One user unable to sudo on specific EC2 instances (g4/g5.*). PAM account management error is thrown while trying to sudo

0

We have multiple EC2 machines in our account, all AL2. One user is unable to sudo on specific instance types (g4/g5), while others can. The user is a part of sudoers and other users able to sudo on the same instance types. This becomes weirder when this user is able to sudo on other instance types (c5, m5, etc.).

Error thrown is PAM account management error: Authentication service cannot retrieve authentication info ; TTY=pts/2 ; PWD=/home/<userid>; USER=root ; COMMAND=/usr/bin/su

The users on these servers are authenticated using sssd hitting the enterprise LDAP server, so they are not created locally.

We upgraded/downgraded the sudo version but it did not help. Any advise would be appreciated.

[root@ip-100-x-x-x log]# cat /etc/os-release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/"

asked a month ago51 views
1 Answer
0

Hello,

I understand that you are experiencing issue while performing sudo for specific user.

I would request you to check the sssd configuration and consider disabling implicit files domain for id_provider = files if not already done. Please modify the below parameter in the /etc/sssd/sssd.conf:

enable_files_domain=False

Once the above changes are done. Please restart sssd, make sure to clear the cache while performing the operation and verify sudo access.

However if you still experience issues after making the changes, you may consider checking the below commands/logs to troubleshoot further:

$ id username $ getent passwd username

logs: /var/log/messages /var/log/secure sssd logs

You may also consider enabling debug logs on the sssd to get more clues on the issue.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions