diff --git a/dicos/25_bdd_server.xml b/dicos/25_bdd_server.xml
index 9376818..d82d563 100644
--- a/dicos/25_bdd_server.xml
+++ b/dicos/25_bdd_server.xml
@@ -145,6 +145,10 @@
         </separators>
     </variables>
     <constraints>
+	<check name="valid_ipnetmask" target="maskMariaDBLimit" level="warning">
+            <param type='eole'>ipMariaDBLimit</param>
+        </check>	
+
         <check name='valid_enum' target='ifDBCluster'>
             <param>['eth0', 'eth1', 'eth2', 'eth3', 'eth4']</param>
         </check>
diff --git a/posttemplate/25-mariadb-passwd b/posttemplate/25-mariadb-passwd
new file mode 100755
index 0000000..cf7ab71
--- /dev/null
+++ b/posttemplate/25-mariadb-passwd
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+systemctl stop mariadb
+
+mariadb_cfdir=/etc/mysql/
+dc=$mysql_cfgdir/mariadbBackup.cnf
+mariadb_rundir=/var/run/mysqld/
+mariadb_statedir=/var/lib/mysql
+
+if [ -e "$dc" -a -n "`fgrep mysql_upgrade $dc 2>/dev/null`" ]; then
+    pass="`sed -n 's/^[ ]*password *= *// p' $dc | head -n 1`"
+    # Basedir is deprecated. Remove the option if it's in an existing mariadbBackup.cnf
+    sed -i '/basedir/d' "$dc"
+else
+    pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
+    if [ ! -d "$mariadb_cfdir" ]; then
+      then install -o 0 -g 0 -m 0755 -d $mariadb_cfdir
+    fi
+    umask 066
+    cat /dev/null > $dc
+    umask 022
+    echo "# Automatically generated DONT'T TOUCH !!!!!!"           >>$dc
+    echo "[client]"                                                >>$dc
+    echo "host     = localhost"                                    >>$dc
+    echo "user     = maria-sys-maint"                              >>$dc
+    echo "password = $pass"                                        >>$dc
+    echo "socket   = $mariadb_rundir/mysqld.sock"                  >>$dc
+    echo "[mysql_upgrade]"                                         >>$dc
+    echo "host     = localhost"                                    >>$dc
+    echo "user     = maria-sys-maint"	                           >>$dc
+    echo "password = $pass"                                        >>$dc
+    echo "socket   = $mariadb_rundir/mysqld.sock"                  >>$dc
+fi
+
+# If this dir chmod go+w then the admin did it. But this file should not.
+    chown 0:0 $dc
+    chmod 0600 $dc
+
+# If database doesn't exist we create it.
+mkdir /var/lib/mariadb-files
+mariadb_filesdir=/var/lib/mariadb-files
+
+if [ ! "$(ls -A "${mariadb_statedir}")" ] && [ -d "${mariadb_filesdir}" ]; then
+    existingdatabase=0
+    initfile=`mktemp --tmpdir=/var/lib/mariadb-files/`
+    touch "$initfile"
+    chmod 600 "$initfile"
+    chown mysql:mysql "$initfile"
+    echo "USE mysql; " >> "$initfile"
+    db_get mysql-server/root_password && rootpw="$RET"
+    if [ ! -z "$rootpw" ]; then
+      rootpw=$(printf %q "${rootpw}")
+      echo "ALTER USER 'root'@'localhost' IDENTIFIED BY '$rootpw';" >> "$initfile"
+    fi
+    echo "CREATE USER IF NOT EXISTS 'maria-sys-maint'@'localhost' IDENTIFIED BY '$pass';" >> "$initfile"
+    echo "GRANT ALL ON *.* TO 'maria-sys-maint'@'localhost' WITH GRANT OPTION;" >> "$initfile"
+    echo "SHUTDOWN;" >> "$initfile"
+    mysqld --initialize-insecure --user=mysql --init-file="$initfile"> /dev/null 2>&1 || true
+    rm "$initfile"
+else
+    existingdatabase=1
+fi
+
+systemctl start mariadb
+
+exit 0