Hi Team,
i have two forests both working fine in terms of authentication.
I added a user to sudoers from one of the domains and he is getting access denied.
the user is able to login with no problem, sudo is not working.
in the secure log it shows "account is expired"
in the SSSD logs it shows error
"attempting to kinit for realm xxxxxx" then
"clients credentials has been revoked"
i checked the account and it is not expired nor locked.
additionally: I have another account on the same forest which i used to join to the domain and it is working fine on both authentication and sudoers.
I also tried ldap_user_principal = no suchattribute and krb5_use_enterprise_principal = false
but the problem remains.
what could be the reason behind being able to access and later getting clients credential revoked for sudoes?