[sudo-users] account validation failure, is your account locked?
Thomas
74cmonty at gmail.com
Sat Mar 16 15:39:02 MDT 2019
Hi,
I have created local user account locadmin and added this user to group
wheel:
useradd -m -G wheel -s /bin/bash locadmin
The intention is to deactivate root and use this account for local
system administration.
In sudoers file the configuration is modified accordingly:
[root at pc7-cubi3 ~]# more /etc/sudoers | grep wheel
## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
# %wheel ALL=(ALL) NOPASSWD: ALL
However I cannot execute any sudo command; the error reported is:
[locadmin at pc7-cubi3 ~]$ sudo fdisk -l
[sudo] Passwort für locadmin:
[sudo] Passwort für locadmin:
sudo: account validation failure, is your account locked?
I wonder why I have to enter the password twice; maybe this is related
to activated ldap/kerberos authentication for other user accounts.
Everything was working until I started package upgrade today.
I didn't change any config that was working before system update.
This includes /etc/pam.d/sudo:
[locadmin at pc7-cubi3 ~]$ more /etc/pam.d/sudo
#%PAM-1.0
auth sufficient pam_sss.so
auth required pam_unix.so try_first_pass
auth required pam_nologin.so
This is the sudo debug log:
[root at pc7-cubi3 ~]# cat /var/log/sudo_debug.log
Mar 16 22:23:40 sudo[17832] <- getln @ ./tgetpass.c:422 := *****
Mar 16 22:23:40 sudo[17832] -> tgetpass_display_error @ ./tgetpass.c:95
Mar 16 22:23:40 sudo[17832] <- tgetpass_display_error @ ./tgetpass.c:110
Mar 16 22:23:40 sudo[17832] -> sudo_term_restore_v1 @ ./term.c:156
Mar 16 22:23:40 sudo[17832] <- sudo_term_restore_v1 @ ./term.c:164 := true
Mar 16 22:23:40 sudo[17832] <- tgetpass @ ./tgetpass.c:268 := *****
Mar 16 22:23:40 sudo[17832] <- auth_getpass @ ./auth/sudo_auth.c:468 :=
*****
Mar 16 22:23:40 sudo[17832] <- converse @ ./auth/pam.c:613 := 0
Mar 16 22:23:40 sudo[17832] <- sudo_pam_verify @ ./auth/pam.c:194 := 0
Mar 16 22:23:40 sudo[17832] <- verify_user @ ./auth/sudo_auth.c:364 := 1
Mar 16 22:23:40 sudo[17832] -> timestamp_update @ ./timestamp.c:885
Mar 16 22:23:40 sudo[17832] -> sudo_gettime_mono_v1 @ ./gettime.c:105
Mar 16 22:23:40 sudo[17832] <- sudo_gettime_mono_v1 @ ./gettime.c:121 := 0
Mar 16 22:23:40 sudo[17832] writing 56 byte record at 168 @
timestamp_update() ./timestamp.c:926
Mar 16 22:23:40 sudo[17832] -> ts_write @ ./timestamp.c:308
Mar 16 22:23:40 sudo[17832] <- ts_write @ ./timestamp.c:347 := 56
Mar 16 22:23:40 sudo[17832] <- timestamp_update @ ./timestamp.c:931 := 1
Mar 16 22:23:40 sudo[17832] -> timestamp_close @ ./timestamp.c:733
Mar 16 22:23:40 sudo[17832] <- timestamp_close @ ./timestamp.c:741
Mar 16 22:23:40 sudo[17832] -> sudo_pw_delref @ ./pwutil.c:179
Mar 16 22:23:40 sudo[17832] -> sudo_pw_delref_item @ ./pwutil.c:168
Mar 16 22:23:40 sudo[17832] <- sudo_pw_delref_item @ ./pwutil.c:173
Mar 16 22:23:40 sudo[17832] <- sudo_pw_delref @ ./pwutil.c:181
Mar 16 22:23:40 sudo[17832] <- check_user_interactive @ ./check.c:171 := 1
Mar 16 22:23:40 sudo[17832] -> sudo_auth_approval @ ./auth/sudo_auth.c:179
Mar 16 22:23:40 sudo[17832] -> sudo_pam_approval @ ./auth/pam.c:215
Mar 16 22:23:40 sudo[17832] -> log_warningx @ ./logging.c:628
Mar 16 22:23:40 sudo[17832] -> vlog_warning @ ./logging.c:502
Mar 16 22:23:40 sudo[17832] -> sudoers_setlocale @ ./locale.c:89
Mar 16 22:23:40 sudo[17832] sudoers_setlocale: setting locale to C (sudoers)
Mar 16 22:23:40 sudo[17832] <- sudoers_setlocale @ ./locale.c:130 := true
Mar 16 22:23:40 sudo[17832] account validation failure, is your account
locked?
