Unable to Unlock Account on Ubuntu 18.04 - "Account locked due to 50 failed logins"

linux ubuntu passwords login sudo

7,515

Solution 1

Nate:

I understand that you have the problem with user "user". You could use the pam_tally2 command:

$ -> whatis pam_tally2
pam_tally2 (8)       - The login counter (tallying) module

Try:

pam_tally2 --user=user --reset

You can check if the counter is reset with:

pam_tally2 --user=user

Solution 2

The reason is because, your login is locked by the pam module for exceeding the deny variable, generally set in /etc/pam.d/common-auth.

The methods you have tried would work, if the password or account were locked/expired in the /etc/shadow file instead.

I second @Adrian's answer here. Adding up to it

"pam_tally2 module is used to lock user accounts after certain number of failed ssh login attempts made to the system. This module keeps the count of attempted accesses and too many failed attempts."

To get the failure count, use.

sudo pam_tally2 --user=$USER

To reset the count to 0 and unlock your account

sudo pam_tally2 --user=$USER --reset

Source 1: Three ways to lock and unlock user account in Linux
Source 2: Use Pam_Tally2 to Lock and Unlock SSH Failed Login Attempts

7,515

Author by

Nate Houk

Updated on September 18, 2022

Comments

Nate Houk over 1 year
I have a user account on Ubuntu 18.04 which appears to be locked and cannot be unlocked.

If I try to use sudo, then I receive an error "incorrect password". I know that I am typing in the correct password.
```
user@server:/root$ sudo touch test
[sudo] password for user: 
Sorry, try again.
[sudo] password for user: 
```
If I switch to root and then try to login I receive an error that the account is locked due to too many failed password attempts.
```
+[root@server:~] 1 # login user
Account locked due to 49 failed logins
Password: 
```
I have tried to unlock the account with the following two commands:
```
+[root@server:~] 130 # passwd -u user
passwd: password expiry information changed.
+[root@server:~] # 
```
Here is the output of --status
```
+[root@server:~] 6 # passwd -S user
user P 06/15/2020 0 99999 7 -1
+[root@server:~] # 
```
I have also tried the following command to unlock:
```
+[root@server:~] # usermod -U user
+[root@server:~] # 
```
However I still receive the error when I use the login command:
```
+[root@server:~] # login user
Account locked due to 50 failed logins
Password: 

Login incorrect
server login: 
```
No matter how many times I try these unlock commands, I still am unable to use sudo or login with the login command.

It appears like my account is "locked" via another mechanism.

What am I doing wrong? How can I unlock this account?
- 0xC0000022L almost 4 years
  
  Hi and welcome to SuperUser. Could you add some more information? For example whether you use some sort of directory service. What PAMs are involved and if (plus what) is visible from log files such as auth.log?!
Nate Houk almost 4 years

This worked! Why is this so hidden, why is this not documented anywhere I could find... how was I supposed to know this? Is this common?
Adrián almost 4 years

Hi, Nate. When something happens once with pam, then the solution is close for experience. There is a lot information about pam as [ man7.org/linux/man-pages/man8/pam_tally2.8.html ]. Regards.