On 23 Aug 2007 at 0:30, Nikolaj Karpov wrote:
>
> Hi everyone!
>
> Running bacula 1.38.11 and experiencing problems with ssl connection. All
> certs are issued by Self-Signed CA.
>
> Here's configs:
>
> bacula-dir:
>
> Storage {
> Name = File
> Address = backup.test.com # N.B. Use a fully qualified name
> here
> SDPort = 9103
> Password = "123"
> Device = FileStorage
> Media Type = File
> TLS Enable = yes
> TLS Require = yes
> TLS CA Certificate File = /opt/bacula/etc/ca.pem
> # This is a client certificate, used by the director to
> # connect to the storage daemon
> TLS Certificate = /opt/bacula/etc/crt.pem
> TLS Key = /opt/bacula/etc/key.pem
> }
>
> bacula-sd:
>
> Storage { # definition of myself
> Name = backup.test.com
> SDPort = 9103 # Director's port
> WorkingDirectory = "/opt/bacula/var/bacula/working"
> Pid Directory = "/var/run"
> Maximum Concurrent Jobs = 20
> TLS Enable = yes
> TLS Require = yes
> # Peer certificate is not required/requested -- peer validity
> # is verified by the storage connection cookie provided to the
> # File Daemon by the director.
> TLS Verify Peer = no
> TLS CA Certificate File = /opt/bacula/etc/ca.pem
> # This is a server certificate. It is used by connecting
> # file daemons to verify the authenticity of this storage daemon
> TLS Certificate = /opt/bacula/etc/crt.pem
> TLS Key = /opt/bacula/etc/key.pem
> }
>
> Director {
> Name = backup-dir
> Password = "123"
> TLS Enable = yes
> TLS Require = yes
> # Require the connecting director to provide a certificate
> # with the matching CN.
> TLS Verify Peer = no
> #TLS Allowed CN = "[EMAIL PROTECTED]"
> TLS CA Certificate File = /opt/bacula/etc/ca.pem
> # This is a server certificate. It is used by the connecting
> # director to verify the authenticity of this storage daemon
> TLS Certificate = /opt/bacula/etc/crt.pem
> TLS Key = /opt/bacula/etc/key.pem
> }
>
>
> bacula-fd:
>
> Director {
> Name = backup-dir
> Password = "123"
> TLS Enable = yes
> TLS Require = yes
> TLS Verify Peer = no
> # Allow only the Director to connect
> #TLS Allowed CN = "[EMAIL PROTECTED]"
> TLS CA Certificate File = /opt/bacula/etc/ca.pem
> # This is a server certificate. It is used by connecting
> # directors to verify the authenticity of this file daemon
> TLS Certificate = /opt/bacula/etc/crt.pem
> TLS Key = /opt/bacula/etc/key.pem
> }
>
>
> And here's output:
>
> 22-Aug 14:29 backup-dir: Start Backup JobId 30,
> Job=nikolaj.2007-08-22_14.29.17
> 22-Aug 14:29 nikolaj-fd: DIR and FD clocks differ by 24 seconds, FD
> automatically adjusting.
nikolaj-fd? I see no mention of nikolaj-fd in the above
configuration.
> 22-Aug 14:29 nikolaj-fd: nikolaj.2007-08-22_14.29.17 Fatal error:
> Authorization problem: Remote server requires TLS.
> 22-Aug 14:29 nikolaj-fd: nikolaj.2007-08-22_14.29.17 Fatal error: Failed to
> authenticate Storage daemon.
> 22-Aug 14:29 backup-dir: nikolaj.2007-08-22_14.29.17 Fatal error: Socket
> error on Storage command: ERR=No data available
> 22-Aug 14:29 backup.test.com: nikolaj.2007-08-22_14.29.17 Fatal error:
> Authorization problem: Remote server did not advertise required TLS support.
> 22-Aug 14:29 backup.test.com: nikolaj.2007-08-22_14.29.17 Fatal error:
> Incorrect authorization key from File daemon at client rejected.
> Please see http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors for
> help.
> 22-Aug 14:29 backup.test.com: nikolaj.2007-08-22_14.29.17 Fatal error:
> Unable to authenticate File daemon
> 22-Aug 14:29 backup-dir: nikolaj.2007-08-22_14.29.17 Error: Bacula 1.38.11
> (28Jun06): 22-Aug-2007 14:29:21
>From bconsole, does status client work? Does status storage?
http://www.freebsddiary.org/bacula-tls.php might help.
--
Dan Langille - http://www.langille.org/
Available for hire: http://www.freebsddiary.org/dan_langille.php
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
