Can't unlock linux user account
I had this issue today. This was the fix.
pam_tally --user= --reset
Example
pam_tally --user=cyberninja --reset
I hope this helps someone.
I found this post looking for an answer to this exact question. I had the same error but on a SLES 11 SP2 server. My co-worker reset my password and tried to unlock my account with the command passwd -u
. One of my other co-workers said I needed clear account in PAM and gave me the command. Which I have posted above.
Update,
I now have a fix that keeps this from happening again. It seems that there are two PAM files that where in conflict. These files are; /etc/pam.d/login
and /etc/pam.d/sshd
. Both files have this line.
auth required pam_tally.so onerr=fail deny=3
You must commit out, this line from one of the files listed above. We commented the line out in the /etc/pam.d/sshd
file.
After you do this you should never have this issue again.
I have been facing the same issue today with one user account in a server running SUSE Linux Enterprise Server 11 SP2, even after resetting the password and changing the age to 0 (chage -d 0 userID)
[me@mordor ~]$ ssh frodo@mordor
Welcome to SUSE Linux Enterprise Server 11 SP2 (x86_64) - Kernel \r (\l).
Account locked due to 29 failed logins
Password:
Account locked due to 30 failed logins
Password:
With the same escenario described by @Jam in his original post. Nothing showing the account locked neither on "/etc/passwd" nor on "/etc/shadow". Commands such as "passwd -S -a | grep frodo" shown that the ID was not locked (LK)
me@mordor:~> sudo passwd -S -a | grep frodo
frodo PS 01/01/1970 1 90 7 180
Also "pam_tally2" show that the ID was NOT locked:
me@mordor:~> sudo /sbin/pam_tally2 --user frodo
Login Failures Latest failure From
frodo 0
But the problem was in fact with "pam_tally"
me@mordor:~> sudo /sbin/pam_tally --user frodo
User frodo (500) has 32
After unlocking the userID password, I was able to login with the new credentials and avoid the error message.
me@mordor:~> sudo /sbin/pam_tally --user frodo --reset
User frodo (500) had 32
me@mordor:~> sudo /sbin/pam_tally --user frodo
User frodo (500) has 0
Hope this helps someone else to avoid breaking his/her head as I did in the last hour or so... So to make a long story short be aware to check both "pam_tally" and "pam_tally2" when the account is locked in SuSE!!
Regards, Hernan.
You can type:
pam_tally2 -r -u user_name
to unlock the account.