Hello,
I recently created a user account on an Ubuntu server running 10.04 LTS and found that I am unable to change the password of this account or any other account including root. The root and other non-root admin account passwords are set to not expire so I have never needed to change them. The error is:

passwd: Authentication token manipulation error
passwd: password unchanged

I've done a lot of searching on this site and others for a solution but haven't found one yet. This is what I've tried so far:
1. The disk is not full. df -h shows /dev/sda1 is only 7% in use
2. The file system is not read-only. I can create test files w/o any errors or problems.
touch test_file
root@my-server:/etc# ls -lsa |grep test_file
-rw------- 1 root root 0 2014-06-02 15:53 test_file
3. pwck returned no errors
4. Permissions on /etc/passwd and /etc/shadow are set to:
-rw-r--r-- 1 root root 1238 2014-06-02 14:50 passwd
-rw-r----- 1 root root 968 2014-06-02 14:50 shadow
5. I deleted the newly created account and tried to change root's passwd
root@my-server:/etc# passwd
passwd: Authentication token manipulation error
passwd: password unchanged
6. I rebooted...

Any suggestions or help will be greatly appreciated. I have an audit in my near future and need to get this resolved.

Do you have a file in /etc/ that appears as "shadow-" when you ls -al the directory?

Check permission of /etc/shadow and /etc/passwd
/etc/shadow should be 640 and /etc/passwd should be 644
Now try to change password.
If still it does not work, Run
Now try to change password.
If still it does not work, Run
Now try to change password.

You could try check
from my Centos 6.5

output from a functioning system

Thank you for responses. I appreciate it. After trying what was suggested I still get the same error.

passwd: Authentication token manipulation error
passwd: password unchanged

I had to modify the permissions for /etc/shadow because my Security department was flagging it as a problem.
root@my-server:/etc# ls -la shadow
-r-------- 1 root root 968 2014-06-03 15:12 shadow

I checked the attributes...
root@my-server:/etc# lsattr passwd shadow
-----------------e- passwd
-----------------e- shadow

I guess the ls -Z doesn't apply my system. This is what was returned:
root@my-server:/etc# ls -Z passwd shadow
? passwd ? shadow

I copied /etc/shadow- to /etc/shadow
No change. Same error.

I ran the mount -o remount,rw / command
No change. Same error.

I also ran mount -n -o remount,rw /
No change. Same error.

I rebooted and held down the Shift key trying to get the GRUB menu to appear so I could try to boot into recovery mode?? or the root shell prompt?? I'm not sure of what it is called. However, the machine booted to the console screen I'm used to seeing without giving me the chance to select something different. I am remotely connecting to the machine via a kvm client so I don't know if there is a delay in the the keyboard or if I'm just not quick enough.

I read another post where a someone asked the person requesting help to run this command:
stat /etc/passwd /etc/shadow;mount;id
It returned this:
root@my-server:/etc# stat /etc/passwd /etc/shadow;mount;id
File: `/etc/passwd'
Size: 1175 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 13240403 Links: 1
Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2014-06-02 16:00:44.607954980 -0400
Modify: 2014-06-02 16:00:44.607954980 -0400
Change: 2014-06-03 14:31:41.816723457 -0400
File: `/etc/shadow'
Size: 968 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 13239927 Links: 1
Access: (0400/-r--------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2014-06-02 16:00:44.607954980 -0400
Modify: 2014-06-03 15:12:37.056720656 -0400
Change: 2014-06-03 15:12:37.056720656 -0400
/dev/sda1 on / type ext4 (rw,noatime,errors=remount-ro)------- Is this saying that the filesystem is currently rw but to remount as ro if there is an error?
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
uid=0(root) gid=0(root) groups=0(root)

Hopefully my reply will illicit more suggestions. Again thank you for any help you can provide.

Close; says startup mount is rw, but go ro if an error occurs...

(ls -Z is for SELinux if you had it)

Recovery mode would probably not run networking, so you'd lose connectivity. You might need to get someone local to look into this.