Hi, I have problem with seting up tls connection between bconsole and director.
I use certificates and keys from bareos regresion github repo: https://github.com/bareos/bareos-regress/tree/master/configs/BASE/tls My console and Director versions are the same: bconsole, director - 17.2.4, installed from official ubuntu packages. Director successfully connects to client and storage daemon using TLS. Jobs also works, I can make catalog backup using webui. Problem is only between console and director. director configuration (/etc/bareos/bareos-dir.d/director/bareos-dir.conf): ``` Director { # define myself Name = dir-1 QueryFile = "/usr/lib/bareos/scripts/query.sql" Maximum Concurrent Jobs = 10 Password = "test123" Messages = Daemon Auditing = yes TLS Enable = yes TLS Require = yes TLS CA Certificate File = /bareos-regress/tls/bareos-ca.pem TLS Certificate = /bareos-regress/tls/bareos-dir.bareos.org-cert.pem TLS Key = /bareos-regress/tls/bareos-dir.bareos.org-key.pem TLS Verify Peer = yes TLS Allowed CN = "console.bareos.org" } ``` console configuration (/etc/bareos/bconsole.conf); ``` Director { Name = dir-1 DIRport = 9101 Address = director.example.com Password = "test123" TLS Authenticate = yes TLS Enable = yes TLS Require = yes TLS CA Certificate File = /bareos-regress/tls/bareos-ca.pem TLS Certificate = /bareos-regress/tls/console.bareos.org-cert.pem TLS Key = /bareos-regress/tls/console.bareos.org-key.pem TLS Verify Peer = yes TLS Allowed CN = "bareos-dir.bareos.org" } ``` Console logs: ``` sudo bconsole -d 200 bconsole (100): parse_conf.c:151-0 config file = /etc/bareos/bconsole.conf bconsole (100): lex.c:333-0 glob /etc/bareos/bconsole.conf: 1 files bconsole (100): lex.c:227-0 open config file: /etc/bareos/bconsole.conf bconsole (100): lex.c:333-0 glob /etc/bareos/bconsole.conf: 1 files bconsole (100): lex.c:227-0 open config file: /etc/bareos/bconsole.conf Connecting to Director 127.0.0.1:9101 bconsole (100): bsock_tcp.c:230-0 Current host[ipv4;127.0.0.1;9101] All host[ipv4;127.0.0.1;9101] bconsole (100): bsock_tcp.c:153-0 who=Director daemon host=127.0.0.1 port=9101 bconsole (100): cram-md5.c:123-0 cram-get received: auth cram-md5 <462364060.1517761300@dir-1> ssl=2 bconsole (99): cram-md5.c:143-0 sending resp to challenge: hw/r0SJ0tWkEY+RlGG4OYC bconsole (50): cram-md5.c:75-0 send: auth cram-md5 <673735027.1517761300@bconsole> ssl=2 bconsole (50): cram-md5.c:94-0 Authenticate OK Wm/2z9/hm8/hL9/2H4YwCB bconsole (120): tls_openssl.c:640-0 comparing CNs: cert-cn=bareos-dir.bareos.org, allowed-cn=bareos-dir.bareos.org bconsole (50): bnet.c:202-0 TLS client negotiation established. bconsole (6): bsock.c:269-0 >dird: 1000 OK auth Bad response to Hello command: ERR=No data available The Director at "127.0.0.1:9101" is probably not running. ``` director logs (bareos-dir -d 200 -f): ``` dir-1 (110): socket_server.c:87-0 Conn: Hello *UserAgent* calling dir-1 (100): storage.c:146-0 wstorage=sd-1 dir-1 (100): storage.c:155-0 wstore=sd-1 where=Job resource dir-1 (100): job.c:1484-0 JobId=0 created Job=-Console-.2018-02-04_16.21.40_30 dir-1 (50): cram-md5.c:68-0 send: auth cram-md5 <462364060.1517761300@dir-1> ssl=2 dir-1 (100): cram-md5.c:123-0 cram-get received: auth cram-md5 <673735027.1517761300@bconsole> ssl=2 dir-1 (99): cram-md5.c:143-0 sending resp to challenge: Wm/2z9/hm8/hL9/2H4YwCB dir-1 (120): tls_openssl.c:640-0 comparing CNs: cert-cn=console.bareos.org, allowed-cn=console.bareos.org dir-1 (50): bnet.c:147-0 TLS server negotiation established. dir-1 (200): job.c:1525-0 Start dird free_jcr dir-1 (200): job.c:1589-0 End dird free_jcr dir-1 (200): scheduler.c:326-0 enter find_runs() ``` I don't know whats wrong, it said that "TLS client negotiation established." but later there is error "No data available". -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
