You are not logged in.
I am trying to setup LDAP authentication on my laboratory, but since the completely systemd transition (and the remove of consolekit), we are having some issues.
I didn't have audio on any remote login (trying to use PulseAudio). We made some workarounds (giving audio groups permission to every user or putting every LDAP user to audio group). And since the last upgrade (probably something related to consolekit removal) remote logins can't mount USB pendrives too (KDE gives the error: Not Authorized). Probably any remote user didn't have permission to use any local stuff like printers, scanners, cdrom and so on. So I am trying to figure out how is the best way to give remote users permission to use local stuff:
About the audio permission:
-Put every user on the correspondent ldap group (audio, scanner, cdrom and so on). I would prefer to not do so, since udev is supposed to already give users this kind of permission (but it only gives to local users with the default configuration).
-Continue to use our actual fix, that is to give all users audio group, adding the following line to /etc/security/groups.conf:
>> *;*;*;Al0000-2400;audio,cdrom,dialout,floppy
And adding the following line to pam.conf:
>> auth required pam_group.so use_first_pass
I don't like this fix, it seems to give audio permission to logins that didn't need (like system logins), probably opening our systems to security problems.
--Both setups breaks PulseAudio fast user switch (and probably another things). It isn't that much a problem but I would prefer a cleaner solution.
-Modify udev configuration to give remote users permission too. I don't know if this is possible, but would be the best way. Did some search but didn't find anything.
And about the USB problem:
-USB seems to be a problem with systemd-login. As far as I understand, ConsoleKit is responsible to give user permission to mount. systemd-login do the same thing, but probably the default configuration didn't allow remote users to mount USB pendrives. So I want to know what I should do to make USB mount work.
Offline