Discussion:
[bareos-users] No data encryption although encryption configuration = Yes
Raphael FG-Bareos
2018-07-13 11:40:37 UTC
Permalink
Hello everyone,

As mentioned in the subject, I have issue with the encryption.
The BareosÂŽ client servers are running on Ubuntu 16.04 but two of my tens
servers doesn't apply the encryption.
I confirmed the non-encryption with a restore.

The PKI Encryption is set to Yes, however once the backup is over the
result shows "Encryption: no"

I am confused because I could encrypt datas for tens of servers but not 2
of them with the same process.

I generated key pair and edit the configuration file on the client as
following: (/etc/bareos-fd.d/client/myself.conf)

Client {
Name = my_server-fd
Maximum Concurrent Jobs = 20

PKI Signatures = Yes
PKI Encryption = Yes
PKI Keypair = "/etc/bareos/my_server-fd.pem"
PKI Master Key = "/etc/bareos/master.cert"
PKI Cipher = aes128
}


Then I restarted bareos-fd deamon after updating the configuration file on
the client, and restarted bareos-dir daemon on bareos host, and reloaded on
bconsole.

Can someone give me a hint to resolve this ?

Thank you in advance,

FG
--
You received this message because you are subscribed to the Google Groups "bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users+***@googlegroups.com.
To post to this group, send email to bareos-***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Raphael FG-Bareos
2018-07-13 13:23:02 UTC
Permalink
Hello again,

I just found that clients were running on bareos 14.2 and have been updated
to 17.2 recently.
bareos is still referencing to /etc/bareos/bareos-fd.conf instead of
/etc/bareos/bareos-fd.d/client/myself.conf
Post by Raphael FG-Bareos
Hello everyone,
As mentioned in the subject, I have issue with the encryption.
The BareosÂŽ client servers are running on Ubuntu 16.04 but two of my tens
servers doesn't apply the encryption.
I confirmed the non-encryption with a restore.
The PKI Encryption is set to Yes, however once the backup is over the
result shows "Encryption: no"
I am confused because I could encrypt datas for tens of servers but not 2
of them with the same process.
I generated key pair and edit the configuration file on the client as
following: (/etc/bareos-fd.d/client/myself.conf)
Client {
Name = my_server-fd
Maximum Concurrent Jobs = 20
PKI Signatures = Yes
PKI Encryption = Yes
PKI Keypair = "/etc/bareos/my_server-fd.pem"
PKI Master Key = "/etc/bareos/master.cert"
PKI Cipher = aes128
}
Then I restarted bareos-fd deamon after updating the configuration file on
the client, and restarted bareos-dir daemon on bareos host, and reloaded on
bconsole.
Can someone give me a hint to resolve this ?
Thank you in advance,
FG
--
You received this message because you are subscribed to the Google Groups "bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users+***@googlegroups.com.
To post to this group, send email to bareos-***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jörg Steffens
2018-07-13 13:33:58 UTC
Permalink
Post by Raphael FG-Bareos
Hello everyone,
As mentioned in the subject, I have issue with the encryption.
The Bareos´ client servers are running on Ubuntu 16.04 but two of my
tens servers doesn't apply the encryption.
Maybe on this servers, you don't use the bareos.org/bareos.com packages
but the ubuntu package?

See
http://doc.bareos.org/master/html/bareos-manual-main-reference.html#Debian.org/UbuntuUniverse
:

Debian.org prefers that Bareos (Debian.org) is linked against GnuTLS
instead of OpenSSL. Therefore, the Bareos (Debian.org) package only
support Transport Encryption but no Data Encryption.

Same applies to the Ubuntu Universe packages.
--
Jörg Steffens ***@bareos.com
Bareos GmbH & Co. KG Phone: +49 221 630693-91
http://www.bareos.com Fax: +49 221 630693-10

Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Komplementär: Bareos Verwaltungs-GmbH
Geschäftsführer:
S. Dühr, M. Außendorf, Jörg Steffens, P. Storz
--
You received this message because you are subscribed to the Google Groups "bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users+***@googlegroups.com.
To post to this group, send email to bareos-***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
FG Bareos
2018-07-14 15:43:11 UTC
Permalink
Thank you for the hint Jörg, I could fix the issue.

Best,

FG
Post by Jörg Steffens
Post by Raphael FG-Bareos
Hello everyone,
As mentioned in the subject, I have issue with the encryption.
The BareosÂŽ client servers are running on Ubuntu 16.04 but two of my
tens servers doesn't apply the encryption.
Maybe on this servers, you don't use the bareos.org/bareos.com packages
but the ubuntu package?
See
http://doc.bareos.org/master/html/bareos-manual-main-reference.html#Debian.org/UbuntuUniverse
Debian.org prefers that Bareos (Debian.org) is linked against GnuTLS
instead of OpenSSL. Therefore, the Bareos (Debian.org) package only
support Transport Encryption but no Data Encryption.
Same applies to the Ubuntu Universe packages.
--
Bareos GmbH & Co. KG Phone: +49 221 630693-91
http://www.bareos.com Fax: +49 221 630693-10
Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
KomplementÀr: Bareos Verwaltungs-GmbH
S. DÃŒhr, M. Außendorf, Jörg Steffens, P. Storz
--
You received this message because you are subscribed to the Google Groups
"bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users+***@googlegroups.com.
To post to this group, send email to bareos-***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...