Mar 16 22:23:40 sudo[17832] -> new_logline @ ./logging.c:908
Mar 16 22:23:40 sudo[17832] <- new_logline @ ./logging.c:1034 := account
validation failure, is your account locked? ; TTY=pts/0 ;
PWD=/home/locadmin ; USER=root ; COMMAND=list
Mar 16 22:23:40 sudo[17832] -> set_perms @ ./set_perms.c:115
Mar 16 22:23:40 sudo[17832] set_perms: PERM_ROOT: uid: [1000, 0, 0] ->
[0, 0, 0]
Mar 16 22:23:40 sudo[17832] set_perms: PERM_ROOT: gid: [1000, 1000,
1000] -> [1000, 0, 1000]
Mar 16 22:23:40 sudo[17832] -> sudo_gidlist_addref @ ./pwutil.c:723
Mar 16 22:23:40 sudo[17832] <- sudo_gidlist_addref @ ./pwutil.c:725
Mar 16 22:23:40 sudo[17832] <- set_perms @ ./set_perms.c:389 := true
Mar 16 22:23:40 sudo[17832] -> do_syslog @ ./logging.c:107
Mar 16 22:23:40 sudo[17832] -> sudoers_setlocale @ ./locale.c:89
Mar 16 22:23:40 sudo[17832] <- sudoers_setlocale @ ./locale.c:130 := false
Mar 16 22:23:40 sudo[17832] -> mysyslog @ ./logging.c:86
Mar 16 22:23:40 sudo[17832] <- mysyslog @ ./logging.c:93
Mar 16 22:23:40 sudo[17832] -> sudoers_setlocale @ ./locale.c:89
Mar 16 22:23:40 sudo[17832] <- sudoers_setlocale @ ./locale.c:130 := false
Mar 16 22:23:40 sudo[17832] <- do_syslog @ ./logging.c:152
Mar 16 22:23:40 sudo[17832] -> restore_perms @ ./set_perms.c:402
Mar 16 22:23:40 sudo[17832] restore_perms: uid: [0, 0, 0] -> [1000, 0, 0]
Mar 16 22:23:40 sudo[17832] restore_perms: gid: [1000, 0, 1000] ->
[1000, 1000, 1000]
Mar 16 22:23:40 sudo[17832] -> sudo_gidlist_delref @ ./pwutil.c:743
Mar 16 22:23:40 sudo[17832] -> sudo_gidlist_delref_item @ ./pwutil.c:732
Mar 16 22:23:40 sudo[17832] <- sudo_gidlist_delref_item @ ./pwutil.c:737
Mar 16 22:23:40 sudo[17832] <- sudo_gidlist_delref @ ./pwutil.c:745
Mar 16 22:23:40 sudo[17832] <- restore_perms @ ./set_perms.c:448 := true
Mar 16 22:23:40 sudo[17832] -> sudoers_setlocale @ ./locale.c:89
Mar 16 22:23:40 sudo[17832] sudoers_setlocale: setting locale to
LC_CTYPE=de_DE.UTF-8;LC_NUMERIC=de_DE.UTF-8;LC_TIME=de_DE.UTF-8;LC_COLLATE=C;LC_MONETARY=de_DE.UTF-8;LC_MESSAGES=de_DE.UTF-8;LC_PAPER=de_DE.UTF-8;LC_NAME=de_DE.UTF-8;LC_ADDRESS=de_DE.UTF-8;LC_TELEPHONE=de_DE.UTF-8;LC_MEASUREMENT=de_DE.UTF-8;LC_IDENTIFICATION=de_DE.UTF-8
(user)
Mar 16 22:23:40 sudo[17832] <- sudoers_setlocale @ ./locale.c:130 := true
Mar 16 22:23:40 sudo[17832] -> sudoers_warn_setlocale @ ./locale.c:136
Mar 16 22:23:40 sudo[17832] -> sudoers_setlocale @ ./locale.c:89
Mar 16 22:23:40 sudo[17832] <- sudoers_setlocale @ ./locale.c:130 := false
Mar 16 22:23:40 sudo[17832] <- sudoers_warn_setlocale @ ./locale.c:140
