On Thu, Sep 14, 2023, at 2:33 PM, Martin Simmons wrote: >>>>>> On Tue, 12 Sep 2023 08:41:42 -0400, Dan Langille said: >> >> > >> >> >> >> I ask because yesterday I started running some copy jobs. The cert used >> >> by bacula-sd was acceptable for receiving backups. It was not acceptable >> >> for copy jobs. >> >> >> >> 09-Sep 10:19 bacula-sd-04 JobId 358322: Error: openssl.c:68 Connect >> >> failure: ERR=error:1417C086:SSL >> >> routines:tls_process_client_certificate:certificate verify failed >> >> 09-Sep 10:19 bacula-sd-04 JobId 358322: Fatal error: bnet.c:75 TLS >> >> Negotiation failed. >> >> 09-Sep 10:19 bacula-sd-04 JobId 358322: Fatal error: TLS negotiation >> >> failed with FD at "10.55.0.7:27230" >> >> 09-Sep 10:19 bacula-sd-04 JobId 358322: Fatal error: Incorrect >> >> authorization key from File daemon at client rejected. >> >> For help, please see: >> >> http://www.bacula.org/rel-manual/en/problems/Bacula_Frequently_Asked_Que.html >> >> 09-Sep 10:19 bacula-sd-04 JobId 358322: Security Alert: Unable to >> >> authenticate File daemon >> > >> > I wonder if your SD connects to itself here, and fails to validate itself? >> > The log above does mention an FD at 10.55.0.7. Does that FD component have >> > a certificate? maybe there's mis-match with the CN of that certificate and >> > the FDAddress directive in the bacula-fd.conf file? >> >> There is no bacula-fd at 10.55.0.7 - it is not running and not configured. >> It is bacula-sd only at that IP address. >> >> Yes, bacula-sd-04 is at 10.55.0.7 - I don't know why FD is mentioned in the >> error. >> >> From the docs >> (https://bacula.org/13.0.x-manuals/en/main/Migration_Copy.html): >> >> The Copy and the Migration jobs run without using the File daemon by copying >> the data from the old backup Volume to a different Volume in a different Pool >> >> My reading of that: an FD should not be involved here. > > My guess is that Copy and Migration jobs work with the reading SD pretending > to be an FD to send data to the writing SD. > > __Martin
Tests this afternoon have confirmed that. I’m still figuring this out. I might resume testing in the next few days. -- Dan Langille d...@langille.org _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
