Sorry, i realy did'n saw this questions...
This is output from status client and status storage:
Connecting to Client nikolaj-fd at nikolaj.test.com:9102
nikolaj-fd Version: 1.38.11 (28 June 2006) i686-pc-linux-gnu redhat (Zod)
Daemon started 23-Aug-07 19:18, 0 Jobs run since started.
Terminated Jobs:
JobId Level Files Bytes Status Finished Name
======================================================================
22 Incr 2 601,229,312 OK 22-Aug-07 12:22 nikolaj
23 Incr 2 28 OK 22-Aug-07 12:25 nikolaj
====
Running Jobs:
Director connected at: 23-Aug-07 19:20
No Jobs running.
====
#status
Status available for:
1: Director
2: Storage
3: Client
4: All
Select daemon type for status (1-4): Unexpected question has been received.
2
Automatically selected Storage: File
Connecting to Storage daemon File at backup.test.com:9103
backup.test.com Version: 1.38.11 (28 June 2006) i686-pc-linux-gnu redhat
(Zod)
Daemon started 23-Aug-07 19:18, 0 Jobs run since started.
Running Jobs:
No Jobs running.
====
Jobs waiting to reserve a drive:
====
Terminated Jobs:
JobId Level Files Bytes Status Finished Name
======================================================================
10 Full 2 601,229,485 OK 21-Aug-07 13:02 nikolaj
22 Incr 2 601,229,485 OK 22-Aug-07 12:21 nikolaj
23 Incr 2 170 OK 22-Aug-07 12:24 nikolaj
24 Incr 0 0 Error 22-Aug-07 12:27 nikolaj
25 Incr 0 0 Error 22-Aug-07 13:00 nikolaj
26 Incr 0 0 Error 22-Aug-07 13:09 nikolaj
27 Incr 0 0 Error 22-Aug-07 13:25 nikolaj
28 Incr 0 0 Error 22-Aug-07 13:30 nikolaj
29 Incr 0 0 Error 22-Aug-07 14:26 nikolaj
30 Incr 0 0 Error 22-Aug-07 14:29 nikolaj
====
Device status:
Device "FileStorage" (/tmp) is not open or does not exist.
Device "nikolaj" is not open or does not exist.
No DEVICE structure.
====
In Use Volume status:
====
#
Could you point me to difference in your article and my config, looked at
both for 3 times, but see no difference, 5 lines: TLS Enable, TLS Require,
TLS CA, TLS Cert, TLS Key.
Dan Langille wrote:
>
> On 23 Aug 2007 at 6:06, Nikolaj Karpov wrote:
>
>> Dan Langille wrote:
>> >
>> > On 23 Aug 2007 at 0:30, Nikolaj Karpov wrote:
>> >
>> >>
>> >> Hi everyone!
>> >>
>> >> Running bacula 1.38.11 and experiencing problems with ssl connection.
>> All
>> >> certs are issued by Self-Signed CA.
>> >>
>> >> Here's configs:
>> >>
>> >> bacula-dir:
>> >>
>> >> Storage {
>> >> Name = File
>> >> Address = backup.test.com # N.B. Use a fully qualified
>> name
>> >> here
>> >> SDPort = 9103
>> >> Password = "123"
>> >> Device = FileStorage
>> >> Media Type = File
>> >> TLS Enable = yes
>> >> TLS Require = yes
>> >> TLS CA Certificate File = /opt/bacula/etc/ca.pem
>> >> # This is a client certificate, used by the director to
>> >> # connect to the storage daemon
>> >> TLS Certificate = /opt/bacula/etc/crt.pem
>> >> TLS Key = /opt/bacula/etc/key.pem
>> >> }
>> >>
>> >> bacula-sd:
>> >>
>> >> Storage { # definition of myself
>> >> Name = backup.test.com
>> >> SDPort = 9103 # Director's port
>> >> WorkingDirectory = "/opt/bacula/var/bacula/working"
>> >> Pid Directory = "/var/run"
>> >> Maximum Concurrent Jobs = 20
>> >> TLS Enable = yes
>> >> TLS Require = yes
>> >> # Peer certificate is not required/requested -- peer validity
>> >> # is verified by the storage connection cookie provided to the
>> >> # File Daemon by the director.
>> >> TLS Verify Peer = no
>> >> TLS CA Certificate File = /opt/bacula/etc/ca.pem
>> >> # This is a server certificate. It is used by connecting
>> >> # file daemons to verify the authenticity of this storage daemon
>> >> TLS Certificate = /opt/bacula/etc/crt.pem
>> >> TLS Key = /opt/bacula/etc/key.pem
>> >> }
>> >>
>> >> Director {
>> >> Name = backup-dir
>> >> Password = "123"
>> >> TLS Enable = yes
>> >> TLS Require = yes
>> >> # Require the connecting director to provide a certificate
>> >> # with the matching CN.
