[Bacula-users] winbacula 2.0.3 signature alert
Hello, the signature file don't corrospond to the file: $ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe -d winbacula-2.0.3.exe.sig gpg: Signature made 03/01/07 10:03:11 using DSA key ID 10A792AD gpg: BAD signature from Bacula Distribution Verification Key (www.bacula.org) $ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe --print-md md5 winbacula-2.0 .3.exe winbacula-2.0.3.exe.sig winbacula-2.0.3.exe: 0E D2 E6 6F 15 F5 9E 60 DC FB 0A 88 31 E2 71 7F winbacula-2.0.3.exe.sig: 57 71 4F 53 AE 02 6E BC 5F 5A 14 B8 42 29 6B 90 Check for modification please. What's wrong? Pierre Bernhardt - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] winbacula 2.0.3 signature alert
On Sunday 11 March 2007 17:08, Pierre Bernhardt wrote: Hello, the signature file don't corrospond to the file: $ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe -d winbacula-2.0.3.exe.sig gpg: Signature made 03/01/07 10:03:11 using DSA key ID 10A792AD gpg: BAD signature from Bacula Distribution Verification Key (www.bacula.org) $ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe --print-md md5 winbacula-2.0 .3.exe winbacula-2.0.3.exe.sig winbacula-2.0.3.exe: 0E D2 E6 6F 15 F5 9E 60 DC FB 0A 88 31 E2 71 7F winbacula-2.0.3.exe.sig: 57 71 4F 53 AE 02 6E BC 5F 5A 14 B8 42 29 6B 90 Check for modification please. What's wrong? We use public/private key cryptographic signatures rather than simple md5 hash codes. It is much more secure. Please read the Latest News from 2003 entitled Distribution Verification and Bacula Distribution Public Key that on on the main Bacula page of Source Forge. Pierre Bernhardt - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Feature request: more flexible TLS cert validation
Kern Sibbald schrieb: Hello, Hi, Unless I am mistaken, even if there is a duplicate CN as you fear, it seems to me it should pose no problems because the certificate would not match. Does someone more experienced with TLS know the answer to that? Hmm. I'm not an expert but I've learned much of tls/ssl by installing them on bacula 2 :-) you must use for every IP/Hostname an own certificate. But it's ok to use one key per machine with different related certificates (you should know that one key can have much of certificates) I do this. I have a full TLS and PKI solution on test at the moment. I've created my own root certificate so I can use trusted connections. The certificates which are installed are related to: 1. Certificate for a access from a user. 2. Certificate for grant the bacula service. 3. Decryption Key for every user. 4. Decryption Key for bacula service. 5. Certificate for PKI Master encryption. 6. Certificate for PKI FD-Related encryption. So I have one key for every real user (me at the moment, the server and every (at the moment one) client) or better understand: Easy: A. Every service which opens a port have a own cert. B. Every clientmachine which opens a connection have a own cert, including the bacula server, too. Why: The director will connect to the storage deamon. In this situation the director is the client (B.) and the storage daemon is the service (A.) or: The bconsole (B.) will connect to the director (A.) or: The director (B.) will connect to a file daemon (A.) or: The storage deamon (B.) will connect to the director (A.) any more...? If all is on the same machine under the same user: A. is a service cert from a key related on the interface. B. is a user cert from a key related from the [EMAIL PROTECTED] On my server I'm using only one key with two certs created from: eg. cn = bserver.localnet for A. cn = [EMAIL PROTECTED] for B. For a second fd client I use a different key but with two certs, too: eg. cn = client.localnet for A. cn = [EMAIL PROTECTED] for B. For a bconsole I use an own key/cert: eg. cn = [EMAIL PROTECTED] Further information: The cn for A. must the same configured in the rules for Address The cn for B. can be all you want (include the one for A.). But I'd trouble before I used good identified cn's. Any questions? MfG... Pierre Bernhardt - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] winbacula 2.0.3 signature alert
Kern Sibbald schrieb: On Sunday 11 March 2007 17:08, Pierre Bernhardt wrote: Hello, Hi, the signature file don't corrospond to the file: $ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe -d winbacula-2.0.3.exe.sig gpg: Signature made 03/01/07 10:03:11 using DSA key ID 10A792AD gpg: BAD signature from Bacula Distribution Verification Key (www.bacula.org) $ /cygdrive/c/Programme/Internet/GnuPT/GPG/gpg.exe --print-md md5 winbacula-2.0 .3.exe winbacula-2.0.3.exe.sig winbacula-2.0.3.exe: 0E D2 E6 6F 15 F5 9E 60 DC FB 0A 88 31 E2 71 7F winbacula-2.0.3.exe.sig: 57 71 4F 53 AE 02 6E BC 5F 5A 14 B8 42 29 6B 90 Check for modification please. What's wrong? We use public/private key cryptographic signatures rather than simple md5 hash codes. It is much more secure. Your wrong. The md5 is only for a test on server side. If you look above you can see the that the public key 0x10A792AD match not with the file and the sig. MfG... Pierre Bernhardt - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] Rif: Re: Change tape problem
