[Bug 570944] [NEW] passwd : gives "Authentication token manipulation error"

gmoore777 guy.moore at comcast.net
Tue Apr 27 21:52:42 BST 2010 

Public bug reported:

Binary package hint: samba

 `passwd` for ActiveDirectory account gives "Authentication token
manipulation error"

I have latest and greatest of LucidLynx updates.

    winbind    2:3.4.7~dfsg-1ubuntu3 
    samba     2:3.4.7~dfsg-1ubuntu3

I have ActiveDirectory integration with Samba/Winbind. (not Likewise-Open)
Logging into Console window or `ssh`-ing into machine works fine using
DOMAIN\first.last account names.

Trying to change password with the `passwd` program:

$ passwd
Changing password for DOMAIN\first.last
(current) NT password:
passwd: Authentication token manipulation error
passwd: password unchanged
$

In the /var/log/auth.log file I get this output in conjunction with the
above passwd attempt:

pam_unix(passwd:chauthtok): user "DOMAIN\first.last" does not exist in /etc/passwd
passwd[16109]: pam_winbind(passwd:chauthtok): getting password (0x0000002a)

passwd[16109]: pam_winbind(passwd:chauthtok): user 'DOMAIN\first.last' granted access
passwd[16109]: pam_unix(passwd:chauthtok): user "DOMAIN\first.last" does not exist in /etc/passwd
passwd[16109]: pam_winbind(passwd:chauthtok): getting password (0x00000012)

I don't see anything particularly wrong with that output, other
than it seems to stop prematurely.

This is my default-created /etc/pam.d/common-password file:

password [success=2 default=ignore] pam_unix.so obscure sha512
password [success=1 default=ignore] pam_winbind.so use_authtok try_first_pass
password requisite pam_deny.so
password required pam_permit.so
password optional pam_gnome_keyring.so

I've Googled for "Authentication token manipulation error", but most
cases involve local Linux accounts or other uninteresting problems.

I don't think any entries in smb.conf have an effect on passwd, but
here's a snippet of entries with the word "pass" or "encrypt" in them:

password server = machine.domain.com
encrypt passwords = true
passdb backend = tdbsam
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
encrypt passwords = true


I can successfully change password, using `passwd` for a local Linux account.

$ passwd
Changing password for localAccount.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
$

** Affects: samba (Ubuntu)
     Importance: Undecided
         Status: New

-- 
passwd : gives "Authentication token manipulation error"
https://bugs.launchpad.net/bugs/570944
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.

More information about the Ubuntu-server-bugs mailing list