Hi, Em Sexta 30 Junho 2006 11:48, Chris Bradford escreveu: > Marcelo Magno T. Sales wrote: > > Hi, > > > > My FC5 / KDE box is part of a Windows 2000 domain. I've configured it to > > authenticate login credentials against Active Directory and it's working > > well. However, when I lock the desktop (manually or via password > > protected screen saver), I can not unlock it if the logged in user is an > > Active Directory user. > > kdesktop_lock fails with the following message: > > "Cannot unlock the session because the authentication system feiled to > > work; you must kill kdesktop_lock (pid_of_process) manually" > > > > A local user can unlock the desktop without problems. > > > > Any idea about what may be causing this? > > Here is may pam configuration for kcheckpass (/etc/pam.d/kcheckpass): > > #%PAM-1.0 > > auth sufficient pam_timestamp.so > > auth include system-auth > > account required pam_nologin.so > > account include system-auth > > password include system-auth > > session include system-auth > > session required pam_loginuid.so > > session optional pam_timestamp.so > > session optional pam_selinux.so > > session optional pam_console.so > > > > Also, /usr/bin/kcheckpass permisions are set as 4755. > > > > Thanks, > > > > Marcelo > > So the authentication to AD works? Can you post your > /etc/pam.d/system-auth file as this is called by /etc/pam.d/kcheckpass. Yes, authentication to AD is working well at login. Here's my /etc/pam.d/system-auth: -------------------------------- #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so session optional pam_krb5.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0027 -------------------------------- []'s Marcelo
