Ahh. Here's a clue; https://www.happyassassin.net/2014/09/09/freeipa-setting-polkit-policykit-rules-for-users-make-your-user-a-polkit-administrator-on-your-clients/
And of course, here; https://www.freeipa.org/page/Howto/FreeIPA_PolicyKit I will try to fix it update this post. Brian On Thu, Apr 18, 2019, 2:42 PM Brian Watson | Watsontech.net < br...@watsontech.net> wrote: > For some reason it is trying to use a local user as the username... But > the UID is correct. > > brianw@fenix:~$ tail -n3 /var/log/auth.log > Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: > pam_unix(polkit-1:auth): authentication failure; logname= uid=386900000 > euid=0 tty= ruser=ladmin rhost= user=ladmin > Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: pam_sss(polkit-1:auth): > authentication failure; logname= uid=386900000 euid=0 tty= ruser=ladmin > rhost= user=ladmin > Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: pam_sss(polkit-1:auth): > received for user ladmin: 10 (User not known to the underlying > authentication module) > > ~ Brian Watson | Have a great day! > > > On Tue, Apr 16, 2019 at 11:29 PM Sumit Bose via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > >> On Tue, Apr 16, 2019 at 07:49:40PM -0700, Brian Watson | Watsontech.net >> via FreeIPA-users wrote: >> > Hello, >> > >> > I have freeipa server (centos7) setup. I installed freeipa-client on my >> KDE >> > Neon laptop. I can sign in with my freeipa user and am able to use sudo. >> > But when asked for password whilst doing KDE administration, it does not >> > work. >> > >> > Any logs I should check? >> >> Hi, >> >> maybe you can check if there PAM related messages in /var/log/secure or >> the journal around the time you are giving the password for KDE >> administration. If e.g. a special PAM service is used by KDE and you are >> using HBAC you might need to add this service to a rule which allows >> access. >> >> HTH >> >> bye, >> Sumit >> >> > _______________________________________________ >> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> > To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> > List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org