Cant login using local password - no sudo 'sudo: PAM authentication error: error in service module'
Background:
My MBP is working on corporate network bound to active-directory, however I'm using a local account to use/access my mbp
Apparently Microsoft is disabling LDAP (unencrypted) and only accepting LDAPS on domain controllers in March. Our network engineers has been monitoring the DC logs for LDAP non encrypted traffic and appears that the few macs we on the network bound to AD are all talking unsigned.
I was asked to make the following changes to rectify the problem:
dsconfigad -packetencrypt ssl
dsconfigad -packetsign require
I rebooted and logged in iWatch so didn't notice the issues immediately, however the machine became sluggish, and was only after trying to roll back did I notice that I couldn't get elevated privileges anymore, i.e. sudo as its reporting 'sudo: PAM authentication error: error in service module'
Now Ive found that I also cant log in locally using my local password the only way I can access my computer is because my iWatch is paired and unlocks my account.
Second problem is I can no longer sudo as it again wont accept passwords giving me the following error 'sudo: PAM authentication error: error in service module'
Thirdly I can no longer open up user accounts from the system Preferences
sooooooo as I don't want to have to restore / re-install my computer from backups if I can help it I'm after some troubleshooting suggestions to allow me to rollback the changes.
I have limited access to console and log is filled with these:
Regards,
Stephen...
MacBook Pro 15”, macOS 10.15