[04:55] <jvwjgames> Hi I need help my server has no internet
[04:56] <jvwjgames> When ever I use ping or traceroute I always get a reply from my interfaces IP address.
[07:32] <moneylotion> hey anyone have any ideas, how i can sync two nas servers, running zfs
[07:33] <moneylotion> im thinking snapshots are a good idea, any others
[07:33] <miriohmiri> moneylotion: take a look at rsync ;)
[07:33] <moneylotion> will that spin up the drives?
[07:33] <moneylotion> sort of wondering about frequency... want to avoid unneeded wear
[07:34] <moneylotion> is there anything that is more async
[07:34] <miriohmiri> i think in case you write something it will spin up, frequency: as often as you need it to be synced
[07:34] <miriohmiri> on read i dont know if it will spin up with a zfs volume, but you might just give it a try
[07:34] <moneylotion> anything that can replicate like a raid1 over network?
[07:37] <miriohmiri>  i am trying to configure opendkim and on every parameter I write myself in the config, it says "unrecognized parameter" even if the parameter is clearly valid without typos acordingly to the manpage
[10:56] <sudheer> hey guys.. I installed Ubuntu server using netboot.. installation completed successfully and when in restarts it goes to grub prompt and i dont see any vmlinuz to boot from there..  any thoughts on how to solve this..??
[10:57] <RoyK> probably boot on some live thing and reinstall grub
[10:58] <sudheer> ?? boot on live thing..??
[10:58] <sudheer> its PXE install..!!
[10:58] <RoyK> well, it seems grub is broken
[10:58] <RoyK> I'm just suggesting
[10:59] <sudheer> yea.. master boot record currupted is what i'm expecting..!!
[10:59] <jamespage> coreycb, we'll never pbr>=1.8
[10:59] <jamespage> *need
[10:59] <jamespage> manila ftbfs
[10:59] <jamespage> https://launchpadlibrarian.net/218717756/buildlog_ubuntu-wily-amd64.manila_1%3A1.0.0~rc1-0ubuntu1_BUILDING.txt.gz
[10:59] <sudheer> but at least i should be able to see vmlunz and initrd under (HDx,y) drive
[11:00] <jamespage> thats come from setup.py, no requirements.txt
[11:54] <mnms_> guys I installed and configured vsftpd based on this doc https://help.ubuntu.com/community/vsftpd, but I cannot make it work with virtual users. I get 530 login incorrect
[11:54] <mnms_> and Im out of ideas
[12:34] <RoyK> mnms_: why ftp?
[12:34] <RoyK> !ftp
[12:35] <RoyK> mnms_: ftp is an old and insecure protocol - use sftp instead - it runs on top of ssh and is very secure - works with clients like filezilla too
[12:36] <RoyK> mnms_: if your server has sshd running, sftp works
[12:36] <RoyK> !ftpd
[12:36] <RoyK> ubottu: also, ftpd is old and insecure and should not be used. Use sftp instead!
[12:36] <lordievader> Or use ftps.
[12:37] <RoyK> lordievader: better use sftp - ftps is just ftp over ssl :P
[12:37] <lordievader> Agreed, but still. ftps is better than ftp ;)
[12:37] <RoyK> ftp is a horrible protocol
[12:37] <lordievader> Yes.
[12:37] <RoyK> lordievader: sure, but it's a pain to setup
[12:38] <lordievader> Luckily never had to do that. I try to stay away from *ftp*
[12:38] <RoyK> lordievader: and lots of rarities and issues with numerous clients
[12:38] <RoyK> lordievader++
[12:38] <RoyK> lordievader: I've tried, and found it's rubbish
[12:39] <lordievader> Hehe
[12:39] <RoyK> sftp just works(TM)
[12:39] <RoyK> !sftp
[12:40] <RoyK> secure, secret hell ;)
[12:41] <mnms_> I have to use ftps cause some apps have to connect via ftp protocol
[12:41] <RoyK> what sort of apps?
[12:42] <mnms_> apps written in .net
[12:42] <RoyK> written locally?
[12:42] <mnms_> what do you mean locally ?
[12:42] <RoyK> in-house stuff?
[12:43] <mnms_> yes
[12:43] <RoyK> then tell those developers to use something else - samba is better - sftp is better - EVERYTHING is better than FTP with or without the "s" at the end
[12:43] <arcsky> Hi guys anyone here have Intel Ultimate-N 6300 wireless card? I cant get it to work in Linux Uubntu
[12:44] <teward> !crosspost | arcsky
[12:44] <mnms_> RoyK: option FTPs is enough for me, it is enough secure. But I have real problem to make it work
[12:45] <lordievader> arcsky: I have an Advanced-N 6205.
