Kees Bakker
2017-05-23 09:56:24 UTC
Hey,
Does anyone have a setup with a FreeIPA server and client PC's where users
have an encrypted HOME directory? I'm having difficulty to set it up. I'd be
grateful if someone could give some hints how to set it up. I have Ubuntu
on the server and on the PC's (and laptops).
What I tried so far.
* enable PAM "Create home directory on login"
* as root convert the home directory with ecryptfs-migrate-home
The first step succeeds, a new home directory is created for the user.
However, in the next step, ecryptfs-migrate-home asks for the passphrase of
the user, but it claims that the passphrase is wrong. The result is that the
migration fails.
I've tried another route
* create a new local user with fake name
* rename the new home directory to match the actual user (also the new
directory in /home/.ecryptfs
The reason for a fake name is that you can't add a local user with the same
name that exists in FreeIPA.
The renaming is doable, but tedious. There are symlinks to be changed and there is
~/.ecryptfs/Private.mnt to be edited.
Anyway, with this latter method I can now login through lightdm, but like I mentioned
it is quiet a clumsy process.
--
Kees
_______________________________________________
FreeIPA-users mailing list -- freeipa-***@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-***@l
Does anyone have a setup with a FreeIPA server and client PC's where users
have an encrypted HOME directory? I'm having difficulty to set it up. I'd be
grateful if someone could give some hints how to set it up. I have Ubuntu
on the server and on the PC's (and laptops).
What I tried so far.
* enable PAM "Create home directory on login"
* as root convert the home directory with ecryptfs-migrate-home
The first step succeeds, a new home directory is created for the user.
However, in the next step, ecryptfs-migrate-home asks for the passphrase of
the user, but it claims that the passphrase is wrong. The result is that the
migration fails.
I've tried another route
* create a new local user with fake name
* rename the new home directory to match the actual user (also the new
directory in /home/.ecryptfs
The reason for a fake name is that you can't add a local user with the same
name that exists in FreeIPA.
The renaming is doable, but tedious. There are symlinks to be changed and there is
~/.ecryptfs/Private.mnt to be edited.
Anyway, with this latter method I can now login through lightdm, but like I mentioned
it is quiet a clumsy process.
--
Kees
_______________________________________________
FreeIPA-users mailing list -- freeipa-***@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-***@l