/srv/irclogs.ubuntu.com/2014/12/10/#ubuntu-server.txt

JanCNTQ: start debugging by watching logs on both client & server00:10
=== Lcawte is now known as Lcawte|Away
JanC(client logs might require that you start your mail client from a terminal with certain options)00:12
NTQJanC: My client is thunderbird. And it says the username-password combination could be wrong. On the server side I see this: http://nopaste.info/index.html00:13
JanCNTQ: wrong link?00:14
NTQyes, sorry00:14
NTQhttp://nopaste.info/8593b482dc.html00:15
NTQI was too fast00:15
JanCthat's for sending mail?00:16
NTQThat's for trying to login into the IMAP account over STARTLS or SSL.00:17
JanCall those messages are from Postfix, none from Dovecot?00:17
NTQThunderbird has a mechanism to guess the right parameters for a new mailserver. So it tries different settings for connecting to the server.00:18
NTQI know, but I configured postfix to use dovecot for authentication.00:18
NTQBut maybe I have some misconfigurations in postfix. I don't know. Because I am new to it.00:19
NTQIn my first paste you can find the output of postconf -n00:20
JanCyou say "I can not login as that user to get the mails" --> "getting mails" requires IMAP/POP, and thus Dovecot?00:20
JanCif you don't see any Dovecot messages, then you probably aren't connecting to Dovecot00:22
NTQAccording to this tutorial yes: https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql00:22
NTQAs you can see I have a lot to learn about this mail server stuff.00:23
JanCas there is no Dovecot log there, you probably want to check Thunderbird log output (and/or maybe use Wireshark)00:32
NTQOkay, now I have new logs from dovecot.log: http://nopaste.info/035691232e.html00:32
JanCoh, and check if the Thunderbird config is actually correct00:32
NTQI guess "fatal unkown CA" is a problem from thunderbird, because of the self signed certificate.00:33
JanCyes, probably something like that00:34
JanCis it self-signed or do you use your own CA?00:34
NTQIt's the standard dovecot certificate.00:35
JanCugh00:36
NTQI thought I can use this for testing00:36
JanCyou should always create your own certs (then you can test that too ;) )00:37
NTQWhat's about that snakeoil cert?00:37
JanCthere might be an option in TB to disable or relax the CA check00:38
JanCNTQ: not sure if anything is wrong with it really, or what00:39
JanCbut usually default passwords/certs are not something you want to use  :)00:40
NTQDo I need a qualified certificate for each of the virtual domains or only one for the mail server itself?00:40
NTQThe mailserver has the name loft1234.serverloft.de and then there are many other domains domain1.tld, domain2.tld and their MX record points to mail.domainX.tld. And mail.domainX.tld points directly to the loft1234 with an A record.00:42
JanCNTQ: are you using a client cert?00:44
NTQNo00:45
JanCanyway, you should probably try to get client-side logs too00:45
JanCalso, google for error messages after removing the parts that are specific to your case (i.e. domains, IP addresses, usernames, etc.)00:50
JanCand try what changes in the logs when you change certain settings00:50
JanC(assuming you are trying this on a server that's not directly connected to the internet?)00:51
* JanC has to go00:51
NTQJanC: The server is directly connected to the internet00:51
NTQI got logs from thunderbird.00:51
NTQDoes this help? http://nopaste.info/aa306323c2.html00:53
NTQThere is always a "authlogin failed"00:55
NTQIs it because the mail address is webmaster@domain.tld, but the server is mail.domain.tld?00:55
NTQBecause domain.tld resolves to an other IP than mail.domain.tld00:56
NTQBut the MX record of domain.tld points to mail.domain.tld00:56
Patrickdkntq, nothing is wrong with dovecot00:57
Patrickdkfix thunderbird00:57
NTQI added the certificate to thunderbird.00:57
NTQI can not change much in thunderbird except trying different login parameters.00:58
JanChow did you add the cert?00:58
Patrickdkwhy would you add the cert to thunderbird?00:59
Patrickdkthat has nothing to do with the problem00:59
NTQI deleted all certificates in thunderbird which belongs to domain.tld. Then I added the new mail account and TB asked me if I want to accept the certificate.00:59
