I can confirm that adding ad_gpo_map_interactive = +unity
to the [domain/DOMAINNAME] section of sssd.conf solves the lock screen issue. The "elevated privileges" issue still there: May 5 11:55:50 uatlantico polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action com.ubuntu.pkexec.synaptic for unix-process:16804:21803174 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:cvargasc) May 5 11:55:50 uatlantico pkexec[16805]: cvargasc: Error executing command as another user: Request dismissed [USER=root] [TTY=unknown] [CWD=/home/cvargasc] [COMMAND=/usr/sbin/synaptic] =============================== May 5 11:54:22 uatlantico compiz: pam_unix(unity:auth): authentication failure; logname= uid=643401116 euid=643401116 tty= ruser= rhost= user=cvargasc May 5 11:54:23 uatlantico compiz: pam_sss(unity:auth): authentication success; logname= uid=643401116 euid=643401116 tty= ruser= rhost= user=cvargasc May 5 11:54:23 uatlantico compiz: gkr-pam: unlocked login keyring May 5 11:55:19 uatlantico polkit-agent-helper-1[16813]: pam_unix(polkit-1:auth): authentication failure; logname= uid=643401116 euid=0 tty= ruser=cvargasc rhost= user=cvargasc May 5 11:55:20 uatlantico polkit-agent-helper-1[16813]: pam_sss(polkit-1:auth): authentication failure; logname= uid=643401116 euid=0 tty= ruser=cvargasc rhost= user=cvargasc May 5 11:55:20 uatlantico polkit-agent-helper-1[16813]: pam_sss(polkit-1:auth): received for user cvargasc: 17 (Failure setting user credentials) May 5 11:55:50 uatlantico polkitd(authority=local): Operator of unix-session:c2 FAILED to authenticate to gain authorization for action com.ubuntu.pkexec.synaptic for unix-process:16804:21803174 [/bin/sh /usr/bin/synaptic-pkexec] (owned by unix-user:cvargasc) May 5 11:55:50 uatlantico pkexec[16805]: cvargasc: Error executing command as another user: Request dismissed [USER=root] [TTY=unknown] [CWD=/home/cvargasc] [COMMAND=/usr/sbin/synaptic] =============================== ** Attachment added: "synaptic.png" https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1578415/+attachment/4656546/+files/synaptic.png -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1578415 Title: Lockscreen access denied (AD auth via sssd) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1578415/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
