/srv/irclogs.ubuntu.com/2015/03/11/#ubuntu-server.txt

Patrickdksarnold, this is a ubuntu channel, head is not to be used in here :)00:17
Patrickdkarcsky heh?00:17
Patrickdkit's like one line00:17
arcskyPatrickdk: how?00:18
Patrickdk@syslogserver00:18
Patrickdkor for tcp @@syslogserver00:18
arcskydoes not work00:18
Patrickdkwhere is your config?00:18
=== arosales_ is now known as arosales
Patrickdkyour doing something wrong00:20
PatrickdkI have done this to thousands of servers using rsyslog without issue00:20
Patrickdkusing udp, tcp, and relp00:20
arcskyPatrickdk: http://pastebin.com/FYgWhWC700:22
PatrickdkI'm suprised rsyslog runs at all with all that stuff00:23
Patrickdkcomment out likes 61, 32, 64, and either 66 or 6700:23
Patrickdkwhat DOES your receiving side support?00:23
sarnoldPatrickdk: what's wrong with HEAD? :)00:25
Patrickdknothing, if done properly00:25
arcskyPatrickdk: its udp on the server side (syslog-ng) which works super00:26
Patrickdkand it is *listening* on 516?00:27
Patrickdkcause the *normal* port is 51400:27
Patrickdkso comment out all that stuff, 61, 63, 64, and 6700:27
arcskyPatrickdk: listning on 516 yes. udp. normal 514 yes. ok let try00:32
arcskyPatrickdk: no succes00:34
Patrickdkrun, tcpdump port 51600:34
Patrickdkand see if you see any packets when syslog messages are generated00:34
arcskynothing00:36
Patrickdkodd00:36
Patrickdktry putting *.* @192.168.168.199:516 before the $IncludeConfig line00:37
Patrickdkrestart rsyslog, and see if tcpdump sees anything then00:37
Patrickdkmaybe one of the included configs has a stop command00:37
arcskyPatrickdk: can it be something that i had syslog-ng running too?00:38
Patrickdkheh?00:38
Patrickdkubuntu normally doesn't allow syslog-ng and rsyslog to be installed at the same time00:38
Patrickdkunless you work hard to break it00:39
arcskycase closed. thanks00:45
sarnoldwhat ws it?00:45
Patrickdkwe will never know00:46
arcsky:D00:46
arcskyi did install a fresh Ubuntu server and added *.* @192.168.168.199:516 and restarted it .. worked..00:47
arcskythanks Patrickdk and good night00:47
arcskymust been conflict with syslog-ng00:48
Patrickdkwell, normally, when you install syslog-ng, ubuntu uninstalls rsyslog00:48
Patrickdk:)00:48
keithzgHmm, interesting, the current Windows 10 Technical Preview is unable to access SMB shares from our fileserver or any other boxes around the office network (all running 14.04, samba 4.1.6), immediately complains that "you might not have permission to access this network resource". Windows 8.1 and older clients connect just fine still.00:49
WACOMaltHey folks. How can I allow ssh on more than the default port 22?01:06
WACOMaltstandard ssh ports are blocked at my work, cant connect to my server01:06
sarnoldWACOMalt: see ListenAddress in sshd_config(5)01:07
WACOMaltah there we go01:08
WACOMaltshould I just add a new line under "Port 22" with like.. "Port 25678" or whatever?01:08
WACOMaltcurrently my ListenAddress line is commented out, is that normal?01:08
Patrickdkyes01:08
WACOMaltok01:08
Patrickdknot sure if multible are supported or not01:09
WACOMaltoh01:09
Patrickdkan iptables redirect rule could be used too01:09
WACOMaltwould that more likely allow more than one port?01:09
sarnoldoh heh there is a "port" config :) I found the listenaddress and didn't look further01:09
sarnoldlooks like multiple port commands can be given01:09
Patrickdkthen yep :)01:10
WACOMaltawesome01:10
WACOMaltthanks for the info :)01:10
Patrickdkiptables redirect works for anything though :)01:10
Patrickdkit's a backup option01:10
WACOMaltok, if this doesnt go I'll read up on that01:10
WACOMaltnever done iptables stuff01:10
sarnoldyeah, but the nice bit about config is that netstat -anp will give the right answer :)01:10
WACOMaltah, right01:10
sarnoldif you do it via iptables it won't be as obvious..01:11
WACOMaltI dont mind it being obvious01:11
WACOMaltor do you mean obvious to my employer?01:12
sarnoldobvious to whoever admins the machine :)01:12
WACOMaltthat'd be me :)01:12
sarnoldit'll be identically obvious to employers either way01:12
WACOMalttrying to remember the command to restart sshd on ubuntu. tried /etc/init.d/ssh restart and service sshd restart01:13
WACOMaltbut the fact that it's not giving me status or kicking me out of my current ssh session tells me thats not working...01:14
sarnoldsudo service ssh restart should do it01:15
sarnoldit shouldn't disconnect existing connections either01:15
WACOMaltoh cool01:16
WACOMaltthere we go, got it working01:16
WACOMaltthanks sarnold  and Patrickdk01:16
SuperLagI did "apt-get install lamp-server^". It installed mysql 5.5.41. If I download the .deb files for 5.7.6, is there an easy way to upgrade, or will stuff break?01:34
WACOMaltso this is offtopic I'm sure. Tell me to shut up if you want. :)  But is there any way when I am sitting at work, to test and see what ports arent blocked so I can set my ssh server to one of them?01:34
sarnoldWACOMalt: not easily; nmap -p1-65535 ip.add.res.s would scan all ports on your host; if you see some "filtered" then those are being dropped by a firewall, but firewalls can be configured to reject packets too, in which case it might not be obvious which ones get through and which ones are just not open on your computer01:37
sarnoldWACOMalt: note that a portscan like that is liable to set off some blinking luights at your employer... if they closely monitor things, this one is liable to show up.01:39
WACOMaltWell, I'm a lower level tech specialist guy. They dont mind me getting around so much01:40
WACOMaltas long as they dont have to make a door for me :)01:40
sarnoldprobably port 80 just works :) do you need a web server:)01:41
WACOMaltI do :(01:43
WACOMaltthats the main feature of this server01:43
=== FreezingAlt is now known as FreezingCold
dtscodecan someone help me with these errors? https://bpaste.net/show/514c1b3e8eb505:50
dtscodeanyone?06:02
lordievaderGood morning.07:35
=== kickinz1|afk is now known as kickinz1
marushello, is there a good way to restore file/folder from encrypt filesystem?08:20
jpdsUnlock the filesystem?08:22
lordievadermarus: If you have forgotten the password then you've lost the files. That is the whole point of encryption.08:22
=== kickinz1 is now known as kickinz1|afk
=== kickinz1|afk is now known as kickinz1
arcskyrsyslog.conf, *.* sends all from /var/log right? even dirs?09:38
jpdsarcsky: No.09:47
jpdsarcsky: It sends what's sent to syslog.09:47
jpdsarcsky: Do you use Puppet by any chance?09:47
jpdsarcsky: Apache for example doesn't log to syslog.09:48
arcskyjpds: nope i dont use puppet. how do i send evryhing in /var/log to a external syslog?09:52
jpdsarcsky: You can't.09:53
jpdsarcsky: That's what I was telling you yesterday.09:53
jpdsarcsky: Best you could do for that is rsync everything somewhere else.09:54
arcskyok09:55
arcskyto bad , rsyslog09:56
jpdsrsyslog works fine.09:56
jpdsIt's just that not everything is made to log to syslog.09:56
jpdsI wouldn't want my Apache stuff in syslog.09:56
jpdsI'd rather every site logged to its own log.09:57
arcskyjpds: if i do login with ssh with wrong passwd. it get logged to auth.log is that a part of syslog right?10:00
jpdsarcsky: Yes.10:00
arcskyjpds: ok i understand10:02
arcskyso if i want for example httpd logs i have to use rsync?10:02
jpdsarcsky: Yep, just for /var/log/apache2/ though.10:03
arcskyoke rsync sends to syslog or only via ssh/samba/nfs ?10:04
jpdsarcsky: rsync can go via ssh.10:04
jpdsMuch easier.10:04
arcskyok10:05
=== Lcawte|Away is now known as Lcawte
=== kickinz1 is now known as kickinz1|afk
LachezarHey all: Ubuntu Server Ubuntu 14.04.2 LTS: At apt-get upgrade: dmsg: Request for unknown module key 'Magrathea: Glacier signing key: ...' err -1112:11
LachezarThe dmesg line is repeated 11 times12:12
LachezarWhat's wrong?12:12
=== kickinz1|afk is now known as kickinz1
LachezarHm. Is it possible, that a previous apt-get update+upgrade has replaced the modules for the current kernel (version), so now the modules are signed with one key, but the kernel that was loaded has a different key? Because I can see "Loaded X.509 cert 'Magrathea: Glacier signing key: ...'", but the key does not match…12:20
WalexLachezar: web search for "Magrathea: Glacier signing key"12:22
