[Samba] Account locked and delayed user data propagation...
Andrew Bartlett
abartlet at samba.org
Thu Dec 5 09:15:00 UTC 2019
On Thu, 2019-12-05 at 09:44 +0100, Marco Gaiarin via samba wrote:
> Mandi! Rowland penny via samba
> In chel di` si favelave...
>
> > As I said, if 'lockoutTime' isn't set or it is set to '0', then the user
> > isn't locked out, anything else and it is, but I do not believe that you can
> > set it to anything else but '0' manually, only the system can do this.
> > This is where 'lockoutDuration' comes in, the account should be unlocked
> > when 'lockoutTime' + 'lockoutDuration' = NOW.
> > However, you want to script (presumably when someone contacts you and
> > screams 'I cannot log in') a way to unlock the user, the only way to do this
> > is to set 'lockoutTime' to '0' regardless of what it is set to now.
>
> Exactly. The function now appear as:
>
>
> And finally seems to work. ;-)
Also have a look at the msDS-User-Account-Control-Computed attribute.
that will avoid you encoding this logic in your shell scripts as it is
what Samba uses internally.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list