Главная » Linux

Linux account locked due to failed login

На чтение 6 мин Просмотров 1 Опубликовано
Содержание
  1. How to Lock and Unlock User Accounts in Linux
  2. How to Lock and Unlock User Accounts in Linux
  3. Can’t unlock linux user account
  4. 6 Answers 6

How to Lock and Unlock User Accounts in Linux

Use ‘/etc/pam.d/password-auth‘ configuration file to configure login attempts accesses. Open this file and add the following AUTH configuration line to it at beginning of the ‘auth‘ section.

auth required pam_tally2.so file=/var/log/tallylog deny=3 even_deny_root unlock_time=1200

Next, add the following line to ‘account‘ section.

account required pam_tally2.so

  1. file=/var/log/tallylog – Default log file is used to keep login counts.
  2. deny=3 – Deny access after 3 attempts and lock down user.
  3. even_deny_root – Policy is also apply to root user.
  4. unlock_time=1200 – Account will be locked till 20 Min. (remove this parameters if you want to lock down permanently till manually unlock.)

Once you’ve done with above configuration, now try to attempt 3 failed login attempts to server using any ‘username‘. After you made more than 3 attempts you will get the following message.

[root@tecmint ~]# ssh tecmint@172.16.25.126

Permission denied, please try again.

Permission denied, please try again.

Account locked due to 4 failed logins

Account locked due to 5 failed logins

Last login: Mon Apr 22 21:21:06 2013 from 172.16.16.52

Now, verify or check the counter that user attempts with the following command.

[root@tecmint ~]# pam_tally2 –user=tecmint

Login Failures Latest failure From

tecmint 5 04/22/13 21:22:37 172.16.16.52

How to reset or unlock the user account to enable access again.

[root@tecmint pam.d]# pam_tally2 –user=tecmint –reset

Login Failures Latest failure From

Читайте также:  Linux daemon как запустить

tecmint 5 04/22/13 17:10:42 172.16.16.52

Verify login attempt is reset or unlocked

[root@tecmint pam.d]# pam_tally2 –user=tecmint

Login Failures Latest failure From

The PAM module is part of all Linux distribution and configuration provided about should work on all Linux distribution. Do ‘man pam_tally2‘ from the command line to know more about it.

Источник

How to Lock and Unlock User Accounts in Linux

Use ‘/etc/pam.d/password-auth‘ configuration file to configure login attempts accesses. Open this file and add the following AUTH configuration line to it at beginning of the ‘auth‘ section.

auth required pam_tally2.so file=/var/log/tallylog deny=3 even_deny_root unlock_time=1200

Next, add the following line to ‘account‘ section.

account required pam_tally2.so

  1. file=/var/log/tallylog – Default log file is used to keep login counts.
  2. deny=3 – Deny access after 3 attempts and lock down user.
  3. even_deny_root – Policy is also apply to root user.
  4. unlock_time=1200 – Account will be locked till 20 Min. (remove this parameters if you want to lock down permanently till manually unlock.)

Once you’ve done with above configuration, now try to attempt 3 failed login attempts to server using any ‘username‘. After you made more than 3 attempts you will get the following message.

[root@tecmint ~]# ssh tecmint@172.16.25.126

Permission denied, please try again.

Permission denied, please try again.

Account locked due to 4 failed logins

Account locked due to 5 failed logins

Last login: Mon Apr 22 21:21:06 2013 from 172.16.16.52

Now, verify or check the counter that user attempts with the following command.

[root@tecmint ~]# pam_tally2 –user=tecmint

Читайте также:  Сбросить настройки пользователя linux

Login Failures Latest failure From

tecmint 5 04/22/13 21:22:37 172.16.16.52

How to reset or unlock the user account to enable access again.

[root@tecmint pam.d]# pam_tally2 –user=tecmint –reset

Login Failures Latest failure From

tecmint 5 04/22/13 17:10:42 172.16.16.52

Verify login attempt is reset or unlocked

[root@tecmint pam.d]# pam_tally2 –user=tecmint

Login Failures Latest failure From

The PAM module is part of all Linux distribution and configuration provided about should work on all Linux distribution. Do ‘man pam_tally2‘ from the command line to know more about it.

Источник

Can’t unlock linux user account

I’ve got a Linux box (OpenSuSE 11.3) with a locked-out user account. I logged in as the root account to unlock it with passwd -u , but I get a message ‘Cannot unlock the password for !’ I tried changing the password to something new via passwd , but attempting to log in with this new password still gives the ‘account has been locked due to x failed attempts’ error message. passwd -S gives status flags of ‘PS’ for the account. I don’t recognise ‘S’, but at any rate it’s not showing either ‘L’ (locked) or ‘NP’ (no password). /etc/shadow doesn’t contain any weird characters like ! at the front of the line for this account. Looking at it in this distro’s management app (YaST) appears to show that it isn’t locked (the ‘disable account’ button is unchecked). Where else do I need to check to see how and why this account is refusing to unlock/login?

6 Answers 6

I had this issue today. This was the fix.

pam_tally --user=cyberninja --reset

I hope this helps someone.

Читайте также:  Linux для сетевой загрузки

I found this post looking for an answer to this exact question. I had the same error but on a SLES 11 SP2 server. My co-worker reset my password and tried to unlock my account with the command passwd -u . One of my other co-workers said I needed clear account in PAM and gave me the command. Which I have posted above.

I now have a fix that keeps this from happening again. It seems that there are two PAM files that where in conflict. These files are; /etc/pam.d/login and /etc/pam.d/sshd . Both files have this line.

auth required pam_tally.so onerr=fail deny=3

You must commit out, this line from one of the files listed above. We commented the line out in the /etc/pam.d/sshd file.

After you do this you should never have this issue again.

Источник

Оцените статью
© 2023 Posetke
Adblock
detector