New users - not able to create passwords

Latest response

When new users are created, the initial password cannot be set:

[root@cd ~]# passwd newuser
Changing password for user newuser.
passwd: Authentication token manipulation error

The error in /var/log/messages:

PAM_smbpass[6570]: Failed to find entry for user newuser

This is a system I have inherited. Here is the system-auth:

auth required
auth requisite likeauth nullok try_first_pass
auth optional migrate
auth sufficient likeauth nullok try_first_pass
auth required

account required
account sufficient uid < 100 quiet
account required

password requisite retry=3
password requisite nullok use_authtok md5 shadow
password sufficient nullok use_authtok try_first_pass
password required

session required
session required

This is the pam.d passwd file:

auth required service=system-auth
account required service=system-auth
password required service=system-auth

It looks like when a new user is created, a user in smbpasswd is supposed to be created but it isn't. Can someone help me fix this problem?



Just a suggestion could you please su - as newuser first and then try to change the password ?

su - newuser

then run passwd to see if it allow you to change the password.


No, it asks me for the current UNIX password and any password entered or just pressing enter gives an authentication failure.

While I was trying to set up a restricted shell with samba password change rules in place I've found this thread ... hope it helps what my guess is.

You get a token error as I think your user is not in SAMBA. You can check via:
1. pdbedit -L | grep newuser

Here is my quick test, done as root:
1. # passwd newuser
Changing password for user newuser.
passwd: Authentication token manipulation error <<< same as yours

  1. # echo -e "test\ntest" | pdbedit -ta newuser << not sure how to bypass this
  2. # echo qwerty | passwd --stdin newuser
  3. # smbclient -U newuser%qwerty '\localhost\DIR' (notice the pass is the one from passwd command and I get a prompt)

If your setup still fails, perhaps a case to RH and a paste of solution will help (me included)

Just found a trick on a website: chpasswd bypasses the samba stuff.
This fails:
useradd -m user116
echo qwe123 | passwd --stdin user116
passwd: Authentication token manipulation error

but this works
echo "user116:qwe123" | chpasswd -m


I was facing the same problem, I tried the following - echo "user116:qwe123" | chpasswd -m
It worked if my password is simple, if i have a slight complex password say qwe123! in that case my command will be - echo "user116:qwe123!" | chpasswd -m
which gives an error -
-bash: !": event not found

Could you please guide me how to proceed.

When setting with this method, you need to avoid password strings that include reserved tokens. Reserved tokens will tend to be intercepted by the shell you're running the password set/change process under. In the case of Bash, using the "!" reserved token will result in the error seen. Either: do your scripting in a different shell/language; figure out how to escape the token; or, avoid the problematic token.

Thanks, I did determine that the problem was that the samba user wasn't being created as part of the useradd process and that afterwards running smbpasswd -a username would fix it. The issue is why isn't the samba user being created when I do a useradd?