Applies to:
All versions of Centrify DirectControl on AIX
Problem:
User accounts are not allowed to login through SSH even though the user is Zone-Enabled and has been assigned a Login Role.
/var/log/centrifydc.log contains:
Login restricted for Accountname: Remote logins are not allowed for this account.
> input_userauth_request: invalid user Accountname [preauth]
> Authentication failed for illegal user Accountname from XXXXX.XXXXX.COM
In addition, sshd log contains the following entry:
> debug3: AIX/loginrestrictions returned -1 msg 3004-306 Remote logins are not allowed for this account
Cause:
rlogin was set to false globally (or for group) in /etc/security/user:
default:
rlogin = false
Resolution:
Verify that the following setting is set to true for default or group in /etc/security/user:
default:
rlogin = true
Note: This is not a Centrify setting and so the issue is not actually Centrify-related.