[sudo-users] sudo 1.8.7 on RHEL6: unable to establish credentials: User not known to the underlying authentication module

Michael Ströder michael at stroeder.com
Thu Jul 11 08:26:30 MDT 2013 

On Thu, 11 Jul 2013 14:15:09 +0000 JR Aquino <JR.Aquino at citrix.com> wrote
> Oops I misspoke, its sudoers      sss
> 
> http://linux.die.net/man/5/sssd-sudo

At this time the /etc/nsswitch.conf contains:

sudoers: ldap files

I want to keep it that way for now.
Switching to sssd-sudo is planned in future because it requires a major upgrade
to sssd 1.9.x.

Ciao, Michael.

> On Jul 11, 2013, at 7:08 AM, "Michael Ströder"
> <michael at stroeder.com<mailto:michael at stroeder.com>> wrote: 
>
> HI!
> 
> I'm trying to upgrade to self-compiled sudo 1.8.7 on RHEL5.6 x86_64 with LDAP
> as backend.
> We're also using sssd-ldap which correctly works.
> 
> Build of RPM package 1.8.7 was done on RHEL5 with this commands:
> 
> /configure
>  --prefix=/usr \
>  --with-ldap \
>  --with-pam \
>  --with-pam-login \
>  --with-editor=/bin/vi \
>  --with-env-editor \
>  --with-ignore-dot \
>  --with-tty-tickets \
>  --with-ldap \
>  --with-selinux \
>  --with-linux-audit \
>  --with-passprompt="[sudo] password for %p: "
> make && make package
> 
> The sudo-ldap configuration seems to be correct since everything works with
> version 1.7.2p1 shipped with RHEL5.
> 
> It also works with self-compiled 1.8.7 package as expected but there's a
> strange message output to console:
> 
> ------------------- snip -------------------
> [myusername at rhel5test ~]$ sudo -i
> [..]
> [sudo] password for myusername:
> sudo: unable to establish credentials: User not known to the underlying
> authentication module
> ------------------- snip -------------------
> 
> In /var/log/secure these message are written:
> 
> ------------------- snip -------------------
> Jul 11 15:54:06 rhel5test sudo: pam_unix(sudo-i:auth): authentication
> failure; logname=myusername uid=21400161 euid=0 tty=/dev/pts/1
> ruser=myusername rhost= user=myusername
> Jul 11 15:54:06 rhel5test sudo: pam_sss(sudo-i:auth): authentication success;
> logname=myusername uid=21400161 euid=0 tty=/dev/pts/1 ruser=myusername rhost=
> user=myusername
> Jul 11 15:54:06 rhel5test sudo: myusername : TTY=pts/1 ; PWD=/home/myusername
> ; USER=root ; COMMAND=/bin/bash
> Jul 11 15:54:06 rhel5test sudo: myusername : unable to establish credentials:
> User not known to the underlying authentication module ; TTY=pts/1 ;
> PWD=/home/myusername ; USER=root ; COMMAND=/bin/
> ------------------- snip -------------------
> 
> I tried to disable various unneeded session-related config lines in
> /etc/pam.d/* but still this message appears.
> BTW: Same symptoms after upgrading to sudo 1.8.7 on SLES11SP2 x86_64.
> 
> Any clue how to track this down?
> Maybe additional build options needed for 64 bit platform?
> 
> Many thanks in advance.
> 
> Ciao, Michael.

More information about the sudo-users mailing list