Re: [Bacula-users] winbacula tls

Hello.

I don't know why you didn't reply to list, but I'll add the list to CC now ;)

On Tuesday 05 August 2008 00:54, kool1j AT netzero DOT com wrote:
> Hi Silver,
> 
> I saw your response to windows xp client and I want to know on your 
bacula-fd.conf.  I'm using Windows 2003 Server and I have the one client on 
the machine with the director, Storage and I have it all using tls, but when 
I try to setup the exact parameters as on the director's server for the 
onboard client, all my other Windows XP clients bacula services fails to 
start. Below is a list of how the bacula-fd client is configured and working, 
the goal is to get a few more Windows clients started, thanks in advance.
> 
> 
>  The configuration looks like.. bacula-fd.conf:
>  FileDaemon {
>    ...
>    TLS Enable = yes
>    TLS Require = no
>    TLS CA Certificate File = C:/Bacula/certs/ca.pem
>    TLS Certificate  = C:/Bacula/etc/ssl/xxxx/client-fd.crt
>    TLS Key = C:/Bacula/etc/ssl/xxxx/client-fd.key
>  }
> 
> Director {
>    ...
>    TLS Enable = yes
>    TLS Require = yes
>    TLS CA Certificate File = C:/Bacula/certs/ca.pem
>    TLS Certificate  = C:/Bacula/certs/client-fd.crt
>    TLS Key = C:/Bacula/certs/client-fd.key
> 
> }

As clients need to be really sure that Director is THE director, they need 
some additional TLS verifications:
Director {
  ...
  TLS Verify Peer = yes
  TLS DH File = C:/Bacula/certs/dh1024.pem
}

I'm not sure how to get a DH-key in Windows, though.

--
Silver

> Silver Salonen wrote:
> > 
> > On Sunday 09 March 2008, Skirmantas Juraška wrote:
> >> 
> >> Hello,
> >> 
> >> I’m using newest version of bacula and some linux and windows xp clients.
> >> With linux tls encryption everything is working ok, but can’t get it to
> >> work
> >> with windows machines. Maybe some one can give an example how to do this
> >> and
> >> maybe it is not possible to do this?
> > 
> > Hi!
> > 
> > If you mean the client-part, I do backup of multiple Windowses over TLS.
> > They 
> > just need their own certificaes (crt and key) and server's
> > root-certificate 
> > (ca).
> > 
> > The configuration looks like.. bacula-fd.conf:
> > FileDaemon {
> >   ...
> >   TLS Enable = yes
> >   TLS Require = no
> >   TLS Certificate = "C:\\Documents and Settings\\All Users\\Application 
> > Data\\Bacula\\client-cert.crt"
> >   TLS Key = "C:\\Documents and Settings\\All Users\\Application 
> > Data\\Bacula\\client-cert.key"
> >   TLS CA Certificate File = "C:\\Documents and Settings\\All 
> > Users\\Application Data\\Bacula\\cacert.pem"
> > }
> > 
> > -- 
> > Silver

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users