[Samba] smbldap-tools and disabling a user

Michael Gasch gasch at eva.mpg.de
Wed Aug 16 06:38:05 GMT 2006 

 > files they might leave on a filesystem somewhere).  I'm using
 > an LDAP backend for Samba, and I'm using smbldap-tools to
 > manage accounts.
so your posix account information is also stored in ldap.
do your users really need /bin/bash or why do you want to disable the 
posix account, too? why don´t you use winbindd on the DC to authenticate 
your (posix)users against the samba DC (pam_winbind instead of 
pam_ldap)? this will reflect all policies and you don´t have to worry 
about unexpired posix accounts

micha

Logan Shaw wrote:
> Hey everyone,
> 
> When someone leaves the company, I prefer to disable their
> account rather than remove it (so that you can see who owns any
> files they might leave on a filesystem somewhere).  I'm using
> an LDAP backend for Samba, and I'm using smbldap-tools to
> manage accounts.
> 
> So, today I was going to disable an account for the
> first time since switching over from plain /etc/passwd and
> /etc/samba/smbpasswd, and it doesn't seem like there is any
> tool that can handle both Unix and Samba accounts.
> 
> Specifically, smbldap-usermod has a "-I" option, which is
> described as "disable user".  It sets the "D" flag on the
> Samba account info, but it doesn't have any effect on the
> RFC 2307 userPassword.  I noticed smbldap_tools.pm has a
> disable_user() sub in it, which is even exported from the
> module, but nothing calls it, and when I tried calling it
> myself from a little Perl code, it didn't seem to work.  Oh,
> and I can't really use the straightforward "passwd -l" command,
> because I'm using Slackware, which doesn't grok LDAP.
> 
> I ended up writing a little bash script which uses ldapmodify,
> which does the job, but I'm wondering if there's a better way
> that I'm missing.  It seems odd that smbldap-useradd supports
> adding both Unix and Samba accounts, and smbldap-userdel
> supports deleting both, but smbldap-usermod only supports
> disabling the Samba half of things...
> 
>   - Logan

-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
        49 (0)341 - 3550 374

Fax:   49 (0)341 - 3550 399

More information about the samba mailing list