AD Admin can sudo from terminal, but can't sudo from Interactive Desktop


I want to allow the AD Admin to have passwordless sudo access in an interactive desktop session. I added one of the AD Admin’s groups to have passwordless sudo via an /etc/sudoers.d/ file:

# cat /etc/sudoers.d/99-admin-ad-users

As you’d expect, I can get passwordless sudo access when SSH’d into the console of a node. However, when I try via the terminal inside an Interactive Desktop on the same node, I get this error:

sudo: PAM account management error: Authentication service cannot retrieve authentication info

I’m not sure what’s going wrong here in the VNC server terminals.

Not really sure what could be the issue. I’d maybe use strace to see where it’s failing?

My guess is there’s something with systemd that’s irregular in the job’s environment. That said - it works for me, so it should work.