On (23/01/16 01:50), Eric Biggers wrote: >Hi Lukas, > >Sorry for the late response. Similar to the report on ticket 2889, my issue >ultimately turned out to be that I was using lightdm as my display manager >and it was not included in sssd's default list of "interactive services". >The solution was to add +lightdm to the ad_gpo_map_remote_interactive setting >in sssd.conf. I think it should be part of ad_gpo_map_interactive and not ad_gpo_map_remote_interactive. If you have enabled the InteractiveLogonRight and/or DenyInteractiveLogonRight in GPO
>I realize that this can be considered a configuration problem, >but I find it quite unintuitive that sssd would have a hardcoded list of >display managers etc. hidden behind the scenes. Is there any alternative way >this could have been implemented? ad_gpo_map_interactive already has default PAM servides for gnome and KDE. We might consider to add lightdm to defualt list. Feel free to file a ticket. https://fedorahosted.org/sssd/newticket LS _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
