On AIX, when using STD_AUTH, ftp users are being denied access despite syslog showing QAS successfully authenticated the user.
There could be a login restrictions set to 5 in the default section of the /etc/security/user file.
The setting looks like this:
loginretries = 5
Any unix enabled AD user whose unsuccessful login count was greater than 5 would be denied.
1) Un-set loginretries in the default section, and set it explicitly for each individual user.
2) create a cron job to clean up the count in /etc/security/lastlog
3) set auth_type to PAM_AUTH. ( PAM seems to side-step this issue ).