kdesktop_lock won't authenticate against AD[Scanned]
Marcelo Magno T. Sales
marcelo.sales at sefaz.pe.gov.br
Fri Jun 30 14:57:52 UTC 2006
Hi,
Em Sexta 30 Junho 2006 11:48, Chris Bradford escreveu:
> Marcelo Magno T. Sales wrote:
> > Hi,
> >
> > My FC5 / KDE box is part of a Windows 2000 domain. I've configured it to
> > authenticate login credentials against Active Directory and it's working
> > well. However, when I lock the desktop (manually or via password
> > protected screen saver), I can not unlock it if the logged in user is an
> > Active Directory user.
> > kdesktop_lock fails with the following message:
> > "Cannot unlock the session because the authentication system feiled to
> > work; you must kill kdesktop_lock (pid_of_process) manually"
> >
> > A local user can unlock the desktop without problems.
> >
> > Any idea about what may be causing this?
> > Here is may pam configuration for kcheckpass (/etc/pam.d/kcheckpass):
> > #%PAM-1.0
> > auth sufficient pam_timestamp.so
> > auth include system-auth
> > account required pam_nologin.so
> > account include system-auth
> > password include system-auth
> > session include system-auth
> > session required pam_loginuid.so
> > session optional pam_timestamp.so
> > session optional pam_selinux.so
> > session optional pam_console.so
> >
> > Also, /usr/bin/kcheckpass permisions are set as 4755.
> >
> > Thanks,
> >
> > Marcelo
>
> So the authentication to AD works? Can you post your
> /etc/pam.d/system-auth file as this is called by /etc/pam.d/kcheckpass.
Yes, authentication to AD is working well at login. Here's
my /etc/pam.d/system-auth:
--------------------------------
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_krb5.so use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session optional pam_krb5.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel
umask=0027
--------------------------------
[]'s
Marcelo
More information about the fedora-list
mailing list