Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3090: AIX login fails. Remote logins are not allowed for this account: "invalid user"

Centrify DirectControl ,  

27 July,16 at 06:22 PM

Applies to:

All versions of Centrify DirectControl on AIX
 
Problem: 
 
User accounts are not allowed to login through SSH even though the user is Zone-Enabled and has been assigned a Login Role.
 
/var/log/centrifydc.log contains:
 
Login restricted for Accountname: Remote logins are not allowed for this account. 
 
> input_userauth_request: invalid user Accountname [preauth] 
> Authentication failed for illegal user Accountname from XXXXX.XXXXX.COM

In addition, sshd log contains the following entry: 

> debug3: AIX/loginrestrictions returned -1 msg 3004-306 Remote logins are not allowed for this account

 
Cause:
 
rlogin was set to false globally (or for group) in /etc/security/user:
 
default: 
rlogin = false
 
Resolution:
 
Verify that the following setting is set to true for default or group in /etc/security/user:
 
default: 
rlogin = true
 
Note: This is not a Centrify setting and so the issue is not actually Centrify-related.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-3925: How to add Centrify parameter to a group policy articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-6041: How to show current license type in use by adclient? articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-6882: User Fails su to an Active Directory Account on AIX. Error Appears: "There have been too many unsuccessful login attempts" articleKB-6349: Some Versions of AIX 7.1 (TL0-SP0) SSHD Willl Not Allow Login When Direct Audit Is Enabled