Patrickdkso? that isn't the problem00:59
Patrickdk[AUTHENTICATIONFAILED] Authentication failed.00:59
Patrickdkright from the log00:59
JanCokay, adding it that way should be right00:59
Patrickdkat the point it errors on username/password01:00
Patrickdkit is LONG past dealing with certificates01:00
JanCPatrickdk: Dovecot ay something about "fatal unknown CA" though01:00
JanCsays01:00
Patrickdkno it doesn't01:01
Patrickdkit's a warning, not an error01:01
Patrickdkit should be an unknown, he is not using cert logins01:01
NTQWoah. I got it.01:01
Patrickdkhe enabled all kinds of extra debugging, that is confusing the issue01:02
JanCtrue, is listed as a Warning01:02
NTQThe login is not webmaster@domain.tld. it's webmaster@domain.tld@domain.tld01:02
JanCnot sure why it says "fatal"01:02
NTQI got mail01:02
Patrickdkit is fatal :)01:02
Patrickdkcert logins will not work, fatal failed, no certs are trusted :)01:02
JanCNTQ: that sounds like a server config error01:02
NTQI guess the SQL statement is wrong01:03
Patrickdkthe sql looks fine01:03
JanCmaybe the SQL used to add an account was wrong01:03
NTQThat was postfixadmin01:03
Patrickdkbut a question though01:04
Patrickdkthat sql seems so odd though01:04
NTQusername="webmaster@domain.tld", local_part="webmaster", domain="domain.tld"01:04
NTQThat's the entry in the database.01:04
Patrickdkya, the domain is probably screwing it up01:04
Patrickdkhere is what I use01:05
Patrickdkpassword_query = SELECT username AS user,password, CONCAT('/var/mail/virtual/', maildir) AS home, 106 AS uid, 106 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active='1'01:05
Patrickdkuser_query = SELECT CONCAT('/var/mail/virtual/', maildir) AS home, 106 AS uid, 106 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active='1'01:05
Patrickdkiterate_query = SELECT username AS user FROM mailbox where active='1'01:05
JanCif you use postfixadmin you should probably check that your SQL/tables are compatible with that...01:06
Patrickdkthis was from my one and single postfixadmin install :)01:06
Patrickdknormally I just do it all custom01:06
Patrickdkif you use my sql above, you can do this: http://paste.ubuntu.com/9449319/01:07
Patrickdkit makes it use less sql lookups01:07
JanCI've never used postfixadmin even  :)01:07
NTQI need postfixadmin for some customers which wants to set up mail addresses for their domains.01:08
Patrickdkinstead of looking up user + password, it will lookup password first and get user info also01:08
PatrickdkI adjusted my postfixadmin to use real password hashs though, md5 just sucks01:08
PatrickdkI should add on my nice sql password rotation limits01:09
NTQThat's a good idea.01:09
NTQOkay, next problem is that thunderbird doesn't want to send mails.01:09
NTQBut I will go to bed now. It's already 2:10 am01:10
JanCNTQ: same problem for sending?01:10
JanCas it uses Dovecot SASL for auth?01:10
NTQI tryed both logins. with and without double domain01:10
Patrickdklogs?01:10
NTQOnly two lines from postfix/smtpd. "connect from ..." "lost connection after UNKNOWN ..." "disconnect from ..."01:11
Patrickdkheh? there should also be some dovecot lines01:12
Patrickdkand postfix should print more01:12
Patrickdkif that is all, thunderbird failed to connect using ssl01:12
NTQMaybe01:13
Patrickdkwhat does your master.cf look like today?01:13
NTQaccording to netstat dovecot is listening to 993 and 995 and master (postfix) is listeing to 587, 465 and 2501:13
Patrickdknot what I asked01:13
Patrickdkand remove that smtpd_use_tls = yes line, that was killed long long ago01:14
NTQmaster.cf : http://nopaste.info/8ca730c60b.html01:15
Patrickdkit's all commented out01:16
Patrickdkno wonder01:16
Patrickdkremove those comments01:16
Patrickdkfrom line 17 to 2101:16
Patrickdkand comment out line 2201:16
NTQOkay. are the last two lines correct?01:17
Patrickdkand when your ready to stop spam, the first thing to do, is learn about postscreen01:17
Patrickdkyou don't use the last two lines, and should never use them01:17
Patrickdklmtp is MUCH better01:17
Patrickdkand your already using lmtp now01:17
NTQok01:17
Patrickdkto enable postscreen, comment out line 11, and uncomment 12 to 1501:17
Patrickdkbut lets leave that till after email works :)01:17
NTQI got now some warnings: " unused parameter: dovecot_destination_recipient_limit=1" and01:18
Patrickdkjust remove that line01:18
NTQYes. Sending works. Thank you!01:21
NTQWow. The good thing is I have learned many new things. :)01:22
NTQGood night, guys.01:23
Patrickdkdoing email is so much nicer in #postfix01:23
Patrickdkwhere I have a bot to abuse :)01:23
NTQBetter I write my own tutorial for postfix, dovecot and postfixadmin in german language. The next time I can come back to it. ;)01:28
pmatulisNTQ: consider helping with the ubuntu server guide!01:47
pmatulishttps://wiki.ubuntu.com/DocumentationTeam/SystemDocumentation/UbuntuServerGuide01:47
=== markthomas is now known as markthomas|away
=== zz_DenBeiren is now known as DenBeiren
bananapieDoes anyone know if/when systemd will fully replace startupd in ubuntu?03:05
Patrickdkprobably never03:10
Patrickdkthere is no startupd03:10
NegativeFlarePatrickdk: systemd03:10
NegativeFlareand yes there is03:10
NegativeFlareDebian uses it03:10
NegativeFlareI think03:10
Patrickdkdebian uses systemd03:10
NegativeFlare<bananapie> Does anyone know if/when systemd will fully replace startupd in ubuntu?03:10
Patrickdkbut there is no such thing as startupd in debian/ubuntu03:10
NegativeFlareSystemd03:10
NegativeFlareoh03:11
NegativeFlareNevermind03:11
NegativeFlareWe use upstart03:11
Patrickdkyep03:12
Patrickdkdebian never used upstart03:12
Patrickdkupstart has grown on me03:12
PatrickdkI was *kindof* excited to move to systemd, till I looked at it03:12
bencchow can I check the file descriptor limit of a user?03:44
hallynsmb: thanks for the kvm-spice fix.  i notice DEB_VENDOR is still used in 2 places, wonder what else breaks.04:24
EuaDi'm using ufw for my linode servers firewall and I want to deny all traffic, allow only certain ports for znc and ssh on port 7926. is it better to reject by default or deny?05:16
Darknethi guys, what would you suggest to use as a management panel for free these days?06:39
EuaDgreat question. i too am curious06:47
=== DenBeiren is now known as zz_DenBeiren
lordievaderGood morning.08:03
smbhallyn, Oh did I miss other places. I thought I had checked at least the rules file for it. But it was a bit of a pass-by-shooting... :/08:15
sorenEuaD: Generally, deny is better.08:24
nivvHey guys! Is there a way to trigger automysqlbackup to send mail? I want to test if it works08:42
riochHow can I find out which commands have been run on a linux box by other users, possibly using sudo?08:45
henkjanrioch: you can check the users .bash_history if not removed08:46
henkjanrioch: sudo actions should have been loggen in /var/log/auth.log08:46
henkjanmaybe have a look at snoopy syslogging al executed commands08:47
henkjanhttps://github.com/a2o/snoopy08:47
riochhenkjan: nice tips, thanks. Snoopy looks really useful108:52
henkjanrioch: snoopy is in the repo's. you can install it with apt-get08:54
=== MeltedLux is now known as MeltedDed
=== Lcawte|Away is now known as Lcawte
samba35if i want to add ethernet card with pci passthrought do i require vd-t09:57
samba35is vt-d and iommu are same ?09:57
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
sorensamba35: IOMMU is a concept. VT-d is Intel's implementation.10:52
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
linuxmintCould I get some help with the command I ran. # apt-get install rpcbind nfs-kernel-server. Output: #: Pakcage 'rpcbind' has no installation candidate. E: Unable to locate package nfs-kernel-server.12:57
sorenlinuxmint: Try "apt-get update" first.12:59
sorenlinuxmint: If that doesn't fix it, your sources.list is probably busted.13:00
linuxmintsoren: thanks. Even # apt-get update seems to output errors: Failed to fetch... and Temporary failure resolving...13:05
sorenlinuxmint: The you need to.... your...13:05
linuxmintsoren: reinstall ubuntu server?13:05
sorenlinuxmint: No, why would you do that?13:05
linuxmintsoren: don't know, if in doubt, reinstall.13:06
ObrienDavenaw, probably a temporary mirror issue. try a different mirror13:06
