[Bug 479226] Re: Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user
This bug affects me, too (with Likewise Open 6, however). My workaround is a two-pronged approach. Let's assume that you want the Domain Users group to have both sudo and administrative rights on the local machine. (Usually, it's only Domain Admins or another group, but we have a special configuration where I am.) First, I added the Domain Users group to the sudoers file (accessed by typing "sudo visudo" on an account that already has sudoer rights, or by running "visudo" simply as root). I then added the following line on the section with the header "Members of the admin group": %domain^users ALL=(ALL) ALL Please note that depending on your setup, you may have to add the domain explicitly: %DOMAIN\\domain^users ALL=(ALL) ALL So now all people in the Domain Users group have sudo access! They can type "sudo " in any command prompt and it should work fine. BUT, if your users use the GUI, we still have the problem that any Policy Kit dialog boxes that pop up do not recognize this authority and demand you log in as root or as a local administrator. So, following David Norris' suggestion, I navigated to /etc/polkit-1/localauthority.conf.d/ and added a new file called "52 -likewise-admin.conf". The 52 is just because there were already files in there that started with "50" and "51", and I know that the configuration files get loaded in order based on their number. So the "52" is arbitrary. The file contents are as follows: [Configuration] AdminIdentities=unix-group:domain^users AS BEFORE, you may need to explicitly state your domain, as follows: [Configuration] AdminIdentities=unix-group:DOMAIN\\domain^users Of course, change "domain^users" to "domain^admins" or other groups as necessary. I hope this helps some people. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/479226 Title: Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user To manage notifications about this bug go to: https://bugs.launchpad.net/likewise-open/+bug/479226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 479226] Re: Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user
** Also affects: likewise-open Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/479226 Title: Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user To manage notifications about this bug go to: https://bugs.launchpad.net/likewise-open/+bug/479226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 479226] Re: Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user
I’m not sure that’s the entire problem/solution, actually. I think this is saying that a likewise-open user, which has been added to the local group 'admin' (and so should have admin privileges), does not get admin privileges, or they are limited in some way. Not that the AD 'domain admins' should have local admin rights (perhaps they should, but that’s something different) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/479226 Title: Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/479226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 479226] Re: Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: policykit (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/479226 Title: Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/479226/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 479226] Re: Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user
likewise-open5(-lsass?) needs to drop an appropriate file into /etc/polkit-1/localauthority.conf.d/ which tells PolicyKit which Active Directory security group defines domain administrators. I'm not sure what that needs to look like but I set mine up like this (my AD domain is CORP): [Configuration] AdminIdentities=unix-group:CORP\\domain^admins It does not seem to work exactly correctly but its close enough until its either fixed or I can read the PolicyKit docs further. -- Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user https://bugs.launchpad.net/bugs/479226 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 479226] Re: Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user
** Package changed: likewise-open5 (Ubuntu) => policykit (Ubuntu) -- Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user https://bugs.launchpad.net/bugs/479226 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 479226] Re: Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user
** Attachment added: "Dependencies.txt" http://launchpadlibrarian.net/35424342/Dependencies.txt ** Attachment added: "XsessionErrors.txt" http://launchpadlibrarian.net/35424343/XsessionErrors.txt -- Cannot authenticate using PolicyKit dialogs with domain credentials, prompts for local user https://bugs.launchpad.net/bugs/479226 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
