Return
-
Title
Mapped user can't log in -
Description
Despite the mapped user existing both in AD and locally, and the password being set and verified correct in AD, a mapped user can not log into the Unix host. -
Cause
The user is locked out locally. An entry like one of the following can be seen in /etc/shadow or /etc/passwd, depending on the O/S
someusername:*LK*::::
someusername:*:::::::
someusername:!!:::::::Since files are checked before QAS, if the user exists locally and is locked out, AD is never checked for a password.
-
Resolution
Enable the user locally. If the user should not have access to the local account, say for security or auditing reasons, set the local user's password to some long random string that the user does not know.