Thanks fot the answer.
I've forgoten to include client part of bacula-dir.
Client {
Name = nikolaj-fd
Address = nikolaj.test.com
FDPort = 9102
Catalog = MyCatalog
Maximum Concurrent Jobs = 10
Password = "123"
File Retention = 300d
Job Retention = 180d
AutoPrune = yes
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = /opt/bacula/etc/ca.pem
}
Dan Langille wrote:
>
> On 23 Aug 2007 at 0:30, Nikolaj Karpov wrote:
>
>>
>> Hi everyone!
>>
>> Running bacula 1.38.11 and experiencing problems with ssl connection. All
>> certs are issued by Self-Signed CA.
>>
>> Here's configs:
>>
>> bacula-dir:
>>
>> Storage {
>> Name = File
>> Address = backup.test.com # N.B. Use a fully qualified name
>> here
>> SDPort = 9103
>> Password = "123"
>> Device = FileStorage
>> Media Type = File
>> TLS Enable = yes
>> TLS Require = yes
>> TLS CA Certificate File = /opt/bacula/etc/ca.pem
>> # This is a client certificate, used by the director to
>> # connect to the storage daemon
>> TLS Certificate = /opt/bacula/etc/crt.pem
>> TLS Key = /opt/bacula/etc/key.pem
>> }
>>
>> bacula-sd:
>>
>> Storage { # definition of myself
>> Name = backup.test.com
>> SDPort = 9103 # Director's port
>> WorkingDirectory = "/opt/bacula/var/bacula/working"
>> Pid Directory = "/var/run"
>> Maximum Concurrent Jobs = 20
>> TLS Enable = yes
>> TLS Require = yes
>> # Peer certificate is not required/requested -- peer validity
>> # is verified by the storage connection cookie provided to the
>> # File Daemon by the director.
>> TLS Verify Peer = no
>> TLS CA Certificate File = /opt/bacula/etc/ca.pem
>> # This is a server certificate. It is used by connecting
>> # file daemons to verify the authenticity of this storage daemon
>> TLS Certificate = /opt/bacula/etc/crt.pem
>> TLS Key = /opt/bacula/etc/key.pem
>> }
>>
>> Director {
>> Name = backup-dir
>> Password = "123"
>> TLS Enable = yes
>> TLS Require = yes
>> # Require the connecting director to provide a certificate
>> # with the matching CN.
>> TLS Verify Peer = no
>> #TLS Allowed CN = "[EMAIL PROTECTED]"
>> TLS CA Certificate File = /opt/bacula/etc/ca.pem
>> # This is a server certificate. It is used by the connecting
>> # director to verify the authenticity of this storage daemon
>> TLS Certificate = /opt/bacula/etc/crt.pem
>> TLS Key = /opt/bacula/etc/key.pem
>> }
>>
>>
>> bacula-fd:
>>
>> Director {
>> Name = backup-dir
>> Password = "123"
>> TLS Enable = yes
>> TLS Require = yes
>> TLS Verify Peer = no
>> # Allow only the Director to connect
>> #TLS Allowed CN = "[EMAIL PROTECTED]"
>> TLS CA Certificate File = /opt/bacula/etc/ca.pem
>> # This is a server certificate. It is used by connecting
>> # directors to verify the authenticity of this file daemon
>> TLS Certificate = /opt/bacula/etc/crt.pem
>> TLS Key = /opt/bacula/etc/key.pem
>> }
>>
>>
>> And here's output:
>>
>> 22-Aug 14:29 backup-dir: Start Backup JobId 30,
>> Job=nikolaj.2007-08-22_14.29.17
>> 22-Aug 14:29 nikolaj-fd: DIR and FD clocks differ by 24 seconds, FD
>> automatically adjusting.
>
> nikolaj-fd? I see no mention of nikolaj-fd in the above
> configuration.
>
>> 22-Aug 14:29 nikolaj-fd: nikolaj.2007-08-22_14.29.17 Fatal error:
>> Authorization problem: Remote server requires TLS.
>> 22-Aug 14:29 nikolaj-fd: nikolaj.2007-08-22_14.29.17 Fatal error: Failed
>> to
>> authenticate Storage daemon.
>> 22-Aug 14:29 backup-dir: nikolaj.2007-08-22_14.29.17 Fatal error: Socket
>> error on Storage command: ERR=No data available
>> 22-Aug 14:29 backup.test.com: nikolaj.2007-08-22_14.29.17 Fatal error:
>> Authorization problem: Remote server did not advertise required TLS
>> support.
>> 22-Aug 14:29 backup.test.com: nikolaj.2007-08-22_14.29.17 Fatal error:
>> Incorrect authorization key from File daemon at client rejected.
>> Please see http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors
>> for
>> help.
>> 22-Aug 14:29 backup.test.com: nikolaj.2007-08-22_14.29.17 Fatal error:
>> Unable to authenticate File daemon
>> 22-Aug 14:29 backup-dir: nikolaj.2007-08-22_14.29.17 Error: Bacula
>> 1.38.11
>> (28Jun06): 22-Aug-2007 14:29:21
>
>>From bconsole, does status client work? Does status storage?
>
> http://www.freebsddiary.org/bacula-tls.php might help.
>
> --
> Dan Langille - http://www.langille.org/
> Available for hire: http://www.freebsddiary.org/dan_langille.php
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Bacula-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>
>
--
View this message in context:
http://www.nabble.com/Bacula-fd--%3E-Bacula-sd-SSL-problem-tf4315882.html#a12293249
Sent from the Bacula - Users mailing list archive at Nabble.com.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Bacula-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-users