>> >> TLS Verify Peer = no
>> >> #TLS Allowed CN = "[EMAIL PROTECTED]"
>> >> TLS CA Certificate File = /opt/bacula/etc/ca.pem
>> >> # This is a server certificate. It is used by the connecting
>> >> # director to verify the authenticity of this storage daemon
>> >> TLS Certificate = /opt/bacula/etc/crt.pem
>> >> TLS Key = /opt/bacula/etc/key.pem
>> >> }
>> >>
>> >>
>> >> bacula-fd:
>> >>
>> >> Director {
>> >> Name = backup-dir
>> >> Password = "123"
>> >> TLS Enable = yes
>> >> TLS Require = yes
>> >> TLS Verify Peer = no
>> >> # Allow only the Director to connect
>> >> #TLS Allowed CN = "[EMAIL PROTECTED]"
>> >> TLS CA Certificate File = /opt/bacula/etc/ca.pem
>> >> # This is a server certificate. It is used by connecting
>> >> # directors to verify the authenticity of this file daemon
>> >> TLS Certificate = /opt/bacula/etc/crt.pem
>> >> TLS Key = /opt/bacula/etc/key.pem
>> >> }
>> >>
>> >>
>> >> And here's output:
>> >>
>> >> 22-Aug 14:29 backup-dir: Start Backup JobId 30,
>> >> Job=nikolaj.2007-08-22_14.29.17
>> >> 22-Aug 14:29 nikolaj-fd: DIR and FD clocks differ by 24 seconds, FD
>> >> automatically adjusting.
>> >
>> > nikolaj-fd? I see no mention of nikolaj-fd in the above
>> > configuration.
>
> If you answer inline, instead of only at the top, it makes it easier
> for your helpers to follow what is happening. :)
>
> Also, be sure to read the entire reply. You missed a couple of
> questions, see below.
>
>>
>> Thanks fot the answer.
>>
>> I've forgoten to include client part of bacula-dir.
>>
>> Client {
>> Name = nikolaj-fd
>> Address = nikolaj.test.com
>> FDPort = 9102
>> Catalog = MyCatalog
>> Maximum Concurrent Jobs = 10
>> Password = "123"
>> File Retention = 300d
>> Job Retention = 180d
>> AutoPrune = yes
>> TLS Enable = yes
>> TLS Require = yes
>> TLS CA Certificate File = /opt/bacula/etc/ca.pem
>> }
>>
>>
>>
>
>
>
>> >
>> >> 22-Aug 14:29 nikolaj-fd: nikolaj.2007-08-22_14.29.17 Fatal error:
>> >> Authorization problem: Remote server requires TLS.
>> >> 22-Aug 14:29 nikolaj-fd: nikolaj.2007-08-22_14.29.17 Fatal error:
>> Failed
>> >> to
>> >> authenticate Storage daemon.
>> >> 22-Aug 14:29 backup-dir: nikolaj.2007-08-22_14.29.17 Fatal error:
>> Socket
>> >> error on Storage command: ERR=No data available
>> >> 22-Aug 14:29 backup.test.com: nikolaj.2007-08-22_14.29.17 Fatal error:
>> >> Authorization problem: Remote server did not advertise required TLS
>> >> support.
>> >> 22-Aug 14:29 backup.test.com: nikolaj.2007-08-22_14.29.17 Fatal error:
>> >> Incorrect authorization key from File daemon at client rejected.
>> >> Please see
>> http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors
>> >> for
>> >> help.
>> >> 22-Aug 14:29 backup.test.com: nikolaj.2007-08-22_14.29.17 Fatal error:
>> >> Unable to authenticate File daemon
>> >> 22-Aug 14:29 backup-dir: nikolaj.2007-08-22_14.29.17 Error: Bacula
>> >> 1.38.11
>> >> (28Jun06): 22-Aug-2007 14:29:21
>> >
>> >>From bconsole, does status client work? Does status storage?
>
> These two questions are pretty important. I didn't notice an answer.
>
>> >
>> > http://www.freebsddiary.org/bacula-tls.php might help.
>
> If you compare the above configuration with yours, you might find
> something obvious.
>
>
> --
> Dan Langille - http://www.langille.org/
> Available for hire: http://www.freebsddiary.org/dan_langille.php
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>
>
--
View this message in context:
http://www.nabble.com/Bacula-fd--%3E-Bacula-sd-SSL-problem-tf4315882.html#a12307734
Sent from the Bacula - Users mailing list archive at Nabble.com.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
