Upstart has the ability of respawns.
[10:44] <yossarianuk> lordievader: thanks - I would have to upstartify my init script first though ?
[10:45] <lordievader> Suppose so, yes.
[10:49] <yossarianuk> ok thank you
[12:04] <pmatulis> morning
[12:54] <NigeyS> Does anyone know if its possible to set rsyslogd to output via a different eth interface? i want to bind it to eth1 not eth0
[12:58] <sarthor> Hi, I have extracted some .deb file, that became 3 files, control.tar.gz, data.tar.gz and debian-binary, How can I make this again file.deb, HELP
[14:23] <sarthor> Hi, again , I have 3 directories, in one folder, naming. DEBIAN  etc  usr , I want them as somefile.deb How can I do it, And where i got these files, I extraced some .deb file, made some changes, now I want these same as before. HELP, googled buy failing.
[14:55] <caribou> Is there an easy trick to boot a vivid cloud image with systemd as PID 1 ?
[14:55] <caribou> looks like changing /etc/default/grub is not cutting it
[15:00] <jamespage> caribou, you would need to update-initrd afterwards
[15:00] <RoyK> jamespage: update-initramfs -u
[15:00] <caribou> jamespage: ah, that's the trick, update-grub just isn't enough
[15:00] <jamespage> as RoyK says
[15:01] <caribou> jamespage: RoyK: thanks working fine
[15:46] <acmehandle> I'm getting a pam.d cant open /etc/default/locale error in one of my logs.  I did a search and found a bug submt going back to 2010.
[15:46] <acmehandle> How was it resolved recently?
[15:46] <acmehandle> I'm on 14
[15:47] <acmehandle> Is this related to sudo?
[16:17] <hxm> is possible to create a sh script with fdisk instructions?
[16:18] <rbasak> hxm: look into sfdisk(8)
[16:18] <hxm> ok thanks
[16:48] <hxm> i have other question
[16:48] <hxm> what is the file in the system which starts up the enviroment?
[16:48] <hxm> /boot/?
[16:48] <hxm> if there is no grub, what other thing i can use
[16:49] <hxm> uboot? that's binary, how can i select the kernel ?
[16:52] <qman> hxm: grub is the default and supported bootloader
[16:52] <hxm> ah, ok
[16:53] <qman> Others exist such as lilo (old and not likely to work) and syslinux (usually used for cd or netboot)
[16:54] <hxm> so what is uboot for? only embebed systems?
[16:54] <qman> Never heard of it
[16:55] <jhobbs> it's really popular for ARM
[16:55] <jhobbs> for embedded systems and more
[16:55] <jhobbs> phones, servers
[16:55] <hxm> ah, those devices
[16:55] <jhobbs> but it supports many architectures
[16:56] <jhobbs> you're almost certainly not running it on an x86 system
[16:56] <hxm> super correct
[17:46] <acmehandle> How do I set vims system wide settings?
[17:50] <lordievader> acmehandle: According to the manual /usr/share/vim/vimrc
[17:59] <deever> hi
[17:59] <deever> for mysql-server, can i somehow change datadir right upon installation?
[18:21] <semiosis> jamespage: i'd like to get that process moving again, yes.
[18:22] <semiosis> jamespage: i need to sync up my PPA package changes with debian experimental, then merge that into ubuntu.  the upstream devs did a bunch of work fixing static analysis issues raised by the MIR security review but i think some still haven't been backported to release branches
[18:57] <smb> hallyn, So fwiw, I just uploaded a qemu to vivid which gives back the kvm-spice link
[20:06] <jsmith-argotec> Samba question - Had the SSL cert expire for my LDAP server and all samba auth stopped working.  Corrected the cert issue but now getting a different auth issue with any user: "init_sam_from_ldap: Entry found for user: jake smith, passdb/lookup_sid.c:1684(get_primary_group_sid) Failed to find a Unix account for jake smithUser jake smith in passdb, but getpwnam() fails!
[20:08] <sarnold> jsmith-argotec: on first guess that sounds like something that might go away if you restart samba and associated daemons; I could imagine "replaced an expired LDAP certificate" might not be commonly tested
[20:10] <jsmith-argotec> I did restart ldap and samba (a few times now).  Checked nsswitch file - was files ldap - tried swapping without any change.
[20:11] <sarnold> dang
[20:11] <jsmith-argotec> yeah!
