Looks to me like it's because the PAM service "unity" (which runs the screensaver) isn't listed in the `ad_gpo_map_interactive` option in sssd.conf. This list should have distro-specific defaults (since different distributions use different PAM service names)
The fix should be to add unity to the default set (and the manpage), but anyone experiencing this issue right now should be able to add the following to their [domain/DOMAINNAME] section of sssd.conf to work around it: ``` ad_gpo_map_interactive = +unity ``` I suppose this might not be an unreasonable default to add upstream as well, so I just sent a patch there. I'd recommend that the maintainers of this package in Ubuntu and Debian should carefully examine which PAM services are available (including in variants like Kubuntu and Xubuntu) and add them to the defaults downstream. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1578415 Title: Lockscreen access denied (AD auth via sssd) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1578415/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
