Hi, On 5/10/2007 4:06 PM, massano jerome wrote: > Hello. > > I'm really not a guru (I actually am a newbie) but I think you must set > TLS Enable = yes in you bconsole.conf (the documentation says TLS > Require is ignored if TLS Enable is set to "no")
I'm also not a guru - and even cmpletely inexperienced regarding Bacula &TLS - but that would be a bug... It must be possible to tell the DIR to only accept console connections initiated by a client which can identify itself through TLS. Otherwise, the whole console encryption is mostly pointless. Or did I misunderstand something? Arno > Le jeudi 10 mai 2007 à 15:46 +0200, alejandro lencina a écrit : >> Hi, >> >> I'm a Spanish computer science student and I'm working on my thesis >> which is basically deploying Bacula for my school. I'm kinda desperate >> because my due date is coming closer and closer and I'm stuck >> configuring TLS communications. I really wish you could help with >> this... >> >> I'm trying first to get bconsole and the director to communicate using >> tls. So, I created all the certifications and set up my own CA >> following the instructions at http://www.devco.net/pubwiki/Bacula/TLS. >> The PROBLEM I have is that my director ignores the 'TLS Require = yes' >> directive. It even permits communicating with my FD which has no TLS >> directives(if I do a *status client on another machine that FD >> responds). Therefore, since I'm not experienced and I don't know how >> to use a packet sniffer I have no way to know if TLS is working. >> >> Some other info that might be useful: >> - OpenSuSE 10.2 >> - Bacula 2.0.2 >> - OpenSSL 0.9.8d >> - Yes, I've got Bacula to work without TLS. >> >> >> >> Here I include part of the config files: >> >> *Note that I even disabled TLS on bconsole and STILL it connects to >> the director >> >> bconsole.conf >> ---------------------- >> Director { >> Name = canaan-dir >> DIRport = 9101 >> address = canaan >> Password = "qLSoAnsFKtVxe1L22yeiVhuhmFPqs6 >> DlgSbO25di5WV2" >> TLS Enable = no >> TLS Require = yes >> TLS CA Certificate File = /etc/bacula/tls/ca-cert.pem >> TLS Certificate = /etc/bacula/tls/canaan2.cert >> TLS Key = /etc/bacula/tls/canaan2.key >> } >> >> bacula-dir.conf >> ------------------------ >> >> Director { # define myself >> Name = canaan-dir >> DIRport = 9101 # where we listen for UA connections >> QueryFile = "/etc/bacula/query.sql" >> WorkingDirectory = "/var/bacula" >> PidDirectory = "/var/run" >> Maximum Concurrent Jobs = 1 >> Password = "qLSoAnsFKtVxe1L22yeiVhuhmFPqs6DlgSbO25di5WV2" # >> Console password >> Messages = Daemon >> TLS Enable = yes >> TLS Require = yes >> TLS Verify Peer = yes >> TLS Allowed CN = "canaan" >> TLS CA Certificate File = /etc/bacula/tls/ca-cert.pem >> TLS Certificate = /etc/bacula/tls/canaan2.cert >> TLS Key = /etc/bacula/tls/canaan2.key >> } >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by DB2 Express >> Download DB2 Express C - the FREE version of DB2 express and take >> control of your XML. No limits. Just data. Click to get it now. >> http://sourceforge.net/powerbar/db2/ >> _______________________________________________ Bacula-users mailing list >> Bacula-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bacula-users > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users -- IT-Service Lehmann [EMAIL PROTECTED] Arno Lehmann http://www.its-lehmann.de ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