[20:11] <jsmith-argotec> :-(
[20:12] <sarnold> jsmith-argotec: if it were my problem to debug I'd either (a) go reading through the source to find one of those error messages or (b) break out strace and find the systemcalls samba makes when reporting those errors; neither one would be much fun but they might let you find variables we're missing
[20:14] <jsmith-argotec> sarnold: ouch... might start getting outside my abilities to decipher what I would find but I will head that way
[20:14] <pmatulis> jsmith-argotec: that sounds like a samba error.  look for slapd errors.  possibly run slapd in debug mode (add '-d -1')
[20:14] <pmatulis> jsmith-argotec: also, did you ensure slapd started up properly?
[20:15] <jsmith-argotec> pmatulis: you mean that sounds like an ldap error?
[20:15] <jsmith-argotec> slapd rather?
[20:15] <sarnold> pmatulis: oo
[20:15] <pmatulis> jsmith-argotec: i meant, it sounds like an error found in the samba logs
[20:15] <pmatulis> jsmith-argotec: check the slapd logs
[20:16] <jsmith-argotec> pmatulis: it is an error from the samba logs.
[20:16] <jsmith-argotec> ok
[20:17] <pmatulis> jsmith-argotec: also try authenticating to slapd re TLS using a command line tool (ldapwhoami).  get samba out of the way
[20:19] <jsmith-argotec> pmatulis: is this a similiar test?  ldapsearch -xLLL -vvv -H ldaps://192.168.x.x -b dc=domain,dc=com ou=people uid
[20:21] <jsmith-argotec> pmatulis: nss_ldap: failed to bind to LDAP server ldaps://192.168.x.x/: Can't contact LDAP server
[20:21] <jsmith-argotec> pmatulis: just found I still have an auth error around ldap ^^^
[20:22] <pmatulis> jsmith-argotec: add -ZZ to enforce TLS
[20:22] <NigeyS> Does anyone know if its possible to set rsyslogd to output via a different eth interface? i want to bind it to eth1 not eth0
[20:22] <pmatulis> jsmith-argotec: and you should really not be using LDAP over TLS (ldaps) but StartTLS instead
[20:23] <jsmith-argotec> pmatulis: ldapsearch -xLLL -vvvvvv -ZZ -H ldap://192.168.x.x -b dc=argotec,dc=com ou=people uid
[20:23] <jsmith-argotec> successful ^^
[20:24] <pmatulis> jsmith-argotec: very good
[20:24] <pmatulis> jsmith-argotec: so slapd is running and TLS is working
[20:25] <jsmith-argotec> pmatulis: that's good...
[20:26] <pmatulis> jsmith-argotec: you can try starting slapd in high debug mode or try to find a less verbose debug mode, and then try connecting from samba
[20:26] <jsmith-argotec> pmatulis: could it have really been that nscd cache was stale?!?!?!
[20:27] <pmatulis> jsmith-argotec: oof
[20:28] <jsmith-argotec> pmatulis: ??
[20:29] <pmatulis> jsmith-argotec: sorry, i thought you got it running by restarting nscd
[20:29] <pmatulis> jsmith-argotec: or flushing its cache
[20:29] <jsmith-argotec> pmatulis: looks like I did!  just thought of it because of the nss-ldap error and restarted nscd... seems to be good now
[20:30] <jsmith-argotec> pmatulis: I think that makes sense...?
[20:30] <pmatulis> jsmith-argotec: good.  with nscd nothing makes much sense.  it's a piece of used jet trash
[20:30] <jsmith-argotec> pmatulis: hahahaha!
[20:32] <hadifarnoud> for some reason, we need to setup our own DNS servers. there are many options out there. since it's a critical part of our Saas app, I'd like to know your opinion on how to do it
[20:34] <hadifarn_> for some reason, we need to setup our own DNS servers. there are many options out there. since it's a critical part of our Saas app, I'd like to know your opinion on how to do it
[20:55] <pmatulis> hadifarn_: choose you poison, bind or dnsmasq and go from there
[20:56] <hadifarn_> pmatulis: since I want to add domains to it via a php app on another server, which one you recommend?
[20:57] <pmatulis> hadifarn_: no idea about PHP, sorry
[20:58] <hadifarn_> pmatulis: which one is easier to setup?
[20:58] <hadifarn_> no djbdns?
[21:02] <zzxc> Hey I'm creating a new SSL keyfile. Does anyone know how to specify to use a SHA-256 signature?
[21:04] <teward> zzxc: you mean the actual key file that you need to provide for the cert to work?  or the CSR?
