This bug was fixed in the package sssd - 1.13.4-1ubuntu1.1
---
sssd (1.13.4-1ubuntu1.1) xenial; urgency=medium
* Sync 1.13.4-3 changes from debian/yakkety.
sssd (1.13.4-3) unstable; urgency=medium
* common: Add /var/lib/sss/gpo_cache. (LP: #1579092)
* gpo-add-unity-to-ad-gpo-m
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1578415
Title:
Lockscreen access denied (AD auth via sssd)
To manage notification
Hi Brian / Timo,
I just check the package in xenial-proposed (sssd 1.13.4-1ubuntu1.1) and
I don't find any regressions in my environment. AD authentication works
as expected.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bug
** Changed in: sssd (Ubuntu)
Importance: Undecided => Medium
** Changed in: sssd (Ubuntu Xenial)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1578415
Title:
L
The upload of sssd in xenial-proposed still contains a patch for this
bug (and another) though, so it would be good to find out if the patch
causes any regressions. Could someone please test the version of sssd
from -proposed? Thanks in advance.
--
You received this bug notification because you
Looks like it is not needed anymore.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1578415
Title:
Lockscreen access denied (AD auth via sssd)
To manage notifications about this bug go to:
https://b
Huh, so the patch that got added in -1ubuntu1.1 is not needed?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1578415
Title:
Lockscreen access denied (AD auth via sssd)
To manage notifications about
Hi Timo,
Sorry for the delay... I just made a clean install of Xenial in a
virtual machine and this bug is already fixed in the 16.04.1 release.
sssd version is 1.13.4-1ubuntu1
However you still need to manually install adcli to fix the delay in AD
authentication (see https://bugs.launchpad.net/
camilo, mind testing this so that the update can be released to xenial-
updates
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1578415
Title:
Lockscreen access denied (AD auth via sssd)
To manage no
Hello Camilo, or anyone else affected,
Accepted sssd into xenial-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/sssd/1.13.4-1ubuntu1.1
in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki
** Also affects: sssd (Ubuntu Xenial)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1578415
Title:
Lockscreen access denied (AD auth via sssd)
To manage
This bug was fixed in the package sssd - 1.13.4-3
---
sssd (1.13.4-3) unstable; urgency=medium
* common: Add /var/lib/sss/gpo_cache. (LP: #1579092)
* gpo-add-unity-to-ad-gpo-map-interactive.diff: Allow logging in from
unity lockscreen. (LP: #1578415)
-- Timo Aaltonen Tue,
Attached are the sssd logs using debug_level=6
I will open another bug report for polkit.
Thanks!
** Attachment added: "SSSD debug_level=6 logs"
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1578415/+attachment/4656661/+files/sssd.tar.gz
--
You received this bug notification because
Those are two separate bugs. The lock-screen one was SSSD legitimately
denying access because its configuration said it should (the PAM service
wasn't on the list, so it defaults to denial).
However, the error you're seeing with polkit is different:
May 5 11:55:20 uatlantico polkit-agent-helper-1
I can also confirm that adding
ad_gpo_map_interactive = +unity
has fixed the lock screen issue. As vargax mentions above, elevated
privileges in the gui is still an issue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.
I can confirm that adding
ad_gpo_map_interactive = +unity
to the [domain/DOMAINNAME] section of sssd.conf solves the lock screen
issue.
The "elevated privileges" issue still there:
May 5 11:55:50 uatlantico polkitd(authority=local): Operator of
unix-session:c2 FAILED to authenticate to gain a
Patch proposed upstream at:
https://lists.fedorahosted.org/archives/list/sssd-
de...@lists.fedorahosted.org/thread/F5IRGD4DONMTRCR3EAATVTHVMZMYVSRA/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/15784
Looks to me like it's because the PAM service "unity" (which runs the
screensaver) isn't listed in the `ad_gpo_map_interactive` option in
sssd.conf. This list should have distro-specific defaults (since
different distributions use different PAM service names)
The fix should be to add unity to the
/var/log/auth.log seems to indicate that AD users are properly
authenticated, they just aren't authorized:
May 4 09:27:10 myhostname compiz: pam_sss(unity:auth): authentication
success; logname= uid=12345 euid=12345 tty= r
user= rhost= user=myuser
May 4 09:27:10 myhostname compiz: gkr-pam
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: sssd (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1578415
Title:
Locks
AskUbuntu thread:
http://askubuntu.com/questions/767079/lockscreen-access-denied-ad-auth-
via-sssd
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1578415
Title:
Lockscreen access denied (AD auth via
21 matches
Mail list logo
