Reese Wang
2023-Aug-24 13:56 UTC
[Samba] samba-tool user disable doesn't change any object attributes?
Ah I understand the 512 + 2 thing. But the userAccountControl is still 512 after I run `samba-tool user disable` Rowland Penny via samba <samba at lists.samba.org> ?2023?8?24??? 21:38???> > On Thu, 24 Aug 2023 21:12:38 +0800 > Reese Wang via samba <samba at lists.samba.org> wrote: > > > I used `samba-tool user disable testuser` to disable a user and > > `samba-tool user show testuser` to display the user object and found > > nothing was changed. And I can still get the user using filter > > (&(objectClass=user)(sAMAccountName=testuser)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) > > > > Shouldn't `samba-tool user disable` change userAccountControl to 2 or > > something? > > > > Close :-) > > userAccountControl is sort of accumulative, a normal enabled user > account will have '512' in it, but there could be a larger number set. > For instance, if the users password is set to never expire it could be > '65848', which is '512' plus '65336'. > To disable a user you add '2' to the '512'. > > Try reading this: > > https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2023-Aug-24 14:29 UTC
[Samba] samba-tool user disable doesn't change any object attributes?
On Thu, 24 Aug 2023 21:56:47 +0800 Reese Wang via samba <samba at lists.samba.org> wrote:> Ah I understand the 512 + 2 thing. > But the userAccountControl is still 512 after I run `samba-tool user > disable` >Hmm, what version of Samba is this and on what OS ? Where are you running the command ? On Debian bullseye with Samba from backports (4.17.10), if I check a user, I get this: dn: CN=usertest3,CN=Users,DC=samdom,DC=example,DC=com .............. userAccountControl: 512 If I then, on a DC, disable the user with: adminuser at rpidc1:~ $ sudo samba-tool user disable usertest3 I get no output and when I check again, I find this: dn: CN=usertest3,CN=Users,DC=samdom,DC=example,DC=com .......... userAccountControl: 514 The user is now disabled. Rowland
Seemingly Similar Threads
- samba-tool user disable doesn't change any object attributes?
- samba-tool user disable doesn't change any object attributes?
- samba-tool user disable doesn't change any object attributes?
- samba-tool user disable doesn't change any object attributes?
- PAM Offline Authentication in Ubuntu 22.04