Security
cancel
Showing results for 
Search instead for 
Did you mean: 

User account disabled with enhanced security(c2)

SOLVED
Go to solution
Peter Leddy_1
Esteemed Contributor

User account disabled with enhanced security(c2)

Hi,

I know this can be enabled again with the GUI(have just done it) but can anyone tell me if it can be completed from the command line?

Thanks

Peter
11 REPLIES
Megyes András
Occasional Advisor

Re: User account disabled with enhanced security(c2)

usermod -x administrative_lock_applied=0 "User account"
Peter Leddy_1
Esteemed Contributor

Re: User account disabled with enhanced security(c2)

Thanks but I tried that and it didn't work. In dxaccounts it gives two options - 1st to lock/unlock account and 2nd to enable/disable account, hence the command to unlock doesn't enable it and that is what I am looking for.
rachel_11
Advisor
Solution

Re: User account disabled with enhanced security(c2)

Hello Peter,

in c2, you can run
edauth -g user > file
edit the file and change the lock to be
u_lock@

then
edauth -s < file

should unlock the user

Regards
Stuart Green
Frequent Advisor

Re: User account disabled with enhanced security(c2)

Several factors can produce account disable
» Administrative lock (â u_lockâ present in profile)
» User on vacation (defined by u_vacation)
» Password lifetime exceeded
Time of last successful password change (u_succhg) is more than seconds in the past
» Account inactive too long
Last successful login (u_suclog) is more than seconds in the past
» Too many login failures
Number of failures (u_numunsuclog) equals or exceeds maximum number of login attempts (u_maxtries)
# edauth -g
review the u_numunsuclog value then compare with the u_maxtries value; if none present then check the default policy
# edauth -dd default
Automatic reset after
Ann Majeske
Honored Contributor

Re: User account disabled with enhanced security(c2)

usermod -x grace_limit=1
will bypass most of the disabling conditions
for one day. This allows the user to log in
and clear the disabling condition.

Re: User account disabled with enhanced security(c2)

Ann's response (as I write this, it should be the one just before mine) is quite apropos, but you might find my re-enable tool handy for dealing with such things as well. See http://users.rcn.com/spiderb/sec/re-enable.ksh.txt for the file. It allows dealing with grace limits on a more granular basis, and for multiple users at once.
Ralf Puchner
Honored Contributor

Re: User account disabled with enhanced security(c2)

Spider,

it seems you have written a tool for every management task available. Why not using the "onboard" commands?
Help() { FirstReadManual(urgently); Go_to_it;; }
Joris Denayer
Respected Contributor

Re: User account disabled with enhanced security(c2)

Hi Spider,

I say: "waw, you have great tools on board, man"
It is great news for this forum that you, Ann and Paul share your (security, ssh, etc...)knowledge with us.

Rgrds

Joris
To err is human, but to really faul things up requires a computer

Re: User account disabled with enhanced security(c2)

Joris, thanks!

Ralf, I'm not sure what you mean. Perhaps you mean the lack of support for usermod in my tools? If so, it's because [1] usermod doesn't work on multiple accounts at once, which I usually need in operation, and [2] most of my tools were written before usermod and its kin had working support for things like the grace limit. Also, I do a lot of system management remotely, and GUIs are a non-starter. My tools do use things which come with the OS, such as perl and edauth.
Basically, I use components which I maintain or otherwise have reason to trust to work the way I want them to, when I want them to.
Premjith Nair_1
Occasional Visitor

Re: User account disabled with enhanced security(c2)

I have a Perl Script used for multiple User maintenance tasks.
Peter Leddy_1
Esteemed Contributor

Re: User account disabled with enhanced security(c2)

Thanks to all who replied. Ann's response worked like a treat.

Peter