Re: [Bacula-users] TLS Between Director and Client

On Wednesday, June 11, 2025 2:34:23 AM CEST Dan Langille wrote: > On Thu, Jun 5, 2025, at 8:14 PM, Josip Deanovic via Bacula-users wrote: > > On Thursday, June 5, 2025 6:01:46 PM CEST Richard Laysell wrote: > >> Does this configuration look correct? Bacula doesn't complain about > >> the configura

Re: [Bacula-users] TLS Between Director and Client

On Wednesday, June 11, 2025 2:29:49 AM CEST Dan Langille wrote: > On Thu, Jun 5, 2025, at 8:14 PM, Josip Deanovic via Bacula-users wrote: > > I have attached PDF document containing scheme that could help you > > better visualise and understand what needs to be done. > > Is that part of the offici

Re: [Bacula-users] TLS Between Director and Client

On Thu, Jun 5, 2025, at 8:14 PM, Josip Deanovic via Bacula-users wrote: > I have attached PDF document containing scheme that could help you > better visualise and understand what needs to be done. Is that part of the official docs? If not, I think it should be. -- Dan Langille d...@langill

Re: [Bacula-users] TLS Between Director and Client

On Thu, Jun 5, 2025, at 8:14 PM, Josip Deanovic via Bacula-users wrote: > On Thursday, June 5, 2025 6:01:46 PM CEST Richard Laysell wrote: >> Does this configuration look correct? Bacula doesn't complain about >> the configuration so I think it is OK. > > Most of it. > I am concerned about the op

Re: [Bacula-users] TLS Between Director and Client

On Saturday, June 7, 2025 7:55:47 PM CEST Richard Laysell wrote: > Thanks to everyone who replied to my emails. > > The problem was that I had not read the instructions correctly and > assumed I knew what needed to be done. > > Thanks particularly to Josip for his detailed explanation of the > re

Re: [Bacula-users] TLS Between Director and Client

Thanks to everyone who replied to my emails. The problem was that I had not read the instructions correctly and assumed I knew what needed to be done. Thanks particularly to Josip for his detailed explanation of the required configuration. I have now correctly configured the certificates and h

Re: [Bacula-users] TLS Between Director and Client

On Friday, June 6, 2025 5:27:05 PM CEST Richard Laysell wrote: > On Fri, 06 Jun 2025 02:14:57 +0200 > Josip Deanovic via Bacula-users > wrote: > > What is your goal? > > Do you want to encrypt only the authentication or would you like > > to encrypt the complete communication between Bacula compon

Re: [Bacula-users] TLS Between Director and Client

> On Thu, 5 Jun 2025 12:19:59 -0500, Rob Gerber said: > > I was under the impression that bacula 15 came with TLS encryption enabled > and set up by default. Correct, but using PSK (Pre-Shared Key. i.e. the password). You can also configure it to use certificates instead of the password. Ad

Re: [Bacula-users] TLS Between Director and Client

> On Thu, 5 Jun 2025 17:01:46 +0100, Richard Laysell said: > > Hello, > > I'm running Bacula 15.0.3 on Linux x64. > > I'm trying to get TLS working between director and client. I have > created my own CA and have created cerficates for the director and > client. However, the client certifi

Re: [Bacula-users] TLS Between Director and Client

On Fri, 06 Jun 2025 02:14:57 +0200 Josip Deanovic via Bacula-users wrote: Thanks for your reply, Josip > On Thursday, June 5, 2025 6:01:46 PM CEST Richard Laysell wrote: > > Hello, > > Hello Richard, > > > I'm running Bacula 15.0.3 on Linux x64. > > I have tested in on 9.x but it should w

Re: [Bacula-users] TLS Between Director and Client

On Thursday, June 5, 2025 6:01:46 PM CEST Richard Laysell wrote: > Hello, Hello Richard, > I'm running Bacula 15.0.3 on Linux x64. I have tested in on 9.x but it should work on 15.x as well. > I'm trying to get TLS working between director and client. I have > created my own CA and have create

Re: [Bacula-users] TLS Between Director and Client

I was under the impression that bacula 15 came with TLS encryption enabled and set up by default. Can't help much with configuration. Does this link help? It mentions unsupported purpose errors. https://dan.langille.org/2021/06/17/openvpn-unsupported-certificate-purpose/ Robert Gerber 402-237-8

Re: [Bacula-users] TLS using certs with X509v3 extensions

If anyone is using X509v3 extensions with copy jobs, I'm keenly interested in the certs you are using. See below. On Thu, Sep 14, 2023, at 2:39 PM, Dan Langille wrote: > On Thu, Sep 14, 2023, at 2:33 PM, Martin Simmons wrote: >>> On Tue, 12 Sep 2023 08:41:42 -0400, Dan Langille said: >>> >>>

