On (23/01/16 01:50), Eric Biggers wrote:
Hi Lukas,
Sorry for the late response. Similar to the report on ticket 2889, my issue ultimately turned out to be that I was using lightdm as my display manager and it was not included in sssd's default list of "interactive services". The solution was to add +lightdm to the ad_gpo_map_remote_interactive setting in sssd.conf.
I think it should be part of ad_gpo_map_interactive and not ad_gpo_map_remote_interactive. If you have enabled the InteractiveLogonRight and/or DenyInteractiveLogonRight in GPO
I realize that this can be considered a configuration problem, but I find it quite unintuitive that sssd would have a hardcoded list of display managers etc. hidden behind the scenes. Is there any alternative way this could have been implemented?
ad_gpo_map_interactive already has default PAM servides for gnome and KDE. We might consider to add lightdm to defualt list. Feel free to file a ticket. https://fedorahosted.org/sssd/newticket
LS