Ubuntu
likewise-open package

likewise-open users don’t get ecryptfs home directory

Bug #831604 reported by Alex Mauer
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
likewise-open (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

When setting up likewise-open and joining a domain, there is no way to cause it to give AD users ecryptfs-encrypted home directories.

Launchpad Janitor (janitor)
Changed in likewise-open (Ubuntu):
status: New → Confirmed
Revision history for this message
Neil Broadley (scaine) wrote :

Are there manual workarounds for this? Full disk encryption is too clunky for corporate use and the lack of encrypted home folders in an Active Directory environment means missing a huge advantage an Ubuntu install would have over a Windows device.

Revision history for this message
Scott Salley (ssalley) wrote :

I know very little about about ecryptfs. What feature does likewise-open need to support this?

Revision history for this message
Alex Mauer (hawke) wrote :

I think it would need to encrypt the home directory at the same time it creates it. I guess this is what the system adduser script does with its --encrypted-home option.

I'm not sure the details of what adduser does, but I think it may just do 'ecryptfs-migrate-home' after it makes the dir. The following links are relevant:

http://blog.dustinkirkland.com/2011/02/long-overdue-introduction-ecryptfs.html

https://help.ubuntu.com/community/EncryptedHome#Encrypted_Home

Revision history for this message
Tony Mugan (tmugan) wrote :

I am trying to add an encrypted folder to my Ubuntu profile.
What I want to do is have a folder called ~/Private which is actually a decrypted view of the folder ~/.Private

This works fine unless I try it in a likewise user profile which is connected to our work Windows domain.

Entering ecryptfs-setup-private asks me for my login passphrase but always rejects it.

As mentioned, I have local profile on this machine for which the whole home folder is encrypted and decrypts on login.
I just cannot get the same to happen for the likewise profile on Ubuntu Oneiric Ocelot v11.10.

Details that I am following are here.
http://bodhizazen.net/Tutorials/Ecryptfs

Once I get it sorted, I will sync the .Private folder to my dropbox account and have a layer of security for replicating my files to the cloud.

Revision history for this message
Tony Mugan (tmugan) wrote :

Ok, I managed to get this working by setting it up on a machine at home first. I login to that home machine with a local account.

Then I sync the .Private folder through UbuntuOne to my work machine.

The final bit is to use the same mount-phrase across the two machines but with different logins.
To achieve this I needed to unwrap the mount-passphrase at home, copy it to work and rewrap it there with my work login passphrase (which is using likewise to authenticate against Active Directory).

Works fine now.

The commands you are looking for are

Home machine - find out the mountphrase by unwrapping
ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase

Wrap that mountphrase with your AD password on the work PC
ecryptfs-wrap-passphrase ~/.ecryptfs/wrapped-passphrase

Good luck

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.