I've got a Linux box (OpenSuSE 11.3) with a locked-out user account. I logged in as the root account to unlock it with passwd -u <user>
, but I get a message 'Cannot unlock the password for <user>!'
I tried changing the password to something new via passwd
, but attempting to log in with this new password still gives the 'account has been locked due to x failed attempts' error message.
passwd -S
gives status flags of 'PS' for the account. I don't recognise 'S', but at any rate it's not showing either 'L' (locked) or 'NP' (no password). /etc/shadow
doesn't contain any weird characters like !
at the front of the line for this account. Looking at it in this distro's management app (YaST) appears to show that it isn't locked (the 'disable account' button is unchecked).
Where else do I need to check to see how and why this account is refusing to unlock/login?
Best Answer
I had this issue today. This was the fix.
pam_tally --user= --reset
Example
I hope this helps someone.
I found this post looking for an answer to this exact question. I had the same error but on a SLES 11 SP2 server. My co-worker reset my password and tried to unlock my account with the command
passwd -u
. One of my other co-workers said I needed clear account in PAM and gave me the command. Which I have posted above.Update,
I now have a fix that keeps this from happening again. It seems that there are two PAM files that where in conflict. These files are;
/etc/pam.d/login
and/etc/pam.d/sshd
. Both files have this line.You must commit out, this line from one of the files listed above. We commented the line out in the
/etc/pam.d/sshd
file.After you do this you should never have this issue again.