Re: [Bacula-users] TLS using certs with X509v3 extensions

On Thu, Sep 14, 2023, at 2:33 PM, Martin Simmons wrote: >> On Tue, 12 Sep 2023 08:41:42 -0400, Dan Langille said: >> >> > >> >> >> >> I ask because yesterday I started running some copy jobs. The cert used >> >> by bacula-sd was acceptable for receiving backups. It was not acceptable >> >

Re: [Bacula-users] TLS using certs with X509v3 extensions

> On Tue, 12 Sep 2023 08:41:42 -0400, Dan Langille said: > > > > >> > >> I ask because yesterday I started running some copy jobs. The cert used by > >> bacula-sd was acceptable for receiving backups. It was not acceptable for > >> copy jobs. > >> > >> 09-Sep 10:19 bacula-sd-04 JobId 358

Re: [Bacula-users] TLS using certs with X509v3 extensions

On Tue, Sep 12, 2023, at 6:23 AM, Vanush "Misha" Paturyan wrote: > On Mon, 11 Sept 2023 at 20:19, Dan Langille wrote: >> >> Yes, I think it's SSL erroring out, I agree with your theory. >> >> Which means: what Key Usage needs to be included for each of: >> >> * bacula-fd >> * bacula-sd >> * bac

Re: [Bacula-users] TLS using certs with X509v3 extensions

On Mon, 11 Sept 2023 at 20:19, Dan Langille wrote: > > Yes, I think it's SSL erroring out, I agree with your theory. > > Which means: what Key Usage needs to be included for each of: > > * bacula-fd > * bacula-sd > * bacula-dir > > Thank you for sharing your details. Is this cert used with bacul

Re: [Bacula-users] TLS using certs with X509v3 extensions

> On Sep 11, 2023, at 12:14 PM, Vanush Misha Paturyan wrote: > > Hello Dan, > > On Sat, 9 Sept 2023 at 12:39, Dan Langille > wrote: >> Hello, >> >> Is anyone using self-signed certificates using X509v3 extensions? >> >> To be clear: I am not trying to make use of X50

Re: [Bacula-users] TLS using certs with X509v3 extensions

Hello Dan, On Sat, 9 Sept 2023 at 12:39, Dan Langille wrote: > Hello, > > Is anyone using self-signed certificates using X509v3 extensions? > > To be clear: I am not trying to make use of X509v3 extensions for any > particular purpose - A recent upgrade to the tool I am using recently > started

Re: [Bacula-users] "TLS Allowed CN" not working

Hello Alexey, To have the "TLS Allowed CN" working, you must have the "TSL Verify Peer = yes": "In the case this directive is configured on a server side, the allowed CN list will not be checked if *TLS Verify Peer* is set to *no* (*TLS Verify Peer* is *yes* by default)." The Address directive c

Re: [Bacula-users] TLS Problem after create new certificates with error ...OpenSSL 1.1, enforce basicConstraints = CA:true in the certificate...

Am 23.01.23 um 13:31 schrieb Pierre Bernhardt: My self signed root ca and my certs has to been outdated. So I created a new ca key, self segned ca cert and new certs for bacula director and all clients. ... I only replaced the tls certs and installed a new ca cert. I double checked the inst

Re: [Bacula-users] TLS issues

Hello, sob., 1 sie 2020 o 03:07 Shawn Rappaport napisał(a): > Connecting to Director xbacdirector01-lv.internal.shutterfly.com:9101 > bconsole: tls.c:87-0 Error with certificate at depth: 0, issuer = > /C=US/ST=Arizona/L=Tempe/O=Shutterfly/OU=ops-syseng/CN= > xbacdirector01-lv.internal.shutterfl

Re: [Bacula-users] TLS issues

g the data encryption after I got TLS working, which I think I have done. :-) Thanks again! --Shawn From: Dan Langille Sent: Monday, August 3, 2020 9:40 AM To: Shawn Rappaport ; Dimitri Maziuk via Bacula-users Subject: Re: [Bacula-users] TLS issues On Mon, A

Re: [Bacula-users] TLS issues

On Mon, Aug 3, 2020, at 12:30 PM, Shawn Rappaport wrote: > > Any idea why it would not be encrypted even though I am requiring TLS? TLS is just transit. Transport Layer Security. https://www.bacula.org/9.6.x-manuals/en/main/Bacula_TLS_Communications_E.html You want Data Encryption: https://ww

