Hello,
I have freeipa server (centos7) setup. I installed freeipa-client on my KDE Neon laptop. I can sign in with my freeipa user and am able to use sudo. But when asked for password whilst doing KDE administration, it does not work.
Any logs I should check?
On 17.04.19 04:49, Brian Watson | Watsontech.net via FreeIPA-users wrote:
Hello,
I have freeipa server (centos7) setup. I installed freeipa-client on my KDE Neon laptop. I can sign in with my freeipa user and am able to use sudo. But when asked for password whilst doing KDE administration, it does not work.
Any logs I should check?
Do you have an entry like this in /etc/nsswitch.conf
sudoers: files sss
The "sss" part is the important one.
Cheers, Ronald
Yes it is shown;
brianw@fenix:~$ grep sudoers /etc/nsswitch.conf sudoers: files sss
Thank you!
On Tue, Apr 16, 2019 at 11:03 PM Ronald Wimmer via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On 17.04.19 04:49, Brian Watson | Watsontech.net via FreeIPA-users wrote:
Hello,
I have freeipa server (centos7) setup. I installed freeipa-client on my KDE Neon laptop. I can sign in with my freeipa user and am able to use sudo. But when asked for password whilst doing KDE administration, it does not work.
Any logs I should check?
Do you have an entry like this in /etc/nsswitch.conf
sudoers: files sss
The "sss" part is the important one.
Cheers, Ronald _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
On Tue, Apr 16, 2019 at 07:49:40PM -0700, Brian Watson | Watsontech.net via FreeIPA-users wrote:
Hello,
I have freeipa server (centos7) setup. I installed freeipa-client on my KDE Neon laptop. I can sign in with my freeipa user and am able to use sudo. But when asked for password whilst doing KDE administration, it does not work.
Any logs I should check?
Hi,
maybe you can check if there PAM related messages in /var/log/secure or the journal around the time you are giving the password for KDE administration. If e.g. a special PAM service is used by KDE and you are using HBAC you might need to add this service to a rule which allows access.
HTH
bye, Sumit
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
For some reason it is trying to use a local user as the username... But the UID is correct.
brianw@fenix:~$ tail -n3 /var/log/auth.log Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: pam_unix(polkit-1:auth): authentication failure; logname= uid=386900000 euid=0 tty= ruser=ladmin rhost= user=ladmin Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: pam_sss(polkit-1:auth): authentication failure; logname= uid=386900000 euid=0 tty= ruser=ladmin rhost= user=ladmin Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: pam_sss(polkit-1:auth): received for user ladmin: 10 (User not known to the underlying authentication module)
~ Brian Watson | Have a great day!
On Tue, Apr 16, 2019 at 11:29 PM Sumit Bose via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On Tue, Apr 16, 2019 at 07:49:40PM -0700, Brian Watson | Watsontech.net via FreeIPA-users wrote:
Hello,
I have freeipa server (centos7) setup. I installed freeipa-client on my
KDE
Neon laptop. I can sign in with my freeipa user and am able to use sudo. But when asked for password whilst doing KDE administration, it does not work.
Any logs I should check?
Hi,
maybe you can check if there PAM related messages in /var/log/secure or the journal around the time you are giving the password for KDE administration. If e.g. a special PAM service is used by KDE and you are using HBAC you might need to add this service to a rule which allows access.
HTH
bye, Sumit
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Ahh. Here's a clue;
https://www.happyassassin.net/2014/09/09/freeipa-setting-polkit-policykit-ru...
And of course, here;
https://www.freeipa.org/page/Howto/FreeIPA_PolicyKit
I will try to fix it update this post.
Brian
On Thu, Apr 18, 2019, 2:42 PM Brian Watson | Watsontech.net < brian@watsontech.net> wrote:
For some reason it is trying to use a local user as the username... But the UID is correct.
brianw@fenix:~$ tail -n3 /var/log/auth.log Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: pam_unix(polkit-1:auth): authentication failure; logname= uid=386900000 euid=0 tty= ruser=ladmin rhost= user=ladmin Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: pam_sss(polkit-1:auth): authentication failure; logname= uid=386900000 euid=0 tty= ruser=ladmin rhost= user=ladmin Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: pam_sss(polkit-1:auth): received for user ladmin: 10 (User not known to the underlying authentication module)
~ Brian Watson | Have a great day!
On Tue, Apr 16, 2019 at 11:29 PM Sumit Bose via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
On Tue, Apr 16, 2019 at 07:49:40PM -0700, Brian Watson | Watsontech.net via FreeIPA-users wrote:
Hello,
I have freeipa server (centos7) setup. I installed freeipa-client on my
KDE
Neon laptop. I can sign in with my freeipa user and am able to use sudo. But when asked for password whilst doing KDE administration, it does not work.
Any logs I should check?
Hi,
maybe you can check if there PAM related messages in /var/log/secure or the journal around the time you are giving the password for KDE administration. If e.g. a special PAM service is used by KDE and you are using HBAC you might need to add this service to a rule which allows access.
HTH
bye, Sumit
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org
-
Brian Watson | Watsontech.net -
Ronald Wimmer -
Sumit Bose