Hey Heitor,
Doing well thanks! I appreciate the help as always. So here's what I
tried:
I added the directives you suggested to the director conf. From
bacula-dir.conf:
Director { # define myself
Name = bacula1.example.com
DIRport = 9101 # where we listen for UA connections
QueryFile = "/etc/bacula/query.sql"
WorkingDirectory = "/var/spool/bacula"
PidDirectory = "/var/run"
Maximum Concurrent Jobs = 1
Password = "Duk30fZh0u" # Console password
Messages = Daemon
TLS Certificate = /etc/pki/tls/certs/bacula1.example.com.crt
TLS Key = /etc/pki/tls/private/bacula1.example.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable = yes
TLS Require = yes
TLS Verify Peer = no
TLS Allowed CN = "bacula1.example.com"
}
And I made the TLS Allowed CN match the FQDN of the bacula1 host. And
here's a better paste of my bconsole.conf:
Director {
Name = bacula1.example.com
DIRport = 9101
address = bacula1.example.com
Password = "secret"
TLS Certificate = /etc/pki/tls/certs/bacula1.example.com.crt
TLS Key = /etc/pki/tls/private/bacula1.example.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable = yes
TLS Require = yes
}
I tried setting TLS Verify Peer = no and TLS Allowed CN = "
bacula1.example.com" in the bconsole.conf, but those weren't valid there.
And then I tried running bconsole in debug mode, and this is what I got:
[root@bacula1:~] #bconsole -d100 -c /etc/bacula/bconsole.conf
Connecting to Director bacula1.example.com:9101
bconsole: bsock.c:208-0 Current 52.5.117.61:9101 All 52.5.117.61:9101
bconsole: bsock.c:283-0 Could not connect to server Director daemon
bacula1.example.com:9101. ERR=Interrupted system call
bconsole: bsock.c:106-0 Unable to connect to Director daemon on
bacula1.example.com:9101. ERR=Interrupted system call
I'm definitely open to suggestion at this point!
Thanks!
Tim
On Sun, Nov 8, 2015 at 10:24 AM, Heitor Faria <hei...@bacula.com.br> wrote:
> Just in time: your certificate Complete Name (CN) that you are prompted
> during its creation must match the TLS Allowed CN value.
> ===========================================================================
> Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified
> Administrator II
> Do you need Bacula training? http://bacula.us/video-classes/
> I do Bacula training and deploy in any city of the world. More
> information: http://bacula.us/
> +55 61 <%2B55%2061%202021-8260>8268-4220 <%2B55%2061%208268-4220>
> Site: http://bacula.us FB: heitor.faria
> <http://www.facebook.com/heitor.faria>
> ===========================================================================
>
> ------------------------------
>
> *From: *"Heitor Faria" <hei...@bacula.com.br>
> *To: *"Tim Dunphy" <bluethu...@gmail.com>
> *Cc: *bacula-users@lists.sourceforge.net
> *Sent: *Sunday, November 8, 2015 1:15:04 PM
> *Subject: *Re: [Bacula-users] bconsole won't connect to director
>
> Hey guys,
>
> Hello Tim, how are you?
>
> I've had to rebuild my bacula server recently. And everything seemed to
> go okay with the install, but for some reason the bconsole can't conect to
> the director.
>
> This is all I see when I try:
>
>
> [root@bacula1:~] #bconsole
>
> Connecting to Director bacula1.example.com:9101
>
>
> I tried running my bacula-director in debug mode to get an idea of what
> the problem is, however it isn't providing any clues:
>
> In this case running bconsole in debug mode would be more fruitful.
>
> I made sure the bacula director definition matched the bconsole config.
> From bacula-dir.conf:
>
>
> Director { # define myself
>
> Name = bacula1.example.com
>
> DIRport = 9101 # where we listen for UA connections
>
> QueryFile = "/etc/bacula/query.sql"
>
> WorkingDirectory = "/var/spool/bacula"
>
> PidDirectory = "/var/run"
>
> Maximum Concurrent Jobs = 1
>
> Password = "secret" # Console password
>
> Messages = Daemon
>
> TLS Certificate = /etc/pki/tls/certs/bacula1.example.com.crt
>
> TLS Key = /etc/pki/tls/private/bacula1.example.com.key
>
> TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
>
> TLS Enable = yes
>
> TLS Require = yes
>
> }
>
> If you are using self-signed certificates it is very likely you would have
> to use the following settings:
>
> TLS Verify Peer = no
> TLS Allowed CN = "192.168.0.50" # Or name
>
> From bconsole.conf
>
> Director {
>
> Name = bacula1.example.com
>
> DIRport = 9101
>
> address = bacula1.example.com
>
> Password = "secret"
>
> TLS Certificate = /etc/pki/tls/certs/bacula1.example.com.crt
>
> TLS Key = /etc/pki/tls/private/bacula1.example.com.key
>
> TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
>
> TLS Enable = yes
>
> TL
>
> }
>
> I think TLS Require is miss copied here.
>
> Regards,
> ===========================================================================
> Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified
> Administrator II
> Do you need Bacula training? http://bacula.us/video-classes/
> I do Bacula training and deploy in any city of the world. More
> information: http://bacula.us/
> +55 61 <%2B55%2061%202021-8260>8268-4220 <%2B55%2061%208268-4220>
> Site: http://bacula.us FB: heitor.faria
> <http://www.facebook.com/heitor.faria>
> ===========================================================================
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>
>
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
