Online Expert Day - HPE Data Storage - Live Now
April 24/25 - Online Expert Day - HPE Data Storage - Live Now
Read more
cancel
Showing results for 
Search instead for 
Did you mean: 

Unlocking user account

Unlocking user account

After unlocking user account using /usr/lbin/modprpw, user account automatically gets locked immediately. Below is the output :
/>/usr/lbin/getprpw -l dmadm
uid=108, bootpw=NO, audid=50, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Thu Jan 1 05:30:00 1970, upwchg=Thu Jan 1 05:30:00 1970, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Thu Jul 23 18:10:53 2009, ulogint=Thu Jul 23 20:11:03 2009, sloginy=tty, culogin=3, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0001000

Kindly let me know what will be the cause.
11 REPLIES
Grayh
Trusted Contributor

Re: Unlocking user account

check lastb...


It could be a Configuration Issue...
Ganesan R
Honored Contributor

Re: Unlocking user account

Hi,

If the output shows:

alock=NO and

lockout=0001000

then this means that the account was locked for exceeding the number of allowed unsuccessful login attempts.

Users has tried with wrong password more than the allowed time.
Best wishes,

Ganesh.
Mel Burslan
Honored Contributor

Re: Unlocking user account

lockout=0001000 = too many failed logins

most probably there is a person or application, trying to login with an automated script like construct, and can not succeed, reaching the limit of unsuccessful logins really fast, ending up locking the account.

as this happens, watch your syslog to see failed login attempts and try to stop this.
________________________________
UNIX because I majored in cryptology...
Sunny123_1
Esteemed Contributor

Re: Unlocking user account

Hi


lockout=0001000

It means to many failed login attempts.

Regards
Sunny
saravanan08
Valued Contributor

Re: Unlocking user account

Hi

Did u used /usr/lbin/modprpw -k dmadm ?

if not kindly use -k option.

Thanks

Re: Unlocking user account

i hv tried modprpw -k option, still it is locking the user account.

Anything to do with these two parameters ?
sloginy=tty, culogin=3
saravanan08
Valued Contributor

Re: Unlocking user account

Hi,

check is there any script for that particular user in crontab even it might try to login as the user with wrong password.
Ganesan R
Honored Contributor

Re: Unlocking user account

Hi,

Check if any script/job using the account with password. If so stop the job and update with new password.

Or disable the "Unsuccessful Login Tries Allowed" option for that user.

SAM - Accounts for users and groups - users - select the user -> actions -> modify security policies ->General user account policies -> Unsuccessful Login Tries Allowed: select customize option and make it 0
Best wishes,

Ganesh.
Vishu
Trusted Contributor

Re: Unlocking user account

Have you tried unlocking the account with the SAM. it will also tell you the reason for account unlocked.

Re: Unlocking user account

Dear All,

Thanks for valuable help, this case was occured due to automated script in application which was using old password.

Mel Burslan
Honored Contributor

Re: Unlocking user account

Could you please kindly assign points to the answers given you on this thread and the others as well, found here:

https://forums13.itrc.hp.com/service/forums/pageList.do?userId=CA1384279&listType=unassigned&forumId=1

It will help make theorums a better place.
________________________________
UNIX because I majored in cryptology...