[sudo-users] sudo 1.9.6 error on HP-UX

Thu May 27 09:05:15 MDT 2021

Dear all,

I am trying to update sudo on HP-UX (11.31.2005), passwd/group managed by
Win 2012 AD via ldap. sudoers file is local.

Currently installed and working: ixSudo A.20.00-1.8.6p3.001

For update, I tried the following packages:

- sudo-1.9.7-ia64_64-11.31 (http://hpux.connect.org.uk/ with all the dependencies)

- sudo-1.9.7.ia64 (http://sudo.ws)

- sudo-ldap-1.9.7.ia64 (http://sudo.ws)

All show the same behaviour:

bash-4.4$ id
uid=10275(seckner) gid=5500(sysadmin) groups=5000(staff)

bash-4.4$ /usr/local/bin/sudo -i
Password:
Last successful login: Thu May 27 14:15:35 WETDST 2021
Last authentication failure: Fri May 21 12:34:17 WETDST 2021 10.100.206.10
# fte1cse01:/root>exit
logout root

bash-4.4$ /usr/local/bin/sudo -i
sudo: PAM account management error: No account present for user
sudo: a password is required

First time works, second time I get the error message.
sodoers file:
# fte1cse01:/root>cat /usr/local/etc/sudoers
%sysadmin ALL=(ALL) ALL

I switched on debug in sudo.conf, here's what I think are the relevant
lines (I can send the whole logfile if needed).
May 27 12:04:18 sudo[1185] -> ts_read @ ./timestamp.c:562
May 27 12:04:18 sudo[1185] read 56 byte record at 280 @ ts_read() ./timestamp.c:581
May 27 12:04:18 sudo[1185] <- ts_read @ ./timestamp.c:588 := 56
May 27 12:04:18 sudo[1185] -> sudo_gettime_mono_v1 @ ./gettime.c:125
May 27 12:04:18 sudo[1185] <- sudo_gettime_mono_v1 @ ./gettime.c:130 := 0
May 27 12:04:18 sudo[1185] <- timestamp_status @ ./timestamp.c:895 := 0
May 27 12:04:18 sudo[1185] <- check_user_interactive @ ./check.c:152 := 1
May 27 12:04:18 sudo[1185] -> sudo_auth_approval @ ./auth/sudo_auth.c:175
May 27 12:04:18 sudo[1185] -> sudo_pam_approval @ ./auth/pam.c:351
May 27 12:04:18 sudo[1185] -> log_warningx @ ./logging.c:607
May 27 12:04:18 sudo[1185] -> vlog_warning @ ./logging.c:509
May 27 12:04:18 sudo[1185] -> sudoers_setlocale @ ./locale.c:87
May 27 12:04:18 sudo[1185] sudoers_setlocale: setting locale to C (sudoers)
May 27 12:04:18 sudo[1185] <- sudoers_setlocale @ ./locale.c:128 := true
May 27 12:04:18 sudo[1185] -> sudoers_getlocale @ ./locale.c:53
May 27 12:04:18 sudo[1185] <- sudoers_getlocale @ ./locale.c:54 := 1
May 27 12:04:18 sudo[1185] PAM account management error: No account present for user
May 27 12:04:18 sudo[1185] -> sudo_gettime_real_v1 @ ./gettime.c:66
May 27 12:04:18 sudo[1185] <- sudo_gettime_real_v1 @ ./gettime.c:77 := 0
May 27 12:04:18 sudo[1185] -> sudoers_to_eventlog @ ./logging.c:656
May 27 12:04:18 sudo[1185] -> sudo_getgrgid @ ./pwutil.c:513
May 27 12:04:18 sudo[1185] -> rbfind @ ./redblack.c:282
May 27 12:04:18 sudo[1185] <- rbfind @ ./redblack.c:286 := 0x6000000000088e20
May 27 12:04:18 sudo[1185] sudo_getgrgid: gid 5500 [] -> group sysadmin [] (cache hit)
May 27 12:04:18 sudo[1185] <- sudo_getgrgid @ ./pwutil.c:567 := 0x6000000000092b18
May 27 12:04:18 sudo[1185] -> sudo_gr_delref @ ./pwutil.c:500
May 27 12:04:18 sudo[1185] -> sudo_gr_delref_item @ ./pwutil.c:489
May 27 12:04:18 sudo[1185] <- sudo_gr_delref_item @ ./pwutil.c:494
May 27 12:04:18 sudo[1185] <- sudo_gr_delref @ ./pwutil.c:502
May 27 12:04:18 sudo[1185] <- sudoers_to_eventlog @ ./logging.c:699
May 27 12:04:18 sudo[1185] -> eventlog_alert @ ./eventlog.c:1233
May 27 12:04:18 sudo[1185] -> do_syslog @ ./eventlog.c:958
May 27 12:04:18 sudo[1185] -> new_logline @ ./eventlog.c:92
May 27 12:04:18 sudo[1185] <- new_logline @ ./eventlog.c:257 := PAM account management error: No account present for user ; TTY=pts/1 ; PWD=/root ; USER=root ; COMMAND=/sbin/sh
May 27 12:04:18 sudo[1185] -> do_syslog_sudo @ ./eventlog.c:869

With this sudoers line I get the error message right away:
%sysadmin ALL=(ALL) NOPASSWORD: ALL

With this sudoers line I also get the error message right away:
seckner ALL=(ALL) ALL

Any help would be greatly appreciated.

Thanks and best regards,
Stephan