[Samba] Account locked and delayed user data propagation...

Andrew Bartlett abartlet at samba.org
Thu Dec 5 09:15:00 UTC 2019

On Thu, 2019-12-05 at 09:44 +0100, Marco Gaiarin via samba wrote:
> Mandi! Rowland penny via samba
>   In chel di` si favelave...
> > As I said, if 'lockoutTime' isn't set or it is set to '0', then the user
> > isn't locked out, anything else and it is, but I do not believe that you can
> > set it to anything else but '0' manually, only the system can do this.
> > This is where 'lockoutDuration' comes in, the account should be unlocked
> > when 'lockoutTime' + 'lockoutDuration' = NOW.
> > However, you want to script (presumably when someone contacts you and
> > screams 'I cannot log in') a way to unlock the user, the only way to do this
> > is to set 'lockoutTime' to '0' regardless of what it is set to now.
> Exactly. The function now appear as:
> And finally seems to work. ;-)

Also have a look at the msDS-User-Account-Control-Computed attribute. 
that will avoid you encoding this logic in your shell scripts as it is
what Samba uses internally.

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list