Temporarily disable TLS and/or password to do backups of Solaris 10 clients?
389 views
Skip to first unread message
Riot Nrrrd
Aug 10, 2021, 7:14:19 AM8/10/21
to bareos-users
Hello all,
At my work we have a Bareos 20.0.1 server on RHEL 7.9. We're about to decommission the last of our Solaris systems and and wanted to do one final full backup before we turn them off for good.
Our Bareos administrator did a final backup of our two remaining Solaris 11.4 systems already using the Bareos 20.0.0.1-1 pkg for Solaris 11.4. So far so good.
However, we also have a few Solaris 10 1/13 systems, so I compiled & built Bareos 17.2.4 on them. (Most recent version I could get to easily compile.)
But when our Bareos administrator tried to back them up, it failed. The error messages were:
2021-08-10 02:45:55 bareos-dir JobId 6801: Fatal error: No Job status returned from FD.
2021-08-10 02:45:55 bareos-dir JobId 6801: Fatal error: Unable to authenticate with File daemon at "[IP]:9102"
2021-08-10 02:45:50 bareos-dir JobId 6801: Fatal error: Wrong format of the CRAM challenge with [IP].
2021-08-10 02:45:45 bareos-dir JobId 6801: TLS negotiation failed (while probing client protocol)
The Bareos admin thinks that it's because OpenSSL on the Solaris 10 systems is too old, despite being patched with the very latest Oracle Solaris 10 patches for OpenSSL.
That's probably true, so I'm wondering if we have any options here. Is there a way to turn off TLS and/or not use an MD5 password on a per-client basis, so we can just enable it for these 3 remaining Solaris 10 systems and then remove them all from the Bareos config if it successfully completes a full backup after that?
Thanks for any replies.
Philipp Storz
Aug 10, 2021, 7:27:09 AM8/10/21
to bareos...@googlegroups.com
Hello,
you might be successful by reading the docs that are available here:
https://docs.bareos.org/TasksAndConcepts/TransportEncryption.html?highlight=tls#bareosfd-before-18-2-with-bareos-18-2
Looking at your description, you are using bareos in a production environment.
Subscription for supported updated packages and support are available. It would be nice and fair if
your company would consider to buy our services.
Best regards,
Philipp
Am 10.08.21 um 13:14 schrieb Riot Nrrrd:
> /2021-08-10 02:45:55 bareos-dir JobId 6801: Fatal error: Unable to authenticate with File daemon at
> "[IP]:9102"
>
> /
> /2021-08-10 02:45:50 bareos-dir JobId 6801: Fatal error: Wrong format of the CRAM challenge with [IP]./
> /2021-08-10 02:45:45 bareos-dir JobId 6801: TLS negotiation failed (while probing client protocol)/
> and/or /not use an MD5 password/ */on a per-client basis/*, so we can just enable it for these 3
> You received this message because you are subscribed to the Google Groups "bareos-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> bareos-users...@googlegroups.com <mailto:bareos-users...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/bareos-users/6f047881-5dcd-4a23-99b7-ac0f660fc196n%40googlegroups.com
> <https://groups.google.com/d/msgid/bareos-users/6f047881-5dcd-4a23-99b7-ac0f660fc196n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Mit freundlichen Grüßen
Philipp Storz philip...@bareos.com
Bareos GmbH & Co. KG Phone: +49 221 63 06 93-92
http://www.bareos.com Fax: +49 221 63 06 93-10
Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Geschäftsführer: Stephan Dühr, M. Außendorf,
J. Steffens, P. Storz
you might be successful by reading the docs that are available here:
https://docs.bareos.org/TasksAndConcepts/TransportEncryption.html?highlight=tls#bareosfd-before-18-2-with-bareos-18-2
Looking at your description, you are using bareos in a production environment.
Subscription for supported updated packages and support are available. It would be nice and fair if
your company would consider to buy our services.
Best regards,
Philipp
Am 10.08.21 um 13:14 schrieb Riot Nrrrd:
> Hello all,
>
> At my work we have a Bareos 20.0.1 server on RHEL 7.9. We're about to decommission the last of our
> Solaris systems and and wanted to do one final full backup before we turn them off for good.
>
> Our Bareos administrator did a final backup of our two remaining Solaris 11.4 systems already using
> the Bareos 20.0.0.1-1 pkg for Solaris 11.4. So far so good.
>
> However, we also have a few Solaris 10 1/13 systems, so I compiled & built Bareos 17.2.4 on them.
> (Most recent version I could get to easily compile.)
>
> But when our Bareos administrator tried to back them up, it failed. The error messages were:
>
> /2021-08-10 02:45:55 bareos-dir JobId 6801: Fatal error: No Job status returned from FD./
>
> At my work we have a Bareos 20.0.1 server on RHEL 7.9. We're about to decommission the last of our
> Solaris systems and and wanted to do one final full backup before we turn them off for good.
>
> Our Bareos administrator did a final backup of our two remaining Solaris 11.4 systems already using
> the Bareos 20.0.0.1-1 pkg for Solaris 11.4. So far so good.
>
> However, we also have a few Solaris 10 1/13 systems, so I compiled & built Bareos 17.2.4 on them.
> (Most recent version I could get to easily compile.)
>
> But when our Bareos administrator tried to back them up, it failed. The error messages were:
>
> /2021-08-10 02:45:55 bareos-dir JobId 6801: Fatal error: Unable to authenticate with File daemon at
> "[IP]:9102"
>
> /
> /2021-08-10 02:45:50 bareos-dir JobId 6801: Fatal error: Wrong format of the CRAM challenge with [IP]./
> /2021-08-10 02:45:45 bareos-dir JobId 6801: TLS negotiation failed (while probing client protocol)/
>
> The Bareos admin thinks that it's because OpenSSL on the Solaris 10 systems is too old, despite
> being patched with the very latest Oracle Solaris 10 patches for OpenSSL.
>
> That's probably true, so I'm wondering if we have any options here. Is there a way to/turn off TLS/
> The Bareos admin thinks that it's because OpenSSL on the Solaris 10 systems is too old, despite
> being patched with the very latest Oracle Solaris 10 patches for OpenSSL.
>
> and/or /not use an MD5 password/ */on a per-client basis/*, so we can just enable it for these 3
> remaining Solaris 10 systems and then remove them all from the Bareos config if it successfully
> completes a full backup after that?
>
> Thanks for any replies.
>
>
> --
> completes a full backup after that?
>
> Thanks for any replies.
>
>
> You received this message because you are subscribed to the Google Groups "bareos-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> bareos-users...@googlegroups.com <mailto:bareos-users...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/bareos-users/6f047881-5dcd-4a23-99b7-ac0f660fc196n%40googlegroups.com
> <https://groups.google.com/d/msgid/bareos-users/6f047881-5dcd-4a23-99b7-ac0f660fc196n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Mit freundlichen Grüßen
Philipp Storz philip...@bareos.com
Bareos GmbH & Co. KG Phone: +49 221 63 06 93-92
http://www.bareos.com Fax: +49 221 63 06 93-10
Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Geschäftsführer: Stephan Dühr, M. Außendorf,
J. Steffens, P. Storz
Riot Nrrrd
Aug 10, 2021, 8:01:59 AM8/10/21
to bareos-users
On Tuesday, August 10, 2021 at 4:27:09 AM UTC-7 philipp.storz wrote:
Hello,
you might be successful by reading the docs that are available here:
https://docs.bareos.org/TasksAndConcepts/TransportEncryption.html?highlight=tls#bareosfd-before-18-2-with-bareos-18-2
Thank you for the response, Philipp. I tried to add the TLS disable change and got
solaris10:1:1017 [/] # sh /etc/init.d/bareos-fd start
Starting the Bareos File daemon:
??????bareos-fd: ERROR TERMINATION at parse_conf.c:302
Config error: Name not specified for resource
: line 56, col 1 of file /opt/bareos/etc/bareos/bareos-fd.conf
}
It did not like me adding a Client {} clause to that file. (There is no /opt/bareos/etc/bareos/bareos-fd.d/client/bareos-fd.conf file, only myself.conf.)
Looking at your description, you are using Bareos in a production environment.
Subscription for supported updated packages and support are available. It would be nice and fair if your company would consider buying our services.
Well, I mentioned decommissioning of Solaris in my OP.
After that begins the task of decommissioning all of the Linux systems or migrating any remaining systems to The Cloud.
So basically this is the first step to the dissolution of the organization I have been in. (I am actually leaving for another job as of next week, so this is my last act of help for them.)
Eventually we won't need Bareos anymore because there won't be any systems left to use it for backups. 😞
Frank Kohler
Aug 10, 2021, 8:12:50 AM8/10/21
to bareos...@googlegroups.com
Hi,
On 8/10/21 2:01 PM, Riot Nrrrd wrote:
>
> After that begins the task of decommissioning all of the Linux systems
> or migrating any remaining systems to The Cloud.
> [...]
"No backups needed we're in the cloud" / Wir machen Cloud, da braucht
man kein Backup!
(language: de)
https://programm.froscon.de/2021/events/2683.html
best,
Frank
--
Frank Kohler
On 8/10/21 2:01 PM, Riot Nrrrd wrote:
>
> After that begins the task of decommissioning all of the Linux systems
> or migrating any remaining systems to The Cloud.
> Eventually we won't need Bareos anymore because there won't be any
> systems left to use it for backups. 😞
>
>
We'll be giving a talk on that topic @FrOSCon (Aug21) ;-)
> systems left to use it for backups. 😞
>
>
"No backups needed we're in the cloud" / Wir machen Cloud, da braucht
man kein Backup!
(language: de)
https://programm.froscon.de/2021/events/2683.html
best,
Frank
--
Frank Kohler
Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Komplementär: Bareos Verwaltungs-GmbH
Reply all
Reply to author
Forward
0 new messages