[Samba] LockoutTime will not reset

Ham ham at kc0dxf.net
Fri Jan 24 19:27:49 UTC 2025


Yesterday one of my users was prompted to change his password (which he 
did).  Today he tried to login and his account was locked.  I first used 
the Active Directory Users and Computers tool on Windows to unlock the 
account.  This appeared to accept the setting but did not work and when 
relaunching the app it still showed the account locked.

I next tried to use "samba-tool user edit username" on the DC. It 
appeared to work and the lockoutTime showed 0 when I reopened using 
samba-tool.  But the user still received a locked out message.  Upon 
rechecking with samba-tool it showed a time different than 0.

I then tried to reset using:

ldbedit -H /var/lib/samba/private/sam.ldb -R 
"CN=username,CN=Users,DC=example,DC=com"

But this acted the same way as using samba-tool edit.

Any ideas what is happening here and how to fix it?  I've never seen 
this happen before.


-- 
Ham (it up).



More information about the samba mailing list