Attemping to create users with Puppet with a password complexity requirements turned on, but not with a password.
Last active
September 21, 2015 18:44
-
-
Save ferventcoder/4d485e24e341c6b365dc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user {'bob': | |
ensure => present, | |
} | |
user {'bob_pwd': | |
ensure => present, | |
password => '@#SAFSawasf123', | |
} | |
user {'bob_managehome': | |
ensure => present, | |
managehome => true, | |
} | |
user {'bob_managehome_pwd': | |
ensure => present, | |
managehome => true, | |
password => '@#SAFSawasf123', | |
} | |
user {'bob_groups': | |
ensure => present, | |
groups => 'Users', | |
} | |
user {'bob_everything': | |
ensure => present, | |
managehome => true, | |
groups => 'Users', | |
} | |
user {'bob_everything_pwd': | |
ensure => present, | |
password => '@#SAFSawasf123', | |
managehome => true, | |
groups => 'Users', | |
} | |
C:\Users\Administrator>puppet -V
3.8.2
C:\Users\Administrator>puppet apply c:\code\temp\user.pp
Notice: Compiled catalog for win2012r2x64 in environment production in 0.34 seco
nds
Error: User update failed: (in OLE method `SetInfo': )
OLE error code:800708C5 in Active Directory
The password does not meet the password policy requirements. Check the min
imum password length, password complexity and password history requirements.
HRESULT error code:0x80020009
Exception occurred.
Wrapped exception:
(in OLE method `SetInfo': )
OLE error code:800708C5 in Active Directory
The password does not meet the password policy requirements. Check the min
imum password length, password complexity and password history requirements.
HRESULT error code:0x80020009
Exception occurred.
Error: /Stage[main]/Main/User[bob_groups]/ensure: change from absent to present
failed: User update failed: (in OLE method `SetInfo': )
OLE error code:800708C5 in Active Directory
The password does not meet the password policy requirements. Check the min
imum password length, password complexity and password history requirements.
HRESULT error code:0x80020009
Exception occurred.
Error: User update failed: (in OLE method `SetInfo': )
OLE error code:800708C5 in Active Directory
The password does not meet the password policy requirements. Check the min
imum password length, password complexity and password history requirements.
HRESULT error code:0x80020009
Exception occurred.
Wrapped exception:
(in OLE method `SetInfo': )
OLE error code:800708C5 in Active Directory
The password does not meet the password policy requirements. Check the min
imum password length, password complexity and password history requirements.
HRESULT error code:0x80020009
Exception occurred.
Error: /Stage[main]/Main/User[bob]/ensure: change from absent to present failed:
User update failed: (in OLE method `SetInfo': )
OLE error code:800708C5 in Active Directory
The password does not meet the password policy requirements. Check the min
imum password length, password complexity and password history requirements.
HRESULT error code:0x80020009
Exception occurred.
Error: User update failed: (in OLE method `SetInfo': )
OLE error code:800708C5 in Active Directory
The password does not meet the password policy requirements. Check the min
imum password length, password complexity and password history requirements.
HRESULT error code:0x80020009
Exception occurred.
Wrapped exception:
(in OLE method `SetInfo': )
OLE error code:800708C5 in Active Directory
The password does not meet the password policy requirements. Check the min
imum password length, password complexity and password history requirements.
HRESULT error code:0x80020009
Exception occurred.
Error: /Stage[main]/Main/User[bob_managehome]/ensure: change from absent to pres
ent failed: User update failed: (in OLE method `SetInfo': )
OLE error code:800708C5 in Active Directory
The password does not meet the password policy requirements. Check the min
imum password length, password complexity and password history requirements.
HRESULT error code:0x80020009
Exception occurred.
Notice: /Stage[main]/Main/User[bob_pwd]/ensure: created
Notice: /Stage[main]/Main/User[bob_everything_pwd]/ensure: created
Error: User update failed: (in OLE method `SetInfo': )
OLE error code:800708C5 in Active Directory
The password does not meet the password policy requirements. Check the min
imum password length, password complexity and password history requirements.
HRESULT error code:0x80020009
Exception occurred.
Wrapped exception:
(in OLE method `SetInfo': )
OLE error code:800708C5 in Active Directory
The password does not meet the password policy requirements. Check the min
imum password length, password complexity and password history requirements.
HRESULT error code:0x80020009
Exception occurred.
Error: /Stage[main]/Main/User[bob_everything]/ensure: change from absent to pres
ent failed: User update failed: (in OLE method `SetInfo': )
OLE error code:800708C5 in Active Directory
The password does not meet the password policy requirements. Check the min
imum password length, password complexity and password history requirements.
HRESULT error code:0x80020009
Exception occurred.
Notice: /Stage[main]/Main/User[bob_managehome_pwd]/ensure: created
Notice: Finished catalog run in 0.64 seconds
It creates ONLY the users with passwords:
C:\Users\Administrator>puppet resource user
user { 'bob_everything_pwd':
ensure => 'present',
groups => ['Users'],
uid => 'S-1-5-21-1953236517-242735908-2433092285-1042',
}
user { 'bob_managehome_pwd':
ensure => 'present',
uid => 'S-1-5-21-1953236517-242735908-2433092285-1045',
}
user { 'bob_pwd':
ensure => 'present',
uid => 'S-1-5-21-1953236517-242735908-2433092285-1041',
}
After editing https://github.com/puppetlabs/puppet/blob/e983672fbaec81fc411dc948f61cc740cb21469a/lib/puppet/util/windows/adsi.rb#L190-L195 to make it verify that password is not nil and a message when called.
def password=(password)
Puppet.warning("Called password=#{password} for user #{name}.")
if password != nil
native_user.SetPassword(password)
commit
fADS_UF_DONT_EXPIRE_PASSWD = 0x10000
add_flag("UserFlags", fADS_UF_DONT_EXPIRE_PASSWD)
end
end
C:\Users\Administrator>puppet apply c:\code\temp\user.pp
Notice: Compiled catalog for win2012r2x64 in environment production in 0.34 seco
nds
Warning: Called password= for user bob_groups.
Notice: /Stage[main]/Main/User[bob_groups]/ensure: created
Warning: Called password= for user bob.
Notice: /Stage[main]/Main/User[bob]/ensure: created
Warning: Called password= for user bob_managehome.
Error: Failed to logon user "bob_managehome": The user's password must be chang
ed before signing in.
Error: /Stage[main]/Main/User[bob_managehome]/ensure: change from absent to pres
ent failed: Failed to logon user "bob_managehome": The user's password must be
changed before signing in.
Warning: Called password=@#SAFSawasf123 for user bob_pwd.
Notice: /Stage[main]/Main/User[bob_pwd]/ensure: created
Warning: Called password= for user bob_everything.
Error: Failed to logon user "bob_everything": The user's password must be chang
ed before signing in.
Error: /Stage[main]/Main/User[bob_everything]/ensure: change from absent to pres
ent failed: Failed to logon user "bob_everything": The user's password must be
changed before signing in.
Warning: Called password=@#SAFSawasf123 for user bob_managehome_pwd.
Notice: /Stage[main]/Main/User[bob_managehome_pwd]/ensure: created
Warning: Called password=@#SAFSawasf123 for user bob_everything_pwd.
Notice: /Stage[main]/Main/User[bob_everything_pwd]/ensure: created
Notice: Finished catalog run in 0.55 seconds
And it creates the users (without passwords).
C:\Users\Administrator>puppet resource user
user { 'bob':
ensure => 'present',
uid => 'S-1-5-21-1953236517-242735908-2433092285-1029',
}
user { 'bob_everything':
ensure => 'present',
groups => ['Users'],
uid => 'S-1-5-21-1953236517-242735908-2433092285-1032',
}
user { 'bob_everything_pwd':
ensure => 'present',
groups => ['Users'],
uid => 'S-1-5-21-1953236517-242735908-2433092285-1034',
}
user { 'bob_groups':
ensure => 'present',
groups => ['Users'],
uid => 'S-1-5-21-1953236517-242735908-2433092285-1028',
}
user { 'bob_managehome':
ensure => 'present',
uid => 'S-1-5-21-1953236517-242735908-2433092285-1030',
}
user { 'bob_managehome_pwd':
ensure => 'present',
uid => 'S-1-5-21-1953236517-242735908-2433092285-1033',
}
user { 'bob_pwd':
ensure => 'present',
uid => 'S-1-5-21-1953236517-242735908-2433092285-1031',
}
Still the only users able to manage home are those with passwords:
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment