In this Post I will tell about the issue I faced recently . A user was locked due to wrong password attempts .
Now the option to enable this user in linux was simply use the command
passwd -u user_name
But that gave error
l00lnx1001:/etc/pam.d # passwd -u vspadm
Cannot unlock the password for `vspadm'!
We tried to even reset the password with the passwd command .
l00lnx1001:/etc/pam.d # passwd vspadm
Changing password for vspadm.
New Password:
Reenter New Password:
Password changed.
Then tried to login but still the same error .
l00lnx1001:~ # ssh vspadm@0
The authenticity of host '0 (0.0.0.0)' can't be established.
RSA key fingerprint is 14:a8:9b:da:bd:f5:48:85:89:72:17:35:5f:d9:0b:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '0,0.0.0.0' (RSA) to the list of known hosts.
Password:
Account locked due to 21 failed logins
Password:
Account locked due to 22 failed logins
Password:
Account locked due to 23 failed logins
Permission denied (publickey,keyboard-interactive).
even tried to check the status of passwd / shadow files if any issue in that .
but that also did not gave any clue about this user
we also checked faillog but with no help .
though all other users were able to access their account very well .
l00lnx1001:~ # pwck
Checking `/etc/passwd'
User `pulse': directory `/var/lib/pulseaudio' does not exist.
User `suse-ncc': directory `/var/lib/YaST2/suse-ncc-fakehome' does not exist.
User `v759500': directory `/home/v759500' does not exist.
User `upm': directory `/home/upm' does not exist.
Checking `/etc/shadow'.
The key was found in the system logs /var/log/messages
Jun 28 14:03:12 l00lnx1001 passwd[66203]: password changed - account=vspadm, uid=1007, by=0
Jun 28 14:03:32 l00lnx1001 sshd[66234]: pam_tally2(sshd:auth): user vspadm (1007) tally 21, deny 6
Jun 28 14:03:36 l00lnx1001 sshd[66243]: pam_tally2(sshd:auth): user vspadm (1007) tally 22, deny 6
Jun 28 14:03:39 l00lnx1001 sshd[66252]: pam_tally2(sshd:auth): user vspadm (1007) tally 23, deny 6
So then I searched for pam_tally2 and that was the keystroke
l00lnx1001:/etc/pam.d # pam_tally2 -u vspadm
Login Failures Latest failure From
vspadm 23 06/28/13 14:03:39 localhost
l00lnx1001:/etc/pam.d # pam_tally2 -r -u vspadm
Login Failures Latest failure From
vspadm 23 06/28/13 14:03:39 localhost
l00lnx1001:/etc/pam.d # pam_tally2
Login Failures Latest failure From
root 12 06/28/13 12:43:16 10.106.66.6
upm 2 06/20/13 13:00:49 l00lnx1001.group.upm.com
vspmiadmin 11 06/21/13 16:47:29 193.24.70.199
l00lnx1001:/etc/pam.d # pam_tally2 -r
Login Failures Latest failure From
root 12 06/28/13 12:43:16 10.106.66.6
upm 2 06/20/13 13:00:49 l00lnx1001.group.upm.com
vspmiadmin 11 06/21/13 16:47:29 193.24.70.199
l00lnx1001:/etc/pam.d # pam_tally2
And after that the prolem was solved . and we were able to login to the system using that user .
l00lnx1001:/etc/pam.d # ssh vspadm@l00lnx1001
Password:
vspadm@l00lnx1001:~> id
uid=1007(vspadm) gid=100(users) groups=100(users),16(dialout),33(video)
That's It .
So if you got similar issue then you can use this as a reference ......
Happy learning ...
No comments:
Post a Comment