In my experience, if it is limits on attempts, it is a pam issue, and it happens based on the way you have pam set up to monitor & failed logins. To check:
pam_tally2 -u username
If the user has exceeded the number of failed login attempts as configured in PAM, they will not be allowed to login. You can correct this with:
pam_tally2 -u username --reset
However, if will be well worth your time to find out WHY users have to many failed logins. Do you have someone trying to compromise your system(s)? Do you have an insider trying to login as other users to do damage that gets blamed on someone else? It will happen from time to time to everyone, but if you are having this issue with all users across your project, I would do some HEAVY investigation!!!