UNIX Account getting Locked Everyday between same Time Frame
I am facing an Issue with a particular Unix Account ( ie a particular Userid) getting LOCKED everyday between 7:30am and 8:00am. The Password associated with this particular Account has been setup such that it should never Expire at all but it does LOCK the Account after more than 3 failed attempts.This is an AIX 5.3 Server.
I am not a Unix Admin but just an Application User.I am NOT aware of any jobs running on this Server during this time or running on other Servers trying to Connect to this Particular Server under this Unix Account.
Everyday i test this Account by loggin in at 7:30am and then 8:00am .At 7:30am it works fine but by 8:00am it gets locked.So somewhere in between it gets Locked. This has been happening since more than a Week and everyday i have to request my Security team to unlock the Account after 8:00am.Not exactly sure when this issue started.
In this Scenario , given the timeframe 7:30am and 8:00am between which the LOCK occurs, how do i go about Figuring out why this Account on this server is getting Locked? Will the Unix Admin be in a position to determine what is happening during this timeframe causing this LOCK?
I am not AIX fluent at all, but IBM always has something comparable to what other UNIX flavors have. Generally, there is always a system log and an su log (su usage) as well. Your sysadmin can look in those files to find the user (a user who tries to login and fails is the most likely candidate) that is locking the account with login failures. When an account is locked because of login fails, a message is usually written to a log.
The AIX guys can tell you exactly, but if your sysadmin does not know where to look (or if logfails monitoring is turned off) you have worse problems than a locked out account.
Thak you all for the responses above .I checked the file
Code:
/var/adm/authlog
on the server i am experiencing the LOCK issue .The server is xaayaas6.
Aug 9 07:45:00 xaayaas6 auth|security:info sshd[2928858]: Authentication refused: bad ownership or modes for file /home/test
Aug 9 07:45:00 xaayaas6 auth|security:info sshd[2719876]: Authentication refused: bad ownership or modes for file /home/test
Aug 9 07:45:00 xaayaas6 auth|security:info sshd[2719876]: Authentication refused: bad ownership or modes for file /home/test
Aug 9 07:45:00 xaayaas6 auth|security:info sshd[2928858]: Authentication refused: bad ownership or modes for file /home/test
Aug 9 07:45:00 xaayaas6 auth|security:info sshd[2928858]: Failed password for test from 176.67.780.234 port 33584 ssh2
Aug 9 07:45:00 xaayaas6 auth|security:info sshd[2719876]: Failed password for test from 176.67.780.234 port 33585 ssh2
Aug 9 07:45:00 xaayaas6 auth|security:info syslog: ssh: failed login attempt for test from 176.67.780.234
In the above Messages , test is the User Account which is getting LOCKED daily on the server xaayaas6. So what does the above messages mean? Any job trying to access the xaayaas6 from Server associated with IP : 176.67.780.234 (this is a valid server that i am aware of) ? How do i find this Job on the server asscoiated with IP : 176.67.780.234 ?
I am facing strange problem where after three failed login attempt user password must be locked. Actually what is happening, when I take the putty session of the server & enter user name on the prompt at the login prompt & then press enter to enter the password at this time when I checked the... (10 Replies)
Hi,
When I am trying to do ssh to a server it shows below error.
Key setup is all good and it used to work well few days back. Now suddenly I am getting this error.
ssh -i <private_key> <id>@<hostname>
Received disconnect from <hostname> Account is locked or login administratively... (1 Reply)
Hi
How do i list all locked account in my linux distributiion
I have tried
passwd -S -a
but it seems to not working .
My distribution details.
# lsb_release -a
LSB Version: :core-3.1-ia32:core-3.1-noarch:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: OracleVMserver... (3 Replies)
Hi,
Can someone help me in running a cronjob everyday between 7 and 8 pm with the time interval of 5 minutes in between to repeat that script. The script is so small and I need that to run daily between this time. Please if possible provide me the syntax for this logic.
Thanks. (4 Replies)
Hi,
I have enable Account lock for failed login attempts.
I have configured
1) /etc/security/policy.conf
2)/etc/default/login
To lock an account if it make multiple incorrect attempts to login to Solaris 10 server.
I can see the account gets locked in /etc/shadow.
I would like to... (1 Reply)
we have a user name "Test1" that account is alwyas locked out. The user has been used to many servers to ftp a file from the main server. i already increase the MaxStartups to 99. And still after how many days account will locked. (3 Replies)
I knew I had had seen this somewhere:Q: How can I re-enable my root account when I typed in my password wrong 3 times and the account got disabled?
A: When your HP-UX system is in the more secure "trusted system" mode, your account is automatically disabled after
you have entered your password... (0 Replies)
Hi all,
I've been using linux/unix now only for a couple of months and was doing ok until about 30 minutes ago...
I needed to reboot into my windows 2000 partition, so, in a terminal I typed:
shutdown -r now
which duly rebooted the PC for me. On getting to the OS selection screen I... (5 Replies)
I'am set the root account locked ON, using smitty, so I can't login or su with root user in my AIX system, some one can help me to unlock root account login ???,
sample :
:~>su
root's Password:
3004-301 Your account has been locked; please see the system administrator.
3004-501 Cannot su to... (1 Reply)
Hi Every one
I disable the root account entering wrong password for many time
How can I enable the root account
I am using Tru64 Unix V4.0G
Thank you (2 Replies)
08-09-2014
UNIX Account getting Locked Everyday between same Time Frame