Comment 19 for bug 781737

Revision history for this message
Loïc Le Page (loic-le-page) wrote :

Hi Dave,

I'm not sure your issue is a bug in policykit.
It seems to be more likely a configuration issue.
This is quite tricky to configure SSO on Ubuntu as you need to configure cleanly the LDAP client part of your workstation, the policykit system for rights elevation and PAM for authentication.

Take a look in /etc/polkit-1/localauthority.conf.d
You should have a file called 60-ldap.conf (the number may be different, this is just for ordering scripts execution) containing this text:

[Configuration]
AdminIdentities=unix-group:#####

with ##### the name of your domain/local administrators group. You can provide more than one group if you need to.

Check out that your LDAP client and nsswitch can resolve this group and all accounts within (getent group).

Hope this helps ;)
Loïc