Hi Ana,
The problem now it's solved. There was an incomplete configuration of the
Storage Daemon and Director TLS subset.
I have a cuestion around this,
Can I have a mixed enviroment with TLS and Non-TLS clients in the same
Bacula server?
J.
2016-05-27 22:35 GMT+02:00 Ana Emília M. Arruda <emiliaarr...@gmail.com>:
> Hello Javier,
>
> Did you solve this?
>
> ssl=0 means that no TLS connection is being used. Since TLS Require = no
> for both director and storage daemon, it seems that they are unable to
> establish one and then are communicating with no encryption.
>
> You can always run tests to verify your certificates:
>
> open a server-side ssl connection to listen to 9102:
>
> openssl s_server -accept 9102 -key betelgeuse.canonigos.es-daemon.key
> -cert betelgeuse.canonigos.es.crt -CApath /usr/local/etc/ssl/ Verify 0
>
> try to connect from a client:
>
> openssl s_client -connect betelgeuse.canonigos.es:9102 -key
> director.example.com.key -cert director.example.com.crt -CApath /
> usr/local/etc/ssl/
>
> Regards,
>
> Ana
>
> On Tue, May 17, 2016 at 12:43 PM, Francisco Javier Funes Nieto <
> esen...@gmail.com> wrote:
>
>> Hi all,
>>
>> The first time I'm trying to configure the TLS part of my (new) server
>> under FreeBSD. (10.2/7.4 from ports)
>>
>> Communication sd <-> dir seems ok with debugging activated. I don't know
>> if "ssl=0" means not using TLS.
>>
>> More info:
>>
>> betelgeuse.canonigos.es-dir: ua_status.c:183-0 item=1
>> betelgeuse.canonigos.es-dir: job.c:1744-0 wstore=LocalChgr where=unknown
>> source
>> Automatically selected Storage: LocalChgr
>> Connecting to Storage daemon LocalChgr at betelgeuse.canonigos.es:9103
>> betelgeuse.canonigos.es-dir: bsock.c:305-0 OK connected to server
>> Storage daemon betelgeuse.canonigos.es:9103.
>> betelgeuse.canonigos.es-dir: cram-md5.c:147-0 sending resp to challenge:
>> J6c+pxk+t+/KDXl0B4IjVC
>> betelgeuse.canonigos.es-dir: cram-md5.c:71-0 send: auth cram-md5
>> challenge <2125264182.1463481...@betelgeuse.canonigos.es-dir> ssl=0
>> betelgeuse.canonigos.es-dir: cram-md5.c:90-0 Authenticate OK
>> b++7uF+e3/JMCxZcv+/51C
>> betelgeuse.canonigos.es-dir: ua_status.c:382-0 Connected to storage daemon
>>
>> betelgeuse.canonigos.es-sd Version: 7.4.0 (16 January 2016)
>> amd64-portbld-freebsd10.2 freebsd 10.2-RELEASE-p9
>>
>>
>> But with the FD I get this error:
>>
>> Select Client (File daemon) resource (1-8): 8
>> Connecting to Client betelgeuse.canonigos.es-fd at
>> betelgeuse.canonigos.es:9102
>> betelgeuse.canonigos.es-dir: bsock.c:305-0 OK connected to server
>> Client: betelgeuse.canonigos.es-fd betelgeuse.canonigos.es:9102.
>> betelgeuse.canonigos.es-dir: fd_cmds.c:110-0 Opened connection with File
>> daemon
>> betelgeuse.canonigos.es-dir: authenticate.c:202-0 Sent: Hello Director
>> betelgeuse.canonigos.es-dir calling 102
>> betelgeuse.canonigos.es-dir: cram-md5.c:147-0 sending resp to challenge:
>> 0i+14m/EA9/jvH4HAG/3BA
>> betelgeuse.canonigos.es-dir: cram-md5.c:71-0 send: auth cram-md5
>> challenge <2099914463.1463480...@betelgeuse.canonigos.es-dir> ssl=2
>> betelgeuse.canonigos.es-dir: cram-md5.c:90-0 Authenticate OK
>> Y8+3N1t0t3+0VhI93F9vvB
>> betelgeuse.canonigos.es-dir: fd_cmds.c:117-0 Authentication error with FD.
