Hi Mohamed Thank you for your reply and picking up this question.
This is the output of journalctl -xe: -- The start-up result is RESULT. Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Listening on GnuPG cryptographic agent and passphrase cache (restricted). -- Subject: Unit UNIT has finished start-up -- Defined-By: systemd -- Support: http://www.ubuntu.com/support -- -- Unit UNIT has finished starting up. -- -- The start-up result is RESULT. Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Reached target Sockets. -- Subject: Unit UNIT has finished start-up -- Defined-By: systemd -- Support: http://www.ubuntu.com/support -- -- Unit UNIT has finished starting up. -- -- The start-up result is RESULT. Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Reached target Basic System. -- Subject: Unit UNIT has finished start-up -- Defined-By: systemd -- Support: http://www.ubuntu.com/support -- -- Unit UNIT has finished starting up. -- -- The start-up result is RESULT. Sep 08 09:18:39 bareos.xxxxxx systemd[1]: Started User Manager for UID 0. -- Subject: Unit [email protected] has finished start-up -- Defined-By: systemd -- Support: http://www.ubuntu.com/support -- -- Unit [email protected] has finished starting up. -- -- The start-up result is RESULT. Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Reached target Default. -- Subject: Unit UNIT has finished start-up -- Defined-By: systemd -- Support: http://www.ubuntu.com/support -- -- Unit UNIT has finished starting up. -- -- The start-up result is RESULT. Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Startup finished in 49ms. -- Subject: User manager start-up is now complete -- Defined-By: systemd -- Support: http://www.ubuntu.com/support -- -- The user manager instance for user 0 has been started. All services queued -- for starting have been started. Note that other services might still be starting -- up or be started at any later time. -- -- Startup of the manager took 49056 microseconds. Sep 08 09:19:17 bareos.xxxxxx sshd[28422]: Received disconnect from xx.xx.xx.xx port 40624:11: Bye Bye [preauth] Sep 08 09:19:17 bareos.xxxxxx sshd[28422]: Disconnected from authenticating user root xx.xx.xx.xx port 40624 [preauth] This is the content of the director daemon config: root@bareos:/etc/bareos/bareos-dir.d/director# cat bareos-dir.conf Director { # define myself Name = bareos-dir QueryFile = "/usr/lib/bareos/scripts/query.sql" Maximum Concurrent Jobs = 10 Password = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" # Console password Messages = Daemon Auditing = yes # Enable the Heartbeat if you experience connection losses # (eg. because of your router or firewall configuration). # Additionally the Heartbeat can be enabled in bareos-sd and bareos-fd. # # Heartbeat Interval = 1 min # remove comment in next line to load dynamic backends from specified directory # Backend Directory = /usr/lib/bareos/backends # remove comment from "Plugin Directory" to load plugins from specified directory. # if "Plugin Names" is defined, only the specified plugins will be loaded, # otherwise all director plugins (*-dir.so) from the "Plugin Directory". # # Plugin Directory = "/usr/lib/bareos/plugins" # Plugin Names = "" } This is the content of the SD config: root@bareos:/etc/bareos/bareos-sd.d/storage# cat bareos-sd.conf Storage { Name = bareos-sd Maximum Concurrent Jobs = 20 # remove comment from "Plugin Directory" to load plugins from specified directory. # if "Plugin Names" is defined, only the specified plugins will be loaded, # otherwise all storage plugins (*-sd.so) from the "Plugin Directory". # # Plugin Directory = "/usr/lib/bareos/plugins" # Plugin Names = "" } The output of the openssl-command: # openssl s_client -connect XXXXXXXXXXXXX:9102 -state -nbio CONNECTED(00000005) Turned on non blocking io SSL_connect:before SSL initialization SSL_connect:SSLv3/TLS write client hello SSL_connect:error in SSLv3/TLS write client hello write R BLOCK SSL3 alert read:fatal:handshake failure SSL_connect:error in error 140619502105024:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 328 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- Can you specify which log files in particular you are interested in? Regards Yves From: "[email protected]" <[email protected]> on behalf of "[email protected]" <[email protected]> Date: Tuesday, 8 September 2020 at 09:11 To: bareos-users <[email protected]> Subject: [bareos-users] Re: TLS Negotiation failed Hi Yves, Could you please share more details like journalctl -xe, your log files, and eventually your Director and Storage Daemon config? You can also start by debugging/verifying your SSL connection: $ openssl s_client -connect [client-fqdn/ip]:9102 -state -nbio Cheers Mohamed On Monday, 7 September 2020 at 09:34:11 UTC+2 Yves wrote: Dear reader Server version: 19.2.7-2 Client version: 19.2.7-2 Output of journalctl status bareos-sd on the client: Connect failure: ERR=error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher lib/bnet.cc:124 TLS Negotiation failed. Connect failure: ERR=error:1408F09C:SSL routines:ssl3_get_record:http request lib/bnet.cc:124 TLS Negotiation failed. Connect failure: ERR=error:1408F10B:SSL routines:ssl3_get_record:wrong version number lib/bnet.cc:124 TLS Negotiation failed. Similar output on the server and backups are running fine. Server and client are running Ubuntu 18.04.4 on VMs. regards Yves -- You received this message because you are subscribed to a topic in the Google Groups "bareos-users" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/bareos-users/bJKm0XOqHL8/unsubscribe. To unsubscribe from this group and all its topics, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/311d9573-c8c0-4077-b0b2-fce352cc69ban%40googlegroups.com<https://groups.google.com/d/msgid/bareos-users/311d9573-c8c0-4077-b0b2-fce352cc69ban%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/DB8PR10MB28762C4D60DB0FF325EFB4F2F2290%40DB8PR10MB2876.EURPRD10.PROD.OUTLOOK.COM.
