Hi Yves, So is your problem "solved"?
Cheers Mohamed On Thursday, 10 September 2020 at 08:11:10 UTC+2 Yves wrote: > Hi Mohamed > > > > Yes, the client and the director in the example that was given are two > different machines. I just checked the client and the only service (related > to backup) that is running is the file daemon. > > > > # systemctl status bareos-fd > > *●* bareos-filedaemon.service - Bareos File Daemon service > > Loaded: loaded (/lib/systemd/system/bareos-filedaemon.service; > enabled; vendor preset: enabled) > > > > And yes, your reference to SD has been “translated” to Storage Daemon … 😊 > > > > Regards > > Yves > > > > > > *From: *Mohamed Rouissi <[email protected]> > *Date: *Tuesday, 8 September 2020 at 12:35 > *To: *Yves De Ceuleners <[email protected]> > *Subject: *Re: [bareos-users] Re: TLS Negotiation failed > > > > Your config and SSL are okay (the alert number 40 is just because the > servername has not been specified) > > > > Sorry, but I forgot to ask: Are your Client and your Director two > different machines? > > If so, you don't need to install the Storage Daemon on the Client machine, > since the SD is actually required to write Backups to storage devices, so > it only needs to be connected to your Director (and your storage devices > must also be connected to your Director). Only the File Daemon need to be > installed on your Client side because he's like the Director's messenger > who will be responsible for starting a backup/restore job in a given SD > device and compress/encrypt your data. > > > > Unless you want to customize your configuration to further secure the > communication (or not, by disabling TLS) between your Director and > Client(*) by adding specific TLS certificates and keys, Bareos already > automatically uses and configures TLS for network transport (*TLS Enable* > directive is enabled by default), so there should be no such error. > > > > (*)*this config will be written in Director side in > /etc/bareos/bareos-dir.d/client/ and not in Client Machine's.* > > > > On Tue, 8 Sep 2020 at 09:31, Yves De Ceuleners <[email protected]> wrote: > > Hi Mohamed > > > > Thank you for your reply and picking up this question. > > > > This is the output of *journalctl -xe*: > > > > -- The start-up result is RESULT. > > Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Listening on GnuPG > cryptographic agent and passphrase cache (restricted). > > -- Subject: Unit UNIT has finished start-up > > -- Defined-By: systemd > > -- Support: http://www.ubuntu.com/support > > -- > > -- Unit UNIT has finished starting up. > > -- > > -- The start-up result is RESULT. > > Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Reached target Sockets. > > -- Subject: Unit UNIT has finished start-up > > -- Defined-By: systemd > > -- Support: http://www.ubuntu.com/support > > -- > > -- Unit UNIT has finished starting up. > > -- > > -- The start-up result is RESULT. > > Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Reached target Basic System. > > -- Subject: Unit UNIT has finished start-up > > -- Defined-By: systemd > > -- Support: http://www.ubuntu.com/support > > -- > > -- Unit UNIT has finished starting up. > > -- > > -- The start-up result is RESULT. > > Sep 08 09:18:39 bareos.xxxxxx systemd[1]: Started User Manager for UID 0. > > -- Subject: Unit [email protected] has finished start-up > > -- Defined-By: systemd > > -- Support: http://www.ubuntu.com/support > > -- > > -- Unit [email protected] has finished starting up. > > -- > > -- The start-up result is RESULT. > > Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Reached target Default. > > -- Subject: Unit UNIT has finished start-up > > -- Defined-By: systemd > > -- Support: http://www.ubuntu.com/support > > -- > > -- Unit UNIT has finished starting up. > > -- > > -- The start-up result is RESULT. > > Sep 08 09:18:39 bareos.xxxxxx systemd[28267]: Startup finished in 49ms. > > -- Subject: User manager start-up is now complete > > -- Defined-By: systemd > > -- Support: http://www.ubuntu.com/support > > -- > > -- The user manager instance for user 0 has been started. All services > queued > > -- for starting have been started. Note that other services might still be > starting > > -- up or be started at any later time. > > -- > > -- Startup of the manager took 49056 microseconds. > > Sep 08 09:19:17 bareos.xxxxxx sshd[28422]: Received disconnect from > xx.xx.xx.xx port 40624:11: Bye Bye [preauth] > > Sep 08 09:19:17 bareos.xxxxxx sshd[28422]: Disconnected from > authenticating user root xx.xx.xx.xx port 40624 [preauth] > > > > This is the content of the director daemon config: > > > > root@bareos:/etc/bareos/bareos-dir.d/director# cat bareos-dir.conf > > Director { # define myself > > Name = bareos-dir > > QueryFile = "/usr/lib/bareos/scripts/query.sql" > > Maximum Concurrent Jobs = 10 > > Password = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" # Console > password > > Messages = Daemon > > Auditing = yes > > > > # Enable the Heartbeat if you experience connection losses > > # (eg. because of your router or firewall configuration). > > # Additionally the Heartbeat can be enabled in bareos-sd and bareos-fd. > > # > > # Heartbeat Interval = 1 min > > > > # remove comment in next line to load dynamic backends from specified > directory > > # Backend Directory = /usr/lib/bareos/backends > > > > # remove comment from "Plugin Directory" to load plugins from specified > directory. > > # if "Plugin Names" is defined, only the specified plugins will be > loaded, > > # otherwise all director plugins (*-dir.so) from the "Plugin Directory". > > # > > # Plugin Directory = "/usr/lib/bareos/plugins" > > # Plugin Names = "" > > } > > > > This is the content of the SD config: > > > > root@bareos:/etc/bareos/bareos-sd.d/storage# cat bareos-sd.conf > > Storage { > > Name = bareos-sd > > Maximum Concurrent Jobs = 20 > > > > # remove comment from "Plugin Directory" to load plugins from specified > directory. > > # if "Plugin Names" is defined, only the specified plugins will be > loaded, > > # otherwise all storage plugins (*-sd.so) from the "Plugin Directory". > > # > > # Plugin Directory = "/usr/lib/bareos/plugins" > > # Plugin Names = "" > > } > > > > The output of the *openssl*-command: > > > > # openssl s_client -connect XXXXXXXXXXXXX:9102 -state -nbio > > CONNECTED(00000005) > > Turned on non blocking io > > SSL_connect:before SSL initialization > > SSL_connect:SSLv3/TLS write client hello > > SSL_connect:error in SSLv3/TLS write client hello > > write R BLOCK > > SSL3 alert read:fatal:handshake failure > > SSL_connect:error in error > > 140619502105024:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert > handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40 > > --- > > no peer certificate available > > --- > > No client certificate CA names sent > > --- > > SSL handshake has read 7 bytes and written 328 bytes > > Verification: OK > > --- > > New, (NONE), Cipher is (NONE) > > Secure Renegotiation IS NOT supported > > Compression: NONE > > Expansion: NONE > > No ALPN negotiated > > Early data was not sent > > Verify return code: 0 (ok) > > --- > > > > Can you specify which log files in particular you are interested in? > > > > Regards > > Yves > > > > > > *From: *"[email protected]" <[email protected]> on > behalf of "[email protected]" <[email protected]> > *Date: *Tuesday, 8 September 2020 at 09:11 > *To: *bareos-users <[email protected]> > *Subject: *[bareos-users] Re: TLS Negotiation failed > > > > Hi Yves, > > > > Could you please share more details like *journalctl -xe, *your log > files, and eventually your Director and Storage Daemon config? > > > > You can also start by debugging/verifying your SSL connection: > > *$ openssl s_client -connect [client-fqdn/ip]:9102 -state -nbio* > > > > Cheers > Mohamed > > On Monday, 7 September 2020 at 09:34:11 UTC+2 Yves wrote: > > Dear reader > > > > Server version: 19.2.7-2 > > Client version: 19.2.7-2 > > > > Output of *journalctl status bareos-sd* on the client: > > *Connect failure: ERR=error:1417A0C1:SSL > routines:tls_post_process_client_hello:no shared cipher* > > *lib/bnet.cc:124 TLS Negotiation failed.* > > *Connect failure: ERR=error:1408F09C:SSL routines:ssl3_get_record:http > request* > > *lib/bnet.cc:124 TLS Negotiation failed.* > > *Connect failure: ERR=error:1408F10B:SSL routines:ssl3_get_record:wrong > version number* > > *lib/bnet.cc:124 TLS Negotiation failed.* > > Similar output on the server and backups are running fine. > > Server and client are running Ubuntu 18.04.4 on VMs. > > regards > > Yves > > -- > You received this message because you are subscribed to a topic in the > Google Groups "bareos-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/bareos-users/bJKm0XOqHL8/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/bareos-users/311d9573-c8c0-4077-b0b2-fce352cc69ban%40googlegroups.com > > <https://groups.google.com/d/msgid/bareos-users/311d9573-c8c0-4077-b0b2-fce352cc69ban%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/43fa8654-2b57-4c6c-8f10-c78a40f70b35n%40googlegroups.com.
