Ubuntu
samba package

Bug #570944
Comment #30

Comment 30 for bug 570944

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2019-01-09: Re: [Bug 570944] Re: passwd : gives "Authentication token manipulation error"

#30

Ah, thank you, I missed that

On Wed, Jan 9, 2019, 18:34 Mathieu Parent <<email address hidden> wrote:

> It is. Closed by me:
>
> samba (2:4.9.1+dfsg-2) unstable; urgency=medium
> [ Mathieu Parent ]
> * Allow one to change password via passwd in default config
> - third_party: Update pam_wrapper to version 1.0.7
> - third_party: Add pam_set_items.so from pam_wrapper
> - nsswitch: Add try_authtok option to pam_winbind
> - tests: Check pam_winbind pw change with different options
> - Patch for previous 4 commits
> - debian/winbind.pam-config: Use the new try_authtok option allowing
> password change while preserving current behavior with password strength
> modules (Closes: #858923, LP: #570944)
>
> --
> You received this bug notification because you are subscribed to samba
> in Ubuntu.
> https://bugs.launchpad.net/bugs/570944
>
> Title:
> passwd : gives "Authentication token manipulation error"
>
> Status in samba package in Ubuntu:
> Triaged
>
> Bug description:
> Binary package hint: samba
>
> `passwd` for ActiveDirectory account gives "Authentication token
> manipulation error"
>
> I have latest and greatest of LucidLynx updates.
>
> winbind 2:3.4.7~dfsg-1ubuntu3
> samba 2:3.4.7~dfsg-1ubuntu3
>
> I have ActiveDirectory integration with Samba/Winbind. (not
> Likewise-Open)
> Logging into Console window or `ssh`-ing into machine works fine using
> DOMAIN\first.last account names.
>
> Trying to change password with the `passwd` program:
>
> $ passwd
> Changing password for DOMAIN\first.last
> (current) NT password:
> passwd: Authentication token manipulation error
> passwd: password unchanged
> $
>
> In the /var/log/auth.log file I get this output in conjunction with
> the above passwd attempt:
>
> pam_unix(passwd:chauthtok): user "DOMAIN\first.last" does not exist in
> /etc/passwd
> passwd[16109]: pam_winbind(passwd:chauthtok): getting password
> (0x0000002a)
>
> passwd[16109]: pam_winbind(passwd:chauthtok): user 'DOMAIN\first.last'
> granted access
> passwd[16109]: pam_unix(passwd:chauthtok): user "DOMAIN\first.last" does
> not exist in /etc/passwd
> passwd[16109]: pam_winbind(passwd:chauthtok): getting password
> (0x00000012)
>
> I don't see anything particularly wrong with that output, other
> than it seems to stop prematurely.
>
> This is my default-created /etc/pam.d/common-password file:
>
> password [success=2 default=ignore] pam_unix.so obscure sha512
> password [success=1 default=ignore] pam_winbind.so use_authtok
> try_first_pass
> password requisite pam_deny.so
> password required pam_permit.so
> password optional pam_gnome_keyring.so
>
> I've Googled for "Authentication token manipulation error", but most
> cases involve local Linux accounts or other uninteresting problems.
>
> I don't think any entries in smb.conf have an effect on passwd, but
> here's a snippet of entries with the word "pass" or "encrypt" in them:
>
> password server = machine.domain.com
> encrypt passwords = true
> passdb backend = tdbsam
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> pam password change = yes
> encrypt passwords = true
>
>
> I can successfully change password, using `passwd` for a local Linux
> account.
>
> $ passwd
> Changing password for localAccount.
> (current) UNIX password:
> Enter new UNIX password:
> Retype new UNIX password:
> passwd: password updated successfully
> $
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/570944/+subscriptions
>
> Launchpad-Notification-Type: bug
> Launchpad-Bug: distribution=ubuntu; sourcepackage=samba; component=main;
> status=Triaged; importance=Medium; assignee=None;
> Launchpad-Bug-Information-Type: Public
> Launchpad-Bug-Private: no
> Launchpad-Bug-Security-Vulnerability: no
> Launchpad-Bug-Commenters: ahasenack gasinvein guy-moore janitor
> lorenzetto-luca math-parent nacc ttx urusha vorlon
> Launchpad-Bug-Reporter: gmoore777 (guy-moore)
> Launchpad-Bug-Modifier: Mathieu Parent (math-parent)
> Launchpad-Message-Rationale: Subscriber (samba in Ubuntu)
> Launchpad-Message-For: ahasenack
>

Ah, thank you, I missed that

On Wed, Jan 9, 2019, 18:34 Mathieu Parent <570944@bugs.launchpad.net wrote:

> It is. Closed by me:
>
>  samba (2:4.9.1+dfsg-2) unstable; urgency=medium
>  [ Mathieu Parent ]
>  * Allow one to change password via passwd in default config
> - third_party: Update pam_wrapper to version 1.0.7
> - third_party: Add pam_set_items.so from pam_wrapper
> - nsswitch: Add try_authtok option to pam_winbind
>  - tests: Check pam_winbind pw change with different options
> - Patch for previous 4 commits
>  - debian/winbind.pam-config: Use the new try_authtok option allowing
> password change while preserving current behavior with password strength
> modules (Closes: #858923, LP: #570944)
>
> --
> You received this bug notification because you are subscribed to samba
> in Ubuntu.
> https://bugs.launchpad.net/bugs/570944
>
> Title:
>   passwd : gives "Authentication token manipulation error"
>
> Status in samba package in Ubuntu:
>   Triaged
>
> Bug description:
>   Binary package hint: samba
>
>    `passwd` for ActiveDirectory account gives "Authentication token
>   manipulation error"
>
>   I have latest and greatest of LucidLynx updates.
>
>       winbind    2:3.4.7~dfsg-1ubuntu3
>       samba     2:3.4.7~dfsg-1ubuntu3
>
>   I have ActiveDirectory integration with Samba/Winbind. (not
> Likewise-Open)
>   Logging into Console window or `ssh`-ing into machine works fine using
>   DOMAIN\first.last account names.
>
>   Trying to change password with the `passwd` program:
>
>   $ passwd
>   Changing password for DOMAIN\first.last
>   (current) NT password:
>   passwd: Authentication token manipulation error
>   passwd: password unchanged
>   $
>
>   In the /var/log/auth.log file I get this output in conjunction with
>   the above passwd attempt:
>
>   pam_unix(passwd:chauthtok): user "DOMAIN\first.last" does not exist in
> /etc/passwd
>   passwd[16109]: pam_winbind(passwd:chauthtok): getting password
> (0x0000002a)
>
>   passwd[16109]: pam_winbind(passwd:chauthtok): user 'DOMAIN\first.last'
> granted access
>   passwd[16109]: pam_unix(passwd:chauthtok): user "DOMAIN\first.last" does
> not exist in /etc/passwd
>   passwd[16109]: pam_winbind(passwd:chauthtok): getting password
> (0x00000012)
>
>   I don't see anything particularly wrong with that output, other
>   than it seems to stop prematurely.
>
>   This is my default-created /etc/pam.d/common-password file:
>
>   password [success=2 default=ignore] pam_unix.so obscure sha512
>   password [success=1 default=ignore] pam_winbind.so use_authtok
> try_first_pass
>   password requisite pam_deny.so
>   password required pam_permit.so
>   password optional pam_gnome_keyring.so
>
>   I've Googled for "Authentication token manipulation error", but most
>   cases involve local Linux accounts or other uninteresting problems.
>
>   I don't think any entries in smb.conf have an effect on passwd, but
>   here's a snippet of entries with the word "pass" or "encrypt" in them:
>
>   password server = machine.domain.com
>   encrypt passwords = true
>   passdb backend = tdbsam
>   unix password sync = yes
>   passwd program = /usr/bin/passwd %u
>   passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>   pam password change = yes
>   encrypt passwords = true
>
>
>   I can successfully change password, using `passwd` for a local Linux
> account.
>
>   $ passwd
>   Changing password for localAccount.
>   (current) UNIX password:
>   Enter new UNIX password:
>   Retype new UNIX password:
>   passwd: password updated successfully
>   $
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/570944/+subscriptions
>
> Launchpad-Notification-Type: bug
> Launchpad-Bug: distribution=ubuntu; sourcepackage=samba; component=main;
> status=Triaged; importance=Medium; assignee=None;
> Launchpad-Bug-Information-Type: Public
> Launchpad-Bug-Private: no
> Launchpad-Bug-Security-Vulnerability: no
> Launchpad-Bug-Commenters: ahasenack gasinvein guy-moore janitor
> lorenzetto-luca math-parent nacc ttx urusha vorlon
> Launchpad-Bug-Reporter: gmoore777 (guy-moore)
> Launchpad-Bug-Modifier: Mathieu Parent (math-parent)
> Launchpad-Message-Rationale: Subscriber (samba in Ubuntu)
> Launchpad-Message-For: ahasenack
>

Ubuntusamba package

Comment 30 for bug 570944

Ubuntu
samba package