cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Unlocking user account

 

Unlocking user account

After unlocking user account using /usr/lbin/modprpw, user account automatically gets locked immediately. Below is the output :
/>/usr/lbin/getprpw -l dmadm
uid=108, bootpw=NO, audid=50, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Thu Jan 1 05:30:00 1970, upwchg=Thu Jan 1 05:30:00 1970, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Thu Jul 23 18:10:53 2009, ulogint=Thu Jul 23 20:11:03 2009, sloginy=tty, culogin=3, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0001000

Kindly let me know what will be the cause.
11 REPLIES 11
Trusted Contributor

Re: Unlocking user account

check lastb...


It could be a Configuration Issue...
Honored Contributor

Re: Unlocking user account

Hi,

If the output shows:

alock=NO and

lockout=0001000

then this means that the account was locked for exceeding the number of allowed unsuccessful login attempts.

Users has tried with wrong password more than the allowed time.
Best wishes,

Ganesh.
Honored Contributor

Re: Unlocking user account

lockout=0001000 = too many failed logins

most probably there is a person or application, trying to login with an automated script like construct, and can not succeed, reaching the limit of unsuccessful logins really fast, ending up locking the account.

as this happens, watch your syslog to see failed login attempts and try to stop this.
________________________________
UNIX because I majored in cryptology...
Esteemed Contributor

Re: Unlocking user account

Hi


lockout=0001000

It means to many failed login attempts.

Regards
Sunny
Valued Contributor

Re: Unlocking user account

Hi

Did u used /usr/lbin/modprpw -k dmadm ?

if not kindly use -k option.

Thanks

Re: Unlocking user account

i hv tried modprpw -k option, still it is locking the user account.

Anything to do with these two parameters ?
sloginy=tty, culogin=3
Valued Contributor

Re: Unlocking user account

Hi,

check is there any script for that particular user in crontab even it might try to login as the user with wrong password.
Honored Contributor

Re: Unlocking user account

Hi,

Check if any script/job using the account with password. If so stop the job and update with new password.

Or disable the "Unsuccessful Login Tries Allowed" option for that user.

SAM - Accounts for users and groups - users - select the user -> actions -> modify security policies ->General user account policies -> Unsuccessful Login Tries Allowed: select customize option and make it 0
Best wishes,

Ganesh.
Trusted Contributor

Re: Unlocking user account

Have you tried unlocking the account with the SAM. it will also tell you the reason for account unlocked.