On Sun, 2011-07-24 at 09:29 -0700, scar wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Ben Walton @ 07/24/2011 05:22 AM: > > Excerpts from scar's message of Sun Jul 24 00:12:30 -0400 2011: > > > >> so i tried adding `TLS Allowed CN = "home1"` and still get the same > >> error. however, i tried using the `-d 99` switch for bconsole and > >> it reveals something helpful: > > > > You need to make sure that this parameter exactly matches what the > > certificate contains. Maybe you didn't enter a fqdn for the CN in the > > cert? If so, the value is ok. Otherwise, you should qualify it. > > > >> i tried running bconsole as root so it could read the private key. > >> is that necessary? if not then can i comment out the `TLS Key` > >> directive from bconsole.conf? either way it's still not working: > > > > Can you run this under strace? It would be useful to see what files > > bconsole is opening and stating. The director side of this could also > > be foiling you here too. Attache strace (or whatever is appropriate > > for your platform) to the running director when you try to attach > > bconsole would be good too. > > guys you really need to be more specific with me. do you want me to run > `strace bconsole` or what? > > frankly i don't see why bconsole, which was able to be run fine under > normal user privileges, now needs to be run as root to access the > private key. ---- bacula programs run as user/group bacula so user/group bacula must be able to read the key (and all ca/crt files too).
Seems to me that I have always had to run bconsole as root but perhaps that's just the way I installed it. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------------ Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