Re: [Bacula-users] TLS issues

__________________ From: Dan Langille Sent: Saturday, August 1, 2020 5:47 AM To: Dimitri Maziuk via Bacula-users Subject: Re: [Bacula-users] TLS issues On Fri, Jul 31, 2020, at 6:15 PM, Shawn Rappaport wrote: I'm running Bacula 9.06 (compiled from source with the --with-openssl

Re: [Bacula-users] TLS issues

On Fri, Jul 31, 2020, at 6:15 PM, Shawn Rappaport wrote: > I'm running Bacula 9.06 (compiled from source with the --with-openssl option) > on CentOS 7.5 and running into issues configuring TLS in our test > environment. I am following the instructions from these two pages: > https://www.labeighty

Re: [Bacula-users] TLS Config Problem (FD did not advertise required TLS support.)

Hi Francisco, Sorry for my delay. Yes, sure you can! You should configure TLS Enable = yes and TLS Require = yes for the clients in the VPN network. All the others that will surely not use TLS, you can set TLS Enable = No. Best regards, Ana On Mon, May 30, 2016 at 10:58 AM, Francisco Javier Fun

Re: [Bacula-users] TLS Config Problem (FD did not advertise required TLS support.)

Hi Ana, My question is: Can I have a mixed set of clients with TLS enabled and others with no TLS ? The clients into my LAN doesn't need the TLS support but all in the VPN network must use TLS. J. 2016-05-30 10:25 GMT+02:00 Ana Emília M. Arruda : > Hi Javier, > > Yes, sure. If you c

Re: [Bacula-users] TLS Config Problem (FD did not advertise required TLS support.)

Hi Javier, Yes, sure. If you configure TLS Require = No, if any of the daemons host do not speak TLS, they will communicate with no encryption (ssl=0). Regards, Ana On Sun, May 29, 2016 at 12:27 PM, Francisco Javier Funes Nieto < esen...@gmail.com> wrote: > Hi Ana, > > The problem now it's solv

Re: [Bacula-users] TLS Config Problem (FD did not advertise required TLS support.)

Hi Ana, The problem now it's solved. There was an incomplete configuration of the Storage Daemon and Director TLS subset. I have a cuestion around this, Can I have a mixed enviroment with TLS and Non-TLS clients in the same Bacula server? J. 2016-05-27 22:35 GMT+02:00 Ana Emília M. Arruda : >

Re: [Bacula-users] TLS Config Problem (FD did not advertise required TLS support.)

Hello Javier, Did you solve this? ssl=0 means that no TLS connection is being used. Since TLS Require = no for both director and storage daemon, it seems that they are unable to establish one and then are communicating with no encryption. You can always run tests to verify your certificates: op

Re: [Bacula-users] TLS required but not configured in Bacula.

> yum-builddep bacula? >>> >>> >>> >>> >>> >>> Michael Munger, dCAP, MCPS, MCNPS, MBSS >>> High Powered Help, Inc. >>> Microsoft Certified Professional >>> Microsoft Certified Small Business Specialist >>> Digium

Re: [Bacula-users] TLS required but not configured in Bacula.

> again run ./configure --with-mysql --with-openssl but the summary leaves me > again: >TCP Wrappers support: no >TLS support: no On a Centos 6.7 system of mine, I believe I have to install the tcp_wrappers-devel package, plus add the option " --with-tcp-wrappers" to get that feature t

Re: [Bacula-users] TLS required but not configured in Bacula.

dCAP, MCPS, MCNPS, MBSS >> High Powered Help, Inc. >> Microsoft Certified Professional >> Microsoft Certified Small Business Specialist >> Digium Certified Asterisk Professional >> mich...@highpoweredhelp.com >> >> >> >> *From:* Hector Javier

Re: [Bacula-users] TLS required but not configured in Bacula.

.com > > > > *From:* Hector Javier Agudelo Corredor [mailto:hej...@gmail.com] > *Sent:* Wednesday, February 3, 2016 9:56 AM > *To:* Ana Emília M. Arruda > *Cc:* Bacula-users@lists.sourceforge.net; Foro Bacula < > bacula-users...@lists.sourceforge.net> > *Subje

Re: [Bacula-users] TLS required but not configured in Bacula.

ich...@highpoweredhelp.com> From: Hector Javier Agudelo Corredor [mailto:hej...@gmail.com] Sent: Wednesday, February 3, 2016 9:56 AM To: Ana Emília M. Arruda Cc: Bacula-users@lists.sourceforge.net; Foro Bacula Subject: Re: [Bacula-users] TLS required but not configured in Bacula. hi Ana I did the ste

Re: [Bacula-users] TLS required but not configured in Bacula.

