Good day,
This is a repost of the fact that GUI prompt for administrative privileges does not work for users using SSS AUTH.
This has already been posted here: https://www.nomachine.com/forums/topic/gui-prompt-for-update-doesnt-work-with-sss-auth, however no progress was made (presumably due to lack of logs).
I can confirm this is an issue.
{{{
$ rpm -qa | grep -i nomachine
nomachine-5.2.21-5.x86_64
$ uname -a
Linux foo_hostname 4.11.8-200.fc25.x86_64 #1 SMP Thu Jun 29 16:13:56 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
cat /etc/centos-release
Fedora release 25 (Twenty Five)
}}}
Logs (pruned) are attached.
My most recent attempt to activate the UI is
Tue Aug 22 ~08:30 AM
NX Logs have been sent to the forum email address.
here’s an example sssd configuration file (pruned out for privacy)
$ sudo cat /etc/sssd/sssd.conf | SED STRIPPING …
[domain/DOMAIN]
description = FOO LDAP domain with AD server
debug_level = 0
cache_credentials = True
enumerate = False
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
access_provider = ldap
autofs_provider = ldap
ldap_uri = ldap://192.168.1.21,ldap://192.168.196.20,ldap://192.168.194.20
ldap_schema = rfc2307bis
ldap_referrals = False
ldap_page_size = 1000
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = True
ldap_id_use_start_tls = False
ldap_tls_reqcert = allow
#ldap_tls_cacertdir = /etc/pki/tls/certs
#ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
ldap_initgroups_use_matching_rule_in_chain = True
ldap_default_bind_dn = cn=clearcase_ldap,ou=Service_Accounts,ou=Root,dc=domain,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = (SNIPPED)
ldap_search_base = ou=Root,dc=domain,dc=com?subtree?
ldap_user_search_base = dc=domain,dc=COM
ldap_user_object_class = user
ldap_group_search_base = dc=domain,dc=COM
ldap_group_object_class = group
ldap_user_name = sAMAccountName
ldap_user_home_directory = unixHomeDirectory
ldap_user_gecos = displayName
ldap_user_shadow_last_change = pwdLastSet
krb5_realm = DOMAIN.COM
krb5_kpasswd = domain.com:749
krb5_server = 192.168.1.21,192.168.194.20,192.168.196.20
krb5_store_password_if_offline = True
krb5_canonicalize = False
krb5_changepw_principal = kadmin/changepw
krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX
krb5_auth_timeout = 15
tls_reqcert = allow
[sssd]
services = nss, ssh, autofs, pam
config_file_version = 2
domains = DOMAIN
[nss]
homedir_substring = /home
filter_groups = root
filter_users = root
[pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]