When using Sudo with an Active Directory account the pam_tally file will register a failed logon attempt even if you use the correct password for the account and if you use a bad password it registers 2 failed attempts.
1) Failed sudo causes counter to be incremented by two
2) Successful sudo does not reset counter
3) Successful sudo increments counter by one
Place the pam_tally entries in system-auth at the top:
E.g.:
auth required pam_tally.so deny=3
auth required pam_env.so
#auth required pam_tally.so onerr=fail per_user deny=3
auth sufficient pam_vas3.so create_homedir get_nonvas_pass try_first_pass
auth requisite pam_vas3.so echo_return
auth sufficient pam_unix.so nullok try_first_pass use_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center