I have a suse 10.2 joined to a Windows 2003 Domain and my Domain user can logon and I can work as well but I can't mount peripherials (CD, DVD; USB Keys....) because by default HAL seems to ignore the existance of my user; the exact error is: rejected message had interface "org.freedesktop.Hal.Device.Volume" member "Mount" error name "(unser)" destination "org.freedesktop.Hal". Since the output of the id command for my user is: --- uid=10000 gid=10000(PU\domain users) gruppi=10000(PU\domain users),10001,10002,10003,10004,10005,10006,10007,10008,10009,10010,10011,10012,10013,10014,10015 --- I modified /etc/dbus-1/system.d/hal.conf adding policies for my user and group and now the file is as follows: --- <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <!-- This configuration file specifies the required security policies for the HAL to work. --> <!-- Only root or user haldaemon can own the HAL service --> <policy user="haldaemon"> <allow own="org.freedesktop.Hal"/> </policy> <policy user="root"> <allow own="org.freedesktop.Hal"/> </policy> <!-- Allow anyone to invoke methods on the Manager and Device interfaces --> <policy context="default"> <allow send_interface="org.freedesktop.Hal.Manager"/> <allow send_interface="org.freedesktop.Hal.Device"/> <allow receive_interface="org.freedesktop.Hal.Manager" receive_sender="org.freedesktop.Hal"/> <allow receive_interface="org.freedesktop.Hal.Device" receive_sender="org.freedesktop.Hal"/> <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/> <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/> <allow send_interface="org.freedesktop.Hal.Device.Volume"/> <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/> <allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement" receive_sender="org.freedesktop.Hal"/> <allow receive_interface="org.freedesktop.Hal.Device.LaptopPanel" receive_sender="org.freedesktop.Hal"/> <allow receive_interface="org.freedesktop.Hal.Device.Volume" receive_sender="org.freedesktop.Hal"/> <allow receive_interface="org.freedesktop.Hal.Device.Volume.Crypto" receive_sender="org.freedesktop.Hal"/> </policy> <!-- Default policy for the exported interfaces --> <policy context="default"> <deny send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/> <deny send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/> <deny send_interface="org.freedesktop.Hal.Device.LaptopPanel"/> <deny send_interface="org.freedesktop.Hal.Device.Volume"/> <deny send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/> </policy> <!-- This will not work if pam_console support is not enabled --> <policy at_console="true"> <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/> <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/> <allow send_interface="org.freedesktop.Hal.Device.Volume"/> <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/> </policy> <!-- You can change this to a more suitable user, or make per-group --> <policy user="0"> <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/> <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/> <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/> <allow send_interface="org.freedesktop.Hal.Device.Volume"/> <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/> </policy> <!-- You can change this to a more suitable user, or make per-group --> <policy user="10000"> <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/> <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/> <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/> <allow send_interface="org.freedesktop.Hal.Device.Volume"/> <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/> </policy> <!-- You can change this to a more suitable user, or make per-group --> <policy group="10000"> <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/> <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/> <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/> <allow send_interface="org.freedesktop.Hal.Device.Volume"/> <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/> </policy> </busconfig> --- I still have no luck and the message is the same. Searching for some info on the web I found a thread on a russian suse forum (http://64.233.183.104/search?q=cache:U305nY6p4isJ:lists4.opensuse.org/opensuse-ru/2007-03/msg00008.html+hal+mount+pam+domain&hl=it&ct=clnk&cd=5&gl=it&client=firefox-a) and I followed it so I have added the line ; *; *; Al0000-2400; dialout, video, cdrom, audio to the file /etc/security/group.conf and auth optional pam_group.so to the file /etc/*pam*.d/common-auth. Still no luck ... still the same message. Any idea? Bye Pigia -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: In REGALO 'All the Good Thing' di NELLY FURTADO Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=6617&d=31-7 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Pigia ha scritto:
I have a suse 10.2 joined to a Windows 2003 Domain and my Domain user can logon and I can work as well but I can't mount peripherials (CD, DVD; USB Keys....) because by default HAL seems to ignore the existance of my user; the exact error is: rejected message had interface "org.freedesktop.Hal.Device.Volume" member "Mount" error name "(unser)" destination "org.freedesktop.Hal". Since the output of the id command for my user is: ---
uid=10000 gid=10000(PU\domain users) gruppi=10000(PU\domain users),10001,10002,10003,10004,10005,10006,10007,10008,10009,10010,10011,10012,10013,10014,10015
--- I modified /etc/dbus-1/system.d/hal.conf adding policies for my user and group and now the file is as follows: ---
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig>
<!-- This configuration file specifies the required security policies for the HAL to work. -->
