Hi all,
The first time I'm trying to configure the TLS part of my (new) server under FreeBSD. (10.2/7.4 from ports)
Communication sd <-> dir seems ok with debugging activated. I don't know if "ssl=0" means not using TLS.
More info:
betelgeuse.canonigos.es-dir: ua_status.c:183-0 item=1
betelgeuse.canonigos.es-dir: job.c:1744-0 wstore=LocalChgr where=unknown source
Automatically selected Storage: LocalChgr
betelgeuse.canonigos.es-dir: cram-md5.c:147-0 sending resp to challenge: J6c+pxk+t+/KDXl0B4IjVC
betelgeuse.canonigos.es-dir: cram-md5.c:71-0 send: auth cram-md5 challenge <2125264182.1463481511 AT betelgeuse.canonigos DOT es-dir> ssl=0
betelgeuse.canonigos.es-dir: cram-md5.c:90-0 Authenticate OK b++7uF+e3/JMCxZcv+/51C
betelgeuse.canonigos.es-dir: ua_status.c:382-0 Connected to storage daemon
betelgeuse.canonigos.es-sd Version: 7.4.0 (16 January 2016) amd64-portbld-freebsd10.2 freebsd 10.2-RELEASE-p9
But with the FD I get this error:
Select Client (File daemon) resource (1-8): 8
betelgeuse.canonigos.es-dir: fd_cmds.c:110-0 Opened connection with File daemon
betelgeuse.canonigos.es-dir: authenticate.c:202-0 Sent: Hello Director betelgeuse.canonigos.es-dir calling 102
betelgeuse.canonigos.es-dir: cram-md5.c:147-0 sending resp to challenge: 0i+14m/EA9/jvH4HAG/3BA
betelgeuse.canonigos.es-dir: cram-md5.c:71-0 send: auth cram-md5 challenge <2099914463.1463480267 AT betelgeuse.canonigos DOT es-dir> ssl=2
betelgeuse.canonigos.es-dir: cram-md5.c:90-0 Authenticate OK Y8+3N1t0t3+0VhI93F9vvB
betelgeuse.canonigos.es-dir: fd_cmds.c:117-0 Authentication error with FD.
Failed to connect to Client betelgeuse.canonigos.es-fd.
====
You have messages.
*m
17-May 12:17 betelgeuse.canonigos.es-dir JobId 0: Fatal error: Authorization problem: FD "Client: betelgeuse.canonigos.es-fd:
betelgeuse.canonigos.es" did not advertise required TLS support.
The Config:
dir.conf >>
Director {
Name = betelgeuse.canonigos.es-dir
DIRport = 9101
QueryFile = "/usr/local/share/bacula/query.sql"
WorkingDirectory = "/var/db/bacula"
PidDirectory = "/var/run"
Maximum Concurrent Jobs = 20
Password = "XX" # Console password
Messages = Daemon
# configuracion relativa a TLS
TLS Require = no
TLS Enable = yes
TLS Verify Peer = yes
TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
TLS Certificate = /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
TLS Key = /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
}
# Client (File Services) to backup
Client {
Name = betelgeuse.canonigos.es-fd
FDPort = 9102
Catalog = MyCatalog
Password = "XX"
File Retention = 60 days # 60 days
Job Retention = 6 months # six months
AutoPrune = yes # Prune expired Jobs/Files
# configuracion relativa a LTS
TLS Require = yes
TLS Enable = yes
TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
TLS Certificate = /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
TLS Key = /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
}
fd.conf >>
FileDaemon { # this is me
Name = betelgeuse.canonigos.es-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/db/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
# Plugin Directory = /usr/local/lib
# configuracion relativa a TLS
TLS Require = yes
TLS Enable = yes
TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
TLS Certificate = /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
TLS Key = /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
}
sd.conf >>
Storage { # definition of myself
Name = betelgeuse.canonigos.es-sd
SDPort = 9103 # Director's port
WorkingDirectory = "/var/db/bacula"
Pid Directory = "/var/run"
Maximum Concurrent Jobs = 20
# configuracion relativa al TLS
TLS Require = no
TLS Enable = yes
TLS Verify Peer = yes
TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
TLS Certificate = /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
TLS Key = /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
}
J.
--
_____________________________________________
Francisco Javier Funes Nieto [
esencia AT gmail DOT com]
CANONIGOS
Servicios Informáticos para PYMES.
Cl. Cruz 2, 1º Oficina 7
Tlf: 958.536759 / 661134556
Fax: 958.521354
GRANADA - 18002