ok
# ldd bacula-dir
linux-vdso.so.1 => (0x00007fff79dff000)
libpython2.5.so.1.0 => /usr/lib/libpython2.5.so.1.0
(0x00007f1a7174f000)
libutil.so.1 => /lib/libutil.so.1 (0x00007f1a7154c000)
librt.so.1 => /lib/librt.so.1 (0x00007f1a71343000)
libsqlite3.so.0 => /usr/lib/libsqlite3.so.0 (0x00007f1a710cd000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007f1a70eb1000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f1a70cad000)
libwrap.so.0 => /lib/libwrap.so.0 (0x00007f1a70aa4000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f1a70798000)
libm.so.6 => /lib/libm.so.6 (0x00007f1a70515000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00007f1a702fe000)
libc.so.6 => /lib/libc.so.6 (0x00007f1a6ffab000)
/lib64/ld-linux-x86-64.so.2 (0x00007f1a71ac4000)
libnsl.so.1 => /lib/libnsl.so.1 (0x00007f1a6fd93000)
I don't have libssl.so ><
Sébastien
Arno Lehmann a écrit :
> Hi,
>
> 22.04.2009 15:26, Sébastien Weber wrote:
>
>> Thx for your Quick-reply.
>> But I have a certificat on www.cacert.org ( the certificat its ok, on
>> the old server certificate worked. )
>> When I use, i have a error message : "Fatal error: TLS required but not
>> configured in Bacula."
>> Bacula requires another package/daemon/... (or just configuration?) to
>> use TLS certificate?
>> openssl is requires just for used TLS certificate by bacula ?
>>
>
> You probably run a version of Bacula without openssl support (iirc,
> due to license incomaptibilities, some distros don't include ssl
> support in Bacula).
>
> You can verify this by running 'ldd /path/to/bacula-dir'. If you see a
> reference to libssl, it's a configuration issue. If you don't see that
> reference, you'll have to use another repository to install, or
> compile yourself.
>
> Here, for example, on a test system I see
>
> bacula@gnom:/usr/local/demo-bacula> ldd sbin/bacula-dir | grep ssl
> libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0xb7c5e000)
>
> Arno
>
>
>> I don't used "./configure (option)", but used "apt-get install" for
>> instal bacula :s
>> doc:"/Appropriate autoconf macros have been added to detect and use
>> OpenSSL if enabled on the ./configure line with --with-openssl/"
>>
>>
>> how to become your own Certificate Authority so you can create your own
>> certificates.
>> That's good to know, thx :)
>>
>>
>> Sébastien
>>
>> Maarten Hoogveld a écrit :
>>
>>> Sorry, accidently pressed the send button before the mail was
>>> completed (Now why didn't I look into that gmail undo-send button
>>> yesterday)
>>>
>>> Hi,
>>>
>>> I have instal bacula with "# apt-get install bacula" in debian linux.
>>> I have my backups that works, but is not securised with TLS...
>>> When used TLS, i have erreor message :
>>> "Fatal error: TLS required but not configured in Bacula."
>>>
>>> How to use TLS ? where configure used TLS with this install ?
>>>
>>>
>>> Hi Sébastien,
>>>
>>> Check out the Bacula documentation on TLS
>>> <http://www.bacula.org/en/dev-manual/Bacula_TLS_Communication.html>.
>>> The example configs are a good start.
>>> Also check out OpenSSL docs on how to become your own Certificate
>>> Authority so you can create your own certificates.
>>> This may take some effort and time if you are unfarmilliar with
>>> certificates. Without the right certificates it will not work.
>>> OpenSSL has some functionality with which you can check the
>>> certificates. You can create some sort of server and try to connect to
>>> it but I don't remember how that works anymore. Google for it.
>>> It's important to start with the simplest solution (e.g. no TLS) and
>>> then gradually add some TLS features. (So don't start with the "TLS
>>> Allowed CN" or something like that. Add that when the plain TLS
>>> connection works.)
>>> Also important to understanding what's going on is to figure out what
>>> connects to what. The part about firewalls
>>> <http://www.bacula.org/en/rel-manual/Dealing_with_Firewalls.html> in
>>> the Bacula documentation has a small and useful overview of that. For
>>> the TLS connection the "client" is the connecting party and the server
>>> is the party being connected to. Example: When the bacula-dir connects
>>> to the bacula-fd, the bacula-dir is the client and the bacula-fd is
>>> the server. (See comments in the example configs in the Director
>>> resource of the bacula-fd config)
>>>
>>> I have created some scripts to create and sign my own certificates
>>> because I just can't remember the command line options for openssl.
>>> They are used in a Fedora 6 environment so you may have to change some
>>> paths to match your setup.
>>> Before you can use these scripts you need:
>>> - A proper openssl config file
>>> Place the file location in create.sh at the [openssl.cnf] placeholder
>>> - Your self-signed root-certificate and private key
>>> Place them in their placeholders [ca.crt] and [ca.key] in the sign
>>> script
>>> - Check all paths in sign.sh (/etc/pki/CA/ in my installation) and
>>> make sure they match your setup.
>>> (Note: The sign script is not mine, I found it on the internet
>>> somewhere and don't remember who wrote it so I can't give credit.)
>>>
>>>
>>> Of course this doesn't explain TLS fully but I hope this helps a bit.
>>>
>>>
>>> Regards,
>>> Maarten Hoogveld
>>>
>>>
>>> *create.sh* A script to create a new key-pair and a cert-sign-request.