Should be something like the following ... checking for libwrap... yes checking for OpenSSL... yes checking for EVP_PKEY_encrypt_old in -lcrypto... yes checking for library containing dlopen... (cached) -ldl checking for PostgreSQL support... yes checking for crypt... no checking for crypt in -lcry

Re: [Bacula-users] TLS required but not configured in Bacula.

hi Ana I did the steps you provided me however in the summary does not show me the active support TLS. is nomal? Configuration on Sat Jan 30 14:47:32 COT 2016: Host: x86_64-unknown-linux-gnu -- redhat Bacula version: Bacula 7.2.0 (14 August 2015) Source cod

Re: [Bacula-users] TLS required but not configured in Bacula.

Hello Hector, You can run ./configure --with-openssl (and all your previously options) for enabling SSL support (then make and make install). This will not modify or delete your conf files and catalog database. Best regards, Ana On Tue, Feb 2, 2016 at 10:19 PM, Hector Javier Agudelo Corredor < h

Re: [Bacula-users] TLS connection verification

On 2013-02-05 03:57, Nasos Nikologiannis wrote: > I have successfully implemented TLS communication between > director-storage-clients. > Is there a way to verify that indeed all the traffic is encrypted? I'd guess a monitoring tool such as tcpcump > I tried "openssl s_client -connect director:po

Re: [Bacula-users] TLS Verify Peer - for client or for server?

On Jan 3, 2013, at 3:56 PM, Dan Langille wrote: > Comments? Ideas? Hmm. When I wrote the documentation (or, at least, the article that was turned into the documentation), I may have been thinking that client->server communications would -always- verify the peer's certificate, and that 'TLS

Re: [Bacula-users] TLS FD Errors

Hi, 2011/6/7 Craig Van Tassle > I'm trying to get TLS working between my Bacula Director and the FD. > I have it working locally between the Director and the SD, but when I > try to connect to a remote FD it wont authenticate. In my FD logs I get > openssl.c:85-0 jcr=0 Connect failure: ERR=error

Re: [Bacula-users] TLS and PKI, How to limit de encryption overhead ?

On Wed, Nov 17, 2010 at 11:52:20AM +0100, Hugo Letemplier wrote: > Hi > I am Implementing Bacula and I have to cypher the backed up data. > Also I don't want that the console and client authentication to be > done clearly over the network. > I want to implement TLS but data are already cyphered via

Re: [Bacula-users] TLS and PKI, How to limit de encryption overhead ?

On Nov 18, 2010, at 12:19 AM, Thomas Mueller wrote: > On 18.11.2010 02:01, Dan Langille wrote: > >>> >>> IMHO TLS is only used for the "control-channel" not for the "data- >>> channel". >> >> Really? I hope not. Can you prove this? >> > > ok maybe you're right. i've had in mind that it was n

Re: [Bacula-users] TLS and PKI, How to limit de encryption overhead ?

I already use Data encryption because I want the content of my Tape to be encrypted. The aspect that's boring me in communication is that authentication / commands / console access is sent clearly over the network. I am not sure of what security level the File Daemon encryption only can provide. I

Re: [Bacula-users] TLS and PKI, How to limit de encryption overhead ?

2010/11/18 Thomas Mueller > On 18.11.2010 02:01, Dan Langille wrote: > > >> > >> IMHO TLS is only used for the "control-channel" not for the "data- > >> channel". > > > > Really? I hope not. Can you prove this? > > > > ok maybe you're right. i've had in mind that it was not encrypted, but > writt

Re: [Bacula-users] TLS and PKI, How to limit de encryption overhead ?

On 18.11.2010 02:01, Dan Langille wrote: >> >> IMHO TLS is only used for the "control-channel" not for the "data- >> channel". > > Really? I hope not. Can you prove this? > ok maybe you're right. i've had in mind that it was not encrypted, but written is that the volumes written by sd are not en

Re: [Bacula-users] TLS and PKI, How to limit de encryption overhead ?

On 11/17/2010 11:12 AM, Thomas Mueller wrote: > Am Wed, 17 Nov 2010 11:52:20 +0100 schrieb Hugo Letemplier: > >> Hi >> I am Implementing Bacula and I have to cypher the backed up data. Also I >> don't want that the console and client authentication to be done clearly >> over the network. >> I want

Re: [Bacula-users] TLS and PKI, How to limit de encryption overhead ?

