Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6586

User resource always reports password changed when account disabled

    Details

    • Template:
    • Acceptance Criteria:
      Hide

      Make sure that we don't report a password change when the account is disabled when managing the password.

      Show
      Make sure that we don't report a password change when the account is disabled when managing the password.
    • Story Points:
      2
    • Sprint:
      Windows 2016-08-24
    • Method Found:
      Customer Feedback
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      Previously, when Puppet is managing accounts that are disabled on Windows, it would attempt to change the password every time as it didn't recognize that the logon failure was due to the account being disabled. This causes both reporting and event log messages surrounding these changes. Now Puppet recognizes the account is disabled and no longer makes attempts to change the password while the account is not enabled.
      Show
      Previously, when Puppet is managing accounts that are disabled on Windows, it would attempt to change the password every time as it didn't recognize that the logon failure was due to the account being disabled. This causes both reporting and event log messages surrounding these changes. Now Puppet recognizes the account is disabled and no longer makes attempts to change the password while the account is not enabled.

      Description

      On Windows 2008R2, when managing a local user the password will always report as changed if the user's account is disabled. This appears to be due to the provider not checking for the ERROR_ACCOUNT_DISABLED return code as outlined in PUP-6569.

      To recreate:

      1. Create a new local user, "testuser", on Win 2k8R2 (also seen on 2012) and set the account to disabled.
      2. Run `puppet apply -e "user

      {'testuser': ensure => present, password => 'Puppet11'}

      "`. Note that no matter how many times it is run, the output will report "Notice: /Stage[main]/Main/User[testuser]/password: changed password".
      3. Re-enable the account
      4. Run `puppet apply -e "user

      {'testuser': ensure => present, password => 'Puppet11'}

      "`. Note that the notice is no longer shown.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  rob Rob Reynolds
                  Reporter:
                  adam.bottchen Adam Bottchen
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  8 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: