6 Likes
I read that we could use PAM to authenticate to the web-ui, fun, lets check tomorrow
1 Like
https://wiki.nethserver.org/doku.php?id=bareos
wget http://download.bareos.org/bareos/release/latest/CentOS_7/bareos.repo -O /etc/yum.repos.d/bareos.repo
yum install nethserver-bareos --enablerepo=stephdl
4 Likes
I got bareos and PAM workable…something that puzzled me is that pam_sss.so cannot prompt for a login, it only ask for the password, so the trick is to use first pam_unix.so and forward the password
[root@ns7loc14 bareos]# cat /etc/pam.d/bareos
auth sufficient pam_unix.so forward_pass
auth required pam_sss.so try_first_pass
account required pam_sss.so
the evidences
[root@ns7loc14 bareos]# bconsole
Connecting to Director localhost:9101
Encryption: PSK-AES256-CBC-SHA
PAM authentication failed. Giving up.
to be continued
1 Like
Following the Wiki I’m getting a permission error while trying to access the webpage page.
From ssl_error_log
[Tue Apr 07 12:54:19.367377 2020] [authz_core:error] [pid 1316] [client 10.92.0.2:1849] AH01630: client denied by server configuration: /usr/share/bareos-webui/public/
[Tue Apr 07 13:00:04.425831 2020] [authz_core:error] [pid 14270] [client 10.92.0.2:2074] AH01630: client denied by server configuration: /usr/share/bareos-webui/public/
[Tue Apr 07 13:00:06.021800 2020] [authz_core:error] [pid 14271] [client 10.92.0.2:2075] AH01630: client denied by server configuration: /usr/share/bareos-webui/public/
[Tue Apr 07 13:00:20.030080 2020] [authz_core:error] [pid 14272] [client 10.92.0.2:2076] AH01630: client denied by server configuration: /usr/share/bareos-webui/public/
[Tue Apr 07 13:00:20.962834 2020] [authz_core:error] [pid 14272] [client 10.92.0.2:2076] AH01630: client denied by server configuration: /usr/share/bareos-webui/public/
[Tue Apr 07 13:00:21.644095 2020] [authz_core:error] [pid 14272] [client 10.92.0.2:2076] AH01630: client denied by server configuration: /usr/share/bareos-webui/public/
[Tue Apr 07 13:00:22.179676 2020] [authz_core:error] [pid 14272] [client 10.92.0.2:2076] AH01630: client denied by server configuration: /usr/share/bareos-webui/public/
are you on the same network, it is only accessible from the local network
This was exactly it. My VM inside the same LAN connected just fine, VPN connection was the problem.
I add it in the documentation: it is only accessible from the local network
did you succes to login with the user admin ?
I pushed a new version 0.0.4, you need to use the real password of your user admin
Yes it did. Joined NS VM to a SAMBA4/AD DC. Added a new user account called “admin” with password and then logged in easily enough. Tonight I’ll mount a FreeNas NFS share on the NS vm and perform some backup/restore jobs. This looks to be like a clean alternative to FOG.
good…I am a NOOB on bareos, I need some inputs with ideas 
I did a post on the bareos community to announce the module, it would be fun to see more people.
Because I have you here, do you have plans to add a jail for fail2ban? I’ll get back with the results of a couple of VM tests tonight once I know fore sure I understand the mechanisms properly.
a jail to protect bareos-UI ?
in case of bad login we can find this in /var/log/secure
Apr 7 22:36:10 ns7loc13 bareos-dir: pam_sss(bareos:auth): authentication failure; logname= uid=993 euid=993 tty= ruser=admin rhost= user=admin
Apr 7 22:36:10 ns7loc13 bareos-dir: pam_sss(bareos:auth): received for user admin: 7 (Authentication failure)
but I am not sure it is enough we do not have the remote IP to grep
Yes, that is it. This is a bit odd as it is bound by the internal LAN for access but I’d still be somewhat worried about some compromised internal machine brute-force authenticating against it.
1 Like
if we can grep a remote IP with something which means the auth has failed, we have enough to ban
I think you can monitor
/var/log/secure
/var/log/bareos/*
/var/log/httpd/*
Reading through more of the documentation I can say as a first time user this product is driving me nuts. I did successfully add a Win 10 Pro 64bit client but the fact I have to drop down to CLI/copy&paste the conf per device is almost a non-starter for me. This is probably more than likely due to me just dipping my foot into the product but from my FOG background all host registration could be automated/captured with a simple PXE boot setup.
Beyond that, product is working so far as described.
1 Like
I agree the GUI (graphical user interface) is like a drug, when you tested it, hard to do without
Maybe the bareos community could answer ?
in fact I am fond of BackuPc…still never heard of him since years now
Maybe I wouldn’t be so cranky if they had a Web-Gui portion to cut/paste the code snipet for new client registration or have some auto-configured downloadable file from the BareOS server itself. . . But I’m a little kid who’s found a new magical stick and I should probably get to know/user it better before I criticize it. Thank you again @stephdl for your hard work.
1 Like
Probably the public for this software is specific, A the moment we do not hear much about sysadmin but rather we speak about devops, a mix between developers and system administrators, I think this soft is for them…I saw that we could do some really fun things.
I thin we could provide a lot of default configuration bundled with my rpm, I think after you have just to cp the client configuration file