jpdsLachezar: I think that there's a different key for every kernel.12:24
LachezarWalex: already did that. Nothing helpful.12:25
Lachezarjpds: I remember, that I had an update that upgraded the kernel packages WITHOUT installing new packages, but rather upgrading the current ones. This seemed odd, as almost every time I get a kernel upgrade the new kernel comes as new packages. I was not sure if it was something to be warned about.12:26
Lachezarjpds: Might that be the reason for having the same kernel (version): history.log:Upgrade: linux-image-extra-3.13.0-46-generic:i386 (3.13.0-46.76, 3.13.0-46.77) ...12:28
pmatulisLachezar: boot into the old kernel and see12:37
=== Lcawte is now known as Lcawte|Away
Lachezarpmatulis: I am booted into th eold kernel.13:13
Lachezarpmatulis: The kernel update did not request a reboot, so I'm still sporting the kernel before the upgrade, possibly with modules after the upgrade. Looks like a botched partial upgrade. I've scheduled a reboot at night. Will see tomorrow.13:14
=== arosales_ is now known as arosales
smoserrandomly speaking out loud, wondering if someone has a solution for this.  i want to log consoles of libvirt domains with conserver-server15:27
smoserbut if the domain isnt running, then 'virsh console <name>' will fail, and eventually conserver-server will give up15:28
smoserit seems like you could poke at conserver-server on libvirt events to tell it to re-read or re-try its consoles... i'ms ure thats all possible. but just wasn't obvious15:29
smoserand i was somwhat surprised to not know of a solutoin15:29
smosers/not know/not find/15:37
rbasaksmoser: maybe wrap it?15:40
rbasaksmoser: in something that retries indefinitely. An expect script maybe.15:40
rbasak(as it wants to provide a TTY really)15:41
smoserright. yeah, thats what i thought. and libvirt provides a way to get events for start stop of the thing.15:41
smoserso its possible15:41
smoseri just kind of fifugred someone would have odn ethis beofre.15:41
smosertypos aside ;)15:41
helpseekerHello15:42
helpseekerI need some help for using ubuntu server for an idea I had15:43
helpseekerIs someone in here which can advise me15:43
smoserwell, you can ask. someone might respond. maybe not.15:43
helpseekerokay thx15:43
helpseekerI have a team in a game with five guys15:44
helpseekerAnd I have a root server with ubuntu 14.0415:44
helpseekerWe want that server to recieve some streams15:44
helpseekerone stream is a livestream from a game15:44
helpseekerfive webcams with streams from five different computers15:45
helpseekerthe server has to add these six streams into one and forward that to twitch15:45
helpseekeris this possible?15:45
helpseekernot "add". the better word is "merge"15:46
helpseekeron the right: game-strem; on the left five webcams in a vertical row15:47
helpseekerI do not find any solution for that by googling that or get any answers by some forums15:48
jrwrenhelpseeker: yes, it is possible. it has nothing to do with ubuntu-server. You would need to write software to do this.15:48
helpseekerOk, I thought someone built that before and I did not find it15:49
helpseekerWhat kind of tutorial would you prefer in this case to get a solution?15:50
helpseekerOr what type of software do you mean? A addon maybe for a darwin-thing?15:51
Blinkiz Hello. Am running ubuntu 14.04 and have a openvpn server running in a unprivileged container. My problem is that the container can not access /dev/net/tun. How can I solve this?15:59
Blinkizoh, talking about LXC here16:00
ivoksBlinkiz: two ways16:10
ivoksBlinkiz: run container as root16:10
ivoksBlinkiz: or allow container to access that device16:10
Blinkizivoks, hi. thanks for the suggestions above16:22
Blinkizivoks, I like the idea about giving the container access to that device. How can I do this?16:22
BlinkizI have in my config file "lxc.cgroup.devices.allow = c 10:200 rwm". Is this what you mean allowing access?16:29
ivoksBlinkiz: yeah, something like that16:31
ivoksBlinkiz: i don't know it by heart16:31
ivoksi suggest googling lxc device passtrough16:31
RudeViperI just did a complete clean install of 13.04 (14.04 keeps failing for some reason - none given) - when I try to do a "sudo apt-get update" I keep getting lines and lines of "Failed to fetch http://*****" can someone tell me how to fix this?16:31
Blinkizivoks, the line is correct. Nice search string, will try that.16:31
patdk-wkRudeViper, 13.04 isn't supported anymore, it's too old16:36
patdk-wkyou could update everything to use the archive repo though16:36
RudeViperpatdk-wk - how do I do that?16:39
patdk-wkdunno, google?16:39
=== bilde2910|away is now known as bilde2910
RudeViperoh this is great cause 14.041 won't work either16:41
RudeViper14.0416:41
patdk-wkhttps://help.ubuntu.com/community/EOLUpgrades16:43
patdk-wkhttp://askubuntu.com/questions/91815/how-to-install-software-or-upgrade-from-an-old-unsupported-release16:44
RudeViperdoing that now - maybe by upgrading that will solve the issues I was having with a clean install of 14.0416:48
RudeViperpatdk-wk - thanks - that seems to be working16:59
linociscohi all17:08
linociscoGood night or good morning17:08
=== mgagne_PHL is now known as mgagne
linociscohi all, lets say I have a domain name and single ubuntu mail server configured using domain name. If internet down to my server, and I dont wanna lose all emails, how could I do?17:17
linociscoif my internet is down for 1 day or 1hr due to some reason, how can I protect now to lose incoming emails especially during these period?17:18
linociscoif my internet is down for 1 day or 1hr due to some reason, how can I protect not to lose incoming emails especially during these period?17:18
RudeViperok patdk-wk - have run those scripts - would you be able to tell me if there is a command to find out what version I am running now? Just to see if all went alright.17:21
patdk-wkcat /etc/release? or /etc/issue17:22
patdk-wkforget exactly17:22
RudeViperpatdk-wk ok thanks - will run those as soon as updates are finished17:23
patdk-wkya /etc/issue will show you17:23
RudeViperok it is showing 13.10 - so have to do it again to get 14.04 - thanks - you have been a really big help17:24
RudeViperafter I do this - I need to put a gui on it - for some stuff I need to do later- however - I don't want it starting with the server - tried before and it always starts on reboot - how can I prevent that from the get go?17:25
patdk-wkheh?17:26
patdk-wkwas there a question in that?17:26
RudeViperyes - how can I prevent say xfce4 from starting with the server after I install it - I only want the gui to run when I call it manually17:26
patdk-wkdisable the lightdm service?17:27
patdk-wkthat I don't really know17:27
RudeViperok - I'll keep looking while it upgrades again17:27
=== wendar_ is now known as wendar
=== Lcawte|Away is now known as Lcawte
=== tsimpson is now known as lubotu1
=== lubotu1 is now known as tsimpson
Pwnnadoes anyone here know why the memory cgroup are not started during server boot even tho cgroup_enable=memory is specified in the kernel boot options?19:07
Pwnnai'm very confused.19:07
=== Lcawte is now known as Lcawte|Away
tgm4883Alright everyone, been banging my head against this for too long. Probably missing something simple. I have a script that backs up mysql dbs and is supposed to scp files to another server. The SCP portion fails though, as it tells me the file isn't found19:08
tgm4883Here is the relevant portion of the backup script19:09
tgm4883http://pastebin.ubuntu.com/10581658/19:09
Pwnnahttps://pastebin.mozilla.org/882533019:09
tgm4883The offending line being line 919:09
tgm4883The error message I get is        scp: /srv/backups/MySQL/testdatabase.2015-03-11-12:09:51.gz: No such file or directory19:10
tgm4883This seems to indicate that $FILE  (or ${FILE}) isn't being seen, despite it echoing correctly in the previous line19:11
tgm4883It echo's something similar to /backup/mysql/testdb.2015-03-11-12:09:52.gz19:12
tgm4883actually just fixed it. Super weird, but scp didn't like colons being in the filename from the timestamp19:21
=== kickinz1 is now known as kickinz1|afk
=== martins-afk is now known as martinst
keithzgAnyone have any ideas on how to debug and/or work around Windows 10's inability to access samba shares? (at least those shared from 14.04)? I'm sadly seeing nothing in the main /var/log/samba/log.smbd when I make connection attempts.20:24
