[Samba] Unlock domain user

Rowland penny rpenny at samba.org
Mon Aug 1 18:47:06 UTC 2016

On 01/08/16 18:27, Rowland penny wrote:
> On 01/08/16 18:04, Anderson Hoffmann do Carmo wrote:
>> Hi Rowland.
>> The command (samba-tool user enable 'user') is used to enable a user
>> account that has been disabled in AD, but it is not functional to 
>> unlock a
>> user account that has been locked by wrong password.
> I sort of thought it wouldn't, having never had to unlock a user for 
> this, I hoped it would, let me look into this and get back to you.
> Rowland

OK, this is a bit more complex than I thought, but I think it boils down 
to an attribute being created with the time the account was locked.

Can you try running the following on your Samba DC:

ldbsearch -H /usr/local/samba/private/sam.ldb -b 
"dc=samdom,dc=example,dc=com" -s sub 
'(&(objectclass=user)(samaccountname=rowland))' lockoutTime

You may have to install ldb-tools, you also will probably have to change 
the paths etc.

If you get any output, can you please post the result.


More information about the samba mailing list