pam.account.conflict.name.mesg
This configuration parameter specifies the message displayed if a user name conflict is detected during login; that is, if there is a local user with the same name but a different UID than the Active Directory user logging on; for example,
user1 10001 #local user user1 10002 #AD user
When the message is displayed, the %s token in the message string is replaced with the name of the conflicting local account. The message string you define must contain exactly one %s token, and no other string replacement (%) characters.
For example:
pam.account.conflict.name.mesg: \ Accounts with conflicting name (%s) exist locally
For more information about displaying a warning when local conflicts are detected, see pam.uid.conflict.