[01:10] <House> hi all. does anyone have SSSD+AD working with cifs automount? i've got homefolder creation, sudo, ssh & login working but i've got 2 issues with autofs. #1: auto.smb is looking for /tmp/krb5cc_<uid>, while SSSD is writing the files as /tmp/krb5cc_<uid>_<salt>, and #2: kerberos is failing for "smbclient -k" or auto.smb
[02:40] <GeekMan1222> :|
[02:52] <GeekMan1222> I wonder if i can just write the files using nandpro
[02:53] <GeekMan1222> woops
[06:10] <jetsaredim> anyone know why mount would be assuming that my remote nfs is nfs4?
[06:14] <JanC> jetsaredim: NFS4 is the default, but it should fall back to v3 or v2 if necessary?
[06:15] <jetsaredim> JanC: you'd think
[06:15] <JanC> unless you explicitly configure it as NFS4 probably
[06:15] <jetsaredim> any reason why mount.nfs4 would just be a sym link to mount.nfs
[06:16] <JanC> because it's all the same code
[06:16] <jetsaredim> i'm not sure what the ls color scheme is now a days but for some reason /sbin/moun.nfs is showing up as red background with white writing
[06:17] <JanC> are you mounting manually or in fstab?
[06:17] <jetsaredim> manually
[06:17] <jetsaredim> I just upgraded from 15.10
[06:17] <jetsaredim> re-running a mount command i've run hundreds of times
[06:18] <jetsaredim> literally just "mount localmachine:/export /some/local/dir"
[06:18] <House> man nfs: "If the server does not support the requested version, the mount request fails.  If this option is not specified, the client negotiates a suitable version with the server, trying version 4 first, version 3 second, and version 2 last."
[06:21] <House> one of the man pages says something like "mount knows nothing about nfs vs nfs4" and the "argument is constructed by mount.nfs"  so the default behaviours are set in the mount.nfs code
[06:24] <House> jetsaredim:  mount.nfs4 has been rolled into mount.nfs, so the symlink is there for compatibility with old scripts & utils. you also dont (maybe cant) use "nfs4" in /etc/fstab, just use "nfs" for any version, and drop a "vers=" or "nfsvers=" (they're equivalent) in the fstab options.
[06:25] <House> all this is in man pages mount, mount.nfs & nfs
[06:27] <jetsaredim> yea
[06:27] <jetsaredim> doesn't really add up
[06:28] <House> in what way?
[06:28] <jetsaredim> hm
[06:28] <House> cos it's not falling back?
[06:28] <jetsaredim> i think i figured out the source of my issue
[06:29] <jetsaredim> nfs doesn't seem to be loaded in my kernel
[06:33] <jetsaredim> now if only i could figure out why
[06:34] <JanC> you have nfs-common installed?
[07:51] <stemid> https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/1117292 why would this happen when booting from a sha verified ubuntu-16.04-server-amd64.iso on a virtual system in vsphere 6? it's a 3 year old bug.
[07:51] <stemid> has nothing to do with usb-creator in my case.
[08:41] <elefantenn> Hey. I'm trying to configure OpenLDAP for Samba via this guide https://help.ubuntu.com/lts/serverguide/samba-ldap.html. When I run "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif" I get this http://hastebin.com/raw/ucipudirif. Does anyone know what I'm missing?
[08:42] <elefantenn> I've tried asking in #samba and #openldap without any success.
[08:48] <akik> in lxd, how can i make my uid=1000 on host have write access to the nfs share i shared into my container? i.e. have my uid=1000 in the container be able to write into the nfs share
[08:50] <akik> i've tried adding the lxc.id_map settings into the profile of the container but after that the container fails to start
[09:03] <akik> it looks like the nfs mount is written with nfs nobody uid 65534 like /proc and /sys in the lxd container
[09:57] <curmet> Hello I have problem accessing my ubuntu machine via SSH from windows machine, I did
[09:57] <curmet> 1. install the ssh server , sudo apt-get install openssh-server, turned firewall off
[09:57] <curmet> 2. from windows I use winSCP with SFTP option, I entered the IP address of the ubuntu machine, username and password login ubuntu, port 22.
[09:57] <curmet> It showed authentication banner "ubuntu 15",but it then stuck with 'authenticating with preentered-password,access denied'. Whats missing?
[10:10] <pulsar12> curmet, did you fill the password on the options before connecting? try clear that and have it asking for password interactively.