[12:45] <mnms_> It is easier for me to setup ftps than changing other apps
[12:45] <RoyK> mnms_: samba is pretty secure too and far easier to setup - last I tried to setup ftps, I ran into a truckload of issues with filezilla
[12:45] <lordievader> arcsky: I guess that nic uses the same iwlwifi driver.
[12:46] <mnms_> RoyK: I get right now GnuTLS error -15: An unexpected TLS packet was received.
[12:46] <RoyK> mnms_: and those .net developers will just love to be able to just connect to a samba share instead of reinventing the wheel
[12:46] <lordievader> Or use scp, that is likely already setup.
[12:46] <RoyK> mnms_: might be the same I got - I just gave up
[12:46] <mnms_> RoyK: It cannot be so hard to setup ftps ! :)
[12:47] <RoyK> mnms_: well, noone uses FTP anymore
[12:47] <mnms_> RoyK: sftp needs system account, I would like to have virtual account
[12:47] <patdk-wk> using ftps is almost impossible
[12:47] <RoyK> mnms_: so things aren't updated too often
[12:47] <patdk-wk> cause it won't work if there is ANY NAT system at all
[12:47] <RoyK> mnms_: samba doesn't need a system account
[12:47] <mnms_> acha
[12:47] <RoyK> patdk-wk: works fine with the linux nat helper ;)
[12:48] <patdk-wk> royk, how?
[12:48] <patdk-wk> if it does, it's seriously wrong
[12:48] <RoyK> patdk-wk: but probably not ftps, though
[12:48] <patdk-wk> it's encrypted
[12:48] <RoyK> mhm
[12:48] <RoyK> PORT 31235 encrypted :D
[12:48] <arcsky> lordievader: yes i use iwlwifi
[12:48] <RoyK> patdk-wk: I didn't think about the PORT thing
[12:48] <patdk-wk> why the options are ftp or sftp, and never ftps :)
[12:49] <RoyK> mnms_: just use something else, ok?
[12:49] <mnms_> what NAT system has to encryption ?
[12:49] <patdk-wk> nat has to *modify* the protocol data itself
[12:49] <mnms_> RoyK: I cannot cause I need to be able to connect via ftp or ftps from those apps :(
[12:49] <patdk-wk> if it's encrypted, that cannot happen
[12:49] <RoyK> mnms_: no... FTP is a horrible protocol. When you try to transfer a file, the *client* opens a high port and tells the server to send data to that port
[12:49] <RoyK> mnms_: if the data is encrypted, the router can't know which port to open/forward
[12:49] <patdk-wk> ftp is a good protocol, it's just not nat friendly
[12:50] <patdk-wk> nat was invented after ftp, and nat is evil
[12:50] <RoyK> patdk-wk: well, nat is needed since people don't use ipv6 :P
[12:50] <patdk-wk> sip is the same, and sip was made after nat :)
[12:50] <mnms_> yep problem with IPs still exist
[12:50] <RoyK> mhm - sip and nat isn't a stroll in the park
[12:51] <RoyK> mnms_: not IP, IPv4
[12:51] <patdk-wk> a huge goal of ipv6 was to remove nat
[12:51] <mnms_> RoyK: thats what i mean
[12:51] <patdk-wk> just not solve ip space limit
[12:52] <patdk-wk> but yes, due to security designs these days, and stateful firewalls, ftp is becoming very useless
[12:53] <RoyK> mnms_: so - find another solution - .net things usually run on windows, so a samba share should be the simple way
[12:55] <mnms_> RoyK: I still dont understand why it is problem ftps for nat, tcp header is not encrypted ?
[12:55] <mnms_> why nat is problm for ftps* sorry
[12:55] <patdk-wk> what does tcp header have to do with anything
[12:55] <mnms_> ROyK said GnuTLS error -15: An unexpected TLS packet was received.
[12:56] <mnms_> if the data is encrypted, the router can't know which port to open/forward
[12:56] <mnms_> sorry
[12:56] <patdk-wk> yes
[12:56] <patdk-wk> but what does that have to do with tcp headres?
[12:56] <patdk-wk> headers
[12:56] <mnms_> there is all info about src dest port and address yes ?
