How does your PAM config differ from the defaults? You can check sudo details at:

# grep "" /etc/pam.d/sudo*
/etc/pam.d/sudo:#%PAM-1.0
/etc/pam.d/sudo:auth include system-auth
/etc/pam.d/sudo:account include system-auth
/etc/pam.d/sudo:password include system-auth
/etc/pam.d/sudo:session optional pam_keyinit.so revoke
/etc/pam.d/sudo:session required pam_limits.so
/etc/pam.d/sudo:session include system-auth
/etc/pam.d/sudo-i:#%PAM-1.0
/etc/pam.d/sudo-i:auth include sudo
/etc/pam.d/sudo-i:account include sudo
/etc/pam.d/sudo-i:password include sudo
/etc/pam.d/sudo-i:session optional pam_keyinit.so force revoke
/etc/pam.d/sudo-i:session include sudo

Alternatively, having a look at /etc/pam.d and checking what's different from a defualt installation should give you a clue.

Nothing is different in the su* files. The system-auth file is somewhat different. I don't see anything in it which would discriminate by UID/GID number:

auth        required                                     pam_env.so

auth        required                                     pam_faildelay.so delay=2000000

auth        [default=1 ignore=ignore success=ok]         pam_usertype.so isregular

auth        [default=1 ignore=ignore success=ok]         pam_localuser.so

auth        sufficient                                   pam_unix.so nullok

auth        [default=1 ignore=ignore success=ok]         pam_usertype.so isregular

auth        sufficient                                   pam_sss.so forward_pass

auth        required                                     pam_deny.so

account     required                                     pam_unix.so

account     sufficient                                   pam_localuser.so

account     sufficient                                   pam_usertype.so issystem

account     [default=bad success=ok user_unknown=ignore] pam_sss.so

account     required                                     pam_permit.so

password    requisite                                    pam_pwquality.so local_users_only

password    sufficient                                   pam_unix.so sha512 shadow nullok use_authtok

password    sufficient                                   pam_sss.so use_authtok

password    required                                     pam_deny.so

session     optional                                     pam_keyinit.so revoke

session     required                                     pam_limits.so

-session    optional                                     pam_systemd.so

session     optional                                     pam_oddjob_mkhomedir.so

session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid

session     required                                     pam_unix.so

session     optional                                     pam_sss.so

Did anyone find a resolution to this issue? I am experiencing the same issue on a RHEL8 server. Works for some users in the group and not others

sudo su - <someuser>
sudo: PAM account management error: Permission denied