Getting "Not Authorized" when trying to send a UNIX command as root to macOS Sierra machine

I don’t mean to be obtuse here, but is it possible that you have not enabled the root user on machine #2?

Also, try the same command locally as root via terminal. Just to ensure that root can execute the command you desire, then you’ll know which side of the system is faulty. Just using the 50/50 split rule.

Thanks A Bomb,

This worked for us.

Same problem here, Open Directory ard_admin accounts stopped working (running Unix Commands) after the last security update on Sierra and High Sierra, but continue to work on El-Cap. Changing the ARD access account from an ard_admin member to the Local Admin solved the problem, but I hope this is something that Apple will address because it sort of kills the domain management model.

We started running into this too. You have to use a local admin account now to run Unix commands. We have a Standard account on our 1,000+ Macs but it doesn't work anymore on 10.12 & 10.13. I think this is because of the recent Security Update that addresses Meltdown and Spectre. I have no proof of this but the timing makes sense.

Like I wrote above, you have to use a local admin account now to run Unix commands. It's a pain to change the ARD connection account but doing it works.

Same problem here... Sierra machine rejects unix commands run as root from an ard_admin user with 'Not Authorized'...

I can still run unix commands authenticated as my ard_admin user specifying another admin user on the system, but with access restricted to their privileges. Maybe this was broken all along and apple just plugged a hole, but it puts a wrinkle in many management scripts I have written to execute via unix command.

This change breaks two important things:

1. Domain Managed Authentication

Now I have to have a specific account on each Mac for this.

2. Domain Managed Privileges

I can no longer apply privileges at the domain level... via ard_admin... etc. I now have to specify these privileges on each machine and give them to a local user account.

This should be no surprise I guess seeing as how Open Directory is hidden by default in High Sierra Server...

Oh, and you might want to compare the sudoers files for both machines?

And what machine are you using to administrate from with ARD?

Make sure root is enabled on the target system, if you need it.

IIRC, there was a security update recently that disabled root access for High Sierra systems, though I don't know if that change also ended up getting applied to earlier releases. With High Sierra at least, all systems saw root disabled as part of the remediation, irrespective of the original intended setting of root.

Try it from an ssh login and see if this is something with ARD or something more generic?

Also see if the following command works any better than the passwd command, as a potential alternative:

sudo dscl . -passwd /Users/admin newadminpassword

Or (guessing at what you might be working to resolve) if you have no other admin users available, there are sequences available to more directly reset a lost or forgotten or otherwise hosed admin password.

Consider having a second admin login available as a backdoor, rather than enabling and using root, too.