You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When you create a macos_user using the resource from this cookbook, the actual user creation may well fail, but Chef seems to think it has succeeded anyway because the command has run.
For example, if you have configuration to create a user, but the password does not meet the requirements, the command fails. However Chef reports back green and continues with the run.
This is problematic as it lead me to debugging the wrong step of my cookbook, the step after which depended on the success of the previous user creation.
Error Message
An example error message when the password does not meet requirements:
2019-05-02 13:40:31.419 sysadminctl[2801:17519] New account password error. (5402)
Chef Exception
Looking in the debug logs of a chef-client run:
* execute[add user auser] action run[2019-05-02T13:36:07+01:00] INFO: Processing execute[add user auser] action run (/var/chef/cache/cookbooks/macos/resources/macos_user.rb line 79)
[execute] 2019-05-02 13:36:08.057 sysadminctl[2180:14017] New account password error. (5402)
[2019-05-02T13:36:08+01:00] INFO: execute[add user auser] ran successfully
- execute ["/usr/sbin/sysadminctl", "-adminUser", "admin", "-adminPassword", "redacted", "-addUser", "auser", "-fullName", "Another User", "-password", "redacted", ""]
If you run manually the problem is probably a return code of 0 as shown below:
A good way to recreate is to use green in a password because it defies the consecutive character rule apple have. I guess this only applies when you have no set a custom password policy.
Would there be any way to add validation to the resource after an account is created?
The text was updated successfully, but these errors were encountered:
Can you give us some more details about the structure of the password you're passing or the password policy you're using? Are you AD joined or do you have FileVault enabled?
Sure. The machine is managed initially by fleetsmith. Filevault is enabled and Firewall.
The password policy setup and enforced with Fleetsmith is as per the screenshot currently.
The actual password I was using was a two word combination with a special and a number. The word that was failing was green as shown when I tried to set this manually on the mac:
Consecutive es
jazaval
changed the title
[BUG] macos_user fails but succeeds in chef
macos_user ignores certain sysadminctl errors, no error raised in Chef run
May 8, 2019
jazaval
changed the title
macos_user ignores certain sysadminctl errors, no error raised in Chef run
macos_user ignores certain sysadminctl errors, no error raised in Chef run
May 8, 2019
Describe the Bug
When you create a
macos_user
using the resource from this cookbook, the actual user creation may well fail, but Chef seems to think it has succeeded anyway because the command has run.For example, if you have configuration to create a user, but the password does not meet the requirements, the command fails. However Chef reports back green and continues with the run.
This is problematic as it lead me to debugging the wrong step of my cookbook, the step after which depended on the success of the previous user creation.
Error Message
An example error message when the password does not meet requirements:
Chef Exception
Looking in the debug logs of a chef-client run:
If you run manually the problem is probably a return code of
0
as shown below:A good way to recreate is to use
green
in a password because it defies the consecutive character rule apple have. I guess this only applies when you have no set a custom password policy.Would there be any way to add validation to the resource after an account is created?
The text was updated successfully, but these errors were encountered: