Tonight as I was setting up TLS for a customer, I noticed something was
missing from http://www.bacula.org/rel-manual/Bacula_TLS_Communication.html
Attached is the patch. In short, it adds TLS directives to the
FileDaemon directive in bacula-fd.conf. Without these entries, comms
between the FD and SD will fail with messages similar to this:
*run job=nye yes
Job queued. JobId=257
*m
09-Dec 16:53 nye-dir JobId 257: Start Backup JobId 257,
Job=nye.2007-12-09_16.53.40
09-Dec 16:53 nye-dir JobId 257: Using Device "FileStorage"
09-Dec 16:53 nye-fd JobId 257: Fatal error: Authorization problem:
Remote server requires TLS.
09-Dec 16:53 nye-sd JobId 257: Fatal error: Authorization problem:
Remote server did not advertise required TLS support.
09-Dec 16:53 nye-sd JobId 257: Fatal error: Incorrect authorization key
from File daemon at client rejected.
Please see http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors
for help.
09-Dec 16:53 nye-sd JobId 257: Fatal error: Unable to authenticate File
daemon
09-Dec 16:53 nye-fd JobId 257: Fatal error: Failed to authenticate
Storage daemon.
09-Dec 16:53 nye-dir JobId 257: Fatal error: Socket error on Storage
command: ERR=Broken pipe
09-Dec 16:53 nye-dir JobId 257: Error: Bacula nye-dir 2.2.5 (09Oct07):
09-Dec-2007 16:53:56
I don't have my SVN environment handy, so if you think this patch makes
sense, please commit.
Thanks
--
Dan Langille - http://www.langille.org/
BSDCan - The Technical BSD Conference: http://www.bsdcan.org/
Index: tls.tex
===================================================================
--- tls.tex (revision 6030)
+++ tls.tex (working copy)
@@ -255,6 +255,21 @@
TLS Certificate = /usr/local/etc/ssl/server1/cert.pem
TLS Key = /usr/local/etc/ssl/server1/key.pem
}
+
+ FileDaemon {
+ Name = backup1-fd
+ ...
+ # you need these TLS entries so the SD and FD can
+ # communicate
+ TLS Enable = yes
+ TLS Require = yes
+
+ TLS CA Certificate File = /usr/local/etc/ssl/ca.pem\
+
+ TLS Certificate = /usr/local/etc/ssl/server1/cert.pem
+ TLS Key = /usr/local/etc/ssl/server1/key.pem
+}
+
\end{verbatim}
\normalsize
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Bacula-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-devel
