🟑 Medium   ⏱ 5–30 min  Last verified: 20 May 2026

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Legitimate users are locked out quickly, increasing helpdesk load and incident response time.

Environment & Reproduction

Ubuntu 24.04 systems with hardened PAM profiles and mixed local/remote authentication flows.

Root Cause Analysis

faillock deny and unlock_time values are too strict for real-world typo rates.

Quick Triage

Check current lock state and applicable PAM faillock policy values.

sudo faillock --user alice; grep -R faillock /etc/pam.d /etc/security

Step-by-Step Diagnosis

Review authentication logs to distinguish brute-force attempts from normal user mistakes.

sudo journalctl -u ssh --since '6 hours ago' | grep -E 'Failed password|authentication failure'
Illustrative mockup for ubuntu-24-04-lts β€” pam_faillock_problem
User accounts repeatedly locked by strict failed login thresholds β€” Illustrative mockup β€” Progressive Robot

Solution – Primary Fix

Tune deny and unlock_time thresholds, then reset impacted user lock records.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

sudoedit /etc/security/faillock.conf && sudo faillock --user alice --reset
Illustrative mockup for ubuntu-24-04-lts β€” pam_faillock_fix_success
Adjusted faillock policy and unlock behavior validated β€” Illustrative mockup β€” Progressive Robot

Solution – Alternative Approaches

Use MFA and source IP controls to reduce reliance on severe lockout settings.

Verification & Acceptance Criteria

Normal typo behavior no longer causes excessive lockouts while brute-force attempts are still blocked.

Rollback Plan

Restore previous faillock.conf baseline if policy weakening violates security requirements.

Prevention & Hardening

Model lockout policy from observed auth telemetry instead of static defaults.

Related to SSH auth method changes and account expiration policy misconfiguration.

Related tutorial: View the step-by-step tutorial for Ubuntu 24.04 LTS.

View all Ubuntu 24.04 LTS tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

PAM faillock docs and Ubuntu authentication hardening references.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.