Hi Arno, I made some tests and this is what I think. When there is a tape change after an out of space error susequent block write continue to get that error even after the tape change by the robot. This continue. I made some changes to the block.c routine (very simple, because I'm not a C programmer and also I don't know the logic of sd program). I made the routine enter the retry loop even for ERNOSPC if file number is 0. This made bacula-sd work correctly (but it took 20 hours to write file 0). After writing the EOF mark speed is normal again. My idea is that changing the tape does not reset the EOD condition on the tape until a file mark is written. I do not know if this a wrong device or OS error, but I believe that the FD of tape should be closed and reopened in a tape change. dd and mt tests always gave correct results, but dd always write an EOF mark at the and of the transfer. If you have some idea about that I will be very happy. Thank you very much in any c asze. -- Ferdinando Pasqualetti G.T.Dati srl Tel. 0557310862 - 3356172731 - Fax 055720143 Ferdinando Pasqualetti/San Lazzaro/Conserve Italia 27/02/2007 09.47 Per Arno Lehmann [EMAIL PROTECTED] CC bacula-users bacula-users@lists.sourceforge.net Oggetto Rif: Re: [Bacula-users] Change tape problemLink Hi Arno, thank you very much for your answer. I will try asap the tests you are suggesting. By the way, I purged the volumes involved in the error shown in the original message (it was the third try), restarted the backup job and here is the (correct) result. 25-feb 19:55 bacula-dir: Start Backup JobId 12927, Job=webfs3-job.2007-02-25_19.55.40 25-feb 19:55 bacula-dir: Recycled volume web-004 25-feb 19:55 webfs3: ClientRunBeforeJob: run command /root/restartsmb 25-feb 19:55 webfs3: ClientRunBeforeJob: Shutting down SMB services: [ OK ] 25-feb 19:55 webfs3: ClientRunBeforeJob: smbd: nessun processo terminato 25-feb 19:55 webfs3: ClientRunBeforeJob: smbd: nessun processo terminato 25-feb 19:55 webfs3: ClientRunBeforeJob: Starting SMB services: [ OK ] 25-feb 19:55 webfs3: ClientRunBeforeJob: [ OK ] 25-feb 19:55 bacula-sd: 3307 Issuing autochanger unload slot 7, drive 0 command. 25-feb 19:57 bacula-sd: 3304 Issuing autochanger load slot 3, drive 0 command. 25-feb 19:57 bacula-sd: 3305 Autochanger load slot 3, drive 0, status is OK. 25-feb 19:57 bacula-sd: 3301 Issuing autochanger loaded? drive 0 command. 25-feb 19:57 bacula-sd: 3302 Autochanger loaded? drive 0, result is Slot 3. 25-feb 19:57 bacula-sd: Recycled volume web-004 on device LTO1 (/dev/lto1), all previous data lost. webfs3: /proc is a different filesystem. Will not descend from / into /proc webfs3: /boot is a different filesystem. Will not descend from / into /boot webfs3: /dev is a different filesystem. Will not descend from / into /dev webfs3: /var/lib/nfs/rpc_pipefs is a different filesystem. Will not descend from / into /var/lib/nfs/rpc_pipefs webfs3: /sys is a different filesystem. Will not descend from / into /sys webfs3: /uno is a different filesystem. Will not descend from / into /uno 26-feb 04:14 bacula-sd: End of Volume web-004 at 594:6519 on device LTO1 (/dev/lto1). Write of 64512 bytes got -1. 26-feb 04:14 bacula-sd: Re-read of last block succeeded. 26-feb 04:14 bacula-sd: End of medium on Volume web-004 Bytes=594,382,602,240 Blocks=9,213,519 at 26-feb-2007 04:14. 26-feb 04:14 bacula-dir: Recycled volume web-005 26-feb 04:14 bacula-sd: 3301 Issuing autochanger loaded? drive 0 command. 26-feb 04:14 bacula-sd: 3302 Autochanger loaded? drive 0, result is Slot 3. 26-feb 04:14 bacula-sd: 3307 Issuing autochanger unload slot 3, drive 0 command. 26-feb 04:15 bacula-sd: 3304 Issuing autochanger load slot 4, drive 0 command. 26-feb 04:15 bacula-sd: 3305 Autochanger load slot 4, drive 0, status is OK. 26-feb 04:15 bacula-sd: 3301 Issuing autochanger loaded? drive 0 command. 26-feb 04:15 bacula-sd: 3302 Autochanger loaded? drive 0, result is Slot 4. 26-feb 04:15 bacula-sd: Recycled volume web-005 on device LTO1 (/dev/lto1), all previous data lost. 26-feb 04:15 bacula-sd: New volume web-005 mounted on device LTO1 (/dev/lto1) at 26-feb-2007 04:15. 26-feb 10:21 bacula-sd: End of Volume web-005 at 528:6656 on device LTO1 (/dev/lto1). Write of 64512 bytes got -1. 26-feb 10:21 bacula-sd: Re-read of last block succeeded. 26-feb 10:21 bacula-sd: End of medium on Volume web-005 Bytes=528,395,664,384 Blocks=8,190,656 at 26-feb-2007 10:21. 26-feb 10:21 bacula-dir: Recycled volume web-006 26-feb 10:21 bacula-sd: 3301 Issuing autochanger loaded? drive 0 command. 26-feb 10:21 bacula-sd: 3302 Autochanger loaded? drive 0, result is Slot 4. 26-feb 10:21 bacula-sd: 3307 Issuing autochanger unload slot 4, drive 0 command. 26-feb 10:22 bacula-sd: 3304 Issuing autochanger load slot 5, drive 0 command. 26-feb 10:22 bacula-sd: 3305 Autochanger load slot 5, drive 0, status is OK. 26-feb 10:22 bacula-sd:
Re: [Bacula-users] On-Site and Off-Site Backup Replicas... Wait For Copy Job?
