Core cannot escalate to root on openshift4.x "sudo: account validation failure, is your account locked?"

Solution Verified - Updated -

Issue

  • On OpenShift 4.x on nodes running RHCOS, we observed the following error message when attempting to ssh to the node and ascend to root:
core@worker-1 ~]$ sudo su -
sudo: account validation failure, is your account locked?
  • Unable to ascend to root on core nodes, cannot run tools like toolbox or sosreport

  • Node is otherwise healthy/in ready status

  • Looking at the service we observe the following messaging:

$ systemctl status user@1000.service
● user@1000.service - User Manager for UID 1000
   Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor preset: disabled)
   Active: inactive (dead)
user@.service --> PAM failed: authentication failure
user@1000.service failed to set up PAM session: Operation not permitted
user@1000.service failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted
user@1000.service: Failed with result 'protocol'.
  • Restarts do not mitigate the issue

Environment

  • Red Hat OpenShift Container Platform (RHOCP) 4.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content