[Bacula-users] TLS Config Problem (FD did not advertise required TLS support.)

Francisco Javier Funes Nieto Tue, 17 May 2016 03:44:32 -0700

Hi all,

The first time I'm trying to configure the TLS part of my (new) server
under FreeBSD. (10.2/7.4 from ports)


Communication sd <-> dir seems ok with debugging activated. I don't know if
"ssl=0" means not using TLS.

More info:

betelgeuse.canonigos.es-dir: ua_status.c:183-0 item=1
betelgeuse.canonigos.es-dir: job.c:1744-0 wstore=LocalChgr where=unknown
source
Automatically selected Storage: LocalChgr
Connecting to Storage daemon LocalChgr at betelgeuse.canonigos.es:9103
betelgeuse.canonigos.es-dir: bsock.c:305-0 OK connected to server  Storage
daemon betelgeuse.canonigos.es:9103.
betelgeuse.canonigos.es-dir: cram-md5.c:147-0 sending resp to challenge:
J6c+pxk+t+/KDXl0B4IjVC
betelgeuse.canonigos.es-dir: cram-md5.c:71-0 send: auth cram-md5 challenge
<2125264182.1463481...@betelgeuse.canonigos.es-dir> ssl=0
betelgeuse.canonigos.es-dir: cram-md5.c:90-0 Authenticate OK
b++7uF+e3/JMCxZcv+/51C
betelgeuse.canonigos.es-dir: ua_status.c:382-0 Connected to storage daemon

betelgeuse.canonigos.es-sd Version: 7.4.0 (16 January 2016)
amd64-portbld-freebsd10.2 freebsd 10.2-RELEASE-p9


But with the FD I get this error:

Select Client (File daemon) resource (1-8): 8
Connecting to Client betelgeuse.canonigos.es-fd at
betelgeuse.canonigos.es:9102
betelgeuse.canonigos.es-dir: bsock.c:305-0 OK connected to server  Client:
betelgeuse.canonigos.es-fd betelgeuse.canonigos.es:9102.
betelgeuse.canonigos.es-dir: fd_cmds.c:110-0 Opened connection with File
daemon
betelgeuse.canonigos.es-dir: authenticate.c:202-0 Sent: Hello Director
betelgeuse.canonigos.es-dir calling 102
betelgeuse.canonigos.es-dir: cram-md5.c:147-0 sending resp to challenge:
0i+14m/EA9/jvH4HAG/3BA
betelgeuse.canonigos.es-dir: cram-md5.c:71-0 send: auth cram-md5 challenge
<2099914463.1463480...@betelgeuse.canonigos.es-dir> ssl=2
betelgeuse.canonigos.es-dir: cram-md5.c:90-0 Authenticate OK
Y8+3N1t0t3+0VhI93F9vvB
betelgeuse.canonigos.es-dir: fd_cmds.c:117-0 Authentication error with FD.
Failed to connect to Client betelgeuse.canonigos.es-fd.
====
You have messages.
*m
17-May 12:17 betelgeuse.canonigos.es-dir JobId 0: Fatal error:
Authorization problem: FD "Client: betelgeuse.canonigos.es-fd:
betelgeuse.canonigos.es" did not advertise required TLS support.


The Config:

dir.conf >>


Director {
  Name = betelgeuse.canonigos.es-dir
  DIRport = 9101
  QueryFile = "/usr/local/share/bacula/query.sql"
  WorkingDirectory = "/var/db/bacula"
  PidDirectory = "/var/run"
  Maximum Concurrent Jobs = 20
  Password = "XX"         # Console password
  Messages = Daemon
  # configuracion relativa a TLS
  TLS Require                   = no
  TLS Enable                    = yes
  TLS Verify Peer               = yes
  TLS CA Certificate File       = /usr/local/etc/ssl/cacert.pem
  TLS Certificate               =
/usr/local/etc/ssl/betelgeuse.canonigos.es.crt
  TLS Key                       =
/usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
}

# Client (File Services) to backup
Client {
  Name = betelgeuse.canonigos.es-fd
  Address = betelgeuse.canonigos.es
  FDPort = 9102
  Catalog = MyCatalog
  Password = "XX"
  File Retention = 60 days            # 60 days
  Job Retention = 6 months            # six months
  AutoPrune = yes                     # Prune expired Jobs/Files
  # configuracion relativa a LTS
  TLS Require                 = yes
  TLS Enable                  = yes
  TLS CA Certificate File     = /usr/local/etc/ssl/cacert.pem
  TLS Certificate             =
/usr/local/etc/ssl/betelgeuse.canonigos.es.crt
  TLS Key                     =
/usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
}


fd.conf >>

FileDaemon {                          # this is me
  Name = betelgeuse.canonigos.es-fd
  FDport = 9102                  # where we listen for the director
  WorkingDirectory = /var/db/bacula
  Pid Directory = /var/run
  Maximum Concurrent Jobs = 20
# Plugin Directory = /usr/local/lib
  # configuracion relativa a TLS
  TLS Require                   = yes
  TLS Enable                    = yes
  TLS CA Certificate File       = /usr/local/etc/ssl/cacert.pem
  TLS Certificate               =
/usr/local/etc/ssl/betelgeuse.canonigos.es.crt
  TLS Key                       =
/usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
}


sd.conf >>

Storage {                             # definition of myself
  Name = betelgeuse.canonigos.es-sd
  SDPort = 9103                  # Director's port
  WorkingDirectory = "/var/db/bacula"
  Pid Directory = "/var/run"
  Maximum Concurrent Jobs = 20
  # configuracion relativa al TLS
  TLS Require                   = no
  TLS Enable                    = yes
  TLS Verify Peer               = yes
  TLS CA Certificate File       = /usr/local/etc/ssl/cacert.pem
  TLS Certificate               =
/usr/local/etc/ssl/betelgeuse.canonigos.es.crt
  TLS Key                       =
/usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
}


J.




-- 
_____________________________________________

Francisco Javier Funes Nieto [esen...@gmail.com]
CANONIGOS
Servicios Informáticos para PYMES.
Cl. Cruz 2, 1º Oficina 7
Tlf: 958.536759 / 661134556
Fax: 958.521354
GRANADA - 18002

------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j

_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

[Bacula-users] TLS Config Problem (FD did not advertise required TLS support.)

Reply via email to