Hi Rowland. The command (samba-tool user enable 'user') is used to enable a user account that has been disabled in AD, but it is not functional to unlock a user account that has been locked by wrong password. Anderson Hoffmann do Carmo MCP | MTA | MCDST | MCTS | MCSA | MS | MOS | ITIL-F | ISFS | CLOUDF | CI-SCS | VCA-DCV | 2016-08-01 13:51 GMT-03:00 Rowland penny <rpenny at samba.org>:> On 01/08/16 17:40, Anderson Hoffmann do Carmo wrote: > >> Hi for all! >> >> It's a simple question, but I did not find the answer! >> How unlock domain user after the account blocked by wrong password? >> How to do this by samba-tool or any other tool in Linux_AD? >> Or is this possible only by Windows RSAT_Tool? >> >> >> Anderson Hoffmann do Carmo >> MCP | MTA | MCDST | MCTS | MCSA | MS | MOS | >> ITIL-F | ISFS | CLOUDF | CI-SCS | VCA-DCV | >> > > > Try 'samba-tool user enable <username>' > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 01/08/16 18:04, Anderson Hoffmann do Carmo wrote:> Hi Rowland. > > The command (samba-tool user enable 'user') is used to enable a user > account that has been disabled in AD, but it is not functional to unlock a > user account that has been locked by wrong password. > > >I sort of thought it wouldn't, having never had to unlock a user for this, I hoped it would, let me look into this and get back to you. Rowland
On 01/08/16 18:27, Rowland penny wrote:> On 01/08/16 18:04, Anderson Hoffmann do Carmo wrote: >> Hi Rowland. >> >> The command (samba-tool user enable 'user') is used to enable a user >> account that has been disabled in AD, but it is not functional to >> unlock a >> user account that has been locked by wrong password. >> >> >> > > I sort of thought it wouldn't, having never had to unlock a user for > this, I hoped it would, let me look into this and get back to you. > > > Rowland > > >OK, this is a bit more complex than I thought, but I think it boils down to an attribute being created with the time the account was locked. Can you try running the following on your Samba DC: ldbsearch -H /usr/local/samba/private/sam.ldb -b "dc=samdom,dc=example,dc=com" -s sub '(&(objectclass=user)(samaccountname=rowland))' lockoutTime You may have to install ldb-tools, you also will probably have to change the paths etc. If you get any output, can you please post the result. Rowland
Type the command pdbedit -Lvu username , what does it show on the Account Flags field? ----- Original Message ----- From: "Anderson Hoffmann do Carmo" <anderson.hoffmann at gsurfnet.com> To: "samba" <samba at lists.samba.org> Sent: Monday, August 1, 2016 2:04:48 PM Subject: Re: [Samba] Unlock domain user Hi Rowland. The command (samba-tool user enable 'user') is used to enable a user account that has been disabled in AD, but it is not functional to unlock a user account that has been locked by wrong password. Anderson Hoffmann do Carmo MCP | MTA | MCDST | MCTS | MCSA | MS | MOS | ITIL-F | ISFS | CLOUDF | CI-SCS | VCA-DCV | 2016-08-01 13:51 GMT-03:00 Rowland penny <rpenny at samba.org>:> On 01/08/16 17:40, Anderson Hoffmann do Carmo wrote: > >> Hi for all! >> >> It's a simple question, but I did not find the answer! >> How unlock domain user after the account blocked by wrong password? >> How to do this by samba-tool or any other tool in Linux_AD? >> Or is this possible only by Windows RSAT_Tool? >> >> >> Anderson Hoffmann do Carmo >> MCP | MTA | MCDST | MCTS | MCSA | MS | MOS | >> ITIL-F | ISFS | CLOUDF | CI-SCS | VCA-DCV | >> > > > Try 'samba-tool user enable <username>' > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Hi Dante! Command Output: (the user1 is locked at this moment) root at gteste2:~# root at gteste2:~# pdbedit -Lvu user1 Unix username: user1 NT username: Account Flags: [UL ] User SID: S-1-5-21-4156723526-836881587-1255597539-1106 Primary Group SID: S-1-5-21-4156723526-836881587-1255597539-513 Full Name: user1 Home Directory: HomeDir Drive: (null) Logon Script: Profile Path: Domain: Account desc: Workstations: Munged dial: Logon time: Mon, 01 Aug 2016 15:26:06 BRT Logoff time: never Kickoff time: Wed, 13 Sep 30828 23:48:05 BRT Password last set: Mon, 01 Aug 2016 15:25:54 BRT Password can change: Mon, 01 Aug 2016 15:25:54 BRT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF root at gteste2:~# Anderson Hoffmann do Carmo MCP | MTA | MCDST | MCTS | MCSA | MS | MOS | ITIL-F | ISFS | CLOUDF | CI-SCS | VCA-DCV | 2016-08-01 16:20 GMT-03:00 Dante F. B. Colò <dante.colo at stwbrasil.com>:> Type the command pdbedit -Lvu username , what does it show on the Account > Flags field? > > > > ----- Original Message ----- > From: "Anderson Hoffmann do Carmo" <anderson.hoffmann at gsurfnet.com> > To: "samba" <samba at lists.samba.org> > Sent: Monday, August 1, 2016 2:04:48 PM > Subject: Re: [Samba] Unlock domain user > > Hi Rowland. > > The command (samba-tool user enable 'user') is used to enable a user > account that has been disabled in AD, but it is not functional to unlock a > user account that has been locked by wrong password. > > > Anderson Hoffmann do Carmo > MCP | MTA | MCDST | MCTS | MCSA | MS