View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001602 | bareos-core | webui | public | 2024-02-25 01:48 | 2024-02-27 13:23 |
| Reporter | jsi | Assigned To | bruno-at-bareos | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | no change required | ||
| Platform | amd64 | OS | Gentoo Linux | OS Version | current |
| Product Version | 23.0.1 | ||||
| Summary | 0001602: Bareos WebUI unable to login after upgrade to 23.0.1 | ||||
| Description | After upgrade to Bareos 23.0.1 I had to compile the webui separately since there was no new ebuild for webui 23.0.1. I tried disabling TLS, but it seems that the webui still tries to connect via TLS. (See config and trace files below) I launched | ||||
| Steps To Reproduce | - Upgrade Bareos via Portage to 23.0.1 - Pull source from Github and checkout - master - Release/23.0.1 - Release/23.0.0 (doesn't matter) Compile the webui separately: cd /usr/src/bareos/webui cmake --install-prefix=/usr . make install Try to login and get "Sorry, cannot authenticate. Wrong username, password or SSL/TLS handshake failed." | ||||
| Additional Information | Launched bareos-dir with "bareos-dir -fd200" to catch the error when I try to login via webconsole: areos-dir (200): dird/scheduler_private.cc:163-0 Scheduler: WaitForJobsToRun is sleeping for 60 seconds. Next job: JSIIT-LSRV00-System.bareos-dir (100): lib/bsock.cc:85-0 Construct BareosSocket bareos-dir (100): lib/try_tls_handshake_as_a_server.cc:47-0 Error occured when trying to peek cleartext hello bareos-dir (100): lib/bsock.cc:137-0 Destruct BareosSocket *╰─➤ cat /etc/bareos/bareos-dir.d/console/admin.conf* # # Restricted console used by bareos-webui # Console { Name = "jsi" Password = "test" Profile = "webui-admin" # changed the password to "test" for testing-purpose... # As php does not support TLS-PSK, # and the director has TLS enabled by default, # we need to either disable TLS or setup # TLS with certificates. # # For testing purposes we disable it here TLS Enable = No } */etc/bareos-webui/directors.ini contains the following:* ; TLS verify peer ; Possible values: true or false tls_verify_peer = false ; Server can do TLS ; Possible values: true or false server_can_do_tls = false ; Server requires TLS ; Possible values: true or false server_requires_tls = false ; Client can do TLS ; Possible values: true or false client_can_do_tls = false ; Client requires TLS ; Possible value: true or false client_requires_tls = false | ||||
| Tags | No tags attached. | ||||
 |
admin.conf (350 bytes)
#
# Restricted console used by bareos-webui
#
Console {
Name = "jsi"
Password = "some.secret"
Profile = "webui-admin"
# As php does not support TLS-PSK,
# and the director has TLS enabled by default,
# we need to either disable TLS or setup
# TLS with certificates.
#
# For testing purposes we disable it here
TLS Enable = No
}
directors.ini (2,291 bytes)
; ; Bareos WebUI Configuration File ; ; File: /etc/bareos-webui/directors.ini ; ;------------------------------------------------------------------------------ ; Section localhost-dir ;------------------------------------------------------------------------------ [localhost-dir] ; Enable or disable section. Possible values are "yes" or "no", the default is "yes". enabled = "yes" ; Fill in the IP-Address or FQDN of you director. ; E.g. alice.example.com, 127.0.0.1 or [::1] diraddress = "localhost" ; Default value is 9101 dirport = 9101 ; Set catalog to explicit value if you have multiple catalogs ;catalog = "MyCatalog" ; Set the console name and password for a dedicated pam console. ; Make sure, that "UsePamAuthentication = yes" is set in the ; counterpart Director console configuration. ;pam_console_name = "username" ;pam_console_password = "password" ; TLS verify peer ; Possible values: true or false tls_verify_peer = false ; Server can do TLS ; Possible values: true or false server_can_do_tls = false ; Server requires TLS ; Possible values: true or false server_requires_tls = false ; Client can do TLS ; Possible values: true or false client_can_do_tls = false ; Client requires TLS ; Possible value: true or false client_requires_tls = false ; Path to the certificate authority file ; E.g. ca_file = "/etc/bareos/tls/BareosCA.crt" ;ca_file = "" ; Path to the cert file which needs to contain the client certificate and the key in PEM encoding ; E.g. ca_file = "/etc/bareos/tls/restricted-named-console.pem" ;cert_file = "" ; Passphrase needed to unlock the above cert file if set ;cert_file_passphrase = "" ; Allowed common names ; E.g. allowed_cns = "host1.example.com" ;allowed_cns = "" ;------------------------------------------------------------------------------ ; Section another-host-dir ;------------------------------------------------------------------------------ [another-host-dir] enabled = "no" diraddress = "192.168.120.1" dirport = 9101 ;catalog = "MyCatalog" ;pam_console_name = "username" ;pam_console_password = "password" ;tls_verify_peer = false ;server_can_do_tls = false ;server_requires_tls = false ;client_can_do_tls = false ;client_requires_tls = false ;ca_file = "" ;cert_file = "" ;cert_file_passphrase = "" ;allowed_cns = "" |
|
|
You missed the TLS Require = No |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-02-25 01:48 | jsi | New Issue | |
| 2024-02-25 01:48 | jsi | File Added: admin.conf | |
| 2024-02-25 01:48 | jsi | File Added: directors.ini | |
| 2024-02-27 13:23 | bruno-at-bareos | Assigned To | => bruno-at-bareos |
| 2024-02-27 13:23 | bruno-at-bareos | Status | new => closed |
| 2024-02-27 13:23 | bruno-at-bareos | Resolution | open => no change required |
| 2024-02-27 13:23 | bruno-at-bareos | Note Added: 0005812 |