Am Wed, 17 Nov 2010 11:52:20 +0100 schrieb Hugo Letemplier: > Hi > I am Implementing Bacula and I have to cypher the backed up data. Also I > don't want that the console and client authentication to be done clearly > over the network. > I want to implement TLS but data are already cyphered via PKI

Re: [Bacula-users] TLS problem

Hi there, Finally I could fix the issue. :) The problem was with the FQDN... My Bacula-components used IP address instead of FQDN... It worked until I did not useTLS, but needed FQDN to make TLS working. ;) cheers, Zsolt On Wed, Mar 24, 2010 at 6:55 PM, Zsolt Kozak wrote: > Hi there, > > I goo

Re: [Bacula-users] TLS problem

Zsolt Kozak wrote: > I've tried that scenario before and now, but it's not working. It should not > be working because it's a server-client communication I guess, the bconsole > client is communicating with the director server... Am I right? I believe that each side needs to present a cert with th

Re: [Bacula-users] TLS problem

Hi, I've tried that scenario before and now, but it's not working. It should not be working because it's a server-client communication I guess, the bconsole client is communicating with the director server... Am I right? I noticed the same configuration in the article but here is another article

Re: [Bacula-users] TLS problem

Zsolt Kozak wrote: > Hi Hugh, > > Thanks for the fast reply. I forgot to post my config. Here they are: My *guess* would be that the "TLS Certificate" and "TLS Key" directives in both need to point to the same certificate, because they're on the same host. That's how I've got it set up on my mach

Re: [Bacula-users] TLS problem

Hi Hugh, Thanks for the fast reply. I forgot to post my config. Here they are: bacula-dir.conf: Director {# define myself Name = bacula-dir DIRport = 9101# where we listen for UA connections QueryFile = "/etc/bacula/scripts/query.sql" W

Re: [Bacula-users] TLS problem

Zsolt Kozak wrote: > Do you have any idea what's wrong? It's interesting that the TLS-connection > is OK on the server side, only the bconsole has problems with it Are you able to post the relevant parts of bacula-dir.conf and bconsole.conf? Seeing which certs are specified where might help.

Re: [Bacula-users] TLS negotiation handshake errors (Solved)

Hello list, On ven., avr 10, 2009, baculal...@encambio.com wrote: On mer., avr 8, 2009, baculal...@encambio.com wrote: > Director hostname back1.host.com: Solaris x86 11 (nv-b91) > File daemon hostname back1.host.com: Solaris x86 11 (nv-b91) > > Errors seen on the direc

Re: [Bacula-users] TLS negotiation failed with FD

Siyoucef Arslan wrote: > hi > > I have this problem when I want to connect a external client. but I can > connect with and without TLS probelem with the local client. > > error: >   Fatal Error: TLS negotiation failed with FD at "xxx.xxx.xxx.xxx: 9102". > > 03-Aug 16:17 WN-ASI-01-dir JobID 0: Fata

Re: [Bacula-users] TLS bacula resolved

thank you very much I followed what you tell me. the error was in the CN as you said. Now it works, I have to make test. arslan --- En date de : Jeu 30.7.09, Jet Wilda a écrit : De: Jet Wilda Objet: Re: [Bacula-users] TLS bacula probleme À: "John Drescher" Cc: "

Re: [Bacula-users] TLS bacula probleme

Yes.  The CN of the certificate needs to match what you put as the Address for the client configuration. i.e. Client {   Name = server-fd   Address = server.domain   FDPort = 9102   Catalog = Catalog   Password = Password   AutoPrune = yes   TLS Enable = yes   TLS Require = yes   TLS CA Certif

Re: [Bacula-users] TLS bacula probleme

On Thu, Jul 30, 2009 at 11:03 AM, Siyoucef Arslan wrote: > hello > I add a new external client, but I always have the same problem; > is that a person who has already successfully e TLS connect? > arslan > > The following appears to be the problem: 29-jui 15:36 bconsole JobId 0: Erreur fatale : bn

Re: [Bacula-users] TLS bacula probleme

Hi,     I have TLS communication working and I used this http://www.devco.net/pubwiki/Bacula/TLS/ to get it working.  It has been awhile so I don't exactly remember the pitfalls I ran into. ~Jet Siyoucef Arslan wrote: hello I add a new external client, but I always ha

Re: [Bacula-users] TLS bacula probleme

hello I add a new external client, but I always have the same problem; is that a person who has already successfully e TLS connect?arslan -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-

Re: [Bacula-users] TLS bacula probleme

2009/7/30 Siyoucef Arslan : > hello > I want to use the TLS bacula > any service (dir, fd, sf) start normally. > bconsole but when I run, I have this error . > > look in my conf file attachment. > > > Connexion au Director 127.0.0.1:9101 > 29-jui 15:36 bconsole JobId 0: Erreur fatale : bnet.c:307 T

Re: [Bacula-users] TLS negotiation handshake errors

Hello Ryan, On jeu., avr 09, 2009, Ryan NOVOSIELSKI wrote: >baculal...@encambio.com wrote: >> On mer., avr 08, 2009, Dan LANGILLE wrote: >>> baculal...@encambio.com wrote: Director hostname back1.host.com: Solaris x86 11 (nv-b91) File daemon hostname back1.host.com: Solaris x86 11

Re: [Bacula-users] TLS negotiation handshake errors

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 baculal...@encambio.com wrote: > Hello Dan and Ryan, > > On mer., avr 08, 2009, Dan LANGILLE wrote: >> baculal...@encambio.com wrote: >>> Bacula 2.4.4 and OpenSSL 0.9.8k on Solaris x86 11 (nv-b91), >>> everything is hand compiled but nothing special.

Re: [Bacula-users] TLS negotiation handshake errors

Hello Dan and Ryan, On mer., avr 08, 2009, Dan LANGILLE wrote: >baculal...@encambio.com wrote: >> Bacula 2.4.4 and OpenSSL 0.9.8k on Solaris x86 11 (nv-b91), >> everything is hand compiled but nothing special. >> >> Director hostname back1.host.com: Solaris x86 11 (nv-b91) >> File daemon ho

Re: [Bacula-users] TLS negotiation handshake errors

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dan Langille wrote: > baculal...@encambio.com wrote: >> Hello List, > >> Bacula 2.4.4 and OpenSSL 0.9.8k on Solaris x86 11 (nv-b91), >> everything is hand compiled but nothing special. > >> Director hostname back1.host.com: Solaris x86 11 (nv-b91)

Re: [Bacula-users] TLS negotiation handshake errors

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 baculal...@encambio.com wrote: > Hello List, > > Bacula 2.4.4 and OpenSSL 0.9.8k on Solaris x86 11 (nv-b91), > everything is hand compiled but nothing special. > > Director hostname back1.host.com: Solaris x86 11 (nv-b91) > File daemon hostname b

Re: [Bacula-users] TLS setup

Exim List wrote: > Arno Lehmann wrote: >> Hi, >> >> 19.11.2008 18:25, Exim List wrote: >>> Hello. >>> >>> I wrote a few weeks ago trying to get help on getting Bacula working on >>> Windows using TLS encryption. Are you using that? >> I use that (in a demonstration environment). >> >> The only do

Re: [Bacula-users] TLS setup

Hi, 19.11.2008 22:24, Exim List wrote: > Arno Lehmann wrote: >> Hi, >> >> 19.11.2008 18:25, Exim List wrote: >>> Hello. >>> >>> I wrote a few weeks ago trying to get help on getting Bacula working >>> on Windows using TLS encryption. Are you using that? >> >> I use that (in a demonstration envir

Re: [Bacula-users] TLS setup

Arno Lehmann wrote: > Hi, > > 19.11.2008 18:25, Exim List wrote: >> Hello. >> >> I wrote a few weeks ago trying to get help on getting Bacula working on >> Windows using TLS encryption. Are you using that? > > I use that (in a demonstration environment). > > The only documentation I needed was

Re: [Bacula-users] TLS expired certificates

Dan Langille wrote: > For the archives, this is the type of email you will see from Bacula > when your TLS certificate expires: > > > From: [EMAIL PROTECTED] (Bacula) > Subject: Bacula: *none* *none* of *none* *none* > Sender: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Date: Fri, 31 Oct 2008 10

Re: [Bacula-users] TLS connections

alex wrote: > Hi, > > I was just wondering, I have some fd clients on my local net and some fd > clients that need to be accessed over the evil interweb. > > Is it possible that the connections to the internet server are TLS secured > and the > local clients connections not? > Sure. Your dir

Re: [Bacula-users] tls and pki on windows

Hello Dave, Please always copy the list -- thanks. On Sunday 27 May 2007 23:44, Dave wrote: > Hi Kern, > How much feedback have you got with both tls and pki on windows systems? Yes, some. To the best of my knowledge the comm encryption (tls) is working fine. However, there is an open bu

Re: [Bacula-users] TLS Require = yes, ignored

Arno Lehmann schrieb: > I'm also not a guru - and even cmpletely inexperienced regarding Bacula > &TLS - but that would be a bug... It must be possible to tell the DIR to > only accept console connections initiated by a client which can identify > itself through TLS. Otherwise, the whole consol

