Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6586

User resource always reports password changed when account disabled

    XMLWordPrintable

Details

    • Hide

      Make sure that we don't report a password change when the account is disabled when managing the password.

      Show
      Make sure that we don't report a password change when the account is disabled when managing the password.
    • 2
    • Windows 2016-08-24
    • Customer Feedback
    • Bug Fix
    • Hide
      Previously, when Puppet is managing accounts that are disabled on Windows, it would attempt to change the password every time as it didn't recognize that the logon failure was due to the account being disabled. This causes both reporting and event log messages surrounding these changes. Now Puppet recognizes the account is disabled and no longer makes attempts to change the password while the account is not enabled.
      Show
      Previously, when Puppet is managing accounts that are disabled on Windows, it would attempt to change the password every time as it didn't recognize that the logon failure was due to the account being disabled. This causes both reporting and event log messages surrounding these changes. Now Puppet recognizes the account is disabled and no longer makes attempts to change the password while the account is not enabled.

    Description

      On Windows 2008R2, when managing a local user the password will always report as changed if the user's account is disabled. This appears to be due to the provider not checking for the ERROR_ACCOUNT_DISABLED return code as outlined in PUP-6569.

      To recreate:

      1. Create a new local user, "testuser", on Win 2k8R2 (also seen on 2012) and set the account to disabled.
      2. Run `puppet apply -e "user

      {'testuser': ensure => present, password => 'Puppet11'}

      "`. Note that no matter how many times it is run, the output will report "Notice: /Stage[main]/Main/User[testuser]/password: changed password".
      3. Re-enable the account
      4. Run `puppet apply -e "user

      {'testuser': ensure => present, password => 'Puppet11'}

      "`. Note that the notice is no longer shown.

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. PUP-6618 type: user, fails in macOS with UTF-8 related errors

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. PUP-6483 "puppet resource user", when run in Windows creates a login attempt.

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed

          Task - A task that needs to be done. PUP-6569 Improve error messaging for Windows user management

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved

          Activity

            People

              rob Rob Reynolds
              adam.bottchen Adam Bottchen
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support