[10:12] <curmet> pulsar12 : I did, but still it prompt "access denied" although I fill it with the Ubuntu logon password
[10:13] <pulsar12> are you using pam? the username is on local passwd? can you login on normal ssh session?
[10:15] <pulsar12> curmet, the problem only happens with sftp? what about normal ssh?
[10:17] <curmet> pulsar12, what port that ssh uses?
[10:17] <curmet> 22?
[10:18] <JanC> is sftp installed / configured?
[10:18] <pulsar12> its the same as sftp
[10:18] <pulsar12> sftp is just a subsystem of ssh
[10:18] <curmet> JanC, I just installed openssh-server , with default configuration
[10:19] <JanC> actually, it's a separate program providing it, and it can be enabled/disabled
[10:20] <JanC> curmet: are you trying to log in with root?
[10:20] <curmet> pulsar12 , I tried sftp:// , ftps:// , ftp://ubuntuIP , but still no luck
[10:20] <curmet> JanC , yes , with root
[10:21] <pulsar12> thats should be the problem :)
[10:21] <JanC> you can't login as root with default config if I remember correctly
[10:21] <pulsar12> you have to change the setting on sshd_config
[10:22] <JanC> or better yet, don't log in as root
[10:22] <curmet> so I must create other user login?
[10:22] <JanC> there already should be another user?
[10:23] <JanC> but you could create a special one for that too
[10:23] <curmet> okay I'll try , it is not mentioned in the manual to not use root login XD
[10:24] <JanC> you should never use root except when you really need to
[10:27] <curmet> JanC, pulsar12 : thanks for the help , it can login now :D
[10:27] <curmet> is there a way so that I can use root login ?
[10:27] <JanC> also, if this is a server on the public internet, I suggest you use keys to log in instead of passwords
[10:28] <JanC> curmet: all the configuration options are in the sshd_config man file  :)
[10:28] <pulsar12> curmet, check PermitRootLogin option on sshd_config
[10:28] <JanC> but again: seriously discouraged on the public internet
[10:48] <akik> i ended up configuring the lxd container to be privileged. now the nfs disk uid's are visibile without other configuration
[11:50] <holms> anyone worked with duplicity?
[11:50] <holms> no idea where to go, i have an emergency =/
[12:21] <andol> holms: I have some experience with it
[12:41] <holms> andol: i hope privately is ok
[12:53] <holms> anyone familiar with dupliclity/duply ?
[13:53] <CharlieTje> Hello
[13:53] <CharlieTje> Who knows a command line backup utility like timeshift?
[14:17] <hallyn> zul: smb: arges: fwiw a piece-by-piece breakdown of some of my upcoming libvirt changes can be seen at https://git.launchpad.net/~libvirt-maintainers/ubuntu/+source/libvirt/log/?h=2016-04-28/yakkety
[14:17] <hallyn> (from there i'm moving to one-big-commit change on top of debian)
[14:17] <arges> hallyn: ok
[14:17] <hallyn> i still want to switch to using upstream apparmor files (which i'll need ot quilt patch)
[14:17] <zul> hallyn: ewww
[14:18] <hallyn> and don't try running this yet
[14:18] <hallyn> but as i'm dropping some compat scripts and enabling dtrace, thought i'd run it past y'all
[14:18] <smb> hallyn, ack, you mean you will use upstream files but quilt patch them into our versions?
[14:19] <arges> how many of our changes can we push into debian's packaging
[14:19] <arges> for apparmor that is
[14:19] <hallyn> smb: right
[14:20] <hallyn> arges: you mean the policy files themselves?  hopefully all.  but all th debian/rules magic?  i assume none
[14:20] <hallyn> that's for our rather crazy cloud archive stuff which they wouldn't want to support
[14:20] <arges> yea cause we use a special directory
[14:20] <arges> yea
[14:20] <hallyn> oh.
[14:21] <hallyn> which special directory?
[14:22] <hallyn> arges: you just mean debian/apparmor?
[14:22] <arges> hallyn: yea
[14:22] <hallyn> yeah, really when i think about it i'm not sure it's worth syncing apparmor
[14:22] <hallyn> the delta will actually become more confusing,
[14:22] <arges> true
[14:22] <hallyn> since we'll end up with more patches needing to be refreshed on every merge
[14:22] <arges> anyway I'll reveiw teh rest... still a ton of stuff to merge
[14:22] <hallyn> so i'll leave that for now.  maybe later.