[12:56] <RoyK> mnms_: no, but when you do GET /somefile, the client says "PORT xxx" to the server, in the encrypted, application stream, client opens port xxx and the server tries to connect to that port. The NAT router will open/forward that port, but not if the data stream is encrypted, since it can't know
[12:57] <patdk-wk> your confusing the data connection tcp header, with the data INSIDE the control connection
[12:57] <patdk-wk> and that is actually the least of your worries
[12:57] <jvwjgames> I need help my server is not connecting to the internet j ping and traceroute anally I get is the interfaces IP as a reply
[12:57] <patdk-wk> also contained in it is the IP address
[12:57] <patdk-wk> that IP address needs to be replaced from your private ip to the public ip
[12:58] <RoyK> "anally I get is.." (?!?)
[13:03] <mnms_> RoyK: Passive range port doesnt solve this ?
[13:04] <RoyK> mnms_: maybe - not sure - talk to the .net folks and ask if they can use a samba share
[13:04] <RoyK> mnms_: it's easier for them to use and it's easier and more secure than ftps
[13:05] <RoyK> mnms_: if they're on win2k12r2 or something, they can even use encrypted SMB3
[13:06] <RoyK> mnms_: SMB3 doesn't work with win7, though, M$ doesn't want to backport nice things - it's better to force people to upgrade :P
[13:08] <jvwjgames> Anyone
[13:12] <mnms_> RoyK: The point is that I wanted to finish this with this shitty ftps solution :[
[13:14] <RoyK> mnms_: just trying to help - it's easier in both short and long term to use something useful instead of hammering in large nails with a small screwdriver :P
[13:18] <mnms_> RoyK: :)
[13:18] <jvwjgames> I need help with my server
[13:19] <jvwjgames> Any suggestions
[13:19] <sesev> what's your problem
[13:23] <jvwjgames> My internet on my server won't work
[13:23] <jvwjgames> Ping results in interface IP being displayed
[13:24] <jvwjgames> Regardless of destination
[13:24] <lordievader> jvwjgames: Does your interface has an ip?
[13:26] <jvwjgames> Yes it is static
[13:27] <lordievader> jvwjgames: Hmm, okay. Does it have a gateway?
[13:28] <jvwjgames> Yed
[13:30] <jvwjgames> Yes it does
[13:31] <lordievader> jvwjgames: Can you ping the gateway?
[13:31] <jvwjgames> I do now the modem works cause I have other stuff connected
[13:32] <jvwjgames> Destination host unreachable
[13:34] <lordievader> jvwjgames: There is your problem.
[13:34] <jvwjgames> What
[13:37] <jvwjgames> What is the problem
[13:38] <lordievader> jvwjgames: You cannot reach your gateway and thus the internet.
[13:38] <lordievader> Likely your static ip is wrongly configured.
[13:39] <jvwjgames> It isn't cause I have it configured as before all I did was reboot
[13:44] <arcsky> lordievader: any idea how i can solve it? it keeps asking me for the password all the time to my accesspoint
[13:48] <lordievader> arcsky: Sorry got to go. But look at wpa_supplicant. Will likely tell you more.
[13:58] <mnms_> credintials are encrypted by default when connect to samba resource ?
[14:00] <patdk-wk> if the server enables it
[14:00] <mnms_> aha
[14:00] <hallyn> smb: holy cow!   qemu commit 75d373ef9729b    pisses me off!
[14:01] <hallyn> i'd been looking for something lik ethat in the kernel, failed to check qemu
[14:01] <smb> hallyn, heh yeah, nice aren't they
[14:02] <hallyn> i especially love the "probably"
[14:02] <smb> hallyn, I am also a bti sad that somehow in my case the emulated cpu fails to do the cpuid part
[14:03] <hallyn> ?
[14:04] <smb> hallyn, my comment before. I got no system to reall test the g4 case. For g3 (and I think I am only lucky because I use some other machine type as template) it keeps the svm bit but fails to implement a cpuid function which normally would report svm version level and such
[14:05] <hallyn> oh
[14:07] <smb> hallyn, lots of fun...
[14:25] <RoyK> mnms_: yes, encryption is on by default. data encryption is supported on newer samba, but requires win8 or win2k12 (or recent linux/mac) on the client to work
[14:25] <RoyK> win7 doesn't support data encryption
[14:25] <RoyK> (as in SMB3)
[14:54] <mnms_> RoyK: so connecting from win7 to samba resource means that credintials are in almost plain text ?
