Friday, June 12, 2015

Reset ADS/LDAP user from client end






Normaly we think if an ADS/LDAP user unable to login means , the problem is with ADS/LDAP server , Guess what it is not




Login counter is an just  an counter it counts number of logins failed it think, if we reset that counter to zero means we can able to login to the server via  that user

you may see following error in /var/log/messages

Jun 10 13:52:04 systemname lsass: [lsass] Failed to authenticate user (name = 'username') -> error = 40056, symbol = LW_ERROR_ACCOUNT_DISABLED, client pid = 31405
Jun 10 13:52:06 systemname sshd[31405]: Failed password for username from x.x.x.x port 1190 ssh2


If you’re root but is not managing to become a user with su, you also need to reset the login counter:



root@testsrv~ # su – username 
su: incorrect password

root@testsrv:~ # /sbin/pam_tally --user user1--reset
User user1 (672) had 34
(or)
 
root@testsrv:~ # /sbin/pam_tally2 --user user1--reset

root@testsrv:~ # su – username
user1@testsrv:~ $
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Task --> you need to create redis dbs, either single or multiple based on hiera data using puppet

Hi all, I know there is no post in past few weeks, sorry i was struck with my family issues and i got married recently . so come to our i...