<!-- Only root or user haldaemon can own the HAL service --> <policy user="haldaemon"> <allow own="org.freedesktop.Hal"/> </policy> <policy user="root"> <allow own="org.freedesktop.Hal"/> </policy>
<!-- Allow anyone to invoke methods on the Manager and Device interfaces --> <policy context="default"> <allow send_interface="org.freedesktop.Hal.Manager"/> <allow send_interface="org.freedesktop.Hal.Device"/> <allow receive_interface="org.freedesktop.Hal.Manager" receive_sender="org.freedesktop.Hal"/> <allow receive_interface="org.freedesktop.Hal.Device" receive_sender="org.freedesktop.Hal"/>
<allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/> <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/> <allow send_interface="org.freedesktop.Hal.Device.Volume"/> <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/> <allow receive_interface="org.freedesktop.Hal.Device.SystemPowerManagement" receive_sender="org.freedesktop.Hal"/> <allow receive_interface="org.freedesktop.Hal.Device.LaptopPanel" receive_sender="org.freedesktop.Hal"/> <allow receive_interface="org.freedesktop.Hal.Device.Volume" receive_sender="org.freedesktop.Hal"/> <allow receive_interface="org.freedesktop.Hal.Device.Volume.Crypto" receive_sender="org.freedesktop.Hal"/> </policy>
<!-- Default policy for the exported interfaces --> <policy context="default"> <deny send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/> <deny send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/> <deny send_interface="org.freedesktop.Hal.Device.LaptopPanel"/> <deny send_interface="org.freedesktop.Hal.Device.Volume"/> <deny send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/> </policy>
<!-- This will not work if pam_console support is not enabled --> <policy at_console="true"> <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/> <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/> <allow send_interface="org.freedesktop.Hal.Device.Volume"/> <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/> </policy>
<!-- You can change this to a more suitable user, or make per-group --> <policy user="0"> <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/> <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/> <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/> <allow send_interface="org.freedesktop.Hal.Device.Volume"/> <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/> </policy>
<!-- You can change this to a more suitable user, or make per-group --> <policy user="10000"> <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/> <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/> <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/> <allow send_interface="org.freedesktop.Hal.Device.Volume"/> <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/> </policy>
<!-- You can change this to a more suitable user, or make per-group --> <policy group="10000"> <allow send_interface="org.freedesktop.Hal.Device.SystemPowerManagement"/> <allow send_interface="org.freedesktop.Hal.Device.VideoAdapterPM"/> <allow send_interface="org.freedesktop.Hal.Device.LaptopPanel"/> <allow send_interface="org.freedesktop.Hal.Device.Volume"/> <allow send_interface="org.freedesktop.Hal.Device.Volume.Crypto"/> </policy>
</busconfig>
--- I still have no luck and the message is the same. Searching for some info on the web I found a thread on a russian suse forum (http://64.233.183.104/search?q=cache:U305nY6p4isJ:lists4.opensuse.org/opensuse-ru/2007-03/msg00008.html+hal+mount+pam+domain&hl=it&ct=clnk&cd=5&gl=it&client=firefox-a) and I followed it so I have added the line
; *; *; Al0000-2400; dialout, video, cdrom, audio
to the file /etc/security/group.conf and
auth optional pam_group.so
to the file /etc/*pam*.d/common-auth. Still no luck ... still the same message. Any idea? Bye
Pigia
-- Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor: In REGALO 'All the Good Thing' di NELLY FURTADO Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=6617&d=31-7
News: still system is not mounting devices but now the error message has changed to "hal-storage-removable-mount refused uid 10000". What I have done is manually add the line: PU\m.campanelli:x:10000:10000:users:/home/PU/m.campanelli:/bin/bash to /etc/passwd. :( Bye. Pigia -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: SPECIALE SALDI: collezioni moda GIRO DITALIA FASHION. 100 anni di storia italiana raccontata attraverso labbigliamento ufficiale Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=6910&d=1-8 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, August 1, 2007 2:04 am, Pigia wrote:
News: still system is not mounting devices but now the error message has changed to "hal-storage-removable-mount refused uid 10000". What I have done is manually add the line:
Just out of curiosity - are you able to mount items when not logged in to the AD? Also can you switch to a non-domain (local) user and mount items? -- kai www.perfectreign.com bis zum bitteren ende... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2007-07-31 at 18:20 +0200, Pigia wrote:
I have a suse 10.2 joined to a Windows 2003 Domain and my Domain user can logon and I can work as well but I can't mount peripherials (CD, DVD; USB Keys....) because by default HAL seems to ignore the existance of my user; the exact error is: rejected message had interface "org.freedesktop.Hal.Device.Volume" member "Mount" error name "(unser)" destination "org.freedesktop.Hal". Since the output of the id command for my user is:
This sounds similar to a SLED 10 SP1 bug fix for a customer. (That means a fix is probably in 10.3). -JP -- JP Rosevear <jpr@novell.com> Novell, Inc. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
JP Rosevear -
Kai Ponte -
Pigia