Re: [Bacula-users] TLS Require = yes, ignored

Hi, On 5/10/2007 4:06 PM, massano jerome wrote: > Hello. > > I'm really not a guru (I actually am a newbie) but I think you must set > TLS Enable = yes in you bconsole.conf (the documentation says TLS > Require is ignored if TLS Enable is set to "no") I'm also not a guru - and even cmpletely ine

Re: [Bacula-users] TLS Require = yes, ignored

Hello. I'm really not a guru (I actually am a newbie) but I think you must set TLS Enable = yes in you bconsole.conf (the documentation says TLS Require is ignored if TLS Enable is set to "no") Le jeudi 10 mai 2007 à 15:46 +0200, alejandro lencina a écrit : > Hi, > > I'm a Spanish computer scien

Re: [Bacula-users] TLS

On 9 Jan 2007 at 3:42, orlakwahr wrote: > Hello, > > I have configured bacula according to > http://www.bacula.org/dev-manual/Bacula_TLS_Communication.html > backups are fine, but restores are failing with: > > RestoreFiles.2007-01-09_03.09.10 Fatal error: Authorization problem: Remote > server

Re: [Bacula-users] TLS support for tray-monitor

On Friday 06 October 2006 12:43, Silver Salonen wrote: > I just tried configuring tray-monitor to connect with bacula-dir and bacula-sd > over TLS, but bacula-tray-monitor says me "TLS Enable" is not supported in > these resources. > > I found Landon Fuller's mail "Re: TLS Support" (2005-04-22

Re: [Bacula-users] TLS attempts crashes FD

Howdy -- Sorry for missing the TLS e-mails, I've been out in the Yosemite back country. Can you get a backtrace with symbols out of this crash? -landonf On Sep 5, 2006, at 5:21 PM, Dan Langille wrote: I'm trying to setup TLS with one client. I have two other clients working with TLS. At

Re: [Bacula-users] TLS attempts crashes FD

On 6 Sep 2006 at 9:55, Kern Sibbald wrote: > On Wednesday 06 September 2006 02:21, Dan Langille wrote: > > I'm trying to setup TLS with one client. I have two other clients > > working with TLS. At this point, I'm just doing a 'status client' > > and bacula-fd dies. > > > > Two questions: > >

Re: [Bacula-users] TLS attempts crashes FD

On 6 Sep 2006 at 9:55, Kern Sibbald wrote: > On Wednesday 06 September 2006 02:21, Dan Langille wrote: > > I'm trying to setup TLS with one client. I have two other clients > > working with TLS. At this point, I'm just doing a 'status client' > > and bacula-fd dies. > > > > Two questions: > >

Re: [Bacula-users] TLS attempts crashes FD

On Wednesday 06 September 2006 02:21, Dan Langille wrote: > I'm trying to setup TLS with one client. I have two other clients > working with TLS. At this point, I'm just doing a 'status client' > and bacula-fd dies. > > Two questions: > > 1 - Do we agree that bacula-fd shouldn't die? No, it

Re: [Bacula-users] TLS attempts crashes FD

On Tue, Sep 05, 2006 at 08:21:25PM -0400, Dan Langille wrote: > lists-fd: bsys.c:517 Could not open state file. sfd=-1 size=188: > ERR=No such file or directory Are you sure that the TLS errors aren't a red herring? -- Frank Sweetser fs at wpi.edu | For every problem, there is a solution that

Re: [Bacula-users] tls for some clients, but not for others

On 22 Jul 2006 at 4:36, Dave wrote: > I've implemented tls connections with a bacula 1.38.11 server and Unix > clients, all worked well. My problem is i've discovered winbacula v1.38.10 > does not support tls, so i've pretty much just locked out four machines. The > issue i believe is betwe

Re: [Bacula-users] tls for windows machines

On 21 Jul 2006 at 7:53, Dave wrote: > Hello, > This may be slightly O.t. if so please respond privately. I've just got > tls going with my unix clients. I'd like now to extend this to two windows > xp machines, but they don't have anything for generating keys. If anyone has > xp boxes doing

Re: [Bacula-users] TLS not working with any certificate

On Mar 9, 2006, at 3:52 AM, Andreas Aronsson wrote: I really think I got it working now! When I am comparing with the instructions given here: http://www.bacula.org/rel-manual/Bacula_TLS.html The difference in my conf is: bacula-fd.conf; add # "Global" File daemon configuration specificati

