[Bug 570944] Re: passwd : gives "Authentication token manipulation error"

Luca Lorenzetto lorenzetto.luca at gmail.com
Fri Aug 10 09:52:07 UTC 2012 

As suggested by gmoore777 removing use_authtok allowed me to go on with
password changing

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/570944

Title:
  passwd : gives "Authentication token manipulation error"

Status in “samba” package in Ubuntu:
  Triaged

Bug description:
  Binary package hint: samba

   `passwd` for ActiveDirectory account gives "Authentication token
  manipulation error"

  I have latest and greatest of LucidLynx updates.

      winbind    2:3.4.7~dfsg-1ubuntu3 
      samba     2:3.4.7~dfsg-1ubuntu3

  I have ActiveDirectory integration with Samba/Winbind. (not Likewise-Open)
  Logging into Console window or `ssh`-ing into machine works fine using
  DOMAIN\first.last account names.

  Trying to change password with the `passwd` program:

  $ passwd
  Changing password for DOMAIN\first.last
  (current) NT password:
  passwd: Authentication token manipulation error
  passwd: password unchanged
  $

  In the /var/log/auth.log file I get this output in conjunction with
  the above passwd attempt:

  pam_unix(passwd:chauthtok): user "DOMAIN\first.last" does not exist in /etc/passwd
  passwd[16109]: pam_winbind(passwd:chauthtok): getting password (0x0000002a)

  passwd[16109]: pam_winbind(passwd:chauthtok): user 'DOMAIN\first.last' granted access
  passwd[16109]: pam_unix(passwd:chauthtok): user "DOMAIN\first.last" does not exist in /etc/passwd
  passwd[16109]: pam_winbind(passwd:chauthtok): getting password (0x00000012)

  I don't see anything particularly wrong with that output, other
  than it seems to stop prematurely.

  This is my default-created /etc/pam.d/common-password file:

  password [success=2 default=ignore] pam_unix.so obscure sha512
  password [success=1 default=ignore] pam_winbind.so use_authtok try_first_pass
  password requisite pam_deny.so
  password required pam_permit.so
  password optional pam_gnome_keyring.so

  I've Googled for "Authentication token manipulation error", but most
  cases involve local Linux accounts or other uninteresting problems.

  I don't think any entries in smb.conf have an effect on passwd, but
  here's a snippet of entries with the word "pass" or "encrypt" in them:

  password server = machine.domain.com
  encrypt passwords = true
  passdb backend = tdbsam
  unix password sync = yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
  pam password change = yes
  encrypt passwords = true

  
  I can successfully change password, using `passwd` for a local Linux account.

  $ passwd
  Changing password for localAccount.
  (current) UNIX password:
  Enter new UNIX password:
  Retype new UNIX password:
  passwd: password updated successfully
  $

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/570944/+subscriptions

More information about the foundations-bugs mailing list