[CentOS] C7 ansible 2.3 become_method: su not working

I just don't know what else to try. I've beat my head on this for 3 days 
now and it's becoming obvious that either Ansible 2.3 is a complete 
disaster, or the CentOS 7 package is a complete cluster. Here's my 
problem. I am working on getting an ansible server to manage about 100 
or so CentOS 6 servers.  All have an unprivileged user account setup (up 
to 3 years before I got here in April) but that user account isn't setup 
with sudo access.  The way to get to root is 'su'.

I'm not a newbie with Ansible as I used it extensively in my previous 
position to manage ~70 or so Ubuntu servers.  The Ansible is CentOS 7.  
I'm working on getting Ansible to play nice with privilege escalation 
using SU and NAFT has worked.  Here's an example (very simple) playbook:


Because I'm having to use 'su' I have to either add the user password to 
the inventory file or use the --ask-become-pass parameter to the command 
line.  Every time I do, I get this:

[root at ansible ~]# ansible-playbook playbooks/radtest.yml --ask-become-pass
SUDO password:

It bombs timing out on privilege escalation.  Every single time. I'm 
absolutely frustrated and am almost ready to throw ansible to the curb 
for something that doesn't suck so bad.  But before I do, I'm asking the 
list, anyone seen anything like this before?  I could post to the 
ansible list, but it's a google group and God knows when I might get a 
reply.

BTW, setting up root with key-only auth is an option, but would be a 
real PITA to configure 100+ external servers by hand with the keys and 
reconfig sshd for it.