[14:55] <RoyK> no, connecting from win7, *data* is in cleartext
[14:55] <RoyK> but that's win -> windows server too
[14:55] <patdk-wk> so auth is protected
[14:55] <patdk-wk> but that xls file of passwords you just viewed, wasn't
[14:56] <RoyK> hihi
[14:56] <mnms_> RoyK: Credintials are always encrypted ?
[14:56] <patdk-wk> not always
[14:56] <patdk-wk> there are 3 options, not protected, protected if supported, always protected
[14:57] <mnms_> patdk-wk: those are option for samba resource definition ?
[14:57] <RoyK> mnms_: if "encrypt passwords = yes", which is the default
[14:58] <patdk-wk> no, those are options for windows smb
[14:58] <patdk-wk> no idea how to do it in samba, I don't use samba
[14:58] <mnms_> RoyK: Thanks
[15:01] <RoyK> mnms_: you have to go back some 10 years or so to find SMB without encrypted passords
[15:01] <RoyK> IIRC that came into win98 or so
[15:02] <mnms_> RoyK: Ok so I dont have to worry about connection encryption, the only thing now is data transferred from machine after connection
[15:02] <mnms_> which as you said can be not encrypted in some cases
[15:02] <RoyK> mnms_: smb3 supports and uses encryption
[15:03] <RoyK> mnms_: but then, you need a client that supports smb3, such as modern linux, windows and os x, but that does not include windows 7
[15:03] <mnms_> xp or vista doesnt support ?
[15:05] <patdk-wk> xp isn't supported at all, xp died last year
[15:12] <alreece45> unless you happen to be one of the lucky few who gets special support from Microsoft
[15:16] <mnms_> RoyK, patdk-wk: thanks for support Im going to start my day away from desk :)
[15:17] <RoyK> mnms_: :)
[15:20] <MrPockets> I'm trying to start a fresh install of vsftpd but it doesn't seem to start.   service vsftpd status shows  stop/waiting
[15:48] <RoyK> MrPockets: we just had a long discussion about ftp in here, just before you came in - just don't use it
[15:48] <MrPockets> Thats,  ....not really an option
[16:19] <arcsky> guys i get very often "System program problem detected
[16:19] <arcsky> how can i see more detail about the issue?
[16:19] <arcsky> Do you want to report the problem now?"
[16:30] <gQuigs> hi, any plans for landing python-novaclient 2.23 in Kilo cloud archive?  there are two high importance api bug fixes -https://launchpad.net/python-novaclient/+milestone/2.23.0
[19:05] <gQuigs> to that end, is liberty cloud archive available yet?  - doesn't seem to work - https://wiki.ubuntu.com/ServerTeam/CloudArchive#Liberty
[19:08] <sarnold> gQuigs: it all looks like it ought to work, e.g. http://ubuntu-cloud.archive.canonical.com/ubuntu/dists/trusty-updates/liberty/  and http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/liberty_versions.html  have a lot of packages..
[19:26] <gQuigs> sarnold:  I was able to manually add it.. hmm
[19:26] <gQuigs> ubuntu@quicktest2:~$ sudo add-apt-repository cloud-archive:liberty
[19:26] <gQuigs> 'liberty': not a valid cloud-archive name.
[19:26] <gQuigs> Must be one of ['folsom', 'folsom-proposed', 'grizzly', 'grizzly-proposed', 'havana', 'havana-proposed', 'icehouse', 'icehouse-proposed', 'juno', 'juno-proposed', 'kilo', 'kilo-proposed', 'tools', 'tools-proposed']
[19:27] <sarnold> gQuigs: eww.
[19:27] <gQuigs> I see - http://changelogs.ubuntu.com/changelogs/pool/main/s/software-properties/software-properties_0.92.37.3/changelog
[19:27] <gQuigs> each archive needs to be manually added to the package
[19:29] <gQuigs> ah I see - https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1472586
[20:44] <keithzg> Huh, why in the world am I suddenly getting apparmor complaining about dhcpd?
[20:45] <keithzg> apparmor="DENIED" operation="open" profile="/usr/sbin/dhcpd" name="/run/dhcp-server/dhcpd.pid" pid=9413 comm="dhcpd" requested_mask="r" denied_mask="r" fsuid=122 ouid=122
[20:45] <keithzg> The server was working fine before, weird.
[20:51] <jjohansen> keithzg: what release?
[21:03] <keithzg> jjohansen: 14.04
[21:04] <keithzg> Honestly I think things in general were going super-wonky, I walked over to the actual server and although it had been up and running for months in a normal boot, it was now asking me for the root password or to run ctrl-d to continue...
