We have a backup server with bareos installed. Recently I noticed that some of clients are refused to back up.
Looking into the logs I found a strange error reporting that certificate is expired: 26-Jul 15:07 oc-dir JobId 81120: Start Backup JobId 81120, Job=cms-server.2022-07-26_15.06.58_06 26-Jul 15:07 oc-dir JobId 81120: Using Device "FileStorage.1" to write. 26-Jul 15:07 oc-dir JobId 81120: Error: tls_openssl.c:354 Error with certificate at depth: 0, issuer = /CN=Puppet CA: bareos-server, subject = /CN= cms-server, ERR=10:certificate has expired 26-Jul 15:07 oc-dir JobId 81120: Error: crypto_openssl.c:1559 Connect failure: ERR=error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed 26-Jul 15:07 oc-dir JobId 81120: Fatal error: TLS negotiation failed. 26-Jul 15:07 oc-dir JobId 81120: Fatal error: Unable to authenticate with File daemon at "cms-server:9102". Possible causes: Passwords or names not the same or TLS negotiation failed or Maximum Concurrent Jobs exceeded on the FD or FD networking messed up (restart daemon). Please see http://doc.bareos.org/master/html/bareos-manual-main-reference.html#AuthorizationErrors for help. 26-Jul 15:07 oc-dir JobId 81120: Fatal error: bsock_tcp.c:591 Packet size too big from "Client: cms-server-fd:cms-server:9102. Terminating connection. 26-Jul 15:07 oc-dir JobId 81120: Fatal error: No Job status returned from FD. 26-Jul 15:07 oc-dir JobId 81120: Error: Bareos oc-dir 17.2.4 (21Sep17): Build OS: x86_64-redhat-linux-gnu redhat CentOS Linux release 7.4.1708 (Core (All hostnames above are changed) The problem that certificate actually is not expired. I have checked it on both the server and client sides: [root@cms-server ~]# openssl x509 -in /etc/bareos/pki/bareos.ca -noout -dates notBefore=Nov 2 12:19:15 2020 GMT notAfter=Oct 31 12:19:15 2030 GMT [root@ cms-server ~]# [root@cms-server ~]# [root@cms-server ~]# openssl x509 -in /etc/bareos/pki/bareos.crt -noout -dates notBefore=Jan 20 11:40:46 2021 GMT notAfter=Jan 20 11:40:46 2026 GMT [root@cms-server ~]# [root@cms-server ~]# And my configuration on the client: [root@cms-server bareos-fd.d]# cat client/cms-server-fd.conf FileDaemon { Name = cms-server-fd TLS Enable = yes TLS Require = yes TLS Verify Peer = no TLS CA Certificate File = /etc/bareos/pki/bareos.ca TLS Certificate = /etc/bareos/pki/bareos.crt TLS Key = /etc/bareos/pki/bareos.key Heartbeat Interval = 120 Maximum Concurrent Jobs = 20 } [root@cms-server bareos-fd.d]# cat director/cms-server-fd-dir.conf Director { Name = oc-dir Password = "xxxxxxxxxxxxxxxxx" TLS Enable = yes TLS Require = yes TLS Verify Peer = no TLS CA Certificate File = /etc/bareos/pki/bareos.ca TLS Certificate = /etc/bareos/pki/bareos.crt TLS Key = /etc/bareos/pki/bareos.key } Director { Name = cms-server-mon Password = "xxxxxxxxxxxxxxxxx" Monitor = yes } Can you suggest where to find the problem? -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/dc7fe096-e08c-4fea-9262-929529b7f031n%40googlegroups.com.
