Attempting to issue the command sudo su - as an AD user fails with the error " ERROR: sudo pam_acct_mgmt: 7"
Problem: Unable to issue the command "sudo su -" as AD user After entering password at the " Enter LDAP Password" Prompt the following error is received: ERROR: sudo pam_acct_mgmt: 7
Background:
The sudoers file has been modified to allow the AD user or the Group the AD user belongs to access to the sudo command.
adquery group shows the group providing access is provisioned for the zone adquery user ADUSER -A shows the AD user is part of the Group that it providing access
Resolution:
In the Direct Manage Access Manager check the role assignment for the user or the group. Verify the user or the group has the login-all right assigned to allow all PAM access. If only the ssh and sshd PAM rights have been allowed you will get this error.