[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sudo-users
Subject:    Re: [sudo-users] account validation failure, is your account locked?
From:       "Todd C. Miller" <Todd.Miller () sudo ! ws>
Date:       2019-03-16 22:32:59
Message-ID: 72aa2297e426ed2d () sudo ! ws
[Download RAW message or body]

On Sat, 16 Mar 2019 22:39:02 +0100, Thomas wrote:

> [locadmin@pc7-cubi3 ~]$ sudo fdisk -l
> [sudo] Passwort für locadmin:
> [sudo] Passwort für locadmin:
> sudo: account validation failure, is your account locked?

That usually indicates a problem with an PAM account module.
It happens when pam_acct_mgmt(3) returns PAM_AUTH_ERR.  You may
have some relevant PAM errors in your auth log.

> I wonder why I have to enter the password twice; maybe this is related
> to activated ldap/kerberos authentication for other user accounts.
>
> Everything was working until I started package upgrade today.
>
> I didn't change any config that was working before system update.
> This includes /etc/pam.d/sudo:
>
> [locadmin@pc7-cubi3 ~]$ more /etc/pam.d/sudo
> #%PAM-1.0
> auth sufficient pam_sss.so
> auth required pam_unix.so try_first_pass
> auth required pam_nologin.so

From the debug log, I can see the you successfully authenticated
but for some reason PAM account management failed.  I'm not sure
why that would be since you don't appear to have any account lines
in /etc/pam.d/sudo.

You didn't say what version of sudo you are running.  I can tell
from the debug log that it is at least 1.8.23.

 - todd
____________________________________________________________
sudo-users mailing list <sudo-users@sudo.ws>
For list information, options, or to unsubscribe, visit:
https://www.sudo.ws/mailman/listinfo/sudo-users

[prev in list] [next in list] [prev in thread] [next in thread]