Re: kdesktop_lock won't authenticate against AD[Scanned]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Em Sexta 30 Junho 2006 11:48, Chris Bradford escreveu:
> Marcelo Magno T. Sales wrote:
> > Hi,
> >
> > My FC5 / KDE box is part of a Windows 2000 domain. I've configured it to
> > authenticate login credentials against Active Directory and it's working
> > well. However, when I lock the desktop (manually or via password
> > protected screen saver), I can not unlock it if the logged in user is an
> > Active Directory user.
> > kdesktop_lock fails with the following message:
> > "Cannot unlock the session because the authentication system feiled to
> > work; you must kill kdesktop_lock (pid_of_process) manually"
> >
> > A local user can unlock the desktop without problems.
> >
> > Any idea about what may be causing this?
> > Here is may pam configuration for kcheckpass (/etc/pam.d/kcheckpass):
> > #%PAM-1.0
> > auth       sufficient  pam_timestamp.so
> > auth       include     system-auth
> > account    required    pam_nologin.so
> > account    include     system-auth
> > password   include     system-auth
> > session    include     system-auth
> > session    required    pam_loginuid.so
> > session    optional    pam_timestamp.so
> > session    optional    pam_selinux.so
> > session    optional    pam_console.so
> >
> > Also, /usr/bin/kcheckpass permisions are set as 4755.
> >
> > Thanks,
> >
> > Marcelo
>
> So the authentication to AD works? Can you post your
> /etc/pam.d/system-auth file as this is called by /etc/pam.d/kcheckpass.

Yes, authentication to AD is working well at login. Here's 
my /etc/pam.d/system-auth:
--------------------------------
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_krb5.so use_first_pass
auth        sufficient    pam_winbind.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass 
use_authtok
password    sufficient    pam_krb5.so use_authtok
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so

session     required      pam_limits.so
session     required      pam_unix.so
session     optional      pam_krb5.so
session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel 
umask=0027
--------------------------------

[]'s
Marcelo


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux