Normaly we think if an ADS/LDAP user unable to login means , the problem is with ADS/LDAP server , Guess what it is not
Login counter is an just an counter it counts number of logins failed it think, if we reset that counter to zero means we can able to login to the server via that user
you may see following error in /var/log/messages
Jun 10 13:52:04 systemname lsass: [lsass] Failed to authenticate user (name = 'username') -> error = 40056, symbol = LW_ERROR_ACCOUNT_DISABLED, client pid = 31405
Jun 10 13:52:06 systemname sshd[31405]: Failed password for username from x.x.x.x port 1190 ssh2
If you’re root but is not managing to become a user with su, you also need to reset the login counter:
root@testsrv~ # su – username
su: incorrect password
root@testsrv:~ # /sbin/pam_tally --user user1--reset
User user1 (672) had 34
(or)
root@testsrv:~ # /sbin/pam_tally2 --user user1--reset
root@testsrv:~ # su – username
user1@testsrv:~ $
No comments:
Post a Comment