[Samba] Script to reset group memberships...
Rowland Penny
rpenny at samba.org
Wed Oct 4 14:04:43 UTC 2017
On Wed, 4 Oct 2017 15:45:07 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
> I was used, for users that leave my network, to disable the account
> but also ''sanitize'' the memberships, eg reset group membership to a
> default values (normally, 'domain users').
>
> Clearly, using smbldap-tools in a NT domain was easy.
>
>
> How can achieve the same result in a samba AD domain? Seems that
> avaliable commands/tools (pdbedit, wbinfo, samba-tool) does not have
> this feature.
>
>
> I'v think about enumerating the user's group, eg:
>
> id gaio | cut -d '=' -f 4 | tr -s ',' '\n' | cut -d '(' -f 2
> | tr -d ')' | grep ^LNFFVG | cut -d '\' -f 2
>
> and then remove 'all but the default group', but i'm seeking feedback.
>
>
> Thanks.
>
No need to do that, just use 'samba-tool user disable'
See 'samba-tool user disable --help' for more info
Rowland
More information about the samba
mailing list