Discussion:
[bareos-users] Bareos TLS enable for Windows Client
Anuroop Prakash
2018-08-31 11:09:07 UTC
Permalink
Hi Guys,

Could anyone advise on how to enable TLS in windows Client.

I have setup TLS in Linux clients and it works but the same setting is not working for windows clients. (Windows Server RT2012).

I have followed this wiki for TLS
https://blog.earth-works.com/2015/08/19/bacula-set-up-backup-source-client-computer-or-server/

For windows client setup I followed
https://www.bareos.org/en/HOWTO/articles/set_up_backup_client.html

Please advise if anyone knows . Thanks in advance.
--
--
CONFIDENTIALITY NOTICE: This e-mail and any attachments hereto are
intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the
intended recipient of this e-mail, you are hereby notified that any 
dissemination, distribution or copying of this e-mail, and any attachments
thereto, is strictly prohibited. If you have received this e-mail in error,
please notify the sender by replying to this message and permanently delete
the original and any copy of this e-mail and any printout thereof.
--
You received this message because you are subscribed to the Google Groups "bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users+***@googlegroups.com.
To post to this group, send email to bareos-***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Andreas Haase
2018-09-04 07:30:37 UTC
Permalink
Hi,
Post by Anuroop Prakash
Hi Guys,
Could anyone advise on how to enable TLS in windows Client.
I have setup TLS in Linux clients and it works but the same setting is not working for windows clients. (Windows Server RT2012).
I have followed this wiki for TLS
https://blog.earth-works.com/2015/08/19/bacula-set-up-backup-source-client-computer-or-server/
For windows client setup I followed
https://www.bareos.org/en/HOWTO/articles/set_up_backup_client.html
Please advise if anyone knows . Thanks in advance.
TLS configuration in Windows clients works exactly the same way as on
Linux systems. The only difficult problem is to debug the file daemon in
case there goes something wrong. You have to enable tracing of the
daemon and then you'll find debug trace in C:\.

Regards,
Andreas
--
You received this message because you are subscribed to the Google Groups "bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users+***@googlegroups.com.
To post to this group, send email to bareos-***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Anuroop Prakash
2018-09-04 08:04:20 UTC
Permalink
Hi Andreas , Thanks for the response , could you please advise how to enable tracing on windows fie daemon.

Also In linux (Bareos Server) Am using openssl certificates which is in .pem format.

Will the same .pem format support in windows server 2016 (Client)

Following are the configuration in my Window client
*********
Client {
Name = vm10
Maximum Concurrent Jobs = 20
# if compatible is set to yes, we are compatible with bacula
# if set to no, new bareos features are enabled which is the default
compatible = no
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = C:\Program Files\Bareos\certs\cacert.pem
TLS Certificate = C:\Program Files\Bareos\certs\vm10cert.pem
TLS Key = C:\Program Files\Bareos\certs\vm10key-daemon.pem
TLS Allowed CN = "vm14"
}
*********
Director {
Name = bareos-dir
Password = passwordd
Description = "Allow the configured Director to access this file daemon."TLS Enable = yes
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = C:\Program Files\Bareos\certs\cacert.pem
TLS Certificate = C:\Program Files\Bareos\certs\vm10cert.pem
TLS Key = C:\Program Files\Bareos\certs\vm10key-daemon.pem
TLS Verify Peer = yes
TLS Allowed CN = "vm14"
TLS Allowed CN = "vm10"
}
*********
Post by Andreas Haase
Hi,
Post by Anuroop Prakash
Hi Guys,
Could anyone advise on how to enable TLS in windows Client.
I have setup TLS in Linux clients and it works but the same setting is not working for windows clients. (Windows Server RT2012).
I have followed this wiki for TLS
https://blog.earth-works.com/2015/08/19/bacula-set-up-backup-source-client-computer-or-server/
For windows client setup I followed
https://www.bareos.org/en/HOWTO/articles/set_up_backup_client.html
Please advise if anyone knows . Thanks in advance.
TLS configuration in Windows clients works exactly the same way as on
Linux systems. The only difficult problem is to debug the file daemon in
case there goes something wrong. You have to enable tracing of the
daemon and then you'll find debug trace in C:\.
Regards,
Andreas
--
--
CONFIDENTIALITY NOTICE: This e-mail and any attachments hereto are
intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the
intended recipient of this e-mail, you are hereby notified that any 
dissemination, distribution or copying of this e-mail, and any attachments
thereto, is strictly prohibited. If you have received this e-mail in error,
please notify the sender by replying to this message and permanently delete
the original and any copy of this e-mail and any printout thereof.
--
You received this message because you are subscribed to the Google Groups "bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users+***@googlegroups.com.
To post to this group, send email to bareos-***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Andreas Haase
2018-09-04 08:15:05 UTC
Permalink
Hello,
Post by Anuroop Prakash
could you please advise how to enable tracing on windows fie daemon.
Details can be found in
http://doc.bareos.org/master/html/bareos-manual-main-reference.html#x1-39100028.9
Post by Anuroop Prakash
Also In linux (Bareos Server) Am using openssl certificates which is in .pem format.
Will the same .pem format support in windows server 2016 (Client)
Yes. I created the certificates exactly the same way as in Linux.
Post by Anuroop Prakash
Following are the configuration in my Window client
*********
Client {
Name = vm10
Maximum Concurrent Jobs = 20
# if compatible is set to yes, we are compatible with bacula
# if set to no, new bareos features are enabled which is the default
compatible = no
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = C:\Program Files\Bareos\certs\cacert.pem
TLS Certificate = C:\Program Files\Bareos\certs\vm10cert.pem
TLS Key = C:\Program Files\Bareos\certs\vm10key-daemon.pem
TLS Allowed CN = "vm14"
}
*********
Director {
Name = bareos-dir
Password = passwordd
Description = "Allow the configured Director to access this file daemon."TLS Enable = yes
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = C:\Program Files\Bareos\certs\cacert.pem
TLS Certificate = C:\Program Files\Bareos\certs\vm10cert.pem
TLS Key = C:\Program Files\Bareos\certs\vm10key-daemon.pem
TLS Verify Peer = yes
TLS Allowed CN = "vm14"
TLS Allowed CN = "vm10"
}
*********
In my configuration I use slashes instead of backslashes for certificate
paths and I start and stop the path specification with double-quotes.
Don't know whether this causes your problems. If not, traces will help
you finding the cause.

Regards,
Andreas
--
You received this message because you are subscribed to the Google Groups "bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users+***@googlegroups.com.
To post to this group, send email to bareos-***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Anuroop Prakash
2018-09-05 06:11:52 UTC
Permalink
Thanks Andreas,

Using slashes and double quotes fixed the issue. Now I can connect via TLS But the thing is instead of C:/Program files I provide the details in C:/ProgramData/Bareos/bareos-fd.d. I have configuration files in Program Files and ProgramData configuring in ProgramData fixed the issue .

Tracing feature also helped .

Here is the configuration !!

*******
Client {
Name = vm10
Maximum Concurrent Jobs = 20

# compatible = yes
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = "C:/ProgramData/Bareos/certs/cacert.pem"
TLS Certificate = "C:/ProgramData/Bareos/certs/vm10cert.pem"
TLS Key = "C:/ProgramData/Bareos/certs/vm10key-daemon.pem"
TLS Allowed CN = "vm14"

# Below settings are for Data Encryption
PKI Signatures = Yes # Enable Data Signing
PKI Encryption = Yes # Enable Data Encryption
PKI Keypair = "C:/ProgramData/Bareos/certs/vm10.pem" # Public and Private Keys
PKI Master Key = "C:/ProgramData/Bareos/certs/master.cert" # ONLY the Public Key
PKI Cipher = aes128
}
*******
Director {
Name = bareos-dir
Password = "password"
Description = "Allow the configured Director to access this file daemon."
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = "C:/ProgramData/Bareos/certs/cacert.pem"
TLS Certificate = "C:/ProgramData/Bareos/certs/vm10cert.pem"
TLS Key = "C:/ProgramData/Bareos/certs/vm10key-daemon.pem"
TLS Verify Peer = yes
TLS Allowed CN = "vm14"
TLS Allowed CN = "vm10"
}
Post by Andreas Haase
Hello,
Post by Anuroop Prakash
could you please advise how to enable tracing on windows fie daemon.
Details can be found in
http://doc.bareos.org/master/html/bareos-manual-main-reference.html#x1-39100028.9
Post by Anuroop Prakash
Also In linux (Bareos Server) Am using openssl certificates which is in .pem format.
Will the same .pem format support in windows server 2016 (Client)
Yes. I created the certificates exactly the same way as in Linux.
Post by Anuroop Prakash
Following are the configuration in my Window client
*********
Client {
Name = vm10
Maximum Concurrent Jobs = 20
# if compatible is set to yes, we are compatible with bacula
# if set to no, new bareos features are enabled which is the default
compatible = no
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = C:\Program Files\Bareos\certs\cacert.pem
TLS Certificate = C:\Program Files\Bareos\certs\vm10cert.pem
TLS Key = C:\Program Files\Bareos\certs\vm10key-daemon.pem
TLS Allowed CN = "vm14"
}
*********
Director {
Name = bareos-dir
Password = passwordd
Description = "Allow the configured Director to access this file daemon."TLS Enable = yes
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = C:\Program Files\Bareos\certs\cacert.pem
TLS Certificate = C:\Program Files\Bareos\certs\vm10cert.pem
TLS Key = C:\Program Files\Bareos\certs\vm10key-daemon.pem
TLS Verify Peer = yes
TLS Allowed CN = "vm14"
TLS Allowed CN = "vm10"
}
*********
In my configuration I use slashes instead of backslashes for certificate
paths and I start and stop the path specification with double-quotes.
Don't know whether this causes your problems. If not, traces will help
you finding the cause.
Regards,
Andreas
--
--
CONFIDENTIALITY NOTICE: This e-mail and any attachments hereto are
intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the
intended recipient of this e-mail, you are hereby notified that any 
dissemination, distribution or copying of this e-mail, and any attachments
thereto, is strictly prohibited. If you have received this e-mail in error,
please notify the sender by replying to this message and permanently delete
the original and any copy of this e-mail and any printout thereof.
--
You received this message because you are subscribed to the Google Groups "bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users+***@googlegroups.com.
To post to this group, send email to bareos-***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...