Hi,
I had "TLS Verify" Peer disabled in bacula-dir.conf so why to define
allowed CN's?
Nevertheless, I added TLS Allowed CN, switched to TLS Verify = yes and
also added the TLS Certificate / TLS Key in bconsole.conf (don't think
that they are mandatory either).
However, the behavior is exactly the same.
As I said in my first email, the problem exists even without TLS configuration
Kindly,
Kostis
On 22 December 2015 at 15:20, Heitor Faria <hei...@bacula.com.br> wrote:
>> Hello Heitor,
>> root@bacula-dir:/etc/bacula# bacula-dir -t
>> root@bacula-dir:/etc/bacula# echo $?
>> 0
>>
>> There seems to be no syntax error in configuration because after
>> restart everything is ok again. After reloading, I get the following
>> messages:
>>
>> 22-Dec 13:02 bacula-dir.grnet.gr-dir JobId 0: Fatal error: Failed to
>> initialize TLS context for Director "bacula-dir.grnet.gr-dir" in
>> /etc/bacula/bacula-dir.conf.
>> 22-Dec 13:02 bacula-dir.grnet.gr-dir JobId 0: Error: Please correct
>> configuration file: /etc/bacula/bacula-dir.conf
>> 22-Dec 13:02 bacula-dir.grnet.gr-dir JobId 0: Error: Resetting
>> previous configuration.
>
> Hello Kostis: Reloading is not working.
>
>> 22-Dec 13:02 bacula-dir.grnet.gr-dir: ERROR in bsys.c:562 Could not
>> create state file. <NULL>/bacula-dir.0.state ERR=No such file or
>> directory
>>
>> The TLS context seems ok and it is working after restarting the daemon
>> (check the relevant snippets in my first email).
>>
>> In bacula-dir.conf:
>> Director {
>> .
>> .
>> # bconsole --> director channel
>> TLS Enable = yes
>> TLS Require = yes
>> TLS CA Certificate File = "/path/to/ca.pem"
>> TLS Certificate = "/path/to/cert.pem"
>> TLS Key = "/path/to/key.pem"
>> TLS Verify Peer = no
>> }
>
> If you are using self-signed certificates you need this (this value must
> match the CN one when creating the certificates):
>
> TLS Allowed CN = "192.168.0.50" # Or name
>
>>
>> In bconsole.conf:
>> Director {
>> .
>> .
>> .
>> # bconsole --> director channel
>> TLS Enable = yes
>> TLS Require = yes
>> TLS CA Certificate File = "/path/to/ca.pem"
>
> I think there are other necessary directives (in this example I use the
> keypair within the same file):
>
> TLS Certificate = /etc/bacula/scripts/bacula.pem
> TLS key = /etc/bacula/scripts/bacula.pem
>
> This tutorial here is in portuguese but there are some conf. examples. The
> most important are the ones in red (encryption of data from client to
> storage):
> http://www.bacula.com.br/criptografia-das-comunicacoes-do-bacula-tls/
>
>>> Regards,
>>> ===========================================================================
>>> Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified
>>> Administrator II
>>> Do you need Bacula training? http://bacula.us/video-classes/
>>> +55 61 8268-4220
>>> Site: http://bacula.us FB: heitor.faria
>> > ===========================================================================
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
