Good afternoon,
Encountering a strange issue. We have winbind running on all of our linux vm’s. The first four logons to different servers work fine, there are no fat finger errors entering the password, the user windows domain account from the windows perspective has no failed logins. When we logon to a fifth server for no reason that we can see the user domain is account is locked and requires one of our windows admins to unlock the account. Has anyone seen this before?
Here is our system-auth file
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_winbind.so try_first_pass
auth sufficient pam_unix.so nullok use_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_tally2.so deny=5 onerr=fail unlock_time=300
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_access.so
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so
password requisite pam_cracklib.so retry=5 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=5
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_oddjob_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_winbind.so
Here is the error message were seeing:
pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_MAXTRIES (11), NTSTATUS: NT_STATUS_ACCOUNT_LOCKED_OUT, Error message was: Account locked out
Thank you for any all input
Norm
Active Directory accounts locked out after four successive l
-
jscarville
- Posts: 135
- Joined: 2014/06/17 21:50:37
Re: Active Directory accounts locked out after four successi
Are you using LimitLogin (or a similar tool) to limit concurrent logins?