I have tried putting the password in the useradd command. I have tried to create user then come back and change the password. I have created the user then su - username and was not able to change password. This user has been fully removed and readded. The user exists in /etc/password /etc/shadow and was assigned to a group in /etc/group. I can't change the password as root and when the user trys to logon by remote they get access denied. There is not a /etc/ssh/ssh.deny file or allow for that matter. I did notice that my regular user cannot change my password. Getting same error. There is nothing like the user having duplicate uid or gid in /etc/passwd. Just for kicks I also tried to use usermod -p password to change the password. Nogo.

Again previous users can ssh to server, but apparently can't change password. New users cannot ssh to server due to the password authentication error. I did notice that in /var/log/messages that user logs on with uid=0.

Well, that's probably your problem unless you've got a weird setup.

1. ONLY root should have uid 0

2. best practice is NOT to allow remote root access, as this is first thing crackers/script kiddies go for.
Create a second acct with secure passwd and 'su - ' from there.
Normally remote root login is disabled /etc/ssh/sshd_config "PermitRootLogin no"

3. normally a user cannot re-use the same passwd, especially immediately. If you need it never to change/expire http://linux.die.net/man/1/chage & set --expiredate=-1 as per that page.
See also http://www.thegeekstuff.com/2009/04/...ion-and-aging/

See also /etc/login.defs

4. only root would use the format
to change another user's passwd.
Normal users can't do that; they should just say 'passwd'.

HTH

Thank you chrism01. We already have our servers set that way. permitrootlogin = no. I performed a tail -f on secure log on a couple of other servers and got the same results. Old users can logon and change password using passwd utility. New users cannot logon. New users can't login or change password even if you su to the user and try to run passwd.

I used several methods to attempt to make a change. I even created another user to see if I was still experiencing the issue. Listed below are some of the steps that I took.

1) explicitly providing password in useradd
2) created user then used usermod to add password
3) deleted home directory and all of user then tried to recreate.
4) created alternate user
5) manually put password in correct field of /etc/passwd then ran pwconv

So, if you create a brand new user from scratch;

1. can root change user's passwd ?
2. can user change passwd as that user ie not via root ?

If no to either both, exactly what cmds did you issue; exactly what msgs did you get.
Sorry to seem pedantic, but its easier to debug if I can see exactly what you did, as opposed to a description thereof.

3. have you got any distributed auth setup that may interfere eg LDAP ?

No I would like to have a distributed authentication setup, but management says nogo.

I su - to user from root and was unable to change password. I can't sign on as user to do anything.

commands used
as root
useradd -m -G wheel -p password username
useradd -m -p password username
useradd -m -G wheel username; passwd username
useradd -m ctest;passwd ctest
usermod -p password username (after creating user w/o specifying password This didn't generate error, but didn't help either)
su - username; passwd
Manually altered password field in /etc/passwd then ran pwconv


I might have missed a few but this is the general range of things I have tried of course I totally removed the user and made sure nothing was left in /home or /etc/passwd /etc/shadow....etc.

The error I was getting was listed previously. It looks like it is going to start to change but then without even getting you the chance to input any values it gives following error. This is the error I get whenever I do anything besides usermod. Usermod still didn't fix the issue.

passwd username
Changing password for user username.
passwd: Authentication token manipulation error

Ok, lets stick with the simplest approach

Can you ensure you have completely removed any test user eg ctest, then (as root, pref logged in locally/direct as root, ie not via 'su -') do exactly
and copy/paste the cmds/msgs

Also check /var/log/messages, /var/log/secure.
The echo is just to check the return status of each cmd; I'm just starting to wonder if useradd is failing quietly.
BTW, for usermod the -p option requires the supplied passwd to ALREADY be encrypted http://linux.die.net/man/8/usermod

I want to thank you for all of your assistance. I found out that the pam module is configured to need a smbpasswd for the user to be set up before a system password can be used. I have never seen or tried to set up anything like this so I didn't think to look there.

I personally think that cifs stands for crappy internet file system, but I didn't have any decision making power yet in offering an alternate option. I apologize if I wasted any time.