Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem

2012-04-11 08:06:50
Subject: Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem
From: Martin Simmons <martin AT lispworks DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Wed, 11 Apr 2012 13:04:37 +0100 
>>>>> On Wed, 4 Apr 2012 16:59:58 +0200, Hugo Letemplier said:
> 
> Hello, I have tested encryption/decryption on many bacula backups but
> one job is tricky
> 
> I have Linux, MacOSX and Windows 2003 servers
> I have master.cert and one fd.pem for encryption on each client.
> fd.pem is specific for each client
> master.cert is on every client and allow to decrypt with the "secret"
> master.pem in the case we loose the specific backup key.
> 
> My bacula server is unable to restore 1 of my three Windows servers
> using the master.pem keypair

Saying "unable to restore" is too vague -- what is the error message?


> With bacula, I used an SQLQuery to check all the master.pem certificates.
> 
> SELECT DISTINCT
>   path.path,
>   file.md5,
>   job.starttime,
>   client.name
> FROM
>     public.client,
>     public.file,
>     public.filename,
>     public.path,
>     public.job
> WHERE
>     client.clientid = job.clientid AND
>     file.jobid = job.jobid AND
>     file.filenameid = filename.filenameid AND
>     file.pathid = path.pathid AND
>     filename.name = 'master.cert'
> ORDER BY file.md5,client.name,path.path,job.starttime
> 
> Result shows me that md5 hash are different on different OS
> ex 1 hash on all osx server, one hash on all linux server
> 
> But on windows md5 are always different whatever is the machine !

That is probably OK.  The backup on Windows will include various other data
about the file which could vary between machines (assuming you didn't set
portable=yes in the fileset).


> 2 of my three windows machines uses the same bacula 5.0.3 binaries
> downloaded from the bacula Repo

Where did the third binary come from?

Which one fails to restore?

Is it definitely using the correct bacula-fd.conf?  E.g. try temporarily
deleting the master.pem file and see if the bacula-fd fails to start.

__Martin

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] running script before job fails due to permission issue, Martin Simmons
Next by Date:  Re: [Bacula-users] Universal Restore, Mike Ruskai
Previous by Thread:  [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem, Hugo Letemplier
Next by Thread:  Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem, Hugo Letemplier
Indexes:  [Date] [Thread] [Top] [All Lists]