Authentication token manipulation error after upgrade from 16.04 -> 18.04 -> 20.04

nicks6853

12/17/22, 5:06 PM

Introduction

I recently upgraded the Ubuntu release from 16.04 to 18.04 to 20.04 and after completing the upgrades and fixing outstanding issues with apps that were running on that local development server I noticed the passwd command to change user passwords has stopped working.

What is the error

Here is what happens when I attempt to change my own user's password

joe@machine1:/etc$ passwd
Changing password for joe.
Current password: 
passwd: Authentication token manipulation error
passwd: password unchanged

Here is what happens when I attempt to change another user's password

root@machine1:/etc# passwd openvpn
passwd: Authentication token manipulation error
passwd: password unchanged

Here is what I tried until now

Here are my attempts after looking at different solutions online.

I have tried rebooting the system
I have tried remounting the FS as read,write using this command mount -o remount,rw /
I have tried using pam-auth-update
I have checked the permissions on the following files:
- -rw-r--r-- 1 root root 3790 Aug 17 12:45 /etc/passwd
- -rw-r----- 1 root shadow 2674 Aug 17 13:41 /etc/shadow
- -rwsr-xr-x 1 root root 68208 Jul 14 19:08 /usr/bin/passwd
I have made sure that there was sufficient space on my filesystem. There is ~300GB free so I don't think that is part of the issue.

I have used pwck which did not really help, here is the output of that command

user 'lp': directory '/var/spool/lpd' does not exist
user 'news': directory '/var/spool/news' does not exist
user 'uucp': directory '/var/spool/uucp' does not exist
user 'list': directory '/var/list' does not exist
user 'irc': directory '/var/run/ircd' does not exist
user 'gnats': directory '/var/lib/gnats' does not exist
user 'nobody': directory '/nonexistent' does not exist
user 'openvpn': directory '/home/openvpn' does not exist
user 'openvpn': program '/sbin/nologin' does not exist
pwck: no changes

Any ideas what could be done to fix this issue. I can confirm that this used to work before the upgrade as I had recently added a user to the system.

0 + 4

users

passwd

shadow

20.04

steeldriver

12/17/22, 8:29 PM

You seem to have covered all the "obvious" causes - I think the `passwd:` entry in /etc/nsswitch.conf may be involved as well?

nicks6853

12/18/22, 7:43 PM

Any idea what may be wrong with the passwd entry in `/etc/nsswitch.conf`? Right now it looks like `passwd compat lsass systemd` `group compat lsass systemd` `shadow compat` `gshadow files` and then some other entries which I don't think are related (hosts, network, protocols, services, ethers, rpc, netgroup)

steeldriver

12/18/22, 8:19 PM

I have no experience with lsass - I assume that's for Active Directory authentication? Are the users whose passwords you are trying to change local or AD users?

nicks6853

12/19/22, 4:38 AM

The users are local, lsass is currently not being used.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Authentication token manipulation error after upgrade from 16.04 -> 18.04 -> 20.04

TH: ข้อผิดพลาดในการจัดการโทเค็นการรับรองความถูกต้องหลังจากอัปเกรดจาก 16.04 -> 18.04 -> 20.04

RO: Eroare de manipulare a jetonului de autentificare după upgrade de la 16.04 -> 18.04 -> 20.04

RU: Ошибка манипулирования токеном аутентификации после обновления с 16.04 -> 18.04 -> 20.04

VI: Lỗi thao tác mã thông báo xác thực sau khi nâng cấp từ 16.04 -> 18.04 -> 20.04

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.