📖 ~1 min read
Table of contents
Symptom & Impact
SSH logins return account locked even after passwd reset.
Environment & Reproduction
Triggered by unsuccessful_login_count exceeding loginretries.
Root Cause Analysis
AIX user attributes block login while PAM still reports auth ok.
Quick Triage
Run lsuser -a account_locked unsuccessful_login_count user.
Step-by-Step Diagnosis
Check /etc/security/user stanza and recent /var/adm/sulog entries.
Solution – Primary Fix
Unlock with chuser account_locked=false unsuccessful_login_count=0 user.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Alternative: pwdadm -c user to clear the ADMCHG flag after reset.
Verification & Acceptance Criteria
Verify with lsuser user and a fresh ssh login that access works.
Rollback Plan
Document the change in /etc/security/audit/events for compliance.
Prevention & Hardening
Set loginretries reasonably (5) and pair with fail_delay tuning.
Related Errors & Cross-Refs
Related: AUDIT failures and 3004-501 messages in syslog.
Related tutorial: View the step-by-step tutorial for aix-7.1.
View all aix-7.1 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
IBM Docs: chuser, lsuser, and AIX login control attributes.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
