I'm trying to add a new dedicated, passwordless Ansible user to a small number of old SUSE 11 boxes, but I'm having problems unlocking the after creation. I initially thought this was because the distro didn't like having a user with no password set, but even after setting a temporary password for the user the system refuses to unlock the account.
Both the relevant switches on passwd and usermod both give me the same error:
[16:01:41] [root@dca-dns02:/var/log] $ passwd -u ans
Cannot unlock the password for `ans'!
This distro doesn't look to have a -f force option for unlocking the user.
I can see some movement in /var/log/messages relating to the user creation and password changes, but nothing seems to be being logged when I run either of the above commands:
Jul 25 15:30:05 dca-dns02 sshd[624]: Invalid user ans from 172.30.6.243
Jul 25 15:42:16 dca-dns02 useradd[860]: new account added - account=ans, uid=1009, gid=100, home=/home/ans, shell=/bin/bash, by=0
Jul 25 15:42:16 dca-dns02 useradd[860]: account added to group - account=ans, group=video, gid=33, by=0
Jul 25 15:42:16 dca-dns02 useradd[860]: account added to group - account=ans, group=dialout, gid=16, by=0
Jul 25 15:42:16 dca-dns02 useradd[860]: running USERADD_CMD command - script=/usr/sbin/useradd.local, account=ans, uid=1009, gid=100, home=/home/ans, by=0
Jul 25 15:47:27 dca-dns02 sshd[918]: User ans not allowed because account is locked
Jul 25 15:49:31 dca-dns02 passwd[935]: password changed - account=ans, uid=1009, by=0
Jul 25 15:51:57 dca-dns02 passwd[984]: password changed - account=ans, uid=1009, by=0
Jul 25 15:59:06 dca-dns02 passwd[1059]: password status displayed - account=ans, uid=1009, by=0
Jul 25 16:01:41 dca-dns02 passwd[1089]: password status displayed - account=ans, uid=1009, by=0
Jul 25 16:02:41 dca-dns02 passwd[1096]: password changed - account=ans, uid=1009, by=0
Jul 25 16:02:49 dca-dns02 passwd[1099]: password changed - account=ans, uid=1009, by=0
I can't find any other matches in any other files in /var/log using a recursive search.
I've also tried resetting the failed login count with pam_tally, but this doesn't seem to have made a difference. Interestingly I note that subsequent failed connection attempts using the SSH key aren't incrementing the PAM failed login tally either.
[16:18:55] [root@dca-dns02:/var/log] $ pam_tally --user ans
User ans (1009) has 0
Can anybody please suggest where to go next with regards to troubleshooting, I'm not certain where to take this next?
Thanks.
