Bug 975008
Summary: | Cannot join AD or FreeIPA domain with g-i-s: "Not authorized to perform this action.", "rejecting access to method 'Join'" | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Woodhouse <dwmw2> |
Component: | gnome-initial-setup | Assignee: | Matthias Clasen <mclasen> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 21 | CC: | awilliam, manday, mclasen, sirdeiu, stefw, tiagomatos |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-09-18 22:24:07 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Woodhouse
2013-06-17 11:35:22 UTC
Hello, while trying out freeipa 4.0.1 with fedora 20, I get the same error. When there are no local users defined, and gnome-initial-setup is started, after entering the domain / username / password details for enterprise login, I get the same error: Not authorized to perform this action and can't skip that step, unless I create a local user account. Yup, I am seeing this with current F21 and a FreeIPA host also: realmd[1469]: rejecting access to method 'Join' on interface 'org.freedesktop.realmd.KerberosMembership' at /org/freedesktop/realmd/Sssd/happyassassin_net_2 Let's CC the owner of realmd to see if the realmd dbus policy might be at fault here? Note that Control Center's 'Users' panel can enrol in the domain just fine (though I hit later bugs with login). By default only users of type Administrator (ie: in the wheel group) can join a domain. The gnome-initial-setup user needs to either be in the wheel group, root equivalent, or have a polkit rule that says it can perform the action in question. We're trying to set up a cluster of Fedora Boxes at our company and we're faced with the same problem. It's not possible to use the "Enterprise Login" after installation (using an Exchange/AD Server). After I join the realm on TTY using `realm join -U ... ...` I'm still not able to log in using the GUI, in which case I get a "Failed to register account". (In reply to Cedric Sodhi from comment #7) > After I join the realm on TTY using `realm join -U ... ...` I'm still not > able to log in using the GUI, in which case I get a "Failed to register > account". Yes, that's the bug. In Fedora 21, gnome-initial-setup is not privileged to do the various things that it needs to do. Possible work around: * Ctrl-Alt-F2 * login as root * sudo usermod -aG wheel gnome-initial-setup Perhaps a reboot is necessary after above step. usermod -aG wheel gnome-initial-setup realm permit --all did not change that behaviour. this should be fixed in gnome-initial-setup-3.13.7-1.fc21.x86_64 |