I'm trying to set up LDAP based sudoers via AD and have had some success doing so, but run into a problem with passwords. I have successfully extended the Active Directory schema and put in some testing sudoRole entries. Which work fine. However, when I come to run any command e.g. sudo -l will prompt for my password 3 times and not accept the password. SSH uses AD for auth and this works ok. If I add the sudo option to say bypass authentication into AD the sudo itself works fine.
getent groups/passwd return the expected output, although the password for linux enabled users is the default ABCD!efgh12345$67890 which is weird.
Can anyone suggest any pointers at where to look? SSH auth is handled by LDAP to AD over TLS. Happy to provide examples of my ldap.conf and PAM files if necessary