On Sat, 10 Mar 2007 12:46:04 +0100 Mikael Kermorgant [EMAIL PROTECTED] wrote: How about using mirroring using raid1 ? (you'd probably have to buy a thirs 200gb). This way, you achieve data synchronisation easily, always have a local copy from which to run restores and you cycle between 2 disks to keep an offsite copy. Certainly a possibility - thanks for the suggestion! Regards, -- Mikael Kermorgant -- Nick Withers email: [EMAIL PROTECTED] Web: http://www.nickwithers.com Mobile: +61 414 397 446 - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] Bacula 2.0.3-1 released for SuSE 10.1 and 10.2 (x86_64)
Bacula 2.0.3-1 released for SuSE 10.1 and 10.2 (x86_64) - see sourceforge.net rpms-contrib-psheaffer or (soon to be) the sbarnin repo. Thanks, PattiMichelle - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] Change in verification job tape selection time - deliberate or accidental?
Greetings Listers, Last week I upgraded my Bacula install to 2.0.2 without any issues during the upgrade process. All seemed to be working well until Friday, but that was only because I hadn't discovered this issue yet. I run several jobs each night, with Full backups on Friday night and incrementals every other night. Once the backups are completed I have bacula setup to verify a few of these tape jobs against the catalog with Volume to Catalog jobs. These verify jobs have a higher priority, so they shouldn't start until after the backup jobs are complete. I also schedule them to start 10 minutes after the backups at 23:15. (All backups are scheduled to start at 23:05) This behaviour seems to have changed in Bacula 2.0.2 however. They seem to launch immediately and select which tape they'll use for the verify. Here's a log excerpt from a job running under 1.38.5 (My old version) 02-Mar 01:09 backup1-dir: Verifying against JobId=6017 Job=fs1.2007-03-01_23.00.00 02-Mar 01:09 backup1-dir: Bootstrap records written to /export/bacula/var/backup1-dir.restore.Verify-fs1.2007-03-01_23.15.00.bsr 02-Mar 01:09 backup1-dir: 02-Mar 01:09 backup1-dir: The job will require the following Volumes: 02-Mar 01:09 backup1-dir: 02-Mar 01:09 backup1-dir:09 02-Mar 01:09 backup1-dir: Even tho it was scheduled to run at 23:15, it didn't start until 1:09 the next morning. This is the expected behaviour. Here's a log excerpt from Friday night under 2.0.2: 09-Mar 23:15 backup1-dir: Verifying against JobId=6101 Job=fs1.2007-03-08_23.00.00 09-Mar 23:15 backup1-dir: Bootstrap records written to /export/bacula/var/backup1-dir.restore.11.bsr 09-Mar 23:15 backup1-dir: 09-Mar 23:15 backup1-dir: The job will require the following Volume(s) Storage(s)SD Device(s) === 09-Mar 23:15 backup1-dir: 09-Mar 23:15 backup1-dir:10Tape OfficeAutochanger 09-Mar 23:15 backup1-dir: 10-Mar 20:57 backup1-dir: Start Verify JobId=6125 Level=VolumeToCatalog Job=Verify-fs1.2007-03-09_23.15.00 As can be seen, the job started at 23:15, selected tape '10' and then waited until the next night to run (Full backups take most of a day :) ) Meanwhile, the full backup ran, writing to 2 other tapes. The problem encountered by bacula is that tape 10 had been removed from the Autochanger on Friday morning and replaced with this weeks incremental tape. So Bacula blocked, waiting for a tape, until I discovered and cancelled this job this morning. Not ideal, but it did bring this issue to light. What I'd like to know is if this was a deliberately designed feature, or if it classifies as a bug? If it's deliberate, is there anyway to control when it performs it's tape selection, or even which job it verify? I've scanned the Jobs section of the latest manual but didn't see anything obvious. For now I can either work around it(With a Run script running the verify job), or even work with it (I've wanted to run the Full Backup job verifies on Sunday for a while anyways.) Cheers, Troy Daniels Systems Administrator iTouch Australia (pty) ltd. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users