[sudo-users] sudo password issue with Winbind

Kanthasamy, Murugesan MKanthasamy at webmd.net
Mon Jul 6 14:36:18 EDT 2009

Hi, I read this issue sometime back, but forgot what the cause was.. 

I have Linux hosts authenticating AD. When a AD user does sudo and types
a incorrect password, sudo doesn't ask for password second time, instead
it tries the same password(presumably) another couple times and exits.

[user at hostname ~]$ sudo su -
Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts

System-auth Pam

auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_winbind.so cached_login use_first_pass
auth        required      pam_deny.so

account     required      pam_access.so
account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password    sufficient    pam_winbind.so cached_login use_authtok
password    required      pam_deny.so

session     optional      pam_mkhomedir.so skel=/etc/skel/
session     required      pam_limits.so
session     required      pam_unix.so


More information about the sudo-users mailing list