Hi Javier,
Yes, sure. If you configure TLS Require = No, if any of the daemons host do
not speak TLS, they will communicate with no encryption (ssl=0).
Regards,
Ana
On Sun, May 29, 2016 at 12:27 PM, Francisco Javier Funes Nieto <
esen...@gmail.com> wrote:
> Hi Ana,
>
> The problem now it's solved. There was an incomplete configuration of the
> Storage Daemon and Director TLS subset.
>
> I have a cuestion around this,
>
> Can I have a mixed enviroment with TLS and Non-TLS clients in the same
> Bacula server?
>
> J.
>
> 2016-05-27 22:35 GMT+02:00 Ana Emília M. Arruda <emiliaarr...@gmail.com>:
>
>> Hello Javier,
>>
>> Did you solve this?
>>
>> ssl=0 means that no TLS connection is being used. Since TLS Require = no
>> for both director and storage daemon, it seems that they are unable to
>> establish one and then are communicating with no encryption.
>>
>> You can always run tests to verify your certificates:
>>
>> open a server-side ssl connection to listen to 9102:
>>
>> openssl s_server -accept 9102 -key betelgeuse.canonigos.es-daemon.key
>> -cert betelgeuse.canonigos.es.crt -CApath /usr/local/etc/ssl/ Verify 0
>>
>> try to connect from a client:
>>
>> openssl s_client -connect betelgeuse.canonigos.es:9102 -key
>> director.example.com.key -cert director.example.com.crt -CApath /
>> usr/local/etc/ssl/
>>
>> Regards,
>>
>> Ana
>>
>> On Tue, May 17, 2016 at 12:43 PM, Francisco Javier Funes Nieto <
>> esen...@gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> The first time I'm trying to configure the TLS part of my (new) server
>>> under FreeBSD. (10.2/7.4 from ports)
>>>
>>> Communication sd <-> dir seems ok with debugging activated. I don't know
>>> if "ssl=0" means not using TLS.
>>>
>>> More info:
>>>
>>> betelgeuse.canonigos.es-dir: ua_status.c:183-0 item=1
>>> betelgeuse.canonigos.es-dir: job.c:1744-0 wstore=LocalChgr where=unknown
>>> source
>>> Automatically selected Storage: LocalChgr
>>> Connecting to Storage daemon LocalChgr at betelgeuse.canonigos.es:9103
>>> betelgeuse.canonigos.es-dir: bsock.c:305-0 OK connected to server
>>> Storage daemon betelgeuse.canonigos.es:9103.
>>> betelgeuse.canonigos.es-dir: cram-md5.c:147-0 sending resp to challenge:
>>> J6c+pxk+t+/KDXl0B4IjVC
>>> betelgeuse.canonigos.es-dir: cram-md5.c:71-0 send: auth cram-md5
>>> challenge <2125264182.1463481...@betelgeuse.canonigos.es-dir> ssl=0
>>> betelgeuse.canonigos.es-dir: cram-md5.c:90-0 Authenticate OK
>>> b++7uF+e3/JMCxZcv+/51C
>>> betelgeuse.canonigos.es-dir: ua_status.c:382-0 Connected to storage
>>> daemon
>>>
>>> betelgeuse.canonigos.es-sd Version: 7.4.0 (16 January 2016)
>>> amd64-portbld-freebsd10.2 freebsd 10.2-RELEASE-p9
>>>
>>>
>>> But with the FD I get this error:
>>>
>>> Select Client (File daemon) resource (1-8): 8
>>> Connecting to Client betelgeuse.canonigos.es-fd at
>>> betelgeuse.canonigos.es:9102
>>> betelgeuse.canonigos.es-dir: bsock.c:305-0 OK connected to server
>>> Client: betelgeuse.canonigos.es-fd betelgeuse.canonigos.es:9102.
>>> betelgeuse.canonigos.es-dir: fd_cmds.c:110-0 Opened connection with File
>>> daemon
>>> betelgeuse.canonigos.es-dir: authenticate.c:202-0 Sent: Hello Director
>>> betelgeuse.canonigos.es-dir calling 102
>>> betelgeuse.canonigos.es-dir: cram-md5.c:147-0 sending resp to challenge:
>>> 0i+14m/EA9/jvH4HAG/3BA
>>> betelgeuse.canonigos.es-dir: cram-md5.c:71-0 send: auth cram-md5
>>> challenge <2099914463.1463480...@betelgeuse.canonigos.es-dir> ssl=2
>>> betelgeuse.canonigos.es-dir: cram-md5.c:90-0 Authenticate OK
>>> Y8+3N1t0t3+0VhI93F9vvB
>>> betelgeuse.canonigos.es-dir: fd_cmds.c:117-0 Authentication error with
>>> FD.
>>> Failed to connect to Client betelgeuse.canonigos.es-fd.
>>> ====
>>> You have messages.
>>> *m
>>> 17-May 12:17 betelgeuse.canonigos.es-dir JobId 0: Fatal error:
>>> Authorization problem: FD "Client: betelgeuse.canonigos.es-fd:
>>> betelgeuse.canonigos.es" did not advertise required TLS support.
>>>
>>>
>>> The Config:
>>>
>>> dir.conf >>
>>>
>>>
>>> Director {
>>> Name = betelgeuse.canonigos.es-dir
>>> DIRport = 9101
>>> QueryFile = "/usr/local/share/bacula/query.sql"
>>> WorkingDirectory = "/var/db/bacula"
>>> PidDirectory = "/var/run"
>>> Maximum Concurrent Jobs = 20
>>> Password = "XX" # Console password
>>> Messages = Daemon
>>> # configuracion relativa a TLS
>>> TLS Require = no
>>> TLS Enable = yes
>>> TLS Verify Peer = yes
>>> TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
>>> TLS Certificate =
>>> /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
>>> TLS Key =
>>> /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
>>> }
>>>
>>> # Client (File Services) to backup
>>> Client {
>>> Name = betelgeuse.canonigos.es-fd
>>> Address = betelgeuse.canonigos.es
>>> FDPort = 9102
>>> Catalog = MyCatalog
>>> Password = "XX"
>>> File Retention = 60 days # 60 days
>>> Job Retention = 6 months # six months
>>> AutoPrune = yes # Prune expired Jobs/Files
>>> # configuracion relativa a LTS
>>> TLS Require = yes
>>> TLS Enable = yes
>>> TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
>>> TLS Certificate =
>>> /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
>>> TLS Key =
>>> /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
>>> }
>>>
>>>
>>> fd.conf >>
>>>
>>> FileDaemon { # this is me
>>> Name = betelgeuse.canonigos.es-fd
>>> FDport = 9102 # where we listen for the director
>>> WorkingDirectory = /var/db/bacula
>>> Pid Directory = /var/run
>>> Maximum Concurrent Jobs = 20
>>> # Plugin Directory = /usr/local/lib
>>> # configuracion relativa a TLS
>>> TLS Require = yes
>>> TLS Enable = yes
>>> TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
>>> TLS Certificate =
>>> /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
>>> TLS Key =
>>> /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
>>> }
>>>
>>>
>>> sd.conf >>
>>>
>>> Storage { # definition of myself
>>> Name = betelgeuse.canonigos.es-sd
>>> SDPort = 9103 # Director's port
>>> WorkingDirectory = "/var/db/bacula"
>>> Pid Directory = "/var/run"
>>> Maximum Concurrent Jobs = 20
>>> # configuracion relativa al TLS
>>> TLS Require = no
>>> TLS Enable = yes
>>> TLS Verify Peer = yes
>>> TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
>>> TLS Certificate =
>>> /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
>>> TLS Key =
>>> /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
>>> }
>>>
>>>
>>> J.
>>>
>>>
>>>
>>>
>>> --
>>> _____________________________________________
>>>
>>> Francisco Javier Funes Nieto [esen...@gmail.com]
>>> CANONIGOS
>>> Servicios Informáticos para PYMES.
>>> Cl. Cruz 2, 1º Oficina 7
>>> Tlf: 958.536759 / 661134556
>>> Fax: 958.521354
>>> GRANADA - 18002
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Mobile security can be enabling, not merely restricting. Employees who
>>> bring their own devices (BYOD) to work are irked by the imposition of MDM
>>> restrictions. Mobile Device Manager Plus allows you to control only the
>>> apps on BYO-devices by containerizing them, leaving personal data
>>> untouched!
>>> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
>>> _______________________________________________
>>> Bacula-users mailing list
>>> Bacula-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bacula-users
>>>
>>>
>>
>
>
> --
> _____________________________________________
>
> Francisco Javier Funes Nieto [esen...@gmail.com]
> CANONIGOS
> Servicios Informáticos para PYMES.
> Cl. Cruz 2, 1º Oficina 7
> Tlf: 958.536759 / 661134556
> Fax: 958.521354
> GRANADA - 18002
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