[21:04] <keithzg> I blame cosmic rays (or as-yet-undiscovered hardware failure of some kind, or just the honestly rather atrocious electrical in this building)
[21:05] <keithzg> It definitely wasn't any sort of update, I've actually been a slacker on keeping this particular server up to date.
[21:06] <keithzg> (although it wasn't *too* long ago; it is on 14.04.3 to be exact)
[21:08] <jjohansen> keithzg: can you pastebin the output of
[21:08] <jjohansen>   apparmor_parser -p /etc/apparmor.d/usr.sbin.dhcpd
[21:12] <keithzg> jjohansen: What pastebin server should I specify? Whatever the default one for pastebinit in 14.04 is, it's giving me "Failed to contact the server: [Errno socket error] [Errno -2] Name or service not known" now.
[21:14] <jjohansen> keithzg: meh, any pastebin will do paste.ubuntu.com  pastebin.com
[21:16] <keithzg> jjohansen: naw, neither of those (either with our without a leading http://) work. Which is weird 'cause they're all listed with "pastebinit -l".
[21:16] <jjohansen> keithzg: what do you get if you do
[21:16] <jjohansen>   host paste.canonical.com
[21:18] <keithzg> As an option using pastebinit -b, I get "Unknown website, please post a bugreport to request this pastebin to be added (paste.canonical.com)". Running the actual host command, I get "paste.canonical.com has address 91.189.90.172"
[21:18] <jjohansen> keithzg: my guess is you are having nameresolution failure issues, and may need to restart dns related things
[21:19] <jjohansen> oh shoot if host is returning an ip its not name resolution, so I need a new theory
[21:19] <jjohansen> firewall?
[21:20] <keithzg> I'd be a bit surprised by that, unless it's somehow on the server itself and I've never noticed; if I run it on my desktop here (also 14.04) it works just fine.
[21:20] <lordievader> Is lvmetad not available on Ubuntu? Or am I blatently overlooking things?
[21:21] <maswan> jjohansen: it can still be resolving. host asks dns directly, you can break libc resolving in other ways. "getent hosts <hostname>" is a better test.
[21:22] <keithzg> jjohansen: nevermind, I think I know what it is. The server *was* just rebooted, and I remember now that despite my searching I still haven't figured out what puts "nameserver localhost" in /etc/resolv.conf on this server, oops.
[21:23] <keithzg> http://paste.ubuntu.com/12546292/ is the apparmor output now.
[21:23] <keithzg> maswan: Oh, getent does that too? Nice, didn't know that.
[21:25] <jjohansen> keithzg: so the profile definitely allows access to /run/dhcp-server/dhcpd.pid
[21:25] <jjohansen> I thought perhaps it might have missed that variant, but its there
[21:26] <jjohansen> so I am not sure why it would get that denial
[21:26] <keithzg> jjohansen: Oh? I was just perusing the file and didn't see that, is it just implied by an include?
[21:27] <jjohansen> hrmm doesn't look to be in an include
[21:27] <jjohansen> /{,var/}run/{,dhcp-server/}dhcpd{,6}.pid rw,
[21:27] <keithzg> ahhh I see, fair enough
[21:27] <maswan> keithzg: yeah, very useful for debugging resolving when you accidentally /etc/hosts or nsswitch.conf, etc.
[21:28] <keithzg> maswan: cool, yeah, I'll definitely have to keep that in mind (especially since many of these servers I've inherited here has various ugly hacks and workarounds layered in their history)
[21:30] <keithzg> jjohansen: Any ideas where to poke next then?
[21:31] <jjohansen> keithzg: restart dhcpd and see if the denied message shows up again
[21:32] <jjohansen> keithzg: you can try replacing the profile first, to make sure its got the right policy in the kernel
[21:32] <jjohansen>   apparmor_parser -r /etc/apparmor.d/usr.sbin.dhcpd
[21:33] <keithzg> jjohansen: Yeah, restarting isc-dhcp-server prints another such error in kern.log
[21:33] <jjohansen> that would take care of a bit flip error in the policy, or such problems
[21:33] <jjohansen> okay, replace the profile and restart the service again
[21:33] <keithzg> ALLOWED now!
[21:34] <keithzg> So maybe I *can* blame cosmic rays?
[21:34] <jjohansen> ugh, yeah or something writing over policy in memory
[23:58] <jordanrandles> I installed openvpn to my server and I guess I set it up wrong because when i restarted my server I cannot connect to it anymore. Its turned on and booted up fine but no connections in and no packets coming out of it. Does anyone know a way of fixing my issue?