HPE Community
Operating System - HP-UX
1751966 Members
4439 Online
108783 Solutions
New Discussion юеВ

Unlocking user account

 
Corporate Unix01
Advisor

тАО07-23-2009 06:57 AM

тАО07-23-2009 06:57 AM

Unlocking user account

After unlocking user account using /usr/lbin/modprpw, user account automatically gets locked immediately. Below is the output :
/>/usr/lbin/getprpw -l dmadm
uid=108, bootpw=NO, audid=50, audflg=1, mintm=-1, maxpwln=-1, exptm=-1, lftm=-1, spwchg=Thu Jan 1 05:30:00 1970, upwchg=Thu Jan 1 05:30:00 1970, acctexp=-1, llog=-1, expwarn=-1, usrpick=DFT, syspnpw=DFT, rstrpw=DFT, nullpw=DFT, admnum=-1, syschpw=DFT, sysltpw=DFT, timeod=-1, slogint=Thu Jul 23 18:10:53 2009, ulogint=Thu Jul 23 20:11:03 2009, sloginy=tty, culogin=3, uloginy=-1, umaxlntr=-1, alock=NO, lockout=0001000

Kindly let me know what will be the cause.
0 Kudos
Reply
11 REPLIES 11
Grayh
Trusted Contributor

тАО07-23-2009 07:09 AM

тАО07-23-2009 07:09 AM

Re: Unlocking user account

check lastb...


It could be a Configuration Issue...
0 Kudos
Reply
Ganesan R
Honored Contributor

тАО07-23-2009 07:11 AM

тАО07-23-2009 07:11 AM

Re: Unlocking user account

Hi,

If the output shows:

alock=NO and

lockout=0001000

then this means that the account was locked for exceeding the number of allowed unsuccessful login attempts.

Users has tried with wrong password more than the allowed time.
Best wishes,

Ganesh.
Reply
Mel Burslan
Honored Contributor

тАО07-23-2009 07:13 AM

тАО07-23-2009 07:13 AM

Re: Unlocking user account

lockout=0001000 = too many failed logins

most probably there is a person or application, trying to login with an automated script like construct, and can not succeed, reaching the limit of unsuccessful logins really fast, ending up locking the account.

as this happens, watch your syslog to see failed login attempts and try to stop this.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Sunny123_1
Esteemed Contributor

тАО07-23-2009 07:15 AM

тАО07-23-2009 07:15 AM

Re: Unlocking user account

Hi


lockout=0001000

It means to many failed login attempts.

Regards
Sunny
0 Kudos
Reply
saravanan08
Valued Contributor

тАО07-23-2009 07:16 AM

тАО07-23-2009 07:16 AM

Re: Unlocking user account

Hi

Did u used /usr/lbin/modprpw -k dmadm ?

if not kindly use -k option.

Thanks
0 Kudos
Reply
Corporate Unix01
Advisor

тАО07-23-2009 07:38 AM

тАО07-23-2009 07:38 AM

Re: Unlocking user account

i hv tried modprpw -k option, still it is locking the user account.

Anything to do with these two parameters ?
sloginy=tty, culogin=3
0 Kudos
Reply
saravanan08
Valued Contributor

тАО07-23-2009 07:45 AM

тАО07-23-2009 07:45 AM

Re: Unlocking user account

Hi,

check is there any script for that particular user in crontab even it might try to login as the user with wrong password.
0 Kudos
Reply
Ganesan R
Honored Contributor

тАО07-23-2009 07:52 AM

тАО07-23-2009 07:52 AM

Re: Unlocking user account

Hi,

Check if any script/job using the account with password. If so stop the job and update with new password.

Or disable the "Unsuccessful Login Tries Allowed" option for that user.

SAM - Accounts for users and groups - users - select the user -> actions -> modify security policies ->General user account policies -> Unsuccessful Login Tries Allowed: select customize option and make it 0
Best wishes,

Ganesh.
0 Kudos
Reply
Vishu
Trusted Contributor

тАО07-23-2009 07:59 AM

тАО07-23-2009 07:59 AM

Re: Unlocking user account

Have you tried unlocking the account with the SAM. it will also tell you the reason for account unlocked.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.