>>>
>>> #!/bin/bash
>>> FILE_BASE=$1
>>> if [ $# -ne 1 ]; then
>>> echo "Usage: $0 <base-filename>"
>>> echo " Creates a key-pair and csr (Certificate Signing Request)"
>>> echo " File created are <base-filename>.key and <base-filename>.crt."
>>> exit 1
>>> fi
>>>
>>> if [ -e ${FILE_BASE}.key ]; then
>>> echo "File ${FILE_BASE}.key already exists."
>>> echo "Exiting."
>>> exit 1;
>>> fi
>>>
>>> openssl req -config /[openssl.cnf]/ -new -nodes -keyout
>>> ${FILE_BASE}.key -out ${FILE_BASE}.csr -days 730
>>>
>>> echo "Done."
>>>
>>>
>>> *sign.sh* A script to sign a sign-request
>>>
>>> #!/bin/sh
>>> # argument line handling
>>> CSR=$1
>>> if [ $# -ne 1 ]; then
>>> echo "Usage: ${0} <whatever>.csr"; exit 1
>>> fi
>>> if [ ! -f $CSR ]; then
>>> echo "CSR not found: $CSR"; exit 1
>>> fi
>>> case $CSR in
>>> *.csr ) CERT="`echo $CSR | sed -e 's/\.csr/.crt/'`" ;;
>>> * ) CERT="$CSR.crt" ;;
>>> esac
>>> # make sure environment exists
>>> if [ ! -d ca.db.certs ]; then
>>> mkdir ca.db.certs
>>> fi
>>> if [ ! -f ca.db.serial ]; then
>>> echo '01' >ca.db.serial
>>> fi
>>> if [ ! -f ca.db.index ]; then
>>> cp /dev/null ca.db.index
>>> fi
>>> # create an own SSLeay config
>>> cat > ca.config <<EOT
>>> [ ca ]
>>> default_ca = CA_own
>>> [ CA_own ]
>>> dir = /etc/pki/CA
>>> certs = /etc/pki/CA/certs
>>> new_certs_dir = /etc/pki/CA/ca.db.certs
>>> database = /etc/pki/CA/ca.db.index
>>> serial = /etc/pki/CA/ca.db.serial
>>> RANDFILE = /etc/pki/CA/ca.db.rand
>>> certificate = /etc/pki/CA/certs//[ca.crt]/
>>> private_key = /etc/pki/CA/private//[ca.//key//]/
>>> default_days = 730
>>> default_crl_days = 30
>>> default_md = md5
>>> preserve = no
>>> policy = policy_anything
>>> [ policy_anything ]
>>> countryName = optional
>>> stateOrProvinceName = optional
>>> localityName = optional
>>> organizationName = optional
>>> organizationalUnitName = optional
>>> commonName = supplied
>>> emailAddress = optional
>>> EOT
>>> # sign the certificate
>>> echo "CA signing: $CSR -> $CERT:"
>>> openssl ca -config ca.config -out $CERT -infiles $CSR
>>> echo "CA verifying: $CERT <-> CA cert"
>>> openssl verify -CAfile /etc/pki/CA/certs//[ca.crt]/ $CERT
>>> # cleanup after SSLeay
>>> /bin/rm -f ca.config
>>> /bin/rm -f ca.db.serial.old
>>> /bin/rm -f ca.db.index.old
>>> # die gracefully
>>> exit 0
>>>
>>>
>>> *export.sh* A script to tidy up the files and put them into separate
>>> folders for archival
>>>
>>> #!/bin/bash
>>> FILE_BASE=$1
>>> if [ $# -ne 1 ]; then
>>> echo "Usage: $0 <base-filename>"
>>> echo " If <base-filename>.key and <base-filename>.crt exist:"
>>> echo " <base-filename>.key will be moved to ./export/private"
>>> echo " <base-filename>.crt will be moved to ./export/certs"
>>> echo " <base-filename>.csr will be deleted if it exists"
>>> exit 1
>>> fi
>>>
>>> if [ ! -e ${FILE_BASE}.key ]; then
>>> echo "File ${FILE_BASE}.key does not exist!"
>>> exit 1;
>>> fi
>>>
>>> if [ ! -e ${FILE_BASE}.crt ]; then
>>> echo "File ${FILE_BASE}.crt does not exist!"
>>> exit 1;
>>> fi
>>>
>>> if [ ! -d export/certs ]; then
>>> echo "Destination ./export/certs does not exist. Please create this
>>> directory and try again."
>>> exit 1;
>>> fi
>>> if [ ! -d export/private ]; then
>>> echo "Destination ./export/private does not exist. Please create
>>> this directory and try again."
>>> exit 1;
>>> fi
>>>
>>> mv ${FILE_BASE}.key export/private
>>> chmod 0400 export/private/${FILE_BASE}.key
>>>
>>> mv ${FILE_BASE}.crt export/certs
>>>
>>> if [ -e ${FILE_BASE}.csr ]; then
>>> rm ${FILE_BASE}.csr
>>> fi
>>>
>>> echo "Done."
>>>
>>>
>>>
>>>
>> ------------------------------------------------------------------------------
>> Stay on top of everything new and different, both inside and
>> around Java (TM) technology - register by April 22, and save
>> $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
>> 300 plus technical and hands-on sessions. Register today.
>> Use priority code J9JMT32. http://p.sf.net/sfu/p
>> _______________________________________________
>> Bacula-users mailing list
>> Bacula-users AT lists.sourceforge DOT net
>> https://lists.sourceforge.net/lists/listinfo/bacula-users
>>
>
>
------------------------------------------------------------------------------
Stay on top of everything new and different, both inside and
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today.
Use priority code J9JMT32. http://p.sf.net/sfu/p
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|