[Samba] Unlock domain user

Rowland penny rpenny at samba.org
Mon Aug 1 19:39:23 UTC 2016


On 01/08/16 20:29, Anderson Hoffmann do Carmo wrote:
> I executed the command in two scenarios.
>
> Account 'user1' unlocked:
>
> root at gteste2:~#
> root at gteste2:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b
> "dc=testead,dc=gsurfnet,dc=com" -s sub
> '(&(objectclass=user)(samaccountname=user1))' lockoutTime
> # record 1
> dn: CN=user1,OU=TESTE,DC=testead,DC=gsurfnet,DC=com
> lockoutTime: 0
>
> # Referral
> ref: ldap://
> testead.gsurfnet.com/CN=Configuration,DC=testead,DC=gsurfnet,DC=com
>
> # Referral
> ref: ldap://
> testead.gsurfnet.com/DC=DomainDnsZones,DC=testead,DC=gsurfnet,DC=com
>
> # Referral
> ref: ldap://
> testead.gsurfnet.com/DC=ForestDnsZones,DC=testead,DC=gsurfnet,DC=com
>
> # returned 4 records
> # 1 entries
> # 3 referrals
> root at gteste2:~#
>
> Account 'user1' locked by wrong password:
>
>
> root at gteste2:~#
> root at gteste2:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b
> "dc=testead,dc=gsurfnet,dc=com" -s sub
> '(&(objectclass=user)(samaccountname=user1))' lockoutTime
> # record 1
> dn: CN=user1,OU=TESTE,DC=testead,DC=gsurfnet,DC=com
> lockoutTime: 131145529963563450
>
> # Referral
> ref: ldap://
> testead.gsurfnet.com/CN=Configuration,DC=testead,DC=gsurfnet,DC=com
>
> # Referral
> ref: ldap://
> testead.gsurfnet.com/DC=DomainDnsZones,DC=testead,DC=gsurfnet,DC=com
>
> # Referral
> ref: ldap://
> testead.gsurfnet.com/DC=ForestDnsZones,DC=testead,DC=gsurfnet,DC=com
>
> # returned 4 records
> # 1 entries
> # 3 referrals
> root at gteste2:~#
>
>
>

 From what I understand, to unlock the second user (user1) the contents 
of 'lockoutTime' needs to be set to '0'

Can you test this ? either with ldbmodify or ldbedit

Rowland





More information about the samba mailing list