Hi, I have rebuild bacula rmps to offer TLS suport (modifying --with-openssl
option for --with-openssl=/ in bacula.spec file).
I have created a certificate (/etc/bacula/cert.pem) and I have added TLS
directives, only for one client (bacula-fd), in my bacula config files like
this:
- bacula-dir.conf:
Director { # define myself
Name = bacula-dir
Description = "Director de Bacula"
DIRport = 9101 # where we listen for UA connections
QueryFile = "/etc/bacula/query.sql"
WorkingDirectory = "/var/bacula"
PidDirectory = "/var/run"
Maximum Concurrent Jobs = 20
Password = "director-password" # Console password
Messages = Standard
TLS Enable = yes
TLS Require = no
TLS Verify Peer = no
#TLS Allowed CN = "[EMAIL PROTECTED]"
# This is a server certificate, used for incoming
# console connections.
TLS Certificate = /etc/bacula/cert.pem
}
Client {
Name = bacula-fd
Address = bacula-fd_adress
FDPort = 9102
Catalog = MyCatalog
Password = "bacula-fd-password" # password for FileDaemon
File Retention = 30 days # 30 days
Job Retention = 6 months # six months
AutoPrune = yes # Prune expired Jobs/Files
Maximum Concurrent Jobs = 20
TLS Enable = yes
TLS Require = yes
#TLS Verify Peer = yes
# This is a server certificate. It is used by connecting
# directors to verify the authenticity of this file daemon
TLS Certificate = /etc/bacula/cert.pem
}
Storage {
Name = FDA
# Do not use "localhost" here
Address = bacula_storage_adress # N.B. Use a fully qualified
name here
SDPort = 9103
Password = "storage-FDA-password"
Device = FDA
Media Type = File
Maximum Concurrent Jobs = 20
TLS Require = yes
# This is a client certificate, used by the director to
# connect to the storage daemon
TLS Certificate = /etc/bacula/cert.pem
}
- bacula-fd.conf:
Director {
Name = bacula-dir
Password = "bacula-fd-password"
TLS Enable = yes
TLS Require = yes
TLS Verify Peer = yes
# Allow only the Director to connect
TLS Allowed CN = "[EMAIL PROTECTED]"
# This is a server certificate. It is used by connecting
# directors to verify the authenticity of this file daemon
TLS Certificate = /etc/bacula/cert.pem
}
- bacula-fd.conf:
Storage { # definition of myself
Name = bacula-sd
SDPort = 9103 # Director's port
WorkingDirectory = "/var/bacula"
Pid Directory = "/var/run"
Maximum Concurrent Jobs = 20
# These TLS configuration options are used for incoming
# file daemon connections. Director TLS settings are handled
# below.
TLS Enable = yes
TLS Require = yes
# Peer certificate is not required/requested -- peer validity
# is verified by the storage connection cookie provided to the
# File Daemon by the director.
TLS Verify Peer = no
# This is a server certificate. It is used by connecting
# file daemons to verify the authenticity of this storage daemon
TLS Certificate = /etc/bacula/cert.pem
}
Director {
Name = bacula-dir
Password = "storage-FDA-password"
TLS Enable = yes
TLS Require = yes
# Require the connecting director to provide a certificate
# with the matching CN.
TLS Verify Peer = yes
TLS Allowed CN = "[EMAIL PROTECTED]"
# This is a server certificate. It is used by the connecting
# director to verify the authenticity of this storage daemon
TLS Certificate = /etc/bacula/cert.pem
}
And when I restart bacula, show this error:
11-Jul 11:08 bacula-dir: ERROR in tls.c:224 Error setting cipher list, no
valid ciphers available
*** glibc detected *** free(): invalid pointer: 0x002bfd00 ***
/etc/bacula/bacula-ctl-dir: line 197: 6475 Aborted
${BACDIRBIN}/bacula-dir $2 ${OPTIONS} -v -c ${BACDIRCFG}/bacula-dir.conf
I can't find the reason for this error. Can anybody help-me?
Furthermore, if I erase all previous TLS directives in bacula config files
and I restart bacula, it start OK, but when I run a job , it finish in error
and show the following message:
10-Jul 15:00 bacula-dir: Start Backup JobId 496,
Job=Bacula.2006-07-10_15.00.00
10-Jul 15:00 bacula-dir: Bacula.2006-07-10_15.00.00 Fatal error:
Authorization problem: Remote server requires TLS.
10-Jul 15:00 bacula-dir: Bacula.2006-07-10_15.00.00 Error: Bacula 1.38.9
(02May06): 10-Jul-2006 15:00:01
JobId: 496
Job: Bacula.2006-07-10_15.00.00
Backup Level: Full
Client: "bacula-fd"
i686-redhat-linux-gnu,redhat,Enterprise 3.0
FileSet: "Linux" 2006-06-22 11:01:20
Pool: "Full"
Storage: "FDA-FULL"
Scheduled time: 10-Jul-2006 15:00:00
Start time: 10-Jul-2006 15:00:01
End time: 10-Jul-2006 15:00:01
Elapsed time: 0 secs
Priority: 10
FD Files Written: 0
SD Files Written: 0
FD Bytes Written: 0 (0 B)
SD Bytes Written: 0 (0 B)
Rate: 0.0 KB/s
Software Compression: None
Volume name(s):
Volume Session Id: 0
Volume Session Time: 0
Last Volume Bytes: 0 (0 B)
Non-fatal FD errors: 0
SD Errors: 0
FD termination status:
SD termination status:
Termination: *** Backup Error ***
This is normal?
Thanks.
David.
--
View this message in context:
http://www.nabble.com/problem-with-TLS-tf1923419.html#a5266404
Sent from the Bacula - Users forum at Nabble.com.
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