>> Failed to connect to Client betelgeuse.canonigos.es-fd.
>> ====
>> You have messages.
>> *m
>> 17-May 12:17 betelgeuse.canonigos.es-dir JobId 0: Fatal error:
>> Authorization problem: FD "Client: betelgeuse.canonigos.es-fd:
>> betelgeuse.canonigos.es" did not advertise required TLS support.
>>
>>
>> The Config:
>>
>> dir.conf >>
>>
>>
>> Director {
>> Name = betelgeuse.canonigos.es-dir
>> DIRport = 9101
>> QueryFile = "/usr/local/share/bacula/query.sql"
>> WorkingDirectory = "/var/db/bacula"
>> PidDirectory = "/var/run"
>> Maximum Concurrent Jobs = 20
>> Password = "XX" # Console password
>> Messages = Daemon
>> # configuracion relativa a TLS
>> TLS Require = no
>> TLS Enable = yes
>> TLS Verify Peer = yes
>> TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
>> TLS Certificate =
>> /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
>> TLS Key =
>> /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
>> }
>>
>> # Client (File Services) to backup
>> Client {
>> Name = betelgeuse.canonigos.es-fd
>> Address = betelgeuse.canonigos.es
>> FDPort = 9102
>> Catalog = MyCatalog
>> Password = "XX"
>> File Retention = 60 days # 60 days
>> Job Retention = 6 months # six months
>> AutoPrune = yes # Prune expired Jobs/Files
>> # configuracion relativa a LTS
>> TLS Require = yes
>> TLS Enable = yes
>> TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
>> TLS Certificate =
>> /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
>> TLS Key =
>> /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
>> }
>>
>>
>> fd.conf >>
>>
>> FileDaemon { # this is me
>> Name = betelgeuse.canonigos.es-fd
>> FDport = 9102 # where we listen for the director
>> WorkingDirectory = /var/db/bacula
>> Pid Directory = /var/run
>> Maximum Concurrent Jobs = 20
>> # Plugin Directory = /usr/local/lib
>> # configuracion relativa a TLS
>> TLS Require = yes
>> TLS Enable = yes
>> TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
>> TLS Certificate =
>> /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
>> TLS Key =
>> /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
>> }
>>
>>
>> sd.conf >>
>>
>> Storage { # definition of myself
>> Name = betelgeuse.canonigos.es-sd
>> SDPort = 9103 # Director's port
>> WorkingDirectory = "/var/db/bacula"
>> Pid Directory = "/var/run"
>> Maximum Concurrent Jobs = 20
>> # configuracion relativa al TLS
>> TLS Require = no
>> TLS Enable = yes
>> TLS Verify Peer = yes
>> TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
>> TLS Certificate =
>> /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
>> TLS Key =
>> /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
>> }
>>
>>
>> J.
>>
>>
>>
>>
>> --
>> _____________________________________________
>>
>> Francisco Javier Funes Nieto [esen...@gmail.com]
>> CANONIGOS
>> Servicios Informáticos para PYMES.
>> Cl. Cruz 2, 1º Oficina 7
>> Tlf: 958.536759 / 661134556
>> Fax: 958.521354
>> GRANADA - 18002
>>
>>
>> ------------------------------------------------------------------------------
>> Mobile security can be enabling, not merely restricting. Employees who
>> bring their own devices (BYOD) to work are irked by the imposition of MDM
>> restrictions. Mobile Device Manager Plus allows you to control only the
>> apps on BYO-devices by containerizing them, leaving personal data
>> untouched!
>> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
>> _______________________________________________
>> Bacula-users mailing list
>> Bacula-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bacula-users
>>
>>
>
--
_____________________________________________
Francisco Javier Funes Nieto [esen...@gmail.com]
CANONIGOS
Servicios Informáticos para PYMES.
Cl. Cruz 2, 1º Oficina 7
Tlf: 958.536759 / 661134556
Fax: 958.521354
GRANADA - 18002
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
