Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem

2012-04-17 00:36:39
Subject: Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem
From: Martin Simmons <martin AT lispworks DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Mon, 16 Apr 2012 16:48:14 +0100 
>>>>> On Sat, 14 Apr 2012 13:53:37 +0200, Hugo Letemplier said:
> 
> 2012/4/11 Martin Simmons <martin AT lispworks DOT com>:
> >>>>>> On Wed, 4 Apr 2012 16:59:58 +0200, Hugo Letemplier said:
> >>
> >> Hello, I have tested encryption/decryption on many bacula backups but
> >> one job is tricky
> >>
> >> I have Linux, MacOSX and Windows 2003 servers
> >> I have master.cert and one fd.pem for encryption on each client.
> >> fd.pem is specific for each client
> >> master.cert is on every client and allow to decrypt with the "secret"
> >> master.pem in the case we loose the specific backup key.
> >>
> >> My bacula server is unable to restore 1 of my three Windows servers
> >> using the master.pem keypair
> >
> > Saying "unable to restore" is too vague -- what is the error message?
> >
> 
> I wanted to say that Master encryption/decryption doesn't work
> although the client specific encryption/decryption works
> It's just saying :
> 
> Error: Missing private key required to decrypt encrypted backup data.

OK.


> > Which one fails to restore?
> >
> > Is it definitely using the correct bacula-fd.conf?  E.g. try temporarily
> > deleting the master.pem file and see if the bacula-fd fails to start.
> 
> The file daemon with master.pem is decrypting every other backup fine
> (linux, mac windows) so it can't come from the restore FD but more
> from the backup fd when it loads the master.cert that contains the
> master public key.

That points to a problem on the Windows machine's file daemon.  E.g. try
temporarily deleting the master.pem file from the Windows client and verify
that you get an error when you restart its bacula-fd.

__Martin

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Bacula MySQL Catalog binlog restore, Phil Stracchino
Next by Date:  Re: [Bacula-users] Bacula MySQL Catalog binlog restore, Martin Simmons
Previous by Thread:  Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem, Hugo Letemplier
Next by Thread:  Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem, Hugo Letemplier
Indexes:  [Date] [Thread] [Top] [All Lists]