[Samba] Unlock domain user
Anderson Hoffmann do Carmo
anderson.hoffmann at gsurfnet.com
Mon Aug 1 19:29:37 UTC 2016
I executed the command in two scenarios.
Account 'user1' unlocked:
root at gteste2:~#
root at gteste2:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b
"dc=testead,dc=gsurfnet,dc=com" -s sub
'(&(objectclass=user)(samaccountname=user1))' lockoutTime
# record 1
dn: CN=user1,OU=TESTE,DC=testead,DC=gsurfnet,DC=com
lockoutTime: 0
# Referral
ref: ldap://
testead.gsurfnet.com/CN=Configuration,DC=testead,DC=gsurfnet,DC=com
# Referral
ref: ldap://
testead.gsurfnet.com/DC=DomainDnsZones,DC=testead,DC=gsurfnet,DC=com
# Referral
ref: ldap://
testead.gsurfnet.com/DC=ForestDnsZones,DC=testead,DC=gsurfnet,DC=com
# returned 4 records
# 1 entries
# 3 referrals
root at gteste2:~#
Account 'user1' locked by wrong password:
root at gteste2:~#
root at gteste2:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b
"dc=testead,dc=gsurfnet,dc=com" -s sub
'(&(objectclass=user)(samaccountname=user1))' lockoutTime
# record 1
dn: CN=user1,OU=TESTE,DC=testead,DC=gsurfnet,DC=com
lockoutTime: 131145529963563450
# Referral
ref: ldap://
testead.gsurfnet.com/CN=Configuration,DC=testead,DC=gsurfnet,DC=com
# Referral
ref: ldap://
testead.gsurfnet.com/DC=DomainDnsZones,DC=testead,DC=gsurfnet,DC=com
# Referral
ref: ldap://
testead.gsurfnet.com/DC=ForestDnsZones,DC=testead,DC=gsurfnet,DC=com
# returned 4 records
# 1 entries
# 3 referrals
root at gteste2:~#
Anderson Hoffmann do Carmo
MCP | MTA | MCDST | MCTS | MCSA | MS | MOS |
ITIL-F | ISFS | CLOUDF | CI-SCS | VCA-DCV |
2016-08-01 15:47 GMT-03:00 Rowland penny <rpenny at samba.org>:
> On 01/08/16 18:27, Rowland penny wrote:
>
>> On 01/08/16 18:04, Anderson Hoffmann do Carmo wrote:
>>
>>> Hi Rowland.
>>>
>>> The command (samba-tool user enable 'user') is used to enable a user
>>> account that has been disabled in AD, but it is not functional to unlock
>>> a
>>> user account that has been locked by wrong password.
>>>
>>>
>>>
>>>
>> I sort of thought it wouldn't, having never had to unlock a user for
>> this, I hoped it would, let me look into this and get back to you.
>>
>>
>> Rowland
>>
>>
>>
>>
> OK, this is a bit more complex than I thought, but I think it boils down
> to an attribute being created with the time the account was locked.
>
> Can you try running the following on your Samba DC:
>
> ldbsearch -H /usr/local/samba/private/sam.ldb -b
> "dc=samdom,dc=example,dc=com" -s sub
> '(&(objectclass=user)(samaccountname=rowland))' lockoutTime
>
> You may have to install ldb-tools, you also will probably have to change
> the paths etc.
>
> If you get any output, can you please post the result.
>
> Rowland
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list