Can`t connect to windows clients "Connect failure: ERR=error:0A0000FD:SSL routines::binder does not verify"
39 views
Skip to first unread message
Vernon Sullivan
Sep 9, 2024, 2:56:21 PM9/9/24
to bareos-users
Hi,
We have been testing bareos with linux clients and everything works fine with linux clients.
Un fortunately, we are stuck stuck trying to connect to any windows clients running windows 11 /Windows server 2019.
I've checked everything I've could guess, including passwords, communications, mtu , ciphers, etc. ¿PSK error?
I'm using bareos 23.04.
What I got checking client with bconsole:
*status
Status available for:
1: Director
2: Storage
3: Client
4: Scheduler
5: All
Select daemon type for status (1-5): 3
The defined Client resources are:
1: bareos-fd
2: despacho208-fd
Select Client (File daemon) resource (1-2): 2
Connecting to Client despacho208-fd at 10.10.242.73:9102
Probing client protocol...
(result will be saved until config reload)
Failed to connect to Client despacho208-fd.
====
You have messages.
*
This is trace.file I've got on windows client:
despacho208-fd (50): lib/tls_openssl_private.cc:325-0 SSL_get_error() returned error value 2
despacho208-fd (100): lib/bsock.cc:85-0 Construct BareosSocket
despacho208-fd (100): lib/tls_openssl_private.cc:59-0 Construct TlsOpenSslPrivate
despacho208-fd (100): lib/tls_openssl_private.cc:638-0 Set tcp filedescriptor: <1360>
despacho208-fd (100): lib/tls_openssl_private.cc:656-0 Set protocol: <>
despacho208-fd (100): lib/tls_openssl_private.cc:578-0 Set ca_certfile: <>
despacho208-fd (100): lib/tls_openssl_private.cc:584-0 Set ca_certdir: <>
despacho208-fd (100): lib/tls_openssl_private.cc:590-0 Set crlfile_: <>
despacho208-fd (100): lib/tls_openssl_private.cc:596-0 Set certfile_: <>
despacho208-fd (100): lib/tls_openssl_private.cc:602-0 Set keyfile_: <>
despacho208-fd (100): lib/tls_openssl_private.cc:620-0 Set dhfile_: <>
despacho208-fd (100): lib/tls_openssl_private.cc:644-0 Set cipherlist: <>
despacho208-fd (100): lib/tls_openssl_private.cc:650-0 Set ciphersuites: <>
despacho208-fd (100): lib/tls_openssl_private.cc:626-0 Set Verify Peer: <false>
despacho208-fd (100): lib/tls_openssl_private.cc:632-0 Set ktls: <false>
despacho208-fd (100): lib/tls_openssl_private.cc:502-0 psk_server_cb. identitiy: R_DIRECTOR bareos-dir.
despacho208-fd (100): lib/tls_openssl_private.cc:523-0 psk_server_cb. result: 32.
despacho208-fd (50): lib/tls_openssl_private.cc:402-0 SSL_get_error() returned error value 1
despacho208-fd (50): lib/crypto_openssl.cc:1593-0 jcr=0 Connect failure: ERR=error:0A0000FD:SSL routines::binder does not verify
despacho208-fd (200): lib/bsys.cc:186-0 pthread_cond_timedwait sec=3040836845568 usec=100
despacho208-fd (200): lib/bsys.cc:186-0 pthread_cond_timedwait sec=3040836845568 usec=100
despacho208-fd (50): lib/tls_openssl.cc:306-0 SSL_get_error() returned error value 1
despacho208-fd (100): lib/tls_openssl_private.cc:90-0 Destruct TlsOpenSslPrivate
despacho208-fd (50): lib/bsock.cc:645-0 TLS negotiation failed.
despacho208-fd (100): lib/bsock.cc:137-0 Destruct BareosSocket
despacho208-fd (100): filed/dir_cmd.cc:431-0 <dird: status
despacho208-fd (100): filed/dir_cmd.cc:450-0 Executing status command.
despacho208-fd (50): lib/tls_openssl_private.cc:325-0 SSL_get_error() returned error value 2
despacho208-fd (50): lib/tls_openssl_private.cc:325-0 SSL_get_error() returned error value 2
Thank you in advance for any help you could give.
Regards
Sebastian Sura
Sep 10, 2024, 1:39:23 AM9/10/24
to bareos...@googlegroups.com
Hi Vernon
I could reproduce the issue you reported by mistyping the director password on the client side. Could you double check that the director resource on the client and the client resource on the director share the exact same password ?
Could you also share a debug trace of the director during the connection attempt ? It looks like something (probably the director) did connect to your client which is a bit weird:
> despacho208-fd (100): filed/dir_cmd.cc:431-0 <dird:
status
> despacho208-fd (100): filed/dir_cmd.cc:450-0
Executing status command.
> despacho208-fd (50):
lib/tls_openssl_private.cc:325-0 SSL_get_error() returned error
value 2
> despacho208-fd (50):
lib/tls_openssl_private.cc:325-0 SSL_get_error() returned error
value 2
Kind Regards
Sebastian Sura
Am 09.09.24 um 20:56 schrieb Vernon
Sullivan:
--
You received this message because you are subscribed to the Google Groups "bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/a7dac309-4a5f-4d25-8ffc-26478a1f6093n%40googlegroups.com.
-- Sebastian Sura sebasti...@bareos.com Bareos GmbH & Co. KG Phone: +49 221 630693-0 https://www.bareos.com Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646 Komplementär: Bareos Verwaltungs-GmbH Geschäftsführer: Stephan Dühr, Jörg Steffens, Philipp Storz
Message has been deleted
Vernon Sullivan
Sep 13, 2024, 6:55:24 AM9/13/24
to bareos-users
Thank you for your response.
You never enphasize enough check "passwords" at both ends ...
Anyway this message is somehow misleading: "Connect failure: ERR=error:0A0000FD:SSL routines::binder does not verify" is still on trace file but everything seems to work OK.
Reply all
Reply to author
Forward
0 new messages