Re: kdesktop_lock won't authenticate against AD[Scanned]

Hi,

Em Sexta 30 Junho 2006 11:48, Chris Bradford escreveu:
Marcelo Magno T. Sales wrote:
Hi,

My FC5 / KDE box is part of a Windows 2000 domain. I've configured it to
authenticate login credentials against Active Directory and it's working
well. However, when I lock the desktop (manually or via password
protected screen saver), I can not unlock it if the logged in user is an
Active Directory user.
kdesktop_lock fails with the following message:
"Cannot unlock the session because the authentication system feiled to
work; you must kill kdesktop_lock (pid_of_process) manually"

A local user can unlock the desktop without problems.

Any idea about what may be causing this?
Here is may pam configuration for kcheckpass (/etc/pam.d/kcheckpass):
#%PAM-1.0
auth sufficient pam_timestamp.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session include system-auth
session required pam_loginuid.so
session optional pam_timestamp.so
session optional pam_selinux.so
session optional pam_console.so

Also, /usr/bin/kcheckpass permisions are set as 4755.

Thanks,

Marcelo

So the authentication to AD works? Can you post your
/etc/pam.d/system-auth file as this is called by /etc/pam.d/kcheckpass.

Yes, authentication to AD is working well at login. Here's
my /etc/pam.d/system-auth:
--------------------------------
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so

account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_krb5.so use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so

session required pam_limits.so
session required pam_unix.so
session optional pam_krb5.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0027
--------------------------------

[]'s
Marcelo

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages