New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to add a windows user password - user state and windows useradd module (v2014.1.0-5) #11093
Comments
Are you trying to add a plaintext password or a hash? It's possible the hash requirements could be different on Windows. @UtahDave ping |
I'm wondering if it's working either way in the user state for windows. It doesn't appear to be documented. Since there's a win_useradd module, I think user state could/should work. The module is plaintext. Is it plaintext or a hash for the user state? More importantly, can it use pillars? |
The user module for Windows requires a plaintext password. The state should On Wed, Mar 12, 2014 at 7:49 AM, emmellee notifications@github.com wrote:
Dave Boucha | Sr. Engineer 2825 E. Cottonwood Parkway, Suite 360 | Salt Lake City, UT 84121 |
When trying the above, I receive this error:
|
Hmmm...this doesn't seem necessarily related to the password. I just can't seem to add a user on the windows platform. Perhaps the OS needs more info than the user state supplies? I'll see if I can debug in some way. |
When I create a user on our Windows 2008 servers interactively, there are two required fields: username and password. Additionally, the radio button "User must change password at next logon" is selected by default. For application ids, I sometimes chose the radio button "Password never expires" instead. These 3 things allow me to create a user interactively. I have been unsuccessful in creating a windows user via salt-call using the salt user state. Is this unique to me? |
Salt does not appear to be passing the net user command the password value. More help is available by typing NET HELPMSG 2221. |
Above error resulted from these declarations: In pillar :
In state file:
|
Try putting single quotes around your password or backslashing the hash or The hash is treated as a comment in yaml On Tue, Mar 18, 2014 at 1:55 PM, emmellee notifications@github.com wrote:
Dave Boucha | Sr. Engineer 2825 E. Cottonwood Parkway, Suite 360 | Salt Lake City, UT 84121 |
Okay, I've tried different strings. The first one just had an underscore in it - seemed harmless, but it didn't work either. I also tried double quotes, but I'll try single quotes. The one above in the example, I purposely made complicated just in case the windows server was choking on the password rules - even though I was testing earlier with a known good password that met the rules. But just to confirm - this works for others? |
Removed the hash, added single quotes to pillar item. Log shows this rendering:
But I do not see the password being passed to the net user command in the log:
|
Does this user already exist? On Tue, Mar 18, 2014 at 4:27 PM, emmellee notifications@github.com wrote:
Dave Boucha | Sr. Engineer 2825 E. Cottonwood Parkway, Suite 360 | Salt Lake City, UT 84121 |
No. I wish to add it. From the log, salt sees that the user is not present and then attempts to add it. However,also from the log, salt does not appear to be passing the password to the net user /add command. Shouldn't I have seen this in the log:
instead of this:
|
@emmellee I've been testing this issue today with Salt 2014.1.1 on Windows Server 2008 R2 I've used your exact sls file above, even the same passwords with and without single quotes around it and it has created the user for me every time. I'll test now using pillar. Is there anything else you can think of that would help me reproduce this issue? (I did find an unrelated bug where reapplying the state gives an error about being able to manage the user's groups.) |
Yeah, even with using the password from pillar I'm still successfully creating the groups and user. |
Wow. No, I can't think of anything. It sounds as if it's a problem local to |
Actually, I just noticed in your first report that you're using the stand-alone minion. I've been doing all the testing with a salt-master and salt-minion. Let me test with a stand-alone minion. |
Ok, I didn't bother to set up the pillar data, but running that sls in standalone mode created the groups and the user just fine. Could you try upgrading to 2014.1.1 and see if that works? |
Will do. |
UtahDave, I upgraded and still had the problem. Then I ran the net command manually and found it didn't like the ampersands. So I took those out, reran the net command and it came back with a prompt I always see when changing my password interactively:
The password policy is something I don't have control over. One of the rules is that it be at least 15 chars. Of course satisfying that requirement, means I'm going to run into that windows prompt. This is a problem, no? |
Is there a force option I can use in the state file? |
I somehow need to be able to pass /y to the net user command, it seems... |
@emmellee do you think we should always pass in |
I'm sorry, I don't know enough about Windows to say. I work in the environment under duress... |
I've been using the 32 bit version of salt on these windows 2008 servers having this issue. I recently ran into a webadministration module problem using powershell v3 and 32-bit salt on a windows 2012 server. When I replaced the 32 bit version of salt with the 64 bit version, it fixed my webadministration problem and I ALSO found I did not have this pw issue using the 2012/64bit-salt configuration. I'm afraid I did not test the pw issue prior to replacing the 32 bit version on the 2012; but I will replace the 32 bit version on the 2008 servers and test. I'm sorry it didn't occur to me before. |
I replaced the 32 bit version on the 2008 servers with the 62 bit version - but it did not fix the issue:
Perhaps I need to upgrade if you've introduced a patch for this? |
My environment consists of standalone-windows-minions.
From the documentation, "password" does not appear to be supported for the user state on windows:
"password
A password hash to set for the user. This field is only supported on Linux, FreeBSD, NetBSD, OpenBSD, and Solaris."
Yet, documentation concerning win_useradd states this:
"salt.modules.win_useradd.setpassword(name, password)
Set a user's password"
And, in order to truly add a windows user, I need to be able to include a password along with the username. I've tried adding this parameter within the user.state like below, but am having no luck.
Is there a solution for adding users via the user state for windows like below?
Thanks.
The text was updated successfully, but these errors were encountered: