[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bacula and tcpwrappers on Debian

Hah! I say hah!

Greg Vickers wrote:
> Hi all,
> I've found out that tcpwrappers were causing my authentication problems with Bacula (bconsole couldn't connect to the bacula-dir process.)
> If remove the 'ALL: ALL' line from hosts.deny bconsole will connect to the director successfully. I reinstate the 'ALL: ALL' clause and the following hosts.allow file will not allow bconsole to connect:
> bacula-dir: ALL
> bacula-fd: ALL
> bacula-sd: ALL
> (I know I probably don't need the bacula-fd and -sd lines, but I included them out of frustration.)
> What else should I include in my hosts.allow file to allow bconsole to connect to the director?

According to
http://www.bacula.org/dev-manual/Bacula_Security_Issues.html (thanks go
to apathy for pointing it out!) the daemeon name when running (the
service name) can be configured to be different to the process name!!

Debian configuration for Bacula sets the service name to be
%hostname%-dir (which makes sense) so your hosts.allow has to have an
entry for '%hostname%-dir', NOT 'bacula-dir'!

I guess it's not a bug, but an important configuration point that is not
included anywhere in any of the Debian documentation for Bacula that I
could find (I may have looked in the wrong place.)

HTH someone else,

Reply to: