Hey,

Does anyone have a setup with a FreeIPA server and client PC's where users
have an encrypted HOME directory? I'm having difficulty to set it up. I'd be
grateful if someone could give some hints how to set it up. I have Ubuntu
on the server and on the PC's (and laptops).

What I tried so far.
* enable PAM "Create home directory on login"
* as root convert the home directory with ecryptfs-migrate-home

The first step succeeds, a new home directory is created for the user.
However, in the next step, ecryptfs-migrate-home asks for the passphrase of
the user, but it claims that the passphrase is wrong. The result is that the
migration fails.

I've tried another route
* create a new local user with fake name
* rename the new home directory to match the actual user (also the new
directory in /home/.ecryptfs

The reason for a fake name is that you can't add a local user with the same
name that exists in FreeIPA.
The renaming is doable, but tedious. There are symlinks to be changed and there 
is
~/.ecryptfs/Private.mnt to be edited.

Anyway, with this latter method I can now login through lightdm, but like I 
mentioned
it is quiet a clumsy process.
-- 
Kees
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to