Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9206

Improve error messaging for Windows user management



    • Night's Watch


      Cloning PUP-6569; the fix covered the basics of disabled, expired and locked accounts. More work in this area is warranted as time permits, and is detailed below.

      While investigating PUP-6483, we found that we could be more specific with our error handling when performing some user password management tasks on Windows.

      Per rob in PUP-6483:

      A few error codes we could explore handling some of the errors and providing better messages around how to correct. Possibly as a separate ticket though.

      * ERROR_LAST_ADMIN  - 1322 (0x52A) - This operation is disallowed as it could result in an administration account being disabled, deleted or unable to log on.
      * ERROR_WRONG_PASSWORD - 1323 (0x52B) - Unable to update the password. The value provided as the current password is incorrect.
      * ERROR_ILL_FORMED_PASSWORD - 1324 (0x52C) - Unable to update the password. The value provided for the new password contains values that are not allowed in passwords.
      * ERROR_PASSWORD_RESTRICTION - 1325 (0x52D) - Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.
      * ERROR_LOGON_FAILURE - 1326 (0x52E) - The user name or password is incorrect.
      * ERROR_ACCOUNT_RESTRICTION - 1327 (0x52F) - Account restrictions are preventing this user from signing in. For example: blank passwords aren't allowed, sign-in times are limited, or a policy restriction has been enforced.
      * ERROR_INVALID_LOGON_HOURS - 1328 (0x530) - Your account has time restrictions that keep you from signing in right now.
      * ERROR_INVALID_WORKSTATION - 1329 (0x531) - This user isn't allowed to sign in to this computer.
      * ERROR_PASSWORD_EXPIRED - 1330 (0x532) - The password for this account has expired.
      * ERROR_ACCOUNT_DISABLED - 1331 (0x533) - This user can't sign in because this account is currently disabled.

      In Scope

      • Modify the Puppet Windows user provider or backing libs in puppet/util/windows to detect and surface some or all of the preceding errors to the user when applicable

      From - https://github.com/puppetlabs/puppet/pull/5201#discussion_r75033133

      ERROR_ACCOUNT_LOCKED_OUT = 1909 - is raised if account is locked out even when supplied login credentials are valid


        Issue Links



              Unassigned Unassigned
              jonathan.morris Jonathan Morris
              0 Vote for this issue
              3 Start watching this issue



                Zendesk Support