https://bugs.kde.org/show_bug.cgi?id=515113
Luca Cavana <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] | |om --- Comment #6 from Luca Cavana <[email protected]> --- Hello, I've been able to reproduce it and identify the root cause. It lies in the fact that the sssd-ad provider by default uses GPO Access Control (see man sssd-ad). In an AD DS environment usually the privilege InteractiveLogonRight is assigned to all users of the domain, that is what permits to login locally to your computer. The sssd-ad provider maps the InteractiveLogonRights to some PAM services by default, for instance login, su, gdm, kdm, sddm and so forth. This can be controlled by using ad_gpo_map_interactive configuration item in sssd.conf (see the man sssd-ad for details). Just look at your /var/log/sssd/sssd_domain_name.log and you'll see what I'm talking about live as you try to logon. I think the most appropriate fix for this is to ask the SSSD folks to add the new 'plasmalogin' PAM module to their static mapping list. As for now, everyone who needs to test it into an AD DS environment just needs to modify it's /etc/sssd/sssd.conf file by adding: [domain/doman_name] ad_gpo_map_interactive = +plasmalogin -- You are receiving this mail because: You are watching all bug changes.
