Quoting Ray Burr <[EMAIL PROTECTED]>:
I just set mine up today. I started with Landon's configuration, but one thing I noticed is that (based on watching with tcpdump) I wasn't getting an encrypted connection from the FD to the SD. I had to add "TLS Require = yes" to the FileDaemon section on the client configuration to get an encrypted connection. I'm no SSL guru, so maybe I've missed some other problem in my configuration.
Ah, lucky you. On my test server, the connections were actually failing until I
configured TLS in those additional sections (Client in bacula-dir.conf, and FileDaemon in bacula-fd.conf). BTW, since same certificate may be used (and usually will be used) in various sections, it would be nice if CA and daemon's certificates could be referenced only from the global section of the file (for example Director section in bacula-dir.conf, Storage section in bacula-sd.conf, and FileDaemon section in bacula-fd.conf). Probably not much point in repeating same three lines for each defined Client and Storage in bacula-dir.conf (same goes for bacula-sd.conf and bacula-fd.conf, although not that much repetitions there). An option to globally enable/require TLS from global section of configuration files might be nice to have too. That way, for example, no TLS options would need to be specified in Client and Storage sections of bacula-dir.conf. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
