Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2370: "Account cannot be accessed at this time"

Authentication Service ,  

12 March,20 at 05:10 PM

Applies to: All versions of Centrify DirectControl.

SSH closes connection for just one user. All other users can SSH fine. 
adinfo shows that the agent is connected. 
adquery user -A [username] shows the user is zone enabled. 
dzinfo shows the user has the correct roles/rights.
emcappd07% ssh -K 
Account cannot be accessed at this time. 
Please contact your system administrator. 
Connection closed by
# dzinfo vnxt3180 
Zone Status: DirectAuthorize is enabled 
User: vnxt3180 
Forced into restricted environment: No 
Role Name Avail Restricted Env 
--------------- ----- -------------- 
runas_plmadm Yes None 
PAM Application Avail Source Roles 
--------------- ----- -------------------- 
(vnxt3180 can use any pam application) 
Privileged commands: 
Name Avail Command Source Roles 
--------------- ----- -------------------- -------------------- 
runas_plmadm Yes * runas_plmadm 
emcappd02# su vnxt3180 
emcappd02% exit 
emcappd02% emcappd02# su - vnxt3180 
Sun Microsystems Inc. SunOS 5.10 Generic January 2005 
Is there any reason for this?

The error message is generic and can mean many things. 
The best way to troubleshoot is to run Centrify debug or a SSH trace. 
In this example, the debug logs show that the user could not SSH because his AD account was not allowed to login to the workstation in question: 
Apr 5 15:42:30 emcappd02 adclient[11570]: [ID 702911 auth.debug] DEBUG <fd:25 PAMIsUserAllowedAccess> adclient.pam.util allowed workstations: 'Emcappd04,Emcappd07,us194dc00,usy90dc01,gbrv3dc01,jpd91dc00,cne33dc00,us194dc01,usy90dc02,gbd04dc02,jpdc91dc01,cne33dc01,ded89dc02,cng83dc00' host: 'EMCAPPD02' 
Apr 5 15:42:30 emcappd02 adclient[11570]: [ID 702911 auth.debug] DEBUG <fd:25 PAMIsUserAllowedAccess> base.osutil Module=Base : User 'vnxt3180' denied access to workstation. (reference ipcclient2.cpp:1564 rc: 0) 
Apr 5 15:42:30 emcappd02 adclient[11570]: [ID 702911 auth.debug] DEBUG <fd:20 sshd(14834)> Error message to user: 'Account cannot be accessed at this time. 
Once this user's access was enabled (as shown in the screenshot below) SSH worked fine.

logon on settings in properties of a AD user in Active directory users and computers

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.