Re: [Bacula-users] bconsole won't connect to director

Hey Heitor,

Doing well thanks! I appreciate the help as always. So here's what I tried:

I added the directives you suggested to the director conf. From bacula-dir.conf:

Director { # define myself

Name = bacula1.example.com

DIRport = 9101 # where we listen for UA connections

QueryFile = "/etc/bacula/query.sql"

WorkingDirectory = "/var/spool/bacula"

PidDirectory = "/var/run"

Maximum Concurrent Jobs = 1

Password = "Duk30fZh0u" # Console password

Messages = Daemon

TLS Certificate = /etc/pki/tls/certs/bacula1.example.com.crt

TLS Key = /etc/pki/tls/private/bacula1.example.com.key

TLS CA Certificate File = /etc/pki/CA/certs/ca.crt

TLS Enable = yes

TLS Require = yes

TLS Verify Peer = no

TLS Allowed CN = "bacula1.example.com"

}

And I made the TLS Allowed CN match the FQDN of the bacula1 host. And here's a better paste of my bconsole.conf:

Director {

Name = bacula1.example.com

DIRport = 9101

address = bacula1.example.com

Password = "secret"

TLS Certificate = /etc/pki/tls/certs/bacula1.example.com.crt

TLS Key = /etc/pki/tls/private/bacula1.example.com.key

TLS CA Certificate File = /etc/pki/CA/certs/ca.crt

TLS Enable = yes

TLS Require = yes

}

I tried setting TLS Verify Peer = no and TLS Allowed CN = "bacula1.example.com" in the bconsole.conf, but those weren't valid there.

And then I tried running bconsole in debug mode, and this is what I got:

[root@bacula1:~] #bconsole -d100 -c /etc/bacula/bconsole.conf

Connecting to Director bacula1.example.com:9101

bconsole: bsock.c:208-0 Current 52.5.117.61:9101 All 52.5.117.61:9101

bconsole: bsock.c:283-0 Could not connect to server Director daemon bacula1.example.com:9101. ERR=Interrupted system call

bconsole: bsock.c:106-0 Unable to connect to Director daemon on bacula1.example.com:9101. ERR=Interrupted system call

I'm definitely open to suggestion at this point!

Thanks!

Tim

On Sun, Nov 8, 2015 at 10:24 AM, Heitor Faria <heitor AT bacula.com DOT br> wrote:

Just in time: your certificate Complete Name (CN) that you are prompted during its creation must match the TLS Allowed CN value.
===========================================================================
Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified Administrator II
Do you need Bacula training? http://bacula.us/video-classes/
I do Bacula training and deploy in any city of the world. More information: http://bacula.us/
+55 61 8268-4220
Site: http://bacula.us FB: heitor.faria
===========================================================================

From: "Heitor Faria" <heitor AT bacula.com DOT br>
To: "Tim Dunphy" <bluethundr AT gmail DOT com>
Cc: bacula-users AT lists.sourceforge DOT net
Sent: Sunday, November 8, 2015 1:15:04 PM
Subject: Re: [Bacula-users] bconsole won't connect to director
Hey guys,
Hello Tim, how are you?
I've had to rebuild my bacula server recently. And everything seemed to go okay with the install, but for some reason the bconsole can't conect to the director.
This is all I see when I try:

[root@bacula1:~] #bconsole
Connecting to Director bacula1.example.com:9101

I tried running my bacula-director in debug mode to get an idea of what the problem is, however it isn't providing any clues:
In this case running bconsole in debug mode would be more fruitful.
I made sure the bacula director definition matched the bconsole config. From bacula-dir.conf:

Director { # define myself
Name = bacula1.example.com
DIRport = 9101 # where we listen for UA connections
QueryFile = "/etc/bacula/query.sql"
WorkingDirectory = "/var/spool/bacula"
PidDirectory = "/var/run"
Maximum Concurrent Jobs = 1
Password = "secret" # Console password
Messages = Daemon
TLS Certificate = /etc/pki/tls/certs/bacula1.example.com.crt
TLS Key = /etc/pki/tls/private/bacula1.example.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable = yes
TLS Require = yes
}
If you are using self-signed certificates it is very likely you would have to use the following settings:

TLS Verify Peer = no
TLS Allowed CN = "192.168.0.50" # Or name
From bconsole.conf
Director {
Name = bacula1.example.com
DIRport = 9101
address = bacula1.example.com
Password = "secret"
TLS Certificate = /etc/pki/tls/certs/bacula1.example.com.crt
TLS Key = /etc/pki/tls/private/bacula1.example.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable = yes
TL
}
I think TLS Require is miss copied here.

Regards,
===========================================================================
Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified Administrator II
Do you need Bacula training? http://bacula.us/video-classes/
I do Bacula training and deploy in any city of the world. More information: http://bacula.us/
+55 61 8268-4220
Site: http://bacula.us FB: heitor.faria
===========================================================================

------------------------------------------------------------------------------

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users

GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

------------------------------------------------------------------------------

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users