Sudo asks for password twice with LDAP authentication

ubuntu active-directory ldap sudo
7,821

Solution 1

in PAM there is an option called "use_first_pass" : 

auth        sufficient    pam_ldap.so use_first_pass

try enabling it for ldap, should fix your issue

Solution 2

Try to change this line:

auth    sufficient      pam_winbind.so

to

auth    sufficient      pam_winbind.so try_first_pass

Solution 3

I have the same problem and removing:

auth sufficient pam_unix.so nullok

from /etc/pam.d/common-auth and adding:

auth sufficient pam_ldap.so use_first_pass

solved the problem :-).

Share:
7,821

Related videos on Youtube

Gnudiff
Author by

Gnudiff

Have seen IT from majority of sides for the past 20+ years: sysadmin, IT project manager, programmer, Head of IT.

Updated on September 17, 2022

Comments

  • Gnudiff
    Gnudiff over 1 year

    I have Ubuntu 8.04 LTS machine and Windows 2003 AD domain.

    I have succesfully set up that I can log in with domain username and password, using domain prefix, like "domain+username".

    Upon login to machine it all works first try, however, for some reason when I try to sudo my logged in user, it asks for the password twice every time when I try sudo. It accepts the password after 2nd time, but not the first time.

    Once or twice I might think I just keep entering wrong pass the first time, but this is what happens always, any ideas of what's wrong?

    pam.conf is empty pam.d/sudo only includes common-auth & common-account, and

    common-auth is:

    auth    sufficient      pam_unix.so nullok_secure
auth    sufficient      pam_winbind.so
auth    requisite       pam_deny.so
auth    required        pam_permit.so
    • Admin
      Admin over 13 years
      note, that according to Samba documentation there are two similar options, which appear to do DIFFERENT things: use_first_pass Do not prompt the user for passwords; take them from PAM_ items instead. try_first_pass Try to get the password from a previous PAM module; fall back to prompting the user.
  • Gnudiff
    Gnudiff over 13 years
    it appears that use_first_pass does something different? should it be try_first_pass?
  • hellomynameisjoel
    hellomynameisjoel over 13 years
    try_first_pass means try the password, and prompt if it fails. use_first_pass is more appropriate here. bugs.debian.org/cgi-bin/bugreport.cgi?bug=490210

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to determine the values for an LDAP bind to a Windows Server 2012 DC? [Gitlab Omnibus 7.0.0; ldap_bind: Invalid Credentials (49)]
Disable LDAP authentication on Ubuntu
GitLab Active Directory authentication: no results and no authentication
Use AD Groups Instead of Linux Groups
Sudo permissions by ldap groups via nslcd
Capturing LDAPS traffic with tcpdump
What are the other alternative to test a LDAP connection on linux machine
How to retrieve DirectoryEntry from a DirectoryEntry and a DN
LDAP Error "User Name Not Found"
LDAP: How to add a new user to a group inside an OU