[14:23] <arges> agreed
[14:23] <hallyn> all right - i'm hoping this afternoon i'll get to some testing.
[14:27] <smb> arges, hallyn, the only problem with apparmor is that we cannot upstream our config as it is into Debian (or maybe we can now). But usually our apparmor was supporting more config options than it should (based on the version it claimed to be)
[14:28] <hallyn> smb: what do you mean?  i was figuring i'd send changes upstream to libvir@ m-l.
[14:29] <smb> hallyn, I mean that our parser support some things which Debian's parser would not. Even if the version number of both apparmor packages were similar
[14:30] <smb> hallyn, I was working on and off on a method to allow us to merge things. Unfortunately its a bit complicated and almost always something else came up and then I forgot where I was
[14:32] <hallyn> smb: oh, yeah.  so yeah i was figuring i'd end up writing a shell tool to do all of the policy manipulation at build time
[14:32] <hallyn> i mean that's like 2 pages worth of debian/rules script right now
[14:36] <smb> hallyn, Sounds like what I was at. Though I was doing a version number guess which we would be able to override. Then I talked to jj and was somewhat de-routed into trying to use the parser directly to figure things out, but then realized the parser is not part of the appmor-dev which the build depends on...
[14:36] <hallyn> smb: yeah.  so i think punting on this is best.  bc as i said that piece of debdiff is actually veyr nicely compartmentalized
[14:36] <hallyn> just its own set of files and dirs and one hunk of debian/rules - long, but just one hunk
[14:37] <smb> Yeah, agreed
[14:56] <Nickname2> Hi
[15:12] <smb> hallyn, to answer the "ask about ...migrate-xend..." question: should be safe to drop. The last release that had xend was Trusty. So we are good to let that go away
[15:13] <hallyn> smb: excellent, thx
[15:14] <hallyn> i mean it's a very nice script and all :)
[15:14] <smb> hallyn, Heh, no worries. I am glad to see that go as well :)
[15:47] <EmilienM> coreycb, jamespage: why can I find openvswitch-datapath-dkms on xenial?
[15:49] <EmilienM> oh, just reading https://javacruft.wordpress.com/2014/03/03/which-open-vswitch/
[16:14] <holms> anyone been working with duplicity?
[16:14] <holms> will even pay for support
[16:54] <hallyn> meh, xen tests failed
[16:55] <smb> hallyn, not surprised me is :)
[16:56] <smb> hallyn, I suspect its some additional config files which you have to beat into using the "right" bootloader and emulator paths
[16:57] <smb> The only thing I wonder is how Debian would pass the tests... if they do not somehow skip them
[16:58] <hallyn> eh seems more likely to be my fault
[16:59] <smb> hallyn, not sure, I thought you work on the next version of libvirt, which was failing for me with the xen tests when I did that quick check when we wondered whether we go for 1.3.2 for Xenial
[17:03] <hallyn> oh.  right
[17:03] <cagmz> i have frostvpn (http://www.frostvpn.com/ ).  is it possible to implement openvpn on my ubuntu server, and replace route my internet traffic through my own server instead?
[17:04] <hallyn> smb: i'll dig deeper in a bit
[17:22] <hallyn> smb: should we perhaps be building --without-xen --with-libxl?
[17:23] <hallyn> bc the libxl test succeeds, the xen test fails
[17:24] <smb> hallyn, If I remember that right, in theory it sounds right but the tests will fail anyway
[17:24] <smb> It was a bit of a mess but I think the xen tests are libxl too.
[17:26] <hallyn> i don't know why VIR_TEST_DEBUG=2 isn't working
[17:27] <smb> hallyn, there should be a patch of me fiddling with some configs... I would try to check which directory that is and whether there are probably new ones which do not use /usr/bin/qemu-system-i386 for emulator and /usr/lib/xen-4.6/boot/hvmloader
[17:27] <hallyn> smb: oh, i think i dropped a patch,
[17:27] <smb> the latter is os loader
[17:27] <hallyn> hm, no,
[17:27] <hallyn> smb: will do th
[17:27] <hallyn> x
[17:28] <hallyn> there is no /usr/lib/xen*
[17:29] <hallyn> sounds like debian/patches/ubuntu/ubuntu-xend-probe.patch
[17:29] <smb> no it was ubuntu/libxl-fix-test-data.patch
[17:30] <smb> and changing ./tests/xlconfigdata/*
[17:30] <smb> hallyn, ^
[17:31] <hallyn> where should hvmloader be?