sorenlinuxmint: But you see it's kinda hard to work out what the other person means when they just replace important bits with "..."?13:06
linuxmintsoren: sorry. Here's a sample, as I have to type it http://pastebin.com/S8m8QA0D13:11
sorenlinuxmint: Why do you have to type it?13:12
linuxmintsoren: The output is on a machine next to me.13:12
sorenlinuxmint: ssh?13:13
linuxmintsoren: yes, I could...let me see.13:13
dorftrotteland dont use pastebin.com..13:15
linuxmintdorftrottel: Howcome? I don't want to paste numerous lines here.13:17
dorftrottelthats not what i meant..13:18
dorftrottelpastebin.com tends to screw up code and uses cloudflare which is an annoyance for tor users and i hear its full of advertisement13:18
sorenlinuxmint: Use another pastebin service. Like http://paste.ubuntu.com/ or whatever.13:23
=== frankban__ is now known as frankban
linuxmintsoren: ok, kind of fixed the issue. Another package isn't downloading. # apt-get install nfs-kernel-server. I'll try the long nfs install version though.13:32
linuxmintHello, I installed NFS server. Any suggestions how I can manage the HDDs. I currently have one HDD running the Ubuntu server and NDS server. I plan to add 3 more HDDs which will store the backups and movies etc. Do I just connect the HDDs and NFS recognises/mounts them?14:36
lordievaderlinuxmint: No, nfs only exports what is defined in /etc/exports.14:37
linuxmintlordievader: that sounds confusing. I thought the NFS server will store the data from the computers with data (NFS clients).14:39
linuxmintlordievader: so, on computer2 (an NFS client), I transfer a file to computer1 (the NFS server), I decide on computer 2 which HDD to transfer to on the NFS server?14:39
lordievaderlinuxmint: Your nfs server doesn't really care about hdd's. The export file defines what clients have what rights on what shares.14:41
linuxmintlordievader: ok, sounds like I need to go through the install walkthrough again to clarify that https://help.ubuntu.com/community/SettingUpNFSHowTo14:42
linuxmintlordievader: I plan to let the NFS server export file allow the clients to to have all rights. The NFS server will just be a dumb place to dump data.14:43
linuxmintlordievader: ok, have to go. Thanks, I'll figure it out tomorrow.14:44
=== ogra_` is now known as ogra_
=== Lcawte is now known as Lcawte|Away
jamespagezul, stgraber: any ideas? - https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/140114815:39
uvirtbotLaunchpad bug 1401148 in lxc "Re/starting an lxc container corrupts all network namespaces on the same physical host" [Undecided,New]15:39
stgrabersmells like a kernel bug15:40
=== MeltedDed is now known as MeltedLux
zuljamespage:  what stgraber said15:42
smbThough apparmor also can cause some pain... ok that can be a kernel bug, too15:43
smbjamespage, I assume that is Vivid. Still the 3.16 kernel?15:46
smboops no15:46
smbone just needs to read15:46
=== martinst is now known as martins-afk
anomie21Why does my document root point to /var/www/html/lunarrecruitment.co.uk ? http://109.74.192.130/ - I've checked the default-ssl.conf and the 000-default.conf and they're both set to /var/www/html15:51
smbjamespage, Did that namespace issue just start to happen?15:51
=== bilde2910|away is now known as bilde2910
tewardanomie21: check your other configurations for sites.  Paste them to a pastebin if you'd like me to take a look.  You might have a default_server entry somewhere still pointing to there15:54
anomie21teward: New vps so only a few domains luckily - http://pastebin.com/70AhUT5n15:55
teward... i want to send pastebin.com to the depths of hell.15:56
tewardanomie21: i don't know the ordering of which file is seen first, but if I'm right, whichever listener is seen first seems to be what Apache will point at.15:58
tewards/listener/VirtualHost/15:58
tewardin which case you might need to define a default if you want otherwise15:58
tewardnote to self don't open 50 tabs in chrome .>.15:58
tewardanomie21: you might want to consider creating a default vhost that defines a specific docroot15:59
monkeynuttswould anybody be so kind as to take a quick look over this http://pastebin.com/hiCaWTYQ15:59
