OpenFortGui can start vpn with sudo

[meveno]

OpenFortiGui can't start VPN

It seems to be a sudo configuration problem ...

Error message in the log :
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper

Error in journalctl :

mars 04 09:40:27 meveno-laptop sudo[12839]: pam_unix(sudo:auth): conversation failed
mars 04 09:40:27 meveno-laptop audit[1350]: AVC apparmor="ALLOWED" operation="open" profile="/usr/sbin/sssd" name="/proc/12839/cmdline" pid=1350 comm="sssd_pam" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
mars 04 09:40:27 meveno-laptop sudo[12839]: pam_unix(sudo:auth): auth could not identify password for [m.eveno]

Can't you help me ?

Here is my context on my laptop.

$ id

uid=381848367(m.eveno) gid=381848367(m.eveno) groupes=381848367(m.eveno),27(sudo),998(docker),381800513(domain users),381807853(sophosuser),381811102($duplicate-2b5e),381813118(ggs_radius),381817526(ggs_otp),381821147(ggs_gop_facebook),381828400(ggs_homeboarding),381829849(ggs_fw_vpn_nomade),381832166(ggs_gop_antispam),381845273(ggs_onepoint)
m

$ openfortigui --version

openfortiGUI 0.9.5

$ sudo --version

Sudo version 1.8.31
Sudoers policy plugin version 1.8.31
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.31

$ cat /etc/lsb-release

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.4 LTS"

$ cat .openfortigui/main.conf

[checks]
sudopresenv=true
sudopresenv_lastos=focal

[gui]
connect_on_dblclick=false
disable_notifications=false
main_toolbar_location=4

[main]
aesiv=<secret>
aeskey=<secret>
changelogrev_read=17
debug=true
setupwizard=true
show_search=false
start_minimized=false
sudo_preserve_env=true
use_system_password_store=false

[paths]
globalvpnprofiles=/etc/openfortigui/vpnprofiles
initd=/etc/init.d/openfortigui
localvpngroups=~/.openfortigui/vpngroups
localvpnprofiles=~/.openfortigui/vpnprofiles
logs=~/.openfortigui/logs

$ sudo cat /etc/sudoers

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults	env_reset
Defaults	mail_badpass
Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root	ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo	ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

ugop	ALL=(ALL) ALL,!/bin/su,!/usr/bin/passwd
m.eveno ALL=(ALL:ALL) ALL

$ sudo cat /etc/sudoers.d/openfortigui

%sudo  ALL=NOPASSWD:SETENV: /usr/bin/openfortigui --start-vpn *

[theinvisible]

Hi,

is your user member of "sudo" group? If not add it and try again.

[meveno]

Yes, has shown in the result of the 'id' command
$ id
uid=381848367(m.eveno) gid=381848367(m.eveno) groupes=381848367(m.eveno),27(sudo),998(docker),381800513(domain users),381807853(sophosuser),381811102($duplicate-2b5e),381813118(ggs_radius),381817526(ggs_otp),381821147(ggs_gop_facebook),381828400(ggs_homeboarding),381829849(ggs_fw_vpn_nomade),381832166(ggs_gop_antispam),381845273(ggs_onepoint)
m

[seboss666]

I'm in the exact same situation : fresh install of Ubuntu 20.04 (provided by my employer), installed openfortigui from iteas repository, and the same error regarding not able to ask for sudo password despite having the openfortigui in the sudoers.d folder.
For now as a workaround to be able to work, I'm launching openfortigui from the commandline via sudo, but it's not a convenient way to work with it.

[theinvisible]

Did you check if "SUDO preserve env" ist enabled in OpenFortiGUI Settings?