[Freeipa-users] Re: KDE administration not working for freeipa user
Ahh. Here's a clue; https://www.happyassassin.net/2014/09/09/freeipa-setting-polkit-policykit-rules-for-users-make-your-user-a-polkit-administrator-on-your-clients/ And of course, here; https://www.freeipa.org/page/Howto/FreeIPA_PolicyKit I will try to fix it update this post. Brian On Thu, Apr 18, 2019, 2:42 PM Brian Watson | Watsontech.net < br...@watsontech.net> wrote: > For some reason it is trying to use a local user as the username... But > the UID is correct. > > brianw@fenix:~$ tail -n3 /var/log/auth.log > Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: > pam_unix(polkit-1:auth): authentication failure; logname= uid=38690 > euid=0 tty= ruser=ladmin rhost= user=ladmin > Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: pam_sss(polkit-1:auth): > authentication failure; logname= uid=38690 euid=0 tty= ruser=ladmin > rhost= user=ladmin > Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: pam_sss(polkit-1:auth): > received for user ladmin: 10 (User not known to the underlying > authentication module) > > ~ Brian Watson | Have a great day! > > > On Tue, Apr 16, 2019 at 11:29 PM Sumit Bose via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > >> On Tue, Apr 16, 2019 at 07:49:40PM -0700, Brian Watson | Watsontech.net >> via FreeIPA-users wrote: >> > Hello, >> > >> > I have freeipa server (centos7) setup. I installed freeipa-client on my >> KDE >> > Neon laptop. I can sign in with my freeipa user and am able to use sudo. >> > But when asked for password whilst doing KDE administration, it does not >> > work. >> > >> > Any logs I should check? >> >> Hi, >> >> maybe you can check if there PAM related messages in /var/log/secure or >> the journal around the time you are giving the password for KDE >> administration. If e.g. a special PAM service is used by KDE and you are >> using HBAC you might need to add this service to a rule which allows >> access. >> >> HTH >> >> bye, >> Sumit >> >> > ___ >> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> > To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> > List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> ___ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: KDE administration not working for freeipa user
For some reason it is trying to use a local user as the username... But the UID is correct. brianw@fenix:~$ tail -n3 /var/log/auth.log Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: pam_unix(polkit-1:auth): authentication failure; logname= uid=38690 euid=0 tty= ruser=ladmin rhost= user=ladmin Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: pam_sss(polkit-1:auth): authentication failure; logname= uid=38690 euid=0 tty= ruser=ladmin rhost= user=ladmin Apr 18 14:40:02 fenix polkit-agent-helper-1[2907]: pam_sss(polkit-1:auth): received for user ladmin: 10 (User not known to the underlying authentication module) ~ Brian Watson | Have a great day! On Tue, Apr 16, 2019 at 11:29 PM Sumit Bose via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > On Tue, Apr 16, 2019 at 07:49:40PM -0700, Brian Watson | Watsontech.net > via FreeIPA-users wrote: > > Hello, > > > > I have freeipa server (centos7) setup. I installed freeipa-client on my > KDE > > Neon laptop. I can sign in with my freeipa user and am able to use sudo. > > But when asked for password whilst doing KDE administration, it does not > > work. > > > > Any logs I should check? > > Hi, > > maybe you can check if there PAM related messages in /var/log/secure or > the journal around the time you are giving the password for KDE > administration. If e.g. a special PAM service is used by KDE and you are > using HBAC you might need to add this service to a rule which allows > access. > > HTH > > bye, > Sumit > > > ___ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
[Freeipa-users] Re: KDE administration not working for freeipa user
On Tue, Apr 16, 2019 at 07:49:40PM -0700, Brian Watson | Watsontech.net via FreeIPA-users wrote: > Hello, > > I have freeipa server (centos7) setup. I installed freeipa-client on my KDE > Neon laptop. I can sign in with my freeipa user and am able to use sudo. > But when asked for password whilst doing KDE administration, it does not > work. > > Any logs I should check? Hi, maybe you can check if there PAM related messages in /var/log/secure or the journal around the time you are giving the password for KDE administration. If e.g. a special PAM service is used by KDE and you are using HBAC you might need to add this service to a rule which allows access. HTH bye, Sumit > ___ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org