Hello Sergio,
This Console resource should be stored in Director configuration, not
in Bconsole configuration:
Console {
Name = "BaculaRestrictedUser"
Password = "XXXXXXf"
CommandACL =
run,show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update,.bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore
CatalogACL = *all*
ClientACL = user-fd
JobACL = somejob1,userjob
PoolACL = Full-Pool
StorageACL = VTL
FileSetACL = somejob1-fileset,userjobFileSet3
WhereACL = *all*
}
In Bconsole config you need to define Console resource as well but
with a bit different content.
Here you can see more information:
http://www.bacula.org/7.4.x-manuals/en/main/Console_Configuration.html
Please let know if it works after correction.
Good luck.
Best regards.
Marcin Haba (gani)
On 15 January 2017 at 23:08, Sergio Belkin <sebelk AT gmail DOT com> wrote:
>
>
> 2017-01-15 18:45 GMT-03:00 Sergio Belkin <sebelk AT gmail DOT com>:
>>
>> Hi,
>>
>> I use bacula 7.0.5, apache 2.4.6 and baculum-7.4.0-1.el7.centos.noarch
>>
>> I have no problems configuring only an admin user. But I cannot add
>> non-admin users:
>>
>> This what I did:
>>
>> 1) Run wizard
>>
>> So I get the following settings file:
>>
>> type = "mysql"
>> name = "bacula"
>> login = "bacula"
>> password = "XXXXXX"
>> ip_addr = "localhost"
>> port = "3306"
>> path = ""
>>
>> [bconsole]
>> bin_path = "/usr/sbin/bconsole"
>> cfg_path = "/etc/bacula/bconsole.conf"
>> cfg_custom_path = "/etc/bacula/bconsole-{user}.conf"
>> use_sudo = "1"
>>
>> [baculum]
>> login = "admin"
>> password = "XXXXX"
>> debug = "0"
>> lang = "en"
>>
>>
>> EOF
>>
>> Then I add a new user through web UI, and now users files is as follows:
>>
>> cat /etc/baculum/Data-apache/baculum.users
>>
>> admin:xxxxxxxxxxxx
>> esteban:xxxxxxxxxxx
>>
>> Of corse I've obfuscated passwords.
>>
>> When I try to login browser prompts me to enter user and password again
>>
>> apache error logs:
>>
>> [Sun Jan 15 18:20:56.469640 2017] [auth_basic:error] [pid 5322] [client
>> 192.168.6.26:60056] AH01617: user admin: authentication failure for "/":
>> Password Mismatch, referer: http://192.168.6.85:9095/
>>
>> I've tried even using htpasswd by hand with no success.
>>
>> Also I have bconsole file: /etc/bacula/bconsole-esteban.conf
>>
>> Console {
>> Name = "BaculaRestrictedUser"
>> Password = "XXXXXXf"
>> CommandACL =
>> run,show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update,.bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore
>> CatalogACL = *all*
>> ClientACL = user-fd
>> JobACL = somejob1,userjob
>> PoolACL = Full-Pool
>> StorageACL = VTL
>> FileSetACL = somejob1-fileset,userjobFileSet3
>> WhereACL = *all*
>> }
>>
>>
>>
>> Am I doing something wrong?
>>
>> Thanks in advance!'
>> ~
>>
>>
>> --
>> --
>> Sergio Belkin
>> LPIC-2 Certified - http://www.lpi.org
>
>
>
> Well, now I get this error:
>
> Baculum problem
>
> Error 4 - problem with connection to bconsole.
>
> ________________________________
> What can I do
>
> Please check if Bacula Director service is running.
> Please check in shell console if bconsole program is able to connect to
> Bacula Director service.
> Please be sure if Web Server user is allowed for executing bconsole program.
> You can login to shell console as Web Server user and try to run bconsole
> program.
> Please re-run Baculum Initial Wizard and on step "Console" please perform
> connection test.
>
> TRY AGAIN
>
> 1 )Bacula Director is running:
>
>
> ● bacula-dir.service - Bacula-Director, the Backup-server
> Loaded: loaded (/usr/lib/systemd/system/bacula-dir.service; enabled;
> vendor preset: disabled)
> Active: active (running) since dom 2017-01-15 19:05:05 ART; 5s ago
> Docs: man:bacula-dir(8)
> Main PID: 7876 (bacula-dir)
> CGroup: /system.slice/bacula-dir.service
> └─7876 /usr/sbin/bacula-dir -f -c /etc/bacula/bacula-dir.conf -u
> bacu...
>
> ene 15 19:05:05 backup.zanella.local systemd[1]: Started Bacula-Director,
> the B....
> ene 15 19:05:05 backup.zanella.local systemd[1]: Starting Bacula-Director,
> the ....
> Hint: Some lines were ellipsized, use -l to show in full.
>
> 2) bconsole can connect to Director:
>
> bconsole
> Connecting to Director localhost:9101
> 1000 OK: 1 bacula-dir Version: 7.0.5 (28 July 2014)
> Enter a period to cancel a command.
> }
>
> BUT it cannot connect using /etc/bacula/bconsole-esteban.conf:
>
> bconsole -c /etc/bacula/bconsole-esteban.conf 15-ene 19:07 bconsole: ERROR
> TERMINATION at parse_conf.c:981
> Config error: Keyword "CommandACL" not permitted in this resource.
> Perhaps you left the trailing brace off of the previous resource.
> : line 4, col 15 of file /etc/bacula/bconsole-esteban.conf
> CommandACL = run
>
> 3) Same error with apache user
>
> Any ideas?
>
> Thanks in advance!
>
> --
> --
> Sergio Belkin
> LPIC-2 Certified - http://www.lpi.org
>
> ------------------------------------------------------------------------------
> Developer Access Program for Intel Xeon Phi Processors
> Access to Intel Xeon Phi processor-based developer platforms.
> With one year of Intel Parallel Studio XE.
> Training and support from Colfax.
> Order your platform today. http://sdm.link/xeonphi
> _______________________________________________
> Bacula-users mailing list
> Bacula-users AT lists.sourceforge DOT net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>
--
"Greater love hath no man than this, that a man lay down his life for
his friends." Jesus Christ
"Większej miłości nikt nie ma nad tę, jak gdy kto życie swoje kładzie
za przyjaciół swoich." Jezus Chrystus
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
