This configuration parameter specifies the message displayed if both user name and user ID conflicts are detected during login; that is, there are two local account conflicts. For example, a local user (user2) and the Active Directory user (user1) have the same UID (10001) but different user names, and another local account has the same user name (user1) as the Active Directory user but has a different UID value (10002):

user1  10001  #AD User
user1  10002  #local user
user2  10001  #local user

When the message is displayed, the %s token in the message string is replaced with the name of the first conflicting local account, and the %d token is replaced with the UID of the second conflicting local account. The message string you define must contain exactly one %s token and exactly one %d token, in that order, and no other string replacement (%) characters.

For example:

pam.account.conflict.both.mesg: \
Accounts with conflicting name (%s) and UID (%d) exist locally

For more information about displaying a warning when local conflicts are detected, see pam.uid.conflict.