[opensuse] Active Directory and HAL

[Pigia]

I have a suse 10.2 joined to a Windows 2003 Domain and my Domain user
can logon and I can work as well but I can't mount peripherials (CD,
DVD; USB Keys....) because by default HAL seems to ignore the existance
of my user; the exact error is: rejected message had interface
"org.freedesktop.Hal.Device.Volume" member "Mount" error name "(unser)"
destination "org.freedesktop.Hal".
Since the output of the id command for my user is:
---

    uid=10000 gid=10000(PU\domain users) gruppi=10000(PU\domain
    
users),10001,10002,10003,10004,10005,10006,10007,10008,10009,10010,10011,10012,10013,10014,10015

---
I modified /etc/dbus-1/system.d/hal.conf adding policies for my user and
group and now the file is as follows:
---

    <!DOCTYPE busconfig PUBLIC
     "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
     "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";>
    <busconfig>

      <!-- This configuration file specifies the required security policies
           for the HAL to work. -->

      <!-- Only root or user haldaemon can own the HAL service -->
      <policy user="haldaemon">
        <allow own="org.freedesktop.Hal"/>
      </policy>
      <policy user="root">
        <allow own="org.freedesktop.Hal"/>
      </policy>

      <!-- Allow anyone to invoke methods on the Manager and Device
    interfaces -->
      <policy context="default">
        <allow send_interface="org.freedesktop.Hal.Manager"/>
        <allow send_interface="org.freedesktop.Hal.Device"/>
        <allow receive_interface="org.freedesktop.Hal.Manager"
               receive_sender="org.freedesktop.Hal"/>
        <allow receive_interface="org.freedesktop.Hal.Device"
               receive_sender="org.freedesktop.Hal"/>

        <allow
    send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
        <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
        <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
        <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
        <allow
    receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement"
           receive_sender="org.freedesktop.Hal"/>
        <allow receive_interface="org.freedesktop.Hal.Device.LaptopPanel"
           receive_sender="org.freedesktop.Hal"/>
        <allow receive_interface="org.freedesktop.Hal.Device.Volume"
           receive_sender="org.freedesktop.Hal"/>
        <allow receive_interface="org.freedesktop.Hal.Device.Volume.Crypto"
           receive_sender="org.freedesktop.Hal"/>
      </policy>

      <!-- Default policy for the exported interfaces -->
      <policy context="default">
        <deny
    send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
        <deny send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
        <deny send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
        <deny send_interface="org.freedesktop.Hal.Device.Volume"/>
        <deny send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
      </policy>

      <!-- This will not work if pam_console support is not enabled -->
      <policy at_console="true">
        <allow
    send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
        <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
        <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
        <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
      </policy>

      <!-- You can change this to a more suitable user, or make
    per-group -->
      <policy user="0">
        <allow
    send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
        <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
        <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
        <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
        <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
      </policy>

      <!-- You can change this to a more suitable user, or make
    per-group -->
      <policy user="10000">
        <allow
    send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
        <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
        <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
        <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
        <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
      </policy>

      <!-- You can change this to a more suitable user, or make
    per-group -->
      <policy group="10000">
        <allow
    send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/>
        <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/>
        <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/>
        <allow send_interface="org.freedesktop.Hal.Device.Volume"/>
        <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/>
      </policy>

    </busconfig>

---
I still have no luck and the message is the same.
Searching for some info on the web I found a thread on a russian suse
forum
(http://64.233.183.104/search?q=cache:U305nY6p4isJ:lists4.opensuse.org/opensuse-ru/2007-03/msg00008.html+hal+mount+pam+domain&hl=it&ct=clnk&cd=5&gl=it&client=firefox-a)
and I followed it so I have added the line

    ; *; *; Al0000-2400; dialout, video, cdrom, audio

to the file /etc/security/group.conf and

    auth optional pam_group.so

to the file /etc/*pam*.d/common-auth.
Still no luck ... still the same message.
Any idea?
Bye

Pigia

 
 
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 In REGALO 'All the Good Thing' di NELLY FURTADO
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=6617&d=31-7
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]