mir mal via FreeIPA-users wrote:
I'm still struggling to find a clue why it's happening, any help much appriciated.
This stands out:
Nov 30 10:15:46 csc-64 sshd[608090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.6 user=c111111 Nov 30 10:15:46 csc-64 sshd[608090]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.6 user=c111111 Nov 30 10:15:46 csc-64 sshd[608090]: pam_tally2(sshd:auth): user c111111 (1938600006) tally 52, deny 9
An auth failure immediately followed by an auth success.
But importantly you have pam_tally2 enabled so this failure is incremented and eventually the user is locked out for a time. So it is pam_tally2 that is locking you out.
How/why a failure/success happens like this I don't know.
rob