Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem

2012-05-04 05:04:24
Subject: Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem
From: Hugo Letemplier <hugo.let.35 AT gmail DOT com>
To: Martin Simmons <martin AT lispworks DOT com>
Date: Fri, 4 May 2012 11:01:24 +0200 
2012/4/25 Martin Simmons <martin AT lispworks DOT com>:
>>>>>> On Wed, 25 Apr 2012 12:05:59 +0200, Hugo Letemplier said:
>>
>> 2012/4/16 Martin Simmons <martin AT lispworks DOT com>:
>> >>>>>> On Sat, 14 Apr 2012 13:53:37 +0200, Hugo Letemplier said:
>> >>
>> >> 2012/4/11 Martin Simmons <martin AT lispworks DOT com>:
>> >> >>>>>> On Wed, 4 Apr 2012 16:59:58 +0200, Hugo Letemplier said:
>> >> >>
>> >> >> Hello, I have tested encryption/decryption on many bacula backups but
>> >> >> one job is tricky
>> >> >>
>> >> >> I have Linux, MacOSX and Windows 2003 servers
>> >> >> I have master.cert and one fd.pem for encryption on each client.
>> >> >> fd.pem is specific for each client
>> >> >> master.cert is on every client and allow to decrypt with the "secret"
>> >> >> master.pem in the case we loose the specific backup key.
>> >> >>
>> >> >> My bacula server is unable to restore 1 of my three Windows servers
>> >> >> using the master.pem keypair
>> >> >
>> >> > Saying "unable to restore" is too vague -- what is the error message?
>> >> >
>> >>
>> >> I wanted to say that Master encryption/decryption doesn't work
>> >> although the client specific encryption/decryption works
>> >> It's just saying :
>> >>
>> >> Error: Missing private key required to decrypt encrypted backup data.
>> >
>> > OK.
>> >
>> >
>> >> > Which one fails to restore?
>> >> >
>> >> > Is it definitely using the correct bacula-fd.conf?  E.g. try temporarily
>> >> > deleting the master.pem file and see if the bacula-fd fails to start.
>> >>
>> >> The file daemon with master.pem is decrypting every other backup fine
>> >> (linux, mac windows) so it can't come from the restore FD but more
>> >> from the backup fd when it loads the master.cert that contains the
>> >> master public key.
>> >
>> > That points to a problem on the Windows machine's file daemon.  E.g. try
>> > temporarily deleting the master.pem file from the Windows client and verify
>> > that you get an error when you restart its bacula-fd.
>> >
>> > __Martin
>> >
>>
>> Did you want to say master.cert file ? Instead of master.pem
>
> Oops yes, thanks for the correction.
>
> __Martin
>
Hello

Indeed, if I rename the file bacula services starts without any
warning and if I do a "status client=MyWIndowsFD" in bconsole
everything seems to be fine.

On the other windows server, I tried the same and the service refused
to start, I simply don't understand

What should I do ?

Thanks

Hugo

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] ML6000 does not work al of a sudden, Satmarean, Mihai
Next by Date:  Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem, Martin Simmons
Previous by Thread:  [Bacula-users] Error 3915 Bad Job command, Volker Böhm
Next by Thread:  Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem, Martin Simmons
Indexes:  [Date] [Thread] [Top] [All Lists]