>>>>> On Fri, 4 May 2012 11:01:24 +0200, Hugo Letemplier said:
>
> 2012/4/25 Martin Simmons <martin AT lispworks DOT com>:
> >>>>>> On Wed, 25 Apr 2012 12:05:59 +0200, Hugo Letemplier said:
> >>
> >> 2012/4/16 Martin Simmons <martin AT lispworks DOT com>:
> >> >>>>>> On Sat, 14 Apr 2012 13:53:37 +0200, Hugo Letemplier said:
> >> >>
> >> >> 2012/4/11 Martin Simmons <martin AT lispworks DOT com>:
> >> >> >>>>>> On Wed, 4 Apr 2012 16:59:58 +0200, Hugo Letemplier said:
> >> >> >>
> >> >> >> Hello, I have tested encryption/decryption on many bacula backups but
> >> >> >> one job is tricky
> >> >> >>
> >> >> >> I have Linux, MacOSX and Windows 2003 servers
> >> >> >> I have master.cert and one fd.pem for encryption on each client.
> >> >> >> fd.pem is specific for each client
> >> >> >> master.cert is on every client and allow to decrypt with the "secret"
> >> >> >> master.pem in the case we loose the specific backup key.
> >> >> >>
> >> >> >> My bacula server is unable to restore 1 of my three Windows servers
> >> >> >> using the master.pem keypair
> >> >> >
> >> >> > Saying "unable to restore" is too vague -- what is the error message?
> >> >> >
> >> >>
> >> >> I wanted to say that Master encryption/decryption doesn't work
> >> >> although the client specific encryption/decryption works
> >> >> It's just saying :
> >> >>
> >> >> Error: Missing private key required to decrypt encrypted backup data.
> >> >
> >> > OK.
> >> >
> >> >
> >> >> > Which one fails to restore?
> >> >> >
> >> >> > Is it definitely using the correct bacula-fd.conf? E.g. try
> >> >> > temporarily
> >> >> > deleting the master.pem file and see if the bacula-fd fails to start.
> >> >>
> >> >> The file daemon with master.pem is decrypting every other backup fine
> >> >> (linux, mac windows) so it can't come from the restore FD but more
> >> >> from the backup fd when it loads the master.cert that contains the
> >> >> master public key.
> >> >
> >> > That points to a problem on the Windows machine's file daemon. E.g. try
> >> > temporarily deleting the master.pem file from the Windows client and
> >> > verify
> >> > that you get an error when you restart its bacula-fd.
> >> >
> >> > __Martin
> >> >
> >>
> >> Did you want to say master.cert file ? Instead of master.pem
> >
> > Oops yes, thanks for the correction.
> >
> > __Martin
> >
> Hello
>
> Indeed, if I rename the file bacula services starts without any
> warning and if I do a "status client=MyWIndowsFD" in bconsole
> everything seems to be fine.
>
> On the other windows server, I tried the same and the service refused
> to start, I simply don't understand
>
> What should I do ?
OK, that suggests to me that the bacula-fd.conf doesn't load master.cert for
some reason.
Check the command line arguments of the service to find the bacula-fd.conf.
You could try renaming that bacula-fd.conf and then restart the service (I
would expect it to fail to start in that case).
Having identified the bacula-fd.conf that the service is using, compare it to
the working ones.
__Martin
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
