[sudo-users] sudo 1.8.7 on RHEL6: unable to establish credentials: User not known to the underlying authentication module
Michael Ströder
michael at stroeder.com
Thu Jul 11 08:26:30 MDT 2013
On Thu, 11 Jul 2013 14:15:09 +0000 JR Aquino <JR.Aquino at citrix.com> wrote
> Oops I misspoke, its sudoers sss
>
> http://linux.die.net/man/5/sssd-sudo
At this time the /etc/nsswitch.conf contains:
sudoers: ldap files
I want to keep it that way for now.
Switching to sssd-sudo is planned in future because it requires a major upgrade
to sssd 1.9.x.
Ciao, Michael.
> On Jul 11, 2013, at 7:08 AM, "Michael Ströder"
> <michael at stroeder.com<mailto:michael at stroeder.com>> wrote:
>
> HI!
>
> I'm trying to upgrade to self-compiled sudo 1.8.7 on RHEL5.6 x86_64 with LDAP
> as backend.
> We're also using sssd-ldap which correctly works.
>
> Build of RPM package 1.8.7 was done on RHEL5 with this commands:
>
> /configure
> --prefix=/usr \
> --with-ldap \
> --with-pam \
> --with-pam-login \
> --with-editor=/bin/vi \
> --with-env-editor \
> --with-ignore-dot \
> --with-tty-tickets \
> --with-ldap \
> --with-selinux \
> --with-linux-audit \
> --with-passprompt="[sudo] password for %p: "
> make && make package
>
> The sudo-ldap configuration seems to be correct since everything works with
> version 1.7.2p1 shipped with RHEL5.
>
> It also works with self-compiled 1.8.7 package as expected but there's a
> strange message output to console:
>
> ------------------- snip -------------------
> [myusername at rhel5test ~]$ sudo -i
> [..]
> [sudo] password for myusername:
> sudo: unable to establish credentials: User not known to the underlying
> authentication module
> ------------------- snip -------------------
>
> In /var/log/secure these message are written:
>
> ------------------- snip -------------------
> Jul 11 15:54:06 rhel5test sudo: pam_unix(sudo-i:auth): authentication
> failure; logname=myusername uid=21400161 euid=0 tty=/dev/pts/1
> ruser=myusername rhost= user=myusername
> Jul 11 15:54:06 rhel5test sudo: pam_sss(sudo-i:auth): authentication success;
> logname=myusername uid=21400161 euid=0 tty=/dev/pts/1 ruser=myusername rhost=
> user=myusername
> Jul 11 15:54:06 rhel5test sudo: myusername : TTY=pts/1 ; PWD=/home/myusername
> ; USER=root ; COMMAND=/bin/bash
> Jul 11 15:54:06 rhel5test sudo: myusername : unable to establish credentials:
> User not known to the underlying authentication module ; TTY=pts/1 ;
> PWD=/home/myusername ; USER=root ; COMMAND=/bin/
> ------------------- snip -------------------
>
> I tried to disable various unneeded session-related config lines in
> /etc/pam.d/* but still this message appears.
> BTW: Same symptoms after upgrading to sudo 1.8.7 on SLES11SP2 x86_64.
>
> Any clue how to track this down?
> Maybe additional build options needed for 64 bit platform?
>
> Many thanks in advance.
>
> Ciao, Michael.
More information about the sudo-users
mailing list