Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9206

Improve error messaging for Windows user management

    XMLWordPrintable

Details

    • Night's Watch

    Description

      Cloning PUP-6569; the fix covered the basics of disabled, expired and locked accounts. More work in this area is warranted as time permits, and is detailed below.

      While investigating PUP-6483, we found that we could be more specific with our error handling when performing some user password management tasks on Windows.

      Per rob in PUP-6483:

      A few error codes we could explore handling some of the errors and providing better messages around how to correct. Possibly as a separate ticket though.
      https://msdn.microsoft.com/en-us/library/windows/desktop/ms681385(v=vs.85).aspx

      * ERROR_LAST_ADMIN  - 1322 (0x52A) - This operation is disallowed as it could result in an administration account being disabled, deleted or unable to log on.
      		 
      * ERROR_WRONG_PASSWORD - 1323 (0x52B) - Unable to update the password. The value provided as the current password is incorrect.
      		 
      * ERROR_ILL_FORMED_PASSWORD - 1324 (0x52C) - Unable to update the password. The value provided for the new password contains values that are not allowed in passwords.
      		 
      * ERROR_PASSWORD_RESTRICTION - 1325 (0x52D) - Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.
      		 
      * ERROR_LOGON_FAILURE - 1326 (0x52E) - The user name or password is incorrect.
      		 
      * ERROR_ACCOUNT_RESTRICTION - 1327 (0x52F) - Account restrictions are preventing this user from signing in. For example: blank passwords aren't allowed, sign-in times are limited, or a policy restriction has been enforced.
      		 
      * ERROR_INVALID_LOGON_HOURS - 1328 (0x530) - Your account has time restrictions that keep you from signing in right now.
      		 
      * ERROR_INVALID_WORKSTATION - 1329 (0x531) - This user isn't allowed to sign in to this computer.
      		 
      * ERROR_PASSWORD_EXPIRED - 1330 (0x532) - The password for this account has expired.
      		 
      * ERROR_ACCOUNT_DISABLED - 1331 (0x533) - This user can't sign in because this account is currently disabled.

      In Scope

      • Modify the Puppet Windows user provider or backing libs in puppet/util/windows to detect and surface some or all of the preceding errors to the user when applicable

      Notes
      From - https://github.com/puppetlabs/puppet/pull/5201#discussion_r75033133

      ERROR_ACCOUNT_LOCKED_OUT = 1909 - is raised if account is locked out even when supplied login credentials are valid

      Attachments

        Issue Links

          clones

          Task - A task that needs to be done. PUP-6569 Improve error messaging for Windows user management

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved
          relates to

          Task - A task that needs to be done. PUP-6569 Improve error messaging for Windows user management

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              jonathan.morris Jonathan Morris
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support