Re: [Bacula-users] TLS not working with any certificate

I have lost the message where you said you got things working. You could add documentation errors here: http://paramount.ind.wpi.edu/wiki/doku.php cheers -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php --

Re: [Bacula-users] TLS not working with any certificate

I really think I got it working now! When I am comparing with the instructions given here: http://www.bacula.org/rel-manual/Bacula_TLS.html The difference in my conf is: bacula-fd.conf; add # "Global" File daemon configuration specifications

Re: [Bacula-users] TLS not working with any certificate

Remind me again, what you're doing and the symptoms? I'm not convinced it's the Director. I am connecting through bconsole, issuing the command 'run' and selecting the only job I've scheduled. One line in the resulting message is as follows: 09-Mar 09:02 x-dir: x.2006-03-09_09.0

Re: [Bacula-users] TLS not working with any certificate

On 8 Mar 2006 at 19:33, Andreas Aronsson wrote: > > > Dan Langille wrote: > > and bacula-fd.conf: > > # List Directors who are permitted to contact this File > daemon > > # > >   ; > Director { > Name = x-dir > . > > TLS Require = yes >

Re: [Bacula-users] TLS not working with any certificate

Dan Langille wrote: and bacula-fd.conf: # List Directors who are permitted to contact this File daemon #   ; Director { Name = x-dir . TLS Require = yes TLS Verify Peer = no shouldn't this be yes? It is for me. Changed to yes, same result...

Re: [Bacula-users] TLS not working with any certificate

On Mar 8, 2006, at 06:30, Andreas Aronsson wrote:# I have also tried with selfsigned certs, one for each daemon according to these instructions: # http://landonf.bikemonkey.org/code/bacula/Configuring_Bacula_Encryption.20060305184424.26351.sandbox.html Just to clarify, these instructions are for en

Re: [Bacula-users] TLS not working with any certificate

On 8 Mar 2006 at 16:25, Andreas Aronsson wrote: > Alright, continuing with the "cacert-track". > > I changed the master cert to > > /etc/ssl/certs/cacert.org.pem > > and got: > > 08-Mar 15:55 bconsole: Fatal error: bnet.c:502 TLS host certificate > verification failed. Host x did not matc

Re: [Bacula-users] TLS not working with any certificate

Alright, continuing with the "cacert-track". I changed the master cert to /etc/ssl/certs/cacert.org.pem and got: 08-Mar 15:55 bconsole:  Fatal error: bnet.c:502 TLS host certificate verification failed. Host x did not match presented certificate TLS negotiation failed Director authoriz

Re: [Bacula-users] TLS not working with any certificate

On 8 Mar 2006 at 15:30, Andreas Aronsson wrote: > Hello! > > I'm new to this list, but I got a lot of time invested in this. Any > pointers much appreciated... > I'm trying to get bacula to work using TLS. > Running Gentoo Linux. > I have started out trying to backup the same host as the one the

Re: [Bacula-users] TLS : can't get started

On 22 Jan 2006 at 10:43, Frank Sweetser wrote: > On Sun, Jan 22, 2006 at 10:08:25AM -0500, Dan Langille wrote: > > 22-Jan 10:03 bacula-dir: ERROR in tls.c:83 Error loading private key: > > ERR=error:0906A068:PEM routines:PEM_do_header:bad password read > > Looks like you left the private key enc

Re: [Bacula-users] TLS : can't get started

On 22 Jan 2006 at 18:48, Dan Langille wrote: > On 22 Jan 2006 at 10:43, Frank Sweetser wrote: > > > On Sun, Jan 22, 2006 at 10:08:25AM -0500, Dan Langille wrote: > > > 22-Jan 10:03 bacula-dir: ERROR in tls.c:83 Error loading private key: > > > ERR=error:0906A068:PEM routines:PEM_do_header:bad pa

Re: [Bacula-users] TLS : can't get started

On 22 Jan 2006 at 10:43, Frank Sweetser wrote: > On Sun, Jan 22, 2006 at 10:08:25AM -0500, Dan Langille wrote: > > 22-Jan 10:03 bacula-dir: ERROR in tls.c:83 Error loading private key: > > ERR=error:0906A068:PEM routines:PEM_do_header:bad password read > > Looks like you left the private key enc

Re: [Bacula-users] TLS : can't get started

On Sun, Jan 22, 2006 at 10:08:25AM -0500, Dan Langille wrote: > 22-Jan 10:03 bacula-dir: ERROR in tls.c:83 Error loading private key: > ERR=error:0906A068:PEM routines:PEM_do_header:bad password read Looks like you left the private key encrypted with a password. You need to remove the password f

  1   2   >