When using winbind, Active Directory user is getting locked after single authentication failure on Red Hat Enterprise Linux 6.

Solution Verified - Updated -

Issue

  • AD user is getting locked even after single attempt on RHEL 6 system. However, as per AD policy user should locked out after 3 unsuccessful attempt.
  • When using winbind, Active Directory user is getting locked after single authentication failure on Red Hat Enterprise Linux 6.
    For eg:
Nov 26 12:06:59 client sshd[21357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x  user=aduser
Nov 26 12:06:59 client sshd[21357]: pam_winbind(sshd:auth): getting password (0x00000210)
Nov 26 12:06:59 client sshd[21357]: pam_winbind(sshd:auth): pam_get_item returned a password
Nov 26 12:06:59 client sshd[21357]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7), NTSTATUS: NT_STATUS_WRONG_PASSWORD, Error message was: Wrong Password
Nov 26 12:06:59 client sshd[21357]: pam_winbind(sshd:auth): user 'aduser' denied access (incorrect password or invalid membership)
Nov 26 12:07:01 client sshd[21357]: Failed password for aduser from x.x.x.x port 53862 ssh2
Nov 26 12:07:09 client sshd[21357]: pam_winbind(sshd:auth): getting password (0x00000210)
Nov 26 12:07:09 client sshd[21357]: pam_winbind(sshd:auth): pam_get_item returned a password
Nov 26 12:07:09 client sshd[21357]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_MAXTRIES (11), NTSTATUS: NT_STATUS_ACCOUNT_LOCKED_OUT, Error message was: Account locked out
Nov 26 12:07:09 client sshd[21357]: pam_winbind(sshd:auth): internal module error (retval = PAM_MAXTRIES(11), user = 'aduser')
Nov 26 12:07:11 client sshd[21357]: Failed password for aduser from x.x.x.x port 53862 ssh2

Environment

  • Red Hat Enterprise Linux 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In