Linux – Can’t unlock linux user account

linuxopensusepasswordsuser-accounts

I've got a Linux box (OpenSuSE 11.3) with a locked-out user account. I logged in as the root account to unlock it with passwd -u <user>, but I get a message 'Cannot unlock the password for <user>!'

I tried changing the password to something new via passwd, but attempting to log in with this new password still gives the 'account has been locked due to x failed attempts' error message.

passwd -S gives status flags of 'PS' for the account. I don't recognise 'S', but at any rate it's not showing either 'L' (locked) or 'NP' (no password). /etc/shadow doesn't contain any weird characters like ! at the front of the line for this account. Looking at it in this distro's management app (YaST) appears to show that it isn't locked (the 'disable account' button is unchecked).

Where else do I need to check to see how and why this account is refusing to unlock/login?

Best Answer

I had this issue today. This was the fix.

pam_tally --user= --reset

Example

pam_tally --user=cyberninja --reset

I hope this helps someone.

I found this post looking for an answer to this exact question. I had the same error but on a SLES 11 SP2 server. My co-worker reset my password and tried to unlock my account with the command passwd -u. One of my other co-workers said I needed clear account in PAM and gave me the command. Which I have posted above.

Update,

I now have a fix that keeps this from happening again. It seems that there are two PAM files that where in conflict. These files are; /etc/pam.d/login and /etc/pam.d/sshd. Both files have this line.

auth required pam_tally.so onerr=fail deny=3

You must commit out, this line from one of the files listed above. We commented the line out in the /etc/pam.d/sshd file.

After you do this you should never have this issue again.

Related Question