New users - not able to create passwords

Latest response

When new users are created, the initial password cannot be set:

[root@cd ~]# passwd newuser
Changing password for user newuser.
passwd: Authentication token manipulation error

The error in /var/log/messages:

PAM_smbpass[6570]: Failed to find entry for user newuser

This is a system I have inherited. Here is the system-auth:

auth required pam_env.so
auth requisite pam_unix.so likeauth nullok try_first_pass
auth optional pam_smbpass.so migrate
auth sufficient pam_unix.so likeauth nullok try_first_pass
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_succeed_if.so uid < 100 quiet
account required pam_permit.so

password requisite pam_cracklib.so retry=3
password requisite pam_unix.so nullok use_authtok md5 shadow
password sufficient pam_smbpass.so nullok use_authtok try_first_pass
password required pam_deny.so

session required pam_limits.so
session required pam_unix.so

This is the pam.d passwd file:

auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth

It looks like when a new user is created, a user in smbpasswd is supposed to be created but it isn't. Can someone help me fix this problem?

Responses

Hi,

Just a suggestion could you please su - as newuser first and then try to change the password ?

su - newuser

then run passwd to see if it allow you to change the password.

Frank

No, it asks me for the current UNIX password and any password entered or just pressing enter gives an authentication failure.

While I was trying to set up a restricted shell with samba password change rules in place I've found this thread ... hope it helps what my guess is.

You get a token error as I think your user is not in SAMBA. You can check via:
1. pdbedit -L | grep newuser

Here is my quick test, done as root:
1. # passwd newuser
Changing password for user newuser.
passwd: Authentication token manipulation error <<< same as yours

  1. # echo -e "test\ntest" | pdbedit -ta newuser << not sure how to bypass this
  2. # echo qwerty | passwd --stdin newuser
  3. # smbclient -U newuser%qwerty '\localhost\DIR' (notice the pass is the one from passwd command and I get a prompt)

If your setup still fails, perhaps a case to RH and a paste of solution will help (me included)

Just found a trick on a website: chpasswd bypasses the samba stuff.
This fails:
useradd -m user116
echo qwe123 | passwd --stdin user116
passwd: Authentication token manipulation error

but this works
echo "user116:qwe123" | chpasswd -m

Hi,

I was facing the same problem, I tried the following - echo "user116:qwe123" | chpasswd -m
It worked if my password is simple, if i have a slight complex password say qwe123! in that case my command will be - echo "user116:qwe123!" | chpasswd -m
which gives an error -
-bash: !": event not found

Could you please guide me how to proceed.

When setting with this method, you need to avoid password strings that include reserved tokens. Reserved tokens will tend to be intercepted by the shell you're running the password set/change process under. In the case of Bash, using the "!" reserved token will result in the error seen. Either: do your scripting in a different shell/language; figure out how to escape the token; or, avoid the problematic token.

Thanks, I did determine that the problem was that the samba user wasn't being created as part of the useradd process and that afterwards running smbpasswd -a username would fix it. The issue is why isn't the samba user being created when I do a useradd?