:= false
Mar 16 22:23:40 sudo[17832] -> sudoers_warn_setlocale @ ./locale.c:136
Mar 16 22:23:40 sudo[17832] -> sudoers_setlocale @ ./locale.c:89
Mar 16 22:23:40 sudo[17832] <- sudoers_setlocale @ ./locale.c:130 := false
Mar 16 22:23:40 sudo[17832] <- sudoers_warn_setlocale @ ./locale.c:139
:= false
Mar 16 22:23:40 sudo[17832] -> sudoers_setlocale @ ./locale.c:89
Mar 16 22:23:40 sudo[17832] <- sudoers_setlocale @ ./locale.c:130 := false
Mar 16 22:23:40 sudo[17832] <- vlog_warning @ ./logging.c:605 := true
Mar 16 22:23:40 sudo[17832] <- log_warningx @ ./logging.c:635 := true
Mar 16 22:23:40 sudo[17832] <- sudo_pam_approval @ ./auth/pam.c:277 := 3
Mar 16 22:23:40 sudo[17832] -> log_auth_failure @ ./logging.c:356
Mar 16 22:23:40 sudo[17832] -> audit_failure @ ./audit.c:68
Mar 16 22:23:40 sudo[17832] <- audit_failure @ ./audit.c:101 := 0
Mar 16 22:23:40 sudo[17832] <- log_auth_failure @ ./logging.c:387 := true
Mar 16 22:23:40 sudo[17832] <- sudo_auth_approval @
./auth/sudo_auth.c:188 := -1
Mar 16 22:23:40 sudo[17832] -> sudo_auth_cleanup @ ./auth/sudo_auth.c:203
Mar 16 22:23:40 sudo[17832] -> sudo_pam_cleanup @ ./auth/pam.c:284
Mar 16 22:23:40 sudo[17832] <- sudo_pam_cleanup @ ./auth/pam.c:291 := 0
Mar 16 22:23:40 sudo[17832] <- sudo_auth_cleanup @
./auth/sudo_auth.c:215 := 0
Mar 16 22:23:40 sudo[17832] -> sudo_pw_delref @ ./pwutil.c:179
Mar 16 22:23:40 sudo[17832] -> sudo_pw_delref_item @ ./pwutil.c:168
Mar 16 22:23:40 sudo[17832] <- sudo_pw_delref_item @ ./pwutil.c:173
Mar 16 22:23:40 sudo[17832] <- sudo_pw_delref @ ./pwutil.c:181
Mar 16 22:23:40 sudo[17832] <- check_user @ ./check.c:233 := -1
Mar 16 22:23:40 sudo[17832] -> rewind_perms @ ./set_perms.c:85
Mar 16 22:23:40 sudo[17832] -> restore_perms @ ./set_perms.c:402
Mar 16 22:23:40 sudo[17832] restore_perms: uid: [1000, 0, 0] -> [1000, 0, 0]
Mar 16 22:23:40 sudo[17832] restore_perms: gid: [1000, 1000, 1000] ->
[1000, 1000, 1000]
Mar 16 22:23:40 sudo[17832] -> sudo_gidlist_delref @ ./pwutil.c:743
Mar 16 22:23:40 sudo[17832] -> sudo_gidlist_delref_item @ ./pwutil.c:732
Mar 16 22:23:40 sudo[17832] <- sudo_gidlist_delref_item @ ./pwutil.c:737
Mar 16 22:23:40 sudo[17832] <- sudo_gidlist_delref @ ./pwutil.c:745
Mar 16 22:23:40 sudo[17832] <- restore_perms @ ./set_perms.c:448 := true
Mar 16 22:23:40 sudo[17832] -> sudo_gidlist_delref @ ./pwutil.c:743
Mar 16 22:23:40 sudo[17832] -> sudo_gidlist_delref_item @ ./pwutil.c:732
Mar 16 22:23:40 sudo[17832] <- sudo_gidlist_delref_item @ ./pwutil.c:737
