LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-04-2014, 03:25 AM   #1
tshepang
LQ Newbie
 
Registered: Mar 2012
Posts: 21

Rep: Reputation: Disabled
User account always get locked out


I am running RHEL 5.6 64 Bit

I get this error message in my secure logs

[root@flditmrs1 pam.d]# tail -f /var/log/secure
Feb 4 10:21:05 flditmrs1 sshd[24963]: pam_tally(sshd:auth): unknown option: no_magic_root
Feb 4 10:21:05 flditmrs1 sshd[24963]: pam_tally(sshd:auth): user cgi (29886) tally 595, deny 5
Feb 4 10:21:05 flditmrs1 sshd[24963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost.localdomain user=cgi
Feb 4 10:22:01 flditmrs1 crond[25190]: pam_tally(crond:account): option per_user allowed in auth phase only
Feb 4 10:22:01 flditmrs1 crond[25190]: pam_tally(crond:account): option deny=5 allowed in auth phase only
Feb 4 10:22:01 flditmrs1 crond[25190]: pam_tally(crond:account): unknown option: no_magic_root
Feb 4 10:22:01 flditmrs1 crond[25190]: pam_tally(crond:account): unknown option: reset
Feb 4 10:24:08 flditmrs1 sshd[25398]: pam_tally(sshd:auth): unknown option: no_magic_root
Feb 4 10:24:08 flditmrs1 sshd[25398]: pam_tally(sshd:auth): user cgi (29886) tally 596, deny 5
Feb 4 10:24:08 flditmrs1 sshd[25398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost.localdomain user=cgi




This is how my system-auth is set in pam.d


# lines inserted by Centrify Direct Control (CentrifyDC 5.0.2-388)
auth sufficient pam_centrifydc.so
auth requisite pam_centrifydc.so deny
account sufficient pam_centrifydc.so
account requisite pam_centrifydc.so deny
session required pam_centrifydc.so homedir
password sufficient pam_centrifydc.so try_first_pass
password requisite pam_centrifydc.so deny
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
#auth required pam_env.so
#auth sufficient pam_unix.so nullok try_first_pass
#auth requisite pam_succeed_if.so uid >= 500 quiet
#auth required pam_deny.so

#account required pam_unix.so
#account sufficient pam_succeed_if.so uid < 500 quiet
#account required pam_permit.so

#password requisite pam_cracklib.so try_first_pass retry=3
#password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
#password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 minclass=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow remember=12
password required /lib/security/$ISA/pam_deny.so
auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so deny=5 onerr=fail no_magic_root
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account required /lib/security/$ISA/pam_tally.so per_user deny=5 no_magic_root reset
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
"system-auth" 39L, 2121C 3,1 All

And our server are running centrify
 
Old 02-04-2014, 04:02 AM   #2
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 664

Rep: Reputation: 80
Quote:
account required /lib/security/$ISA/pam_tally.so per_user deny=5 no_magic_root reset
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
no quite sure but this looks like the one throwing those errors.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
New user first login attempt gets "Account locked. Maximum attempts reached" p3t0rt Linux - Newbie 2 07-21-2009 05:40 PM
Difference betwwen : Locked User Account & Disabled User Accounts in Linux ? avklinux Linux - Security 1 02-04-2009 03:30 PM
print user list, showing a locked user account?? royal024 Linux - Newbie 4 10-18-2008 11:57 AM
is it legitimate and allowed and can be done to make another user account set uid and gid to null 0 to make another root account with different name and possibly not damage the debian system creating and using that new account BenJoBoy Linux - Newbie 12 01-29-2006 11:02 AM
Locked-down user account lukeprog Ubuntu 6 01-28-2006 12:21 PM


All times are GMT -5. The time now is 08:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration