New Question
0

reset cloudbase-init password failed

asked 2018-05-03 19:05:14 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

We use cloudbase-init to inject windows password.Usually password injection is normal. Last week,we found a failure case. We checked the cloudbase-init log and found the following log :

Set user password failed: The password dose not meet the password policy requirements, check the minimum password length ,password complexity and password history requirements

This password is set for cloudbase-init.We use the Windows Server 2012 and also check the password policy as follow,

Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Both checks are not case sensitive.

The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed to not be included in the password. Tokens that are less than three characters are ignored, and substrings of the tokens are not checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Hagens". Because the second token is only one character long, it is ignored. Therefore, this user could not have a password that included either "erin" or "hagens" as a substring anywhere in the password.

url is https://docs.microsoft.com/en-us/prev...

def generate_random_password(self, length):
    if length < 3:
        raise exception.CloudbaseInitException(
            "Password can not have less than 3 characters!")
    while True:
        pwd = super(WindowsUtils, self).generate_random_password(length)
        # Make sure that the Windows complexity requirements are met:
        # http://technet.microsoft.com/en-us/library/cc786468(v=ws.10).aspx
        valid = True
        for r in ["[a-z]", "[A-Z]", "[0-9]"]:
            if not re.search(r, pwd):
                valid = False
        if valid:
            return pwd

password length is 20 by default and password complexity is met.

The most probable reason is that the random password for cloudbase-init contains 'init' string.


I suggest that when set user random password failed(either cloudbase-init or administrator),cloudbase-init need to retry to avoid this problem.Please consider this.

Thanks

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted
0

answered 2018-05-03 21:30:40 +0200

avladu gravatar image

Hello,

We will investigate this issue and add a retry on the password set if necessary.

Are you using the default cloudbase-init configuration which applies to the password length (20 characters) ?

The probability for 20 char length random password to have in it a series of characters like "cloudbase" or "init" is very low, but it might happen if enough vms are spawned.

Thank you,
Adrian

edit flag offensive delete link more

Comments

Thanks for reply. Our password length is 20 by default. I 'm sure the probability is very low. We met this problem only once by now.

popular9527 gravatar imagepopular9527 ( 2018-05-04 13:42:05 +0200 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2018-05-03 19:05:14 +0200

Seen: 785 times

Last updated: May 03 '18