passwd : gives "Authentication token manipulation error"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: samba
`passwd` for ActiveDirectory account gives "Authentication token manipulation error"
I have latest and greatest of LucidLynx updates.
winbind 2:3.4.7~
samba 2:3.4.7~
I have ActiveDirectory integration with Samba/Winbind. (not Likewise-Open)
Logging into Console window or `ssh`-ing into machine works fine using
DOMAIN\first.last account names.
Trying to change password with the `passwd` program:
$ passwd
Changing password for DOMAIN\first.last
(current) NT password:
passwd: Authentication token manipulation error
passwd: password unchanged
$
In the /var/log/auth.log file I get this output in conjunction with the above passwd attempt:
pam_unix(
passwd[16109]: pam_winbind(
passwd[16109]: pam_winbind(
passwd[16109]: pam_unix(
passwd[16109]: pam_winbind(
I don't see anything particularly wrong with that output, other
than it seems to stop prematurely.
This is my default-created /etc/pam.
password [success=2 default=ignore] pam_unix.so obscure sha512
password [success=1 default=ignore] pam_winbind.so use_authtok try_first_pass
password requisite pam_deny.so
password required pam_permit.so
password optional pam_gnome_
I've Googled for "Authentication token manipulation error", but most
cases involve local Linux accounts or other uninteresting problems.
I don't think any entries in smb.conf have an effect on passwd, but here's a snippet of entries with the word "pass" or "encrypt" in them:
password server = machine.domain.com
encrypt passwords = true
passdb backend = tdbsam
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\
pam password change = yes
encrypt passwords = true
I can successfully change password, using `passwd` for a local Linux account.
$ passwd
Changing password for localAccount.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
$
Changed in samba (Ubuntu): | |
status: | Incomplete → Confirmed |
Changed in samba (Ubuntu): | |
status: | Triaged → Fix Released |
Thanks for your input. Did it ever work on previous releases ?