Hi, I have created a certificate (/etc/bacula/cert.pem) and I have added TLS
directives, only for one client (bacula-fd), in my bacula config files like
this:
- bacula-dir.conf:
Director { # define myself
Name = bacula-dir
Description = "Director de Bacula"
DIRport = 9101 # where we listen for UA connections
QueryFile = "/etc/bacula/query.sql"
WorkingDirectory = "/var/bacula"
PidDirectory = "/var/run"
Maximum Concurrent Jobs = 20
Password = "director-password" # Console password
Messages = Standard
TLS Enable = yes
TLS Require = no
TLS Verify Peer = no
#TLS Allowed CN = "[EMAIL PROTECTED]"
# This is a server certificate, used for incoming
# console connections.
TLS Certificate = /etc/bacula/cert.pem
}
Client {
Name = bacula-fd
Address = bacula-fd_adress
FDPort = 9102
Catalog = MyCatalog
Password = "bacula-fd-password" # password for FileDaemon
File Retention = 30 days # 30 days
Job Retention = 6 months # six months
AutoPrune = yes # Prune expired Jobs/Files
Maximum Concurrent Jobs = 20
TLS Enable = yes
TLS Require = yes
#TLS Verify Peer = yes
# This is a server certificate. It is used by connecting
# directors to verify the authenticity of this file daemon
TLS Certificate = /etc/bacula/cert.pem
}
Storage {
Name = FDA
# Do not use "localhost" here
Address = bacula_storage_adress # N.B. Use a fully qualified
name here
SDPort = 9103
Password = "storage-FDA-password"
Device = FDA
Media Type = File
Maximum Concurrent Jobs = 20
TLS Require = yes
# This is a client certificate, used by the director to
# connect to the storage daemon
TLS Certificate = /etc/bacula/cert.pem
}
- bacula-fd.conf:
Director {
Name = bacula-dir
Password = "bacula-fd-password"
TLS Enable = yes
TLS Require = yes
TLS Verify Peer = yes
# Allow only the Director to connect
TLS Allowed CN = "[EMAIL PROTECTED]"
# This is a server certificate. It is used by connecting
# directors to verify the authenticity of this file daemon
TLS Certificate = /etc/bacula/cert.pem
}
- bacula-fd.conf:
Storage { # definition of myself
Name = bacula-sd
SDPort = 9103 # Director's port
WorkingDirectory = "/var/bacula"
Pid Directory = "/var/run"
Maximum Concurrent Jobs = 20
# These TLS configuration options are used for incoming
# file daemon connections. Director TLS settings are handled
# below.
TLS Enable = yes
TLS Require = yes
# Peer certificate is not required/requested -- peer validity
# is verified by the storage connection cookie provided to the
# File Daemon by the director.
TLS Verify Peer = no
# This is a server certificate. It is used by connecting
# file daemons to verify the authenticity of this storage daemon
TLS Certificate = /etc/bacula/cert.pem
}
Director {
Name = bacula-dir
Password = "storage-FDA-password"
TLS Enable = yes
TLS Require = yes
# Require the connecting director to provide a certificate
# with the matching CN.
TLS Verify Peer = yes
TLS Allowed CN = "[EMAIL PROTECTED]"
# This is a server certificate. It is used by the connecting
# director to verify the authenticity of this storage daemon
TLS Certificate = /etc/bacula/cert.pem
}
And when I restart bacula ...
[EMAIL PROTECTED] bacula]# ./bacula restart
Stopping the Bacula File daemon
Stopping the Bacula Storage daemon
Stopping the Bacula Director daemon
Starting the Bacula Storage daemon
06-Jul 13:07 bacula-sd: Fatal error: TLS required but not configured in
Bacula.
06-Jul 13:07 bacula-sd: Fatal error: "TLS Key" file not defined for
Director "b acula-dir" in /etc/bacula/bacula-sd.conf.
06-Jul 13:07 bacula-sd: Fatal error: Neither "TLS CA Certificate" or "TLS
CA Ce rtificate Dir" are defined for Director "bacula-dir" in
/etc/bacula/bacula-sd.co nf. At least one CA certificate store is required
when using "TLS Verify Peer".
Starting the Bacula File daemon
06-Jul 13:07 bacula-fd: Fatal error: TLS required but not configured in
Bacula.
06-Jul 13:07 bacula-fd: ERROR in filed.c:188 Please correct configuration
file: /etc/bacula/bacula-fd.conf
Starting the Bacula Director daemon
06-Jul 13:07 bacula-dir: Fatal error: "TLS Key" file not defined for
Director " bacula-dir" in /etc/bacula/bacula-dir.conf.
06-Jul 13:07 bacula-dir: Fatal error: TLS required but not configured in
Bacula .
06-Jul 13:07 bacula-dir: Fatal error: TLS required but not configured in
Bacula .
06-Jul 13:07 bacula-dir: Fatal error: TLS required but not configured in
Bacula .
06-Jul 13:07 bacula-dir: Fatal error: TLS required but not configured in
Bacula .
06-Jul 13:07 bacula-dir ERROR TERMINATION
Please correct configuration file: /etc/bacula/bacula-dir.conf
Thanks.
--
View this message in context:
http://www.nabble.com/bacula-TLS-tf1785382.html#a5197990
Sent from the Bacula - Users forum at Nabble.com.
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
