passwd: permission denied error when trying to update a user's password

Question

I just installed Ubuntu on a new machine and everything seemed to be going fine. I and a coworker were having some issues with a few things and have managed to lock-out a local admin (sudo?) account after unjoining an AD domain using realm while troubleshooting some McAfee issues were were having. I'm 99.9% certain that the password has not changed for the user. I have followed ALL the steps found here for resetting the password as root in recovery. When I try to run

sudo passwd USERNAME

I get the error:

root@hostname:~# sudo passwd USERNAME passwd:Permission denied passwd:password unchanged root@hostname:~#

When I try to do the steps for the "The Drastic Measures", I notice that the shadow file does not show what would usually indicate an encrypted password for the user. Instead it looks like:

username:!:14920:0:99999:7:::

I have removed the exclamation point and still have issues. Even when I run

passwd

as root through recovery, I get a permissions denied error. As it stands right now, I can only log into the machine as root through recovery. I'm at a complete loss at this point and trying to avoid breaking down the machine and starting from scratch. Any help you guys can provide would be greatly appreciated.

My guess is you have to remount your root file system rw . Also you do not need to run sudo as you are already root. Last USERNAME is not the same as username and neither is likely your actual username. — Panther, Nov 21 '16 at 20:08
See https://wiki.ubuntu.com/RecoveryMode , step 8 and http://askubuntu.com/questions/804036/cant-reset-password — Panther, Nov 21 '16 at 20:09
Possible duplicate of How do I reset a lost administrative password? — Panther, Nov 21 '16 at 20:09
I made sure to run the mount -o remount,rw / before going through the steps in the link I posted. I still had those issues. BTW, username is def. not a real username. I'm working on a "govt" system so changed it to protect the innocent. — ProAm500, Nov 21 '16 at 20:28
If it is a "govt" system, I would expect it to use some kind of non-local password management such as ldap — steeldriver, Nov 22 '16 at 00:16
Machine was part of a Active Directory domain, LDAP was not used. We were trying to install McAfee on the system and was having some issue so "unjoined" using realm (the same methodI used to join the domain). There were two accounts on the machine. My domain account and a local account. Domain obv. doesnt work but the local account no longer works. I can only log in via root from recovery. — ProAm500, Nov 22 '16 at 13:25

score 0 · Answer 1 · edited Nov 19 '18 at 10:12

0

Sol:

vi /etc/pam.d/common-password
password        [success=3 default=ignore]      
pam_unix.so obscure sha512

=> Change it to "success=2"

Smile!

edited Nov 19 '18 at 10:12

PerlDuck

13,335

answered Nov 19 '18 at 10:01

Gyanesh

1

2

What does this change do? – PerlDuck Nov 19 '18 at 11:18
1

@PerlDuck It changes the number modules to skip if password succeeds from 3 to 2. (source) This seems like a pretty niche solution, because by default it should be 2 unless someone's gone and messed it up. – Nonny Moose Dec 20 '18 at 02:21

passwd: permission denied error when trying to update a user's password

1 Answers1