Ubuntu 11.10 Can't log in with encrypted home directory

Asked by Harry Skelton on 2011-10-15

Load 11.10 clean. Configure my login to have an encrypted home directory. Fix X11 (broke for Nvidia - see prior post). Reboot. Then try to log in. Accepts password, blanks the screen, then goes back to the login. Had to bring up a console login to remove my account and add it unencrypted to work.

Sidebar: No option in the user management screens to encrypt the user's home directory.

Question information

English Edit question
Ubuntu lightdm Edit question
No assignee Edit question
Solved by:
Last query:
Last reply:
Harry Skelton (skelton-harry) said : #1

64 bit Ubuntu 11.10 does not have this problem. No problems logging in.

Noen (erlend-mannen) said : #2

I'm having the same problem in 64bit 11.10

My system do not have a nvidia chip, and I did the mistake of trying to install it.

When I log in, and get thrown back to the lightdm login screen, I see the following in /var/log/lightdm/x0.log

X.Org X Server 1.10.4
Release Date: 2011-08-19
X Protocol Version 11, Revision 0
Build Operating System: Linux 2.6.24-27-server x86_64 Ubuntu
Current Operating System: Linux sokrates 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64
Kernel command line: BOOT_IMAGE=/boot/vmlinuz-3.0.0-12-generic root=UUID=67948919-ade3-4792-b876-8bcfbed1df92 ro quiet splash vt.handoff=7
Build Date: 13 October 2011 05:44:30PM
xorg-server 2:1.10.4-1ubuntu4.1 (For technical support please see http://www.ubuntu.com/support)
Current version of pixman: 0.22.2
 Before reporting problems, check http://wiki.x.org
 to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
 (++) from command line, (!!) notice, (II) informational,
 (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Wed Oct 19 16:40:26 2011
(==) Using system config directory "/usr/share/X11/xorg.conf.d"
(EE) Failed to initialize GLX extension (Compatible NVIDIA X driver not found)

Best Noen (erlend-mannen) said : #3

I solved this by recreating my account, roughly using these steps:

1. mount my files by using ecryptfs-mount-private
2. backup all my files, and move them to i.e. /var/backups/
3. enable root account (sudo passwd root), and login as root
4. userdel -r <my account>
5. adduser --encrypt-home <my account>
6. modify /etc/group to add my account in adm, dialout, cdrom, plugdev, lpadmin, admin, sambashare
7. login and restore backup
8. Remember to wipe your backup file (sudo apt-get install wipe), then wipe /var/backups/<your backup>

Hope this works for you too

Noen (erlend-mannen) said : #4

Using domainjoin-cli to join a domain recreates this bug.

Harry Skelton (skelton-harry) said : #5

Your solution would be the way to go for users with data to backup, but it still does not solve the problem of new installs. The problem continues with 32-bit systems but not 64-bit.

A user will still be unable to login as that particular user. The only thing one can do is to login on one of the virtual consoles. Add a password to the root account. Exit and login as "other", then "root". Delete the old account and re-add it.

Noen (erlend-mannen) said : #6

What I had might be unrelated to your problem...
How does creating a new user "test" with --encrypted-home and logging in gui?

If it does not work, you might want to tag this question as "open" again.

Harry Skelton (skelton-harry) said : #7

I believe the problem is with initial logins. Maybe something with the password file, the shadow file, or the encryption engine. It could be the way the script creates the home directory vs how one would do it manually. Once I created it manually it worked for me. Due to the limitation of time I could not take more efforts to try to reinstall and see what the issues are prior to trying to login.

I'll consider this solved for now. At least it is a work-around. I don't see any of the development team wanting to check this issue. I won't argue the point.

Thanks for your response.

Harry Skelton (skelton-harry) said : #8

Thanks Noen, that solved my question.