[Samba] Lock accounts with SAMBA

Nathan Vidican nvidican at wmptl.com
Mon Jul 4 13:55:51 GMT 2005 

Look into ldap; if you are a busy admin as you say you are - then why 
re-invent the wheel? There are numerous LDAP account management systems, and 
bearing in mind that you're using linux somewhere at the desktop level - you 
can use LDAP for BOTH samba and UNIX accounts. As far as locking/unlocking 
an account goes, simply enable/disable it via LDAP, simple ldapmodify 
command from the shell and you're good to go - or even better, use PERL and 
make yourself a simple web-interface if you'd prefer.

In my humble experience, LDAP is definetly the way to go. We've got a single 
LDAP repository of all users, domains, machine accounts, idmaps, etc. This 
repository is then made redundant by slave ldap servers which also enables 
load-sharing, and fail-safe systems. It's eay to work with, works across 
almost any platform: we have Sun Solaris/Sparc Workstations, FreeBSD servers 
& workstations on the UNIX side using nss_ldap and pam_ldap, as well as 
numerous windows accounts in a domain environment serviced by the FreeBSD 
servers running OpenLDAP and Samba. We're using LAM (LDAP Account Manager); 
a free(ly) available PHP-based LDAP Account Management GUI - which allows us 
to administer users, accounts, and machine accounts from anywhere on the 
network via a web browser.

If time, conveinience, and ease-of-use are you biggest administrative 
hurdles - then LDAP is what you're missing.

--
Nathan Vidican
nvidican at wmptl.com
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/

-----Original Message-----
From: samba-bounces+nvidican=wmptl.com at lists.samba.org 
[mailto:samba-bounces+nvidican=wmptl.com at lists.samba.org] On Behalf Of 
Christopher Welsh
Sent: Monday, July 04, 2005 9:45 AM
To: samba at lists.samba.org
Subject: [Samba] Lock accounts with SAMBA




Hi,

I'm a busy sysadmin locking and unlocking user accounts. I'd like to be
able to do it from my linux -kerberos enabled samba workstation.

I can easily use net commands to see if a user's account is locked in
the ADS. How do I actually lock it from within samba.

I've written a user management system at the school that does lots of
things, I'd like it to be able to do this using Linux.

So any advice, would be great fully appreciated.

Chris

More information about the samba mailing list