reset cloudbase-init password failed

password

asked 2018-05-03 19:05:14 +0300

This post is a wiki. Anyone with karma >75 is welcome to improve it.

We use cloudbase-init to inject windows password.Usually password injection is normal. Last week,we found a failure case. We checked the cloudbase-init log and found the following log :

Set user password failed: The password dose not meet the password policy requirements, check the minimum password length ,password complexity and password history requirements

This password is set for cloudbase-init.We use the Windows Server 2012 and also check the password policy as follow,

Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Both checks are not case sensitive.

The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed to not be included in the password. Tokens that are less than three characters are ignored, and substrings of the tokens are not checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Hagens". Because the second token is only one character long, it is ignored. Therefore, this user could not have a password that included either "erin" or "hagens" as a substring anywhere in the password.

url is https://docs.microsoft.com/en-us/prev...

def generate_random_password(self, length):
    if length < 3:
        raise exception.CloudbaseInitException(
            "Password can not have less than 3 characters!")
    while True:
        pwd = super(WindowsUtils, self).generate_random_password(length)
        # Make sure that the Windows complexity requirements are met:
        # http://technet.microsoft.com/en-us/library/cc786468(v=ws.10).aspx
        valid = True
        for r in ["[a-z]", "[A-Z]", "[0-9]"]:
            if not re.search(r, pwd):
                valid = False
        if valid:
            return pwd

password length is 20 by default and password complexity is met.

The most probable reason is that the random password for cloudbase-init contains 'init' string.

I suggest that when set user random password failed（either cloudbase-init or administrator),cloudbase-init need to retry to avoid this problem.Please consider this.

Thanks

edit retag flag offensive close merge delete

add a comment

answered 2018-05-03 21:30:40 +0300

avladu

613 ●1 ●3 ●5

Hello,

We will investigate this issue and add a retry on the password set if necessary.

Are you using the default cloudbase-init configuration which applies to the password length (20 characters) ?

The probability for 20 char length random password to have in it a series of characters like "cloudbase" or "init" is very low, but it might happen if enough vms are spawned.

Thank you,
Adrian

edit flag offensive delete link

Comments

Thanks for reply. Our password length is 20 by default. I 'm sure the probability is very low. We met this problem only once by now.

popular9527 ( 2018-05-04 13:42:05 +0300 )edit

add a comment

reset cloudbase-init password failed

1 answer

Comments

Your Answer

Question Tools

Stats

Related questions

reset cloudbase-init password failed edit

1 answer

Comments

Your Answer

Question Tools

Stats

Related questions

reset cloudbase-init password failed