anomie21It should order 00-deafult.conf surely?15:59
teward(as a suggestion)15:59
monkeynuttsits a script for transpartent proxy with bypass ability15:59
monkeynuttsrunning on 14.04 in a vm on esxi15:59
monkeynuttsits working for some but not for others on my lan and its driving me potty16:00
tewardanomie21: in theory yes, it should.  which of the ones you pasted was first in 000-default.conf?16:00
anomie21teward: These are the two defaults, 000 is first-  http://pastebin.com/SS78NPA816:01
tewardanomie21: which is actually enabled and in sites-enabled? both of them?16:03
anomie21both yeah16:04
teward... crap, i'm late for a meeting...................16:04
teward>.>16:04
jamespagesmb, tbh I'm not sure - I've seen issues with namespaces in the past - but this is the first time I've been able to identify a possible cause16:11
jamespagesmb, I can reproduce at will but it knocks out access to our entire qa cloud :-)16:12
smbjamespage, Ok, so that could have been there all along (in T). Question always is whether you can experiment with more recent kernels (like U)16:14
jamespagesmb, I could try with the hardware enablement kernel I guess :-)16:15
smbOr probably whether one can cause the same with a smaller scale environment.16:15
jamespagesmb, yeah - we should be able todo that16:15
smbjamespage, Its always good if we have something we can do locally without rendering destruction on shared infrastructure. :)16:16
smbsforshee, ^ in case you missed it16:18
=== markthomas|away is now known as markthomas
jamespagesmb, sforshee: OK - so I can reproduce quite easily16:52
jamespagecreate a network namespace and then start an lxc container16:52
jamespagebefore start - ip netns exec <nsname> ip addr16:52
jamespageworks OK16:52
jamespageafterwards16:52
jamespageseting the network namespace "test-tests" failed: Invalid argument16:52
smbjamespage, Wait... maybe you could update the bug with those instructions (for dummies level)16:53
jamespagesmb, doing so now16:53
smbjamespage, ok cool16:53
=== Lcawte|Away is now known as Lcawte
jamespagesmb, added16:54
jamespageagain that's on 14.04 with stock 3.13 kernel16:54
smbjamespage, ok. ack. tahnks for the update16:55
frobwareis there some build rules (or repo) I could look at to see how UEC images are built?17:22
frobwarein particular the ...-disk1.img images17:23
jamespagesmb, I can reproduce on utopic and vivid as well17:39
smbjamespage, ok, thanks. Will try to reproduce it on a VM. Might be tomorrow, though. Or maybe sforshee beats me there.17:40
=== martins-afk is now known as martinst
=== Lcawte is now known as Lcawte|Away
=== matsubara is now known as matsubara-afk
=== markthomas is now known as markthomas|afk
=== markthomas|afk is now known as markthomas
=== bilde2910 is now known as bilde2910|away
Kaeltenso if I have 30 servers and I want to sync a drive so that all the files where available on all thirty drives, would gluster be a the fit or is there something else I should look at21:40
=== Lcawte|Away is now known as Lcawte
bekksKaelten: Why dont you just create a network share and mount it on all other servers?21:53
Kaeltenassume that's not a valid solution for this use case21:58
sarnoldKaelten: take a look at ceph22:14
sarnoldKaelten: depending upon what you want, you might also want to consider NFS22:14
=== mfisch is now known as Guest76485
=== Guest76485 is now known as mfisch
=== MeltedLux is now known as MeltedDed
keithzgArghhh, I just simply cannot figure out why an increasing number of hosts on my network are resolving as "hostname.local" instead of "hostname.our.fqdn" . . .22:45
hariomI am following this debian readme as that is the only available for how to install Atlas linear algebra package. Will this work for Ubuntu 12.04?23:08
hariomhttps://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/atlas/trusty/view/head:/debian/README.Debian23:08
=== Lcawte is now known as Lcawte|Away
=== martinst is now known as martins-afk
pmatulissarnold: i was going to mention cephfs but i'm not certain it has been released as production-ready23:49
=== martins-afk is now known as martinst

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!