Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1357: screensaver failed to unlock

Auditing and Monitoring Service ,   Authentication Service ,   Mac & PC Management Service ,  

12 April,16 at 11:02 AM

Applies to: DirectControl 4.4 EA on Mac

Problem:

If you have the system set to password lock at screen saver you can not unlock it with AD credentials.

Cause:
The reason is that unlocking screen saver is now done via PAM. There is a /etc/pam.d/screensaver file. 
Unfortunately, Apple does not pass in PAM_CONV structure so adclient does not get a chance to fill in AD user password, thus PAM
authenticates the user with an empty password which results in pre-authentication error.
Workaround:

Login with local administrator account, bring up terminal and execute the below commands:
sudo mv /etc/pam.d/screensaver /etc/pam.d/screensaver.cdc
sudo cp /etc/pam.d/screensaver.pre_cdc /etc/pam.d/screensaver
Resolution:

Fixed in DirectControl 4.4

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-1629: AD user fails to unlock gnome-screensaver articleKB-7415: Unable to unlock screen with Smart Card on RHEL 7.3 and lower articleKB-6227: How to delegate permissions to unlock Active Directory accounts articleKB-8787: MFA compatibility issues with Linux GUI desktop articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-10010: FileVault2 fails to initiate for macOS 10.13.x High Sierra systems using Centrify Group Policy and/or cannot add a mobile account as a FileVault unlocker account articleKB-8378: Can a Mac screensaver can be unlocked by any Admin? articleKB-2772: After unlocking from RedHat screensaver, Centrify does not refresh Kerberos cache articleKB-2662: GNOME 2.16 screensaver cannot be unlocked with an expired password