[Bug 570944] Re: passwd : gives "Authentication token manipulation error"

[gmoore777]

Is this what you need?

$ cd /etc/pam.d
$ cat common-auth common-session-noninteractive common-session common-password common-account | grep -v "^#"

auth    [success=2 default=ignore]      pam_unix.so nullok_secure
auth    [success=1 default=ignore]      pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so

session [default=1]                     pam_permit.so
session requisite                       pam_deny.so
session required                        pam_permit.so
session required        pam_unix.so
session optional                        pam_winbind.so

session [default=1]                     pam_permit.so
session requisite                       pam_deny.so
session required                        pam_permit.so
session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0027
session required        pam_unix.so
session optional                        pam_winbind.so
session optional                        pam_ck_connector.so nox11

password        [success=2 default=ignore]      pam_unix.so obscure sha512
password        [success=1 default=ignore]      pam_winbind.so use_authtok try_first_pass
password        requisite                       pam_deny.so
password        required                        pam_permit.so
password        optional        pam_gnome_keyring.so

account [success=2 new_authtok_reqd=done default=ignore]        pam_unix.so
account [success=1 new_authtok_reqd=done default=ignore]        pam_winbind.so
account requisite                       pam_deny.so
account required                        pam_permit.so


Here is the smb.conf, with comments removed and substituted in
<shortDOMAINname>, <MACHINEX>, <DOMAIN> where appropriate.

[global]
workgroup = <shortDOMAINname>
security = ADS
password server = <MACHINE1>.<DOMAIN>.com, <MACHINE2>.<DOMAIN>.com
realm = <DOMAIN>.COM
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
idmap backend = idmap_rid:<DOMAIN>=50-9999999999
idmap uid = 50-9999999999
idmap gid = 50-9999999999
allow trusted domains = no
winbind offline logon = true
template shell = /bin/bash
template homedir = /home/%D/%U
winbind normalize names = yes
winbind use default domain = yes
usershare allow guests = yes

-- 
passwd : gives "Authentication token manipulation error"
https://bugs.launchpad.net/bugs/570944
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.