How to unlock a user account

This is something that will happen again and again... Especially if your users don't know how to type properly on a computer keyboard, despite being MBAs or PHDs... (especially MBAs for some kind of reason) ;-)

Several possibilities open up. Try to work your way down the list and see if any helps... Please note that it may be necessary to try several different things before an account is unlocked for good. If the account is not unlocked with the first set of solutions, do try the other suggestions here.

Let us say our user "Harry" just locked his account. Therefore, just replace "Harry" by the name of the account you are trying to unlock.

3004-303 error message

Harry gets the following message:

3004-303 There have been too many unsuccessful login attempts; please see
the system administrator.

Try the following command:

chsec -f /etc/security/lastlog -a "unsuccessful_login_count=0" -s Harry

Then the following command:

chuser "account_locked=false" Harry

Password has already been used

What? You are trying to tell me your users can only remember one password? :-)

Yes, it happens all the time. And, yes, it is bad policy, but you don't want them to bother you all day long... ;-)

Try editing the two following files:

vi /etc/security/passwd
vi /etc/security/opasswd

Then, remove all the "flags" that may (or may not) appear in these files. For instance:

password = Z3Tyq2lEtnH.6
lastupdate = 1168421061
flags =	

If anything appears after flags = , just delete it.

Error message 3004-687

Harry tries to login on his account, and the AIX server returns the following message:

3004-687 User XYZ does not exist.

But... but... Poor Harry does have an account on this machine!

Try the following:

  1. Check that the / (disk root) filesystem is not full. If it is, free some space on it!
  2. Check the /etc/passwd file is correctly formatted, which means:
    1. No empty line.
    2. No incorrect entry in /etc/passwd.
    3. One correct entry for user "nobody".
  3. Check that the following rights are correct in /etc/security:
file       permissions
.ids       -rw-------
environ    -rw-r-----
limits     -rw-r-----
passwd     -rw-------
user       -rw-r-----

Finally, try the three following commands:

usrck -t ALL
pwdck -t ALL
grpck -t ALL

With a bit of luck, "Harry" should now be able to login to his account... :-)

See also