[21:05] <zzxc> teward: My understanding was you first generated a keyfile, then used the key to geneate the CSR
[21:06] <avid_fan> zzxc: Maybe this might help: http://itigloo.com/security/generate-an-openssl-certificate-request-with-sha-256-signature/
[21:06] <teward> zzxc: i think the key is just the key, not the signature, and that the CSR is created/signed with that key - at least, from what I've seen
[21:06] <teward> zzxc: you can define -sha256 when you generate the CSR
[21:06] <avid_fan> zzxc: Step 1 creates a key with a SHA-256 signature
[21:06] <zzxc> So the inital keyfile, to answer your question teward.
[21:07] <teward> ahhh yes ,i was wrong
[21:07] <teward> zzxc: -sha256
[21:07] <teward> add that to the arguments, forces the SHA-256 signature
[21:07] <teward> also provide it with the CSR
[21:07] <teward> CSR command if you want to enforce sha256 signature
[21:07] <teward> (not necessary, I think, if the key is sha256, but i'm always overly paranoid about things not doing what I want)
[21:07] <zzxc> avid_fan: Yeah that was what I was using as a reference but everything after the block length seems to be ignored. I accidently misplaces the -dec3 flag and it skipped it without complaing that it shouldn't have been there.
[21:09] <zzxc> teward: Also if I add -sha256 to the arguements it complains that it doesn't know what the flag means.
[21:11] <teward> heh, then the docs i have are old...
[21:11]  * teward shrugs
[21:20] <jsmith-argotec> sarnold: pmatulis: Thank you both for your help!
[21:20] <zzxc> teward: *sign* man this is irksome. Well thanks I'll keep digging.
[21:22] <teward> zzxc: i'm digging in the manpage now. but i'm going to poke ##openssl and ask
[21:22] <zzxc> teward: Haha I was actually just about to head over there and ask the same thing
[21:22] <avid_fan> zzxc: I'm not an expert in SSL, certs, keys, and the like, but I'm not sure that keys have a signature.
[21:23] <qman> Keys have fingerprints or thumbprints, same idea, different name
[21:24] <zzxc> Yeah. OpenSSL was complaing that my current key is sha1.
[21:25] <zzxc> Sorry ssllabs*
[21:26] <avid_fan> zzxc: Gotcha
[21:27] <pmatulis> jsmith-argotec: welcome
[21:32] <JosephDuffy> Hi everyone. I feel like I'm on the very last steps of getting my mail server working and could use some help. I'm using postfix and courier and can't get SMTP to authenticate. Is anyone able to help?
[21:35] <pmatulis> !ask | JosephDuffy
[21:40] <JosephDuffy> Ok, I don't have a specific issue since I'm struggling to get to that point. Here's what I know: I followed a tutorial (http://www.pixelinx.com/2013/09/creating-a-mail-server-on-ubuntu-postfix-courier-ssltls-spamassassin-clamav-amavis/). I'm using MySQL to store the users, and when I use the command "testsaslauthd -u joseph@domain.com -p password -s smtp" I get "0: NO "authentication failed"". I can connect a
[21:40] <JosephDuffy> nd recieve mail via IMAP and POP. I have nothing in /var/log/auth.log and I can see the requests reaching MySQL. In /etc/pam.d/smtp I have http://pastebin.com/agABukjE
[21:42] <pmatulis> JosephDuffy: courier, interesting.  most 'buntu folks use dovecot
[21:43] <JosephDuffy> I'm willing to start over. I'm not much of a server admin so I went for the tutorial that looked easiest. Apparently it didn't go so well
[21:43] <pmatulis> JosephDuffy: well your choice but you are more likely to get further help on dovecot than courier
[21:44] <pmatulis> (if using Ubuntu)
[21:44] <pmatulis> JosephDuffy: but do things work with TLS turned off?
[21:45] <pmatulis> JosephDuffy: so everything works except the testsaslauthd command?
[21:45] <JosephDuffy> For SMTP? I'm not sure I've checked, but I've been doing most of my tests by telnet port 25 so not secure. I just posted the testsaslauthd because that's the only sort of error message I can get
[21:46] <pmatulis> JosephDuffy: ok, so IMAP and POP3 work
[21:46] <pmatulis> JosephDuffy: but SMTP does not
[21:46] <JosephDuffy> pmatulis: Yes. SSL over those doesn't seem to but that's not a big deal right now. SMTP fails on auth
[21:48] <pmatulis> JosephDuffy: does SMTP work with TLS turned off?  last time i used it, postfix and smtp-auth was a bit hacked together
[21:49] <JosephDuffy> I'll try turning it off
[21:52] <JosephDuffy> pmatulis: That didn't seem to help
[21:52] <pmatulis> JosephDuffy: well, make sure non-TLS works before moving on to TLS
[21:52] <pmatulis> JosephDuffy: you might find better help on #postfix . be prepared to provide a pastebin of 'postconf -n' and a chunk of postfix log messages
[21:53] <JosephDuffy> pmatulis: Thanks, didn't even realise that was a room. I'll move myself over there. Thanks :)
[21:53] <pmatulis> JosephDuffy: welcome
[22:55] <NTQ> Hi. I have some problems installing a mailserver with postfix, postfixadmin, dovecot and roundcube on Ubuntu 12.04.5 LTS Server. Here are some more information: http://nopaste.info/ede8334a86.html
[22:58] <NTQ> I used a german-speaking tutorial: http://wiki.nefarius.at/linux/der_perfekte_mail-server
[23:00] <keithzg> NTQ: When you say you're trying to connect with Thunderbird, do you mean to your mailbox via IMAP, or to send a message via SMTP?
[23:00] <patdk-wk> well, fix all those errors and warnings
[23:00] <patdk-wk> nothing can work, when it says FATAL ERROR
[23:01] <keithzg> Yeah, "fatal: no SASL authentication mechanisms" seems pretty definitive about that, heh.
[23:02] <NTQ> I am new to set up a mail server. This is my first try. ;) So I have no idea where to look first when I see such errors.
[23:02] <patdk-wk> google!
[23:03] <patdk-wk> https://www.google.com/?gws_rd=ssl#q=ubuntu+fatal+no+sasl+authentication+mechanisms
[23:03] <NTQ> Google is my friend, but there is also an IRC
[23:03]  * keithzg currently has a postfix-related issue of his own, trying to figure out how to minimally filter out all messages with "X-Spam-Flag: YES" via postfix, on a server where SpamAssassin can't really be installed (but it's getting messages already flagged by spamassassin on another server, it just needs to notice and shelve or delete them)
[23:03] <patdk-wk> sure there is irc
[23:03] <patdk-wk> I just googled it for you
[23:03] <patdk-wk> now you just need to read and fix it :)
[23:03] <patdk-wk> keithzg, header_checks
[23:04] <keithzg> patdk-wk: aha, thanks, all *my* google searches were overflowing with folks saying "of course, you just use this script that calls spamc . . ." which doesn't work when the server in question resists compiling the damn thing, heh
[23:05] <NTQ> The directory /var/spool/postfix/private/auth does not exist. I was hoping you can lead me to the right direction to find the misconfiguration.
[23:05] <patdk-wk> ntq, fix dovecot
[23:07] <NTQ> Maybe I should reset all dovecot config files and start from the beginning. ;)
[23:08] <NTQ> Or simply use a simple dovecot.conf and not that whole bunch of files in conf.d
[23:09] <patdk-wk> both sound kindof insane
[23:10] <patdk-wk> your using postfixadmin
[23:10] <patdk-wk> you should have configured dovecot the way postfixadmin required
[23:10] <patdk-wk> then you should have configured dovecot how postfix requires for sasl and lmtp
[23:11] <patdk-wk> it looks like your using dovecot lda, that is not a very good option, but your using 12.04, and I can't remember if you have lmtp in that version or not
[23:11] <patdk-wk> the fix is like 2 lines to dovecot
[23:11] <patdk-wk> how many other problems? not sure
[23:11] <patdk-wk> how many other problems will you have if you start over? not sure
[23:12] <patdk-wk> if I must do your google for you: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
[23:14] <NTQ> I already found that link, thank you. I'll give my best. :)
[23:31] <NTQ> Now the path /var/spool/postfix/private/auth exists. I tried a new login attempt with Roundcube and in mail.log there are now some failed login attempts. But i think the problem is here that the method was PLAIN. I will try it with thunderbird now.
[23:36] <NTQ> I got now this errors: http://paste.ubuntuusers.de/420773/
[23:45] <patdk-wk> sounds like you have tls/ssl configured incorrectly
[23:46] <Ironlenny> Has anyone dealt with nat port forwarding in kvm?
[23:48] <patdk-wk> really funky you have pipelining disabled on submission port though
[23:49] <patdk-wk> whoa, that tutorial you used is old as hell
[23:49] <patdk-wk> dovecot 1.2? postfix 2.5?
[23:50] <patdk-wk> what does your master.cf file look like?
[23:52] <ScottK> IIRC the Ubuntu server guide has rather more up to date instructions.