Russell Myers wrote:
Sorry to hear that John, but I don't think this is a fix for your situation. From your previous post it sounds like your using solely Open Directory accounts to log into your computers. Open directory accounts should be able to unlock without modification to the etc/auth file. Can you provide more detail to your specific setup and issues, perhaps we can figure it out.
Rusty
The user has a MacBook running Mac OS X 10.5.6. They are using a 'mobile' account, i.e. one that was created at first login to their Open Directory account. The account details are therefore synchronised to the Open Directory account. (I am not synchronising the contents of their home-directory.)
The server was a Xeon Xserve running Mac OS X 10.5.5 at the time the mobile account was created but has now been upgraded to 10.5.6.
When in the office the MacBook can (obviously) contact the server and the user has no problems waking the screensaver password. When at home they do not have a link to the Open Directory server and typically attempts to wake the screensaver fail (I believe if you keep trying it might eventually succeed).
A local administrator account on the same MacBook can wake the screensaver when this happens but I cannot give admin level passwords/accounts to ordinary users.
I have not tried creating the user with a
local 'ordinary' user level account as that does not fit with our environment. This is a good point, I suspect it would work, not that that helps much. As a different aspect a local 'ordinary' account would not be able to unlock the screensaver of the mobile user account (unlike a local admin level account).
When in the office everything works fine including Kerberos logins. When the screensaver is not locked the user remotely has no problems. Rebooting (forcible in these cases) does let the user login to the MacBook using the same account even when remote from the office.