GUI prompt for update doesn’t work with SSS auth

Forum / NoMachine for Linux / GUI prompt for update doesn’t work with SSS auth

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #15568
    fermulator
    Participant

    Good day,

    This is a repost of the fact that GUI prompt for administrative privileges does not work for users using SSS AUTH.
    This has already been posted here: https://www.nomachine.com/forums/topic/gui-prompt-for-update-doesnt-work-with-sss-auth, however no progress was made (presumably due to lack of logs).
    I can confirm this is an issue.

    {{{
    $ rpm -qa | grep -i nomachine
    nomachine-5.2.21-5.x86_64

    $ uname -a
    Linux foo_hostname 4.11.8-200.fc25.x86_64 #1 SMP Thu Jun 29 16:13:56 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

    cat /etc/centos-release
    Fedora release 25 (Twenty Five)
    }}}

    Logs (pruned) are attached.

    My most recent attempt to activate the UI is
    Tue Aug 22 ~08:30 AM

    NX Logs have been sent to the forum email address.

    here’s an example sssd configuration file (pruned out for privacy)

    $ sudo cat /etc/sssd/sssd.conf | SED STRIPPING …

    [domain/DOMAIN]
    description = FOO LDAP domain with AD server
    debug_level = 0
    cache_credentials = True
    enumerate = False

    id_provider = ldap
    auth_provider = krb5
    chpass_provider = krb5
    access_provider = ldap
    autofs_provider = ldap

    ldap_uri = ldap://192.168.1.21,ldap://192.168.196.20,ldap://192.168.194.20
    ldap_schema = rfc2307bis
    ldap_referrals = False
    ldap_page_size = 1000
    ldap_access_order = expire
    ldap_account_expire_policy = ad
    ldap_force_upper_case_realm = True
    ldap_id_use_start_tls = False
    ldap_tls_reqcert = allow
    #ldap_tls_cacertdir = /etc/pki/tls/certs
    #ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
    ldap_initgroups_use_matching_rule_in_chain = True

    ldap_default_bind_dn = cn=clearcase_ldap,ou=Service_Accounts,ou=Root,dc=domain,dc=com
    ldap_default_authtok_type = password
    ldap_default_authtok = (SNIPPED)

    ldap_search_base = ou=Root,dc=domain,dc=com?subtree?
    ldap_user_search_base = dc=domain,dc=COM
    ldap_user_object_class = user
    ldap_group_search_base = dc=domain,dc=COM
    ldap_group_object_class = group
    ldap_user_name = sAMAccountName
    ldap_user_home_directory = unixHomeDirectory
    ldap_user_gecos = displayName
    ldap_user_shadow_last_change = pwdLastSet

    krb5_realm = DOMAIN.COM
    krb5_kpasswd = domain.com:749
    krb5_server = 192.168.1.21,192.168.194.20,192.168.196.20
    krb5_store_password_if_offline = True
    krb5_canonicalize = False
    krb5_changepw_principal = kadmin/changepw
    krb5_ccachedir = /tmp
    krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX
    krb5_auth_timeout = 15

    tls_reqcert = allow

    [sssd]
    services = nss, ssh, autofs, pam
    config_file_version = 2
    domains = DOMAIN

    [nss]
    homedir_substring = /home
    filter_groups = root
    filter_users = root

    [pam]

    [sudo]

    [autofs]

    [ssh]

    [pac]

    [ifp]

    #16859
    Britgirl
    Keymaster

    Can you update to the latest version and let us know if the problem still persists?

Viewing 2 posts - 1 through 2 (of 2 total)

Closed because the user did not provide further feedback. Please notify us if you confirm that it is resolved or open a new topic if you have the same problem.