[17:31] <smb> /usr/lib/xen-4.6/boot/hvmloader
[17:31] <hallyn> which package
[17:32] <smb> xen-utils-4.6 I think...
[17:33] <hallyn> so how did that ever work?  that's in universe and until just now we couldn't build-dep on it
[17:33] <smb> hallyn, But I think the main thing is that libxl gets the paths built-in somehow (and also fixes up some parts)
[17:34] <hallyn> lemme retry my build from scratch
[17:35] <hallyn> maybe i had some remnants from a bad build
[17:35] <smb> So we got this via the libxen-dev. If I did not mess up there should be a .pc file coming with the libxen-dev which has the paths, too
[17:36] <hallyn> smb: i'll try a few more things and get back to you.  thx for the tips
[17:37] <smb> hallyn, ok... I might be offline by then. so email might work better for asynchronously syncing...
[17:37] <hallyn> good night
[17:39] <smb> not exactly to sleep but not working. :) but thanks
[18:25] <devster31> guys, is there any way to persist changes made with iproute2?
[18:25] <devster31> across reboots?
[18:26] <maswan> customnet init script with the appropriate iproute2 commands?
[18:27] <maswan> (there's probably better ways to do this, but a plain "save state of the ip stack" doesn't exist)
[18:27] <Pici> convert whatever you changed to a format for /etc/network/interfaces ?
[18:27] <sdeziel> what's more annoying is those iproute commands are lost after suspend/resume
[18:29] <devster31> Pici: that works if ifupdown isn't installed?
[18:29] <devster31> maswan: what's customnet? if I used a script it would be something in the rc.local file, seems cleaner
[18:30] <maswan> devster31: yeah, or that
[18:31] <devster31> but the most important part is that there's no native way
[18:33] <devster31> would sysfsutils work? using /sys/class/net/{interface name}/{thingie} to change individual parameters
[18:34] <maswan> the best way is if you can map it into /etc/network/interfaces rules
[18:34] <maswan> imho
[18:35] <maswan> even if it is strange stuff, post-up hooks etc can do lots of stuff
[18:35] <maxb> You can always just use an up command if the configuration makes sense to be bound to a single interface
[18:36] <devster31> the problem is that right now ifquery --list doesn't show any interfaces, so I was hesitant to use network/interfaces , but I guess that's the most tested way
[18:42] <fullstop> Hi all.  During install, how does ubuntu-server determine geolocation?
[18:43] <fullstop> We acquired a netblock which was in arizona previously, and I had gone through other geolocation services to correct our location.. but ubuntu still picks arizona.
[18:43] <fullstop> It this something contained locally in the iso, or is there somewhere else where I must update?
[18:53] <patdk-wk> heh? ubuntu doesn't do geolocation
[18:55] <sarnold> patdk-wk: http://geoip.ubuntu.com/lookup  :D
[18:55] <patdk-wk> oh?
[18:55] <patdk-wk> is that his issue? sarnold will fix it for you :)
[18:56] <sarnold> yeah there's some kind of geoclue thing.. dunno if it's used in the installer or not, but there's that thing anyway :)
[18:56] <sarnold> !info geoclue-ubuntu-geoip
[18:56] <patdk-wk> !maxmind
[18:57] <patdk-wk> heh
[18:57] <sdeziel> I _think_ the installer use it for the country mirror selection (and maybe TZ)
[18:57] <dasjoe> That's suprisingly close, only 2.9 km off
[18:57] <patdk-wk> mine is like 40miles off
[18:58] <patdk-wk> it's even worse if I use my PI space
[18:58] <patdk-wk> that is like registered on the other side of the country for some reason
[18:59] <patdk-wk> oh, it just gives the generic, I dunno somewhere in the USA location
[18:59] <patdk-wk> would think maxmind might atleast harvest whois data
[18:59] <patdk-wk> but they appear to not do that
[19:09] <arooni> apparently my version of ubuntu doesnt have a log rotate script for nginx on /etc/logrotate.d/  ... should i manually set one up?