Mar 16 22:23:40 sudo[17832] <- sudo_gidlist_delref @ ./pwutil.c:745
Mar 16 22:23:40 sudo[17832] <- rewind_perms @ ./set_perms.c:95 := true
Mar 16 22:23:40 sudo[17832] -> restore_nproc @ ./sudoers.c:144
Mar 16 22:23:40 sudo[17832] <- restore_nproc @ ./sudoers.c:149
Mar 16 22:23:40 sudo[17832] -> sudo_freepwcache @ ./pwutil.c:449
Mar 16 22:23:40 sudo[17832] -> rbdestroy @ ./redblack.c:368
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] -> sudo_pw_delref_item @ ./pwutil.c:168
Mar 16 22:23:40 sudo[17832] <- sudo_pw_delref_item @ ./pwutil.c:173
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] -> sudo_pw_delref_item @ ./pwutil.c:168
Mar 16 22:23:40 sudo[17832] <- sudo_pw_delref_item @ ./pwutil.c:173
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] <- rbdestroy @ ./redblack.c:371
Mar 16 22:23:40 sudo[17832] <- sudo_freepwcache @ ./pwutil.c:460
Mar 16 22:23:40 sudo[17832] -> sudo_freegrcache @ ./pwutil.c:779
Mar 16 22:23:40 sudo[17832] -> rbdestroy @ ./redblack.c:368
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] -> sudo_gr_delref_item @ ./pwutil.c:491
Mar 16 22:23:40 sudo[17832] <- sudo_gr_delref_item @ ./pwutil.c:496
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] -> sudo_gr_delref_item @ ./pwutil.c:491
Mar 16 22:23:40 sudo[17832] <- sudo_gr_delref_item @ ./pwutil.c:496
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] <- rbdestroy @ ./redblack.c:371
Mar 16 22:23:40 sudo[17832] -> rbdestroy @ ./redblack.c:368
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] -> sudo_grlist_delref_item @ ./pwutil.c:760
Mar 16 22:23:40 sudo[17832] <- sudo_grlist_delref_item @ ./pwutil.c:765
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] <- rbdestroy @ ./redblack.c:371
Mar 16 22:23:40 sudo[17832] -> rbdestroy @ ./redblack.c:368
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] -> rbdestroy_int @ ./redblack.c:350
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] -> sudo_gidlist_delref_item @ ./pwutil.c:732
Mar 16 22:23:40 sudo[17832] <- sudo_gidlist_delref_item @ ./pwutil.c:737
Mar 16 22:23:40 sudo[17832] <- rbdestroy_int @ ./redblack.c:358
Mar 16 22:23:40 sudo[17832] <- rbdestroy @ ./redblack.c:371
Mar 16 22:23:40 sudo[17832] <- sudo_freegrcache @ ./pwutil.c:798
Mar 16 22:23:40 sudo[17832] <- sudoers_policy_main @ ./sudoers.c:639 := -1
Mar 16 22:23:40 sudo[17832] <- sudoers_policy_list @ ./policy.c:925 := -1
Mar 16 22:23:40 sudo[17832] <- policy_list @ ./sudo.c:1183 := -1
Any advice to fix this issue is appreciated.
THX
More information about the sudo-users
mailing list