keithzgWindows 10 connect to the old version of Samba (3.4.4) running on the Drobo we have kicking around just fine, but every 14.04 machine I have (all running Samba 4.1.6-Ubuntu) results in an immediate failure to connect, just "you might not have permission to access this network resource", which, considering I've made sure to enable guest logins on all machines is definitely a mistaken impression on Windows' side...20:28
keithzgOf course it then admonishes me to "Contact the adminstrator of this server to find out if you have access permissions." Well thanks Windows, but I've talked to the admin, and he doesn't know why this isn't working because he's also me :P20:29
keithzgThis is if I try to access the computer via SMB, ex. "\\eliot" as the path, If I try to access a share directly, ex. "\\eliot\public", then I get "Error code: 0x80004005, Unspecified error". Helpful!20:32
beisnerkeithzg, Win10 disables guest access by default.  http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_web/error-the-account-is-not-authorized-to-login-from/ffa63cc0-92d0-4639-9e3f-4d50100c184120:33
keithzgbeisner: Aha! Thanks, my google-fu was apparently failing me, I hadn't found that (weird that my text isn't actually the same, but it does seem to be the same error)20:35
* beisner will have to do his annual fire-up-the-latest-windows-version vm some time soon. prob win10 tech preview.20:36
keithzgWin10 tech was a bit problematic for a while, but the latest VirtualBox and its corresponding guest additions do finally support it well.20:37
beisnerkeithzg, i haven't messed with it personally, but i recall that being one of the 'secure(er) by default' changes.20:37
keithzgbeisner: I'm a bit baffled by it, though, since it's not like Windows lets me attempt a user/password login, it just somewhat cryptically fails when it would have been able to log in, there's no option to even attempt a secure login. So they're forcing a relatively large change upon any servers/NAS's to support this behaviour. I'm not 100% sure they're wrong, by any stretch, but it does seem rather aggressive and a bit patronizing.20:42
beisnerkeithzg, fwiw, back when i used win+samba, i always made sure that my windows username/password sets also existed as linux usernames/passwords, and that those users were permitted in samba shares.   which, appears to be exactly what Win10 is urging.   i would bet there's a reg hack though to re-enable anonymous/guest.20:45
keithzgbeisner: Oh, there's definitely a reg hack. I just got tons of flack from folks at my company when I tried to enforce precisely that, because folks around here really hate authenticating ever.20:46
keithzgbeisner: Err, to be clear, I mean that I ran into flack when I tried to set things up how you did.20:46
patdk-wkgive them the option to use 2factor auth20:46
beisnerkeithzg, the trick is this:   as long as your windows username and password Exactly match your linux/samba username and password, they will never be prompted to authenticate.20:46
beisnerbut they will authenticate nonetheless.20:47
patdk-wkare you using a AD server?20:47
patdk-wkif so, just bind to that, and let it import all those users20:47
patdk-wkno need to keep passwords in sync20:47
beisner^ yes that's even better.   my example is a home network, a couple of kids devices connecting to shares.20:48
keithzgpatdk-wk: Naw. Each Windows machine has a local login. Almost everyone runs around as Administrator (which also precludes having usernames/passwords on the Linux server to match each user). I've gotten very little traction trying to convince folks how bad of an idea this is.20:48
patdk-wkya, that is extreemly painful20:49
keithzgYup :(20:49
keithzgRegistry hack it is, I guess. Le sigh.20:51
patdk-wkjust push it out with a gpo :)20:52
patdk-wkafter you setup AD :)20:52
keithzghaha20:58
=== bilde2910 is now known as bilde2910|away
=== Joel is now known as Guest34451
=== Lcawte|Away is now known as Lcawte

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!