Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bacula-users] Issue with data encryption with Windows 7 client?

2011-01-13 11:41:55
Subject: [Bacula-users] Issue with data encryption with Windows 7 client?
From: Timothy Kallinis <tkallinis AT hrsmart DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Thu, 13 Jan 2011 10:37:49 -0500 
Hi, I intend to use Bacula to backup clients in a small office 
environment. The clients are Windows XP, Windows 7 and Linux (generally 
Ubuntu). I prefer to use PKI data encryption.

The server running director, storage and file daemons is running the 
latest version of Ubuntu Server 10.10 (64-bit). Bacula is installed and 
running in a chroot on this server. I used the Ubuntu Bacula packages 
version 5.0.2-1ubuntu1.

I've only been testing so far and the clients are the Bacula server, a 
laptop running ubuntu and a new Dell laptop running Windows 7 (64-bit). 
Backing up and restoring with encryption works perfectly fine with both 
ubuntu clients. Backing up and restoring also works with Windows 7 
without encryption.

However, there are issues when I use PKI encryption with Windows 7. 
Backup with encryption appears to succeed. When I try to recover to the 
Windows 7 client, it fails. When I try to restore on the ubuntu server 
using its client, the FD segfaults. The version of FD installed on the 
Windows 7 client is win64bacula-5.0.2.exe. I haven't tried Windows XP or 
32-bit clients.

The ubuntu FD is able to restore the one file from the Windows client 
I'm using for testing before it segfaults. The restore appears to 
decrypt and be okay. On the Windows client, the file is not restored.

Any idea why this would happen? Is it a known issue? It almost seems 
like something is missing on the Windows 7 laptop related to data 
encryption: "Failed to initialize decryption context". I generated the 
keys and cert according to the Bacula instructions on the ubuntu server. 
It does work perfectly fine for the ubuntu laptop backing up over 3 GB 
of data and restoring it.

I should also state that the storage used is file storage to the hard 
drive on the Bacula server, so no tape drives.

On the Windows 7 client, the error is:

13-Jan 09:34 tk-fd JobId 127: Error: 
/tmp/bacula/bacula/src/filed/restore.c:542 Failed to initialize 
decryption context for 
/data/bacula-restores/C/Users/tkallinis/Documents/Backup/backup-test.txt
13-Jan 09:34 backupca-dir JobId 127: Error: Bacula backupca-dir 5.0.2 
(28Apr10): 13-Jan-2011 09:34:09

On the ubuntu client, this is the error:

13-Jan 09:42 backup-fd JobId 128: Error: restore.c:1003 Signature 
validation failed for file 
/data/bacula-restores/C:/Users/tkallinis/Documents/Backup/backup-test.txt: 
ERR=Signature is invalid
13-Jan 09:42 backupca-dir JobId 128: Fatal error: Socket error on Store 
end command: ERR=No data available
13-Jan 09:42 backupca-dir JobId 128: Error: Bacula backupca-dir 5.0.2 
(28Apr10): 13-Jan-2011 09:42:28

This is the relevant client config on Windows 7:

FileDaemon {                            # this is me
   Name = tk-fd
   FDport = 9102                # where we listen for the director
   WorkingDirectory = "C:\\Program Files\\Bacula\\working"
   Pid Directory = "C:\\Program Files\\Bacula\\working"
# Plugin Directory = "C:\\Program Files\\Bacula\\plugins"
   Maximum Concurrent Jobs = 10

   PKI Encryption = Yes
   PKI Signatures = Yes
   PKI Keypair = "C:/Program Files/Bacula/tk-fd.pem"
   PKI Master Key = "C:/Program Files/Bacula/master.cert"
}

The client config on the ubuntu Bacula server:

FileDaemon {                          # this is me
   Name = backup-fd
   FDport = 9102                  # where we listen for the director
   WorkingDirectory = /var/lib/bacula
   Pid Directory = /var/run/bacula
   Maximum Concurrent Jobs = 20
   FDAddress = backup-ca.hrsmart.com

   PKI Signatures = Yes
   PKI Encryption = Yes
   PKI Keypair = "/etc/bacula/master.keypair"
}

-- 
Timothy Kallinis, Linux Systems Administrator

HRsmart Canada
30 Centurian Drive, Unit 101
Markham, Ontario L3R 8B8
T: 905.754.0200 x243
F: 905.754.0205
E: tkallinis AT hrsmart DOT com
www.hrsmart.com


------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Bacula-users] Issue with data encryption with Windows 7 client?, Timothy Kallinis <=
Previous by Date:  Re: [Bacula-users] Job is waiting on max Storage jobs although I set Max concurrent job to 10, Hugo Letemplier
Next by Date:  Re: [Bacula-users] incremental backups too large, Bruno Friedmann
Previous by Thread:  [Bacula-users] Reload Config while bacula-dir is still running?, Mister IT Guru
Next by Thread:  [Bacula-users] Restore Fails, ml ml
Indexes:  [Date] [Thread] [Top] [All Lists]