SSSD authentication error using correct password

[jeffrey.milam]

I am using SSSD integrated with Active Directory on my CentOS 7 systems. Everything usually works as expected. However, in some random cases, I have authentication issues after the screen saver is enabled. For instance, I have user1 logged in and the screen saver activates and then the screen goes to sleep. After waking the screen and typing the correct password on the screensaver, I get an authentication error. I then tried logging in with user1 on the console mode (CNTL+ALT+F2) but it failed as well. I also tried ssh from another system and it failed. However, I can log into the system with any other AD user. Also, I can log into to my other computers with the user1 account so this shows that it isn't an Active Directory or password problem. I am running sssd in debug mode 9 and have compared the logs of when user1 logs in and when another AD user logs in. I didn't find a lot of differences, but any difference that I did find was not telling of the issue. In the /var/log/secure file, I see that when I try to log in to the lock screen, I get

"Mar 22 11:32:19 wkcos083 gdm-password]: pam_unix(gdm-password:auth): authentication failure; logname = uid=0 euid=0 tty = ruser= rhost= user=user1"
"Mar 22 11:32:19 wkcos083 gdm-password]: pam_sss(gdm-password:auth): authentication success; logname = uid=0 euid=0 tty = ruser= rhost= user=user1"

This tells me it tried to look for a local user1 and it failed and then when it tried with sssd, it succeeded. Something is stopping it from logging in. After I reboot the computer, user1 can log into the computer without any problem. I would like to resolve this and not have to reboot every time this happens since we are in the middle of application testing on the system. Any help would be appreciated.

[jeffrey.milam]

Solved.... I was implementing faillock with the pam.d/system-auth-ac. Even though the AD account was not locked, faillock locked out the account on the local system.