Hello.
I don't know why you didn't reply to list, but I'll add the list to CC now ;)
On Tuesday 05 August 2008 00:54, kool1j AT netzero DOT com wrote:
> Hi Silver,
>
> I saw your response to windows xp client and I want to know on your
bacula-fd.conf. I'm using Windows 2003 Server and I have the one client on
the machine with the director, Storage and I have it all using tls, but when
I try to setup the exact parameters as on the director's server for the
onboard client, all my other Windows XP clients bacula services fails to
start. Below is a list of how the bacula-fd client is configured and working,
the goal is to get a few more Windows clients started, thanks in advance.
>
>
> The configuration looks like.. bacula-fd.conf:
> FileDaemon {
> ...
> TLS Enable = yes
> TLS Require = no
> TLS CA Certificate File = C:/Bacula/certs/ca.pem
> TLS Certificate = C:/Bacula/etc/ssl/xxxx/client-fd.crt
> TLS Key = C:/Bacula/etc/ssl/xxxx/client-fd.key
> }
>
> Director {
> ...
> TLS Enable = yes
> TLS Require = yes
> TLS CA Certificate File = C:/Bacula/certs/ca.pem
> TLS Certificate = C:/Bacula/certs/client-fd.crt
> TLS Key = C:/Bacula/certs/client-fd.key
>
> }
As clients need to be really sure that Director is THE director, they need
some additional TLS verifications:
Director {
...
TLS Verify Peer = yes
TLS DH File = C:/Bacula/certs/dh1024.pem
}
I'm not sure how to get a DH-key in Windows, though.
--
Silver
> Silver Salonen wrote:
> >
> > On Sunday 09 March 2008, Skirmantas Juraška wrote:
> >>
> >> Hello,
> >>
> >> I’m using newest version of bacula and some linux and windows xp clients.
> >> With linux tls encryption everything is working ok, but can’t get it to
> >> work
> >> with windows machines. Maybe some one can give an example how to do this
> >> and
> >> maybe it is not possible to do this?
> >
> > Hi!
> >
> > If you mean the client-part, I do backup of multiple Windowses over TLS.
> > They
> > just need their own certificaes (crt and key) and server's
> > root-certificate
> > (ca).
> >
> > The configuration looks like.. bacula-fd.conf:
> > FileDaemon {
> > ...
> > TLS Enable = yes
> > TLS Require = no
> > TLS Certificate = "C:\\Documents and Settings\\All Users\\Application
> > Data\\Bacula\\client-cert.crt"
> > TLS Key = "C:\\Documents and Settings\\All Users\\Application
> > Data\\Bacula\\client-cert.key"
> > TLS CA Certificate File = "C:\\Documents and Settings\\All
> > Users\\Application Data\\Bacula\\cacert.pem"
> > }
> >
> > --
> > Silver
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|