[19:11] <sdeziel> arooni: the logrotate snippet is normally shipped by the nginx-common package (checked on Trusty and Xenial)
[19:46] <hallyn> smb: meh, that patch (ubuntu/libxl-fix-test-data.patch) really is a pain - it breaks tons of tests which hardcode checks for /usr/lib/xen/boot/hvmloader in xml.  if we could get xen-utils-4.6 to put in a symlink that would be so much nicer
[19:53] <arooni> question; i've never run logrotate before for a given rails web app... the log *was* 6GB;  in my settings i told logrotate to keep 30 days of log files; so logrotate ran succesfully; and then i had a 6GB production.log.1 file;  i ran it again on a lark and now it seems like its compressing production.log.1 => production.log.1.gz .. when will if ever logrotate remove stuff > 30 days old?
[20:05] <fullstop> yep, sarnold, lists me as phoenix
[20:05] <fullstop> I had corrected my data with maxmind
[20:18] <sts> hello folks. Can anyone point me to the apparmor patches ubuntu includes in its kernel (eg. for mount mediation?)
[20:22] <tyhicks> (I already answered sts in #ubuntu-kernel)
[20:38] <jamespage> EmilienM, -dkms disappears at 14.04
[20:39] <jamespage> EmilienM, the 3.13 kernel was the first kernel that had sufficient in-tree support for ovs + openstack
[20:39] <EmilienM> excellent thx
[21:59] <Aison> are there any major changes in /etc/network/interfaces for 16.04?
[22:00] <Aison> my 16.04 randomly fails to start interfaces
[22:00] <Aison> and also boottime is around 10minutes
[22:02] <patdk-lap> nope
[22:04] <sarnold> Aison: new 16.04 installs use systemd's default interface naming, iirc, which may be .. different .. from what you're accumsted to.
[22:04] <Aison> my interfaces file: http://pastebin.com/k5Mdpafi
[22:04] <Aison> in addition, there are 65 more bond0.X interfaces
[22:04] <Aison> I guess the bootscript simply collapse when starting so many interfaces
[22:04] <dasjoe> Aison: to get back to previous device names: ln -s /dev/null /mnt/etc/udev/rules.d/80-net-setup-link.rules
[22:05] <Aison> dasjoe, the interfaces are still named eth0, eth1, eth2, eth3 here, so I don't think that there is any change?
[22:05] <Aison> strange
[22:06] <Aison> if have no file "80-net-setup-link.rules" in my rules.d
[22:07] <Aison> ah, the devices are named by 70-persistent-net.rules here
[22:08] <transhuman> hi can anyone tell me where the log for dmraid is (is it stored on the drives or in memory? I ask because I have an error which someone created a patch for (which I cant use ) that indicates the error occurs when the log is non empty (rebuild cant occur ) NOTE This bit of code is in redhat http://paste.debian.net/679050/
[22:09] <dasjoe> Er, I have a wild /mnt there, it's /etc. Also, I link 80-net-setup-link.rules to /dev/null so the rules from /lib/udev/rules.d/80-net-setup-link.rules are not applied
[22:09] <Aison> ah, ok
[22:12] <Aison> for example, systemctl --failed says:
[22:12] <Aison> ● nfs-idmapd.service loaded    failed failed NFSv4 ID-name mapping service
[22:12] <Aison> and
[22:12] <Aison> ● networking.service loaded    failed failed Raise network interfaces
[22:12] <Aison> these two fails
[22:23] <Aison> is it somehow possible to define the order in network/interfaces?
[22:24] <Aison> so I would like to define some order
[22:24] <Aison> in which the interfaces are setup at boot
[22:41] <transhuman> anyone know how to clear the dmraid log the one that shows up with the command dmraid -n?
[23:23] <jamescarr> I have a rather obtuse question... is there someway to modify sudoers in a way that `sudo su -c "some command"` will include the env of the user who runs it?
[23:24] <sarnold> jamescarr: look for env_reset, env_keep in suoders(5) http://manpages.ubuntu.com/manpages/xenial/man5/sudoers.5.html
[23:24] <sarnold> I can never find my way through that manpage but it sure feels like it should be possible
[23:25] <mdeslaur> why "sudo su" instead of just sudo?
[23:27] <sarnold> I'm pretty sure I saw a good reason for that once. I can't recall what it was now.
[23:29] <mdeslaur> oh, perhaps to run the command as a different user
[23:30] <mdeslaur> but I guess -u should be used instead
[23:30]  * mdeslaur shrugs
[23:34] <jamescarr> well in my case, it's a sudo -c command running in vagrant. The only way for me to change it is to push out a custom build to all of our engineers. would rather modify sudoers in the virtualbox instance instead :-)
[23:34] <jamescarr> thanks
[23:35] <jamescarr> env_keep looks on point