Re: [SunRay-Users] Screenlock unlocking does not work

Sun, 07 Feb 2010 21:07:26 -0800 

On 02/08/10 07:48, Martin Allert wrote:

Hello everybody,
I set up four RHEL 5.4 Tikanga SRSS 4.2 Server in a FOG, each server is a 32GB VM on two hexcore ESXi servers with appropriate disk space (56GB for each VM). Each ESXi server hosts two SRSS4.2 server. User authentication is done by a connected Active Directory server, for which I configured pam_nss_ldap to use some non-privileged user for the LDAP user lookups in the ADS. The ADS server is a 2k3 R2 with "Identity Management for Unix" installed. 

Logging in really works smooth.

Everything is fine, users are happy until they pull their cards, hit the
<Shift-BREAK> keystroke or wait for the idle session timeout. After the
screen has been locked, it is impossible to get in again, because although you enter the correct password, this grey screensaver window keeps telling me 
that my password is incorrect. And to terminate the session for myself,
I tried the old+<CTRL-ALT-3x DELETE> keystroke, but no avail, this keystroke
seems to be disabled with the new firmware.
From another session I can see in the web administration panel (server:1660) in the sessions tab, that I have plenty sessions, but there is no UNIX username associated to any session. Is this a hint to my problem? 

a) Is it possible to temporarily disable the screenlock for all users and if
how can I revert this, when everything will work as wanted?
Disable the RHA lock screen using utpolicy -D option / from Admin GUI policy page. 
b) Why does the screenlock not accept the correct passwords?

Smells like pam stack for "uthotdesk" needs to incorporate the use of
pam_nss_ldap?.

Thanks
P.S.M.Swamiji

Note: These are my personal opinions, nothing to do with my employer


If necessary, I will post the required configuration files from the RHEL
system for your better understanding of my setup. I looked into
/var/log/messages, but I saw no error message regarding pam. But maybe I am too blind to see the right messages. 

Yours sincerely,

Martin Allert
------------------------------------------------------------------------ 

_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users



_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users

Reply via email to