Hello. I'm really not a guru (I actually am a newbie) but I think you must set TLS Enable = yes in you bconsole.conf (the documentation says TLS Require is ignored if TLS Enable is set to "no")
Le jeudi 10 mai 2007 à 15:46 +0200, alejandro lencina a écrit : > Hi, > > I'm a Spanish computer science student and I'm working on my thesis > which is basically deploying Bacula for my school. I'm kinda desperate > because my due date is coming closer and closer and I'm stuck > configuring TLS communications. I really wish you could help with > this... > > I'm trying first to get bconsole and the director to communicate using > tls. So, I created all the certifications and set up my own CA > following the instructions at http://www.devco.net/pubwiki/Bacula/TLS. > The PROBLEM I have is that my director ignores the 'TLS Require = yes' > directive. It even permits communicating with my FD which has no TLS > directives(if I do a *status client on another machine that FD > responds). Therefore, since I'm not experienced and I don't know how > to use a packet sniffer I have no way to know if TLS is working. > > Some other info that might be useful: > - OpenSuSE 10.2 > - Bacula 2.0.2 > - OpenSSL 0.9.8d > - Yes, I've got Bacula to work without TLS. > > > > Here I include part of the config files: > > *Note that I even disabled TLS on bconsole and STILL it connects to > the director > > bconsole.conf > ---------------------- > Director { > Name = canaan-dir > DIRport = 9101 > address = canaan > Password = "qLSoAnsFKtVxe1L22yeiVhuhmFPqs6 > DlgSbO25di5WV2" > TLS Enable = no > TLS Require = yes > TLS CA Certificate File = /etc/bacula/tls/ca-cert.pem > TLS Certificate = /etc/bacula/tls/canaan2.cert > TLS Key = /etc/bacula/tls/canaan2.key > } > > bacula-dir.conf > ------------------------ > > Director { # define myself > Name = canaan-dir > DIRport = 9101 # where we listen for UA connections > QueryFile = "/etc/bacula/query.sql" > WorkingDirectory = "/var/bacula" > PidDirectory = "/var/run" > Maximum Concurrent Jobs = 1 > Password = "qLSoAnsFKtVxe1L22yeiVhuhmFPqs6DlgSbO25di5WV2" # > Console password > Messages = Daemon > TLS Enable = yes > TLS Require = yes > TLS Verify Peer = yes > TLS Allowed CN = "canaan" > TLS CA Certificate File = /etc/bacula/tls/ca-cert.pem > TLS Certificate = /etc/bacula/tls/canaan2.cert > TLS Key = /etc/bacula/tls/canaan2.key > } > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
