On 7/19/22 16:55, Justin Case wrote:
Error: getmsg.c:217 Malformed message: [bsockcore.c:265 Unable to connect to Director daemon on bacula-dir.lan.net:9101. ERR=Connection refused
Hello Justin,
My guess is that the FD is configured to call the Director, and it tries, but
fails either due to a firewall blocking it, or,
more likely, the Director has not been configured to allow this Client to
connect to the Director.
Then, when you run the job, the Director simply calls the client as normal.
In the Client{} resource on the Director for this Client, you need:
----8<----
AllowFDConnections = yes
----8<----
See, if makes no sense to me that if the Client is not connected, or cannot
connect that the Director can (or would) call out
to it to start a job with "AllowFDConnections = yes" set for this client.
The connection should be already established By the Client -> to the Director
and there would be no connection refused
messages generated by the client - w
hich is why I asked about the JobId 0 possibility for these log entries.
BTW, I just tested this on a client that is local to the Director (ie: no
firewalls between the two) and it works as
expected. No errors.
If I run the Director in foreground and debug mode, I can see after a few
seconds of it starting up, an incoming connection
from the Client I configured, and then the authentication and finally the
inbound connection allowed:
----8<----
[...snip a lot of Director startup stuff...]
bacula-dir: authenticate.c:267-0 authenticate user agent: Hello speedy-fd
fdcallsdir 1 tlspsk=100
bacula-dir: authenticate.c:286-0 *** No Dir compression to UA
bacula-dir: authenticatebase.cc:335-0 TLSPSK Local need 100
bacula-dir: authenticatebase.cc:365-0 TLSPSK Remote need 100
bacula-dir: authenticatebase.cc:563-0 TLSPSK Start PSK
bacula-dir: authenticatebase.cc:365-0 TLSPSK Remote need 100
bacula-dir: authenticatebase.cc:563-0 TLSPSK Start PSK
bacula-dir: bnet.c:96-0 TLS serve
r negotiation established.
bacula-dir: bnet.c:155-0 TLS client negotiation established.
bacula-dir: cram-md5.c:68-0 send: auth cram-md5 challenge
<695684628.1658273108@bacula-dir> ssl=0
bacula-dir: cram-md5.c:132-0 cram-get received: auth cram-md5
<1878454514.1658273108@speedy-fd> ssl=0
bacula-dir: cram-md5.c:132-0 cram-get received: auth cram-md5
<40069706.1658273108@speedy-fd> ssl=0
bacula-dir: cram-md5.c:156-0 sending resp to challenge: hG/bnB+/sA+oS8RQ+S+nEA
bacula-dir: cram-md5.c:156-0 sending resp to challenge: 9+BJT+cVo5tAb6/dZ/+9nB
bacula-dir: cram-md5.c:75-0 send: auth cram-md5 challenge
<472182750.1658273108@bacula-dir> ssl=0
bacula-dir: authenticate.c:368-0 FDCallsDir OK for speedy-fd
----8<----
The first line shows the client connecting inbound to the Director and that
'fdcallsdir = 1' for this client called
'speedy-fd' which allows the inbound attempt and authentication processes, then
the last line shows the connection has been
allowed and is OK.
Hope
this helps,
Bill
--
Bill Arlofski
w...@protonmail.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
