When using winbind, Active Directory user is getting locked after single authentication failure on Red Hat Enterprise Linux 6.
Issue
- AD user is getting locked even after single attempt on RHEL 6 system. However, as per AD policy user should locked out after 3 unsuccessful attempt.
- When using
winbind
, Active Directory user is getting locked after single authentication failure on Red Hat Enterprise Linux 6.
For eg:
Nov 26 12:06:59 client sshd[21357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=aduser
Nov 26 12:06:59 client sshd[21357]: pam_winbind(sshd:auth): getting password (0x00000210)
Nov 26 12:06:59 client sshd[21357]: pam_winbind(sshd:auth): pam_get_item returned a password
Nov 26 12:06:59 client sshd[21357]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7), NTSTATUS: NT_STATUS_WRONG_PASSWORD, Error message was: Wrong Password
Nov 26 12:06:59 client sshd[21357]: pam_winbind(sshd:auth): user 'aduser' denied access (incorrect password or invalid membership)
Nov 26 12:07:01 client sshd[21357]: Failed password for aduser from x.x.x.x port 53862 ssh2
Nov 26 12:07:09 client sshd[21357]: pam_winbind(sshd:auth): getting password (0x00000210)
Nov 26 12:07:09 client sshd[21357]: pam_winbind(sshd:auth): pam_get_item returned a password
Nov 26 12:07:09 client sshd[21357]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_MAXTRIES (11), NTSTATUS: NT_STATUS_ACCOUNT_LOCKED_OUT, Error message was: Account locked out
Nov 26 12:07:09 client sshd[21357]: pam_winbind(sshd:auth): internal module error (retval = PAM_MAXTRIES(11), user = 'aduser')
Nov 26 12:07:11 client sshd[21357]: Failed password for aduser from x.x.x.x port 53862 ssh2
Environment
- Red Hat Enterprise Linux 6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.