[sudo-users] account validation failure, is your account locked?

Todd C. Miller Todd.Miller at sudo.ws
Sat Mar 16 16:32:59 MDT 2019

On Sat, 16 Mar 2019 22:39:02 +0100, Thomas wrote:

> [locadmin at pc7-cubi3 ~]$ sudo fdisk -l
> [sudo] Passwort für locadmin:
> [sudo] Passwort für locadmin:
> sudo: account validation failure, is your account locked?

That usually indicates a problem with an PAM account module.
It happens when pam_acct_mgmt(3) returns PAM_AUTH_ERR.  You may
have some relevant PAM errors in your auth log.

> I wonder why I have to enter the password twice; maybe this is related
> to activated ldap/kerberos authentication for other user accounts.
> Everything was working until I started package upgrade today.
> I didn't change any config that was working before system update.
> This includes /etc/pam.d/sudo:
> [locadmin at pc7-cubi3 ~]$ more /etc/pam.d/sudo
> #%PAM-1.0
> auth sufficient pam_sss.so
> auth required pam_unix.so try_first_pass
> auth required pam_nologin.so

>From the debug log, I can see the you successfully authenticated
but for some reason PAM account management failed.  I'm not sure
why that would be since you don't appear to have any account lines
in /etc/pam.d/sudo.

You didn't say what version of sudo you are running.  I can tell
from the debug log that it is at least 1.8.23.

 - todd

More information about the sudo-users mailing list