Hi everyone!
Running bacula 1.38.11 and experiencing problems with ssl connection. All
certs are issued by Self-Signed CA.
Here's configs:
bacula-dir:
Storage {
Name = File
Address = backup.test.com # N.B. Use a fully qualified name
here
SDPort = 9103
Password = "123"
Device = FileStorage
Media Type = File
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = /opt/bacula/etc/ca.pem
# This is a client certificate, used by the director to
# connect to the storage daemon
TLS Certificate = /opt/bacula/etc/crt.pem
TLS Key = /opt/bacula/etc/key.pem
}
bacula-sd:
Storage { # definition of myself
Name = backup.test.com
SDPort = 9103 # Director's port
WorkingDirectory = "/opt/bacula/var/bacula/working"
Pid Directory = "/var/run"
Maximum Concurrent Jobs = 20
TLS Enable = yes
TLS Require = yes
# Peer certificate is not required/requested -- peer validity
# is verified by the storage connection cookie provided to the
# File Daemon by the director.
TLS Verify Peer = no
TLS CA Certificate File = /opt/bacula/etc/ca.pem
# This is a server certificate. It is used by connecting
# file daemons to verify the authenticity of this storage daemon
TLS Certificate = /opt/bacula/etc/crt.pem
TLS Key = /opt/bacula/etc/key.pem
}
Director {
Name = backup-dir
Password = "123"
TLS Enable = yes
TLS Require = yes
# Require the connecting director to provide a certificate
# with the matching CN.
TLS Verify Peer = no
#TLS Allowed CN = "[EMAIL PROTECTED]"
TLS CA Certificate File = /opt/bacula/etc/ca.pem
# This is a server certificate. It is used by the connecting
# director to verify the authenticity of this storage daemon
TLS Certificate = /opt/bacula/etc/crt.pem
TLS Key = /opt/bacula/etc/key.pem
}
bacula-fd:
Director {
Name = backup-dir
Password = "123"
TLS Enable = yes
TLS Require = yes
TLS Verify Peer = no
# Allow only the Director to connect
#TLS Allowed CN = "[EMAIL PROTECTED]"
TLS CA Certificate File = /opt/bacula/etc/ca.pem
# This is a server certificate. It is used by connecting
# directors to verify the authenticity of this file daemon
TLS Certificate = /opt/bacula/etc/crt.pem
TLS Key = /opt/bacula/etc/key.pem
}
And here's output:
22-Aug 14:29 backup-dir: Start Backup JobId 30,
Job=nikolaj.2007-08-22_14.29.17
22-Aug 14:29 nikolaj-fd: DIR and FD clocks differ by 24 seconds, FD
automatically adjusting.
22-Aug 14:29 nikolaj-fd: nikolaj.2007-08-22_14.29.17 Fatal error:
Authorization problem: Remote server requires TLS.
22-Aug 14:29 nikolaj-fd: nikolaj.2007-08-22_14.29.17 Fatal error: Failed to
authenticate Storage daemon.
22-Aug 14:29 backup-dir: nikolaj.2007-08-22_14.29.17 Fatal error: Socket
error on Storage command: ERR=No data available
22-Aug 14:29 backup.test.com: nikolaj.2007-08-22_14.29.17 Fatal error:
Authorization problem: Remote server did not advertise required TLS support.
22-Aug 14:29 backup.test.com: nikolaj.2007-08-22_14.29.17 Fatal error:
Incorrect authorization key from File daemon at client rejected.
Please see http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors for
help.
22-Aug 14:29 backup.test.com: nikolaj.2007-08-22_14.29.17 Fatal error:
Unable to authenticate File daemon
22-Aug 14:29 backup-dir: nikolaj.2007-08-22_14.29.17 Error: Bacula 1.38.11
(28Jun06): 22-Aug-2007 14:29:21
Best regards,
Nikolaj Karpov
--
View this message in context:
http://www.nabble.com/Bacula-fd--%3E-Bacula-sd-SSL-problem-tf4315882.html#a12288806
Sent from the Bacula - Users mailing list archive at Nabble.com.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
