[Bug 1643602] Re: Graphical privilege escalation fails (AD auth via sssd, polkit)
Any news about the release of updated SSSD for Xenial ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1643602 Title: Graphical privilege escalation fails (AD auth via sssd, polkit) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1643602/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1643602] Re: Graphical privilege escalation fails (AD auth via sssd, polkit)
There is no default sssd.conf configuration shipped with the package. Since users already have to create one, is it just a matter for them to add "ad_gpo_map_interactive = +polkit-1"? Or does sssd 1.13.4 that is shipped in xenial not have or not understand this option? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to sssd in Ubuntu. https://bugs.launchpad.net/bugs/1643602 Title: Graphical privilege escalation fails (AD auth via sssd, polkit) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1643602/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1643602] Re: Graphical privilege escalation fails (AD auth via sssd, polkit)
There is no default sssd.conf configuration shipped with the package. Since users already have to create one, is it just a matter for them to add "ad_gpo_map_interactive = +polkit-1"? Or does sssd 1.13.4 that is shipped in xenial not have or not understand this option? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1643602 Title: Graphical privilege escalation fails (AD auth via sssd, polkit) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1643602/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1643602] Re: Graphical privilege escalation fails (AD auth via sssd, polkit)
Ubuntu LTS xenial is still with SSSD 1.13, so, with this bug :-( this discourages the use of ubuntu in business, it's sad .. Any bug fix or backport planed for this bug ? Many thank's to all ! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1643602 Title: Graphical privilege escalation fails (AD auth via sssd, polkit) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1643602/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1643602] Re: Graphical privilege escalation fails (AD auth via sssd, polkit)
so it's fixed in zesty then ** Tags removed: needs-upstream-report ** Changed in: sssd (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1643602 Title: Graphical privilege escalation fails (AD auth via sssd, polkit) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1643602/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1643602] Re: Graphical privilege escalation fails (AD auth via sssd, polkit)
Found the issue in Fedora 24 but not 25. The difference being that sssd v1.14.0 added polkit-1 to ad_gpo_map_permit. New solution would just be to update ubuntu's sssd package. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1643602 Title: Graphical privilege escalation fails (AD auth via sssd, polkit) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1643602/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1643602] Re: Graphical privilege escalation fails (AD auth via sssd, polkit)
Thank you for taking the time to report this bug and helping to make Ubuntu better. Is the default configuration of the project sssd affected by this too? If it is, then this should probably be fixed upstream. ** Tags added: needs-upstream-report ** Changed in: sssd (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1643602 Title: Graphical privilege escalation fails (AD auth via sssd, polkit) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1643602/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1643602] Re: Graphical privilege escalation fails (AD auth via sssd, polkit)
Of the upstream sssd project I mean (as opposed to Ubuntu's packaging) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1643602 Title: Graphical privilege escalation fails (AD auth via sssd, polkit) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1643602/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1643602] Re: Graphical privilege escalation fails (AD auth via sssd, polkit)
** Description changed: It is not possible to gain elevated privileges from the GUI (policy kit) using an Active Directory account through SSSD. Gaining elevated privileges via sudo works as expected from console. This issue was mentioned as a secondary problem in http://askubuntu.com/questions/767079/lockscreen-access-denied-ad-auth- via-sssd and the subsequent bug report https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1578415 but was not address in the bug resolution. How to reproduce: - clean install - join to AD using sssd - reboot - login with AD account (that is in sudo group) - request elevated privileges. (eg, unlock the users settings panel) - fill in password for AD user --> authorization is rejected, not expected Solution: add to /etc/sssd/sssd.conf - ad_gpo_map_interactive = +unity + ad_gpo_map_interactive = +polkit-1 This could be added to default configuration. - ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: sssd-ad 1.13.4-3 ProcVersionSignature: Ubuntu 4.8.0-27.29-generic 4.8.1 Uname: Linux 4.8.0-27-generic x86_64 ApportVersion: 2.20.3-0ubuntu8 Architecture: amd64 CurrentDesktop: Unity Date: Mon Nov 21 10:28:07 2016 InstallationDate: Installed on 2016-11-18 (2 days ago) InstallationMedia: Ubuntu 16.10 "Yakkety Yak" - Release amd64 (20161012.2) JournalErrors: Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000'] failed with exit code 1: Hint: You are currently not seeing messages from other users and the system. Users in the 'systemd-journal' group can see all messages. Pass -q to turn off this notice. No journal files were opened due to insufficient permissions. ProcEnviron: LANGUAGE=en_US PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: sssd UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1643602 Title: Graphical privilege escalation fails (AD auth via sssd, polkit) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1643602/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs