*EDIT* to avoid confusion: [...] *will be responsible for starting a backup/restore job in a given SD (by SD I meant **Storage Daemon* * not SD card or something like that) device and compress/encrypt your data. * On Tuesday, 8 September 2020 at 12:39:57 UTC+2 [email protected] wrote:
> Your config and SSL are okay (the alert number 40 is just because the > servername has not been specified) > > Sorry, but I forgot to ask: Are your Client and your Director two > different machines? > If so, you don't need to install the Storage Daemon on the Client machine, > since the SD is actually required to write Backups to storage devices, so > it only needs to be connected to your Director (and your storage devices > must also be connected to your Director). Only the File Daemon need to be > installed on your Client side because he's like the Director's messenger > who will be responsible for starting a backup/restore job in a given SD > device and compress/encrypt your data. > > Unless you want to customize your configuration to further secure the > communication (or not, by disabling TLS) between your Director and > Client(*) by adding specific TLS certificates and keys, Bareos already > automatically uses and configures TLS for network transport (*TLS Enable* > directive is enabled by default), so there should be no such error. > > (*)*this config will be written in Director side in > /etc/bareos/bareos-dir.d/client/ and not in Client Machine's.* > > > On Tuesday, 8 September 2020 at 09:31:41 UTC+2 Yves wrote: > >> Hi Mohamed >> >> >> >> Thank you for your reply and picking up this question. >> >> >> >> This is the output of *journalctl -xe*: >> >> >> >> -- The start-up result is RESULT. >> >> Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Listening on GnuPG >> cryptographic agent and passphrase cache (restricted). >> >> -- Subject: Unit UNIT has finished start-up >> >> -- Defined-By: systemd >> >> -- Support: http://www.ubuntu.com/support >> >> -- >> >> -- Unit UNIT has finished starting up. >> >> -- >> >> -- The start-up result is RESULT. >> >> Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Reached target Sockets. >> >> -- Subject: Unit UNIT has finished start-up >> >> -- Defined-By: systemd >> >> -- Support: http://www.ubuntu.com/support >> >> -- >> >> -- Unit UNIT has finished starting up. >> >> -- >> >> -- The start-up result is RESULT. >> >> Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Reached target Basic System. >> >> -- Subject: Unit UNIT has finished start-up >> >> -- Defined-By: systemd >> >> -- Support: http://www.ubuntu.com/support >> >> -- >> >> -- Unit UNIT has finished starting up. >> >> -- >> >> -- The start-up result is RESULT. >> >> Sep 08 09:18:39 bareos.xxxxxx systemd[1]: Started User Manager for UID 0. >> >> -- Subject: Unit [email protected] has finished start-up >> >> -- Defined-By: systemd >> >> -- Support: http://www.ubuntu.com/support >> >> -- >> >> -- Unit [email protected] has finished starting up. >> >> -- >> >> -- The start-up result is RESULT. >> >> Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Reached target Default. >> >> -- Subject: Unit UNIT has finished start-up >> >> -- Defined-By: systemd >> >> -- Support: http://www.ubuntu.com/support >> >> -- >> >> -- Unit UNIT has finished starting up. >> >> -- >> >> -- The start-up result is RESULT. >> >> Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Startup finished in 49ms. >> >> -- Subject: User manager start-up is now complete >> >> -- Defined-By: systemd >> >> -- Support: http://www.ubuntu.com/support >> >> -- >> >> -- The user manager instance for user 0 has been started. All services >> queued >> >> -- for starting have been started. Note that other services might still >> be starting >> >> -- up or be started at any later time. >> >> -- >> >> -- Startup of the manager took 49056 microseconds. >> >> Sep 08 09:19:17 bareos.xxxxxx sshd[28422]: Received disconnect from >> xx.xx.xx.xx port 40624:11: Bye Bye [preauth] >> >> Sep 08 09:19:17 bareos.xxxxxx sshd[28422]: Disconnected from >> authenticating user root xx.xx.xx.xx port 40624 [preauth] >> >> >> >> This is the content of the director daemon config: >> >> >> >> root@bareos:/etc/bareos/bareos-dir.d/director# cat bareos-dir.conf >> >> Director { # define myself >> >> Name = bareos-dir >> >> QueryFile = "/usr/lib/bareos/scripts/query.sql" >> >> Maximum Concurrent Jobs = 10 >> >> Password = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" # Console >> password >> >> Messages = Daemon >> >> Auditing = yes >> >> >> >> # Enable the Heartbeat if you experience connection losses >> >> # (eg. because of your router or firewall configuration). >> >> # Additionally the Heartbeat can be enabled in bareos-sd and bareos-fd. >> >> # >> >> # Heartbeat Interval = 1 min >> >> >> >> # remove comment in next line to load dynamic backends from specified >> directory >> >> # Backend Directory = /usr/lib/bareos/backends >> >> >> >> # remove comment from "Plugin Directory" to load plugins from >> specified directory. >> >> # if "Plugin Names" is defined, only the specified plugins will be >> loaded, >> >> # otherwise all director plugins (*-dir.so) from the "Plugin >> Directory". >> >> # >> >> # Plugin Directory = "/usr/lib/bareos/plugins" >> >> # Plugin Names = "" >> >> } >> >> >> >> This is the content of the SD config: >> >> >> >> root@bareos:/etc/bareos/bareos-sd.d/storage# cat bareos-sd.conf >> >> Storage { >> >> Name = bareos-sd >> >> Maximum Concurrent Jobs = 20 >> >> >> >> # remove comment from "Plugin Directory" to load plugins from >> specified directory. >> >> # if "Plugin Names" is defined, only the specified plugins will be >> loaded, >> >> # otherwise all storage plugins (*-sd.so) from the "Plugin Directory". >> >> # >> >> # Plugin Directory = "/usr/lib/bareos/plugins" >> >> # Plugin Names = "" >> >> } >> >> >> >> The output of the *openssl*-command: >> >> >> >> # openssl s_client -connect XXXXXXXXXXXXX:9102 -state -nbio >> >> CONNECTED(00000005) >> >> Turned on non blocking io >> >> SSL_connect:before SSL initialization >> >> SSL_connect:SSLv3/TLS write client hello >> >> SSL_connect:error in SSLv3/TLS write client hello >> >> write R BLOCK >> >> SSL3 alert read:fatal:handshake failure >> >> SSL_connect:error in error >> >> 140619502105024:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert >> handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40 >> >> --- >> >> no peer certificate available >> >> --- >> >> No client certificate CA names sent >> >> --- >> >> SSL handshake has read 7 bytes and written 328 bytes >> >> Verification: OK >> >> --- >> >> New, (NONE), Cipher is (NONE) >> >> Secure Renegotiation IS NOT supported >> >> Compression: NONE >> >> Expansion: NONE >> >> No ALPN negotiated >> >> Early data was not sent >> >> Verify return code: 0 (ok) >> >> --- >> >> >> >> Can you specify which log files in particular you are interested in? >> >> >> >> Regards >> >> Yves >> >> >> >> >> >> *From: *"[email protected]" <[email protected]> on >> behalf of "[email protected]" <[email protected]> >> *Date: *Tuesday, 8 September 2020 at 09:11 >> *To: *bareos-users <[email protected]> >> *Subject: *[bareos-users] Re: TLS Negotiation failed >> >> >> >> Hi Yves, >> >> >> >> Could you please share more details like *journalctl -xe, * your log >> files, and eventually your Director and Storage Daemon config? >> >> >> >> You can also start by debugging/verifying your SSL connection: >> >> *$ openssl s_client -connect [client-fqdn/ip]:9102 -state -nbio* >> >> >> >> Cheers >> Mohamed >> >> On Monday, 7 September 2020 at 09:34:11 UTC+2 Yves wrote: >> >> Dear reader >> >> >> >> Server version: 19.2.7-2 >> >> Client version: 19.2.7-2 >> >> >> >> Output of *journalctl status bareos-sd* on the client: >> >> *Connect failure: ERR=error:1417A0C1:SSL >> routines:tls_post_process_client_hello:no shared cipher* >> >> *lib/bnet.cc:124 TLS Negotiation failed.* >> >> *Connect failure: ERR=error:1408F09C:SSL routines:ssl3_get_record:http >> request* >> >> *lib/bnet.cc:124 TLS Negotiation failed.* >> >> *Connect failure: ERR=error:1408F10B:SSL routines:ssl3_get_record:wrong >> version number* >> >> *lib/bnet.cc:124 TLS Negotiation failed.* >> >> Similar output on the server and backups are running fine. >> >> Server and client are running Ubuntu 18.04.4 on VMs. >> >> regards >> >> Yves >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "bareos-users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/bareos-users/bJKm0XOqHL8/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/bareos-users/311d9573-c8c0-4077-b0b2-fce352cc69ban%40googlegroups.com >> >> <https://groups.google.com/d/msgid/bareos-users/311d9573-c8c0-4077-b0b2-fce352cc69ban%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/e3259087-09fc-4c97-9d4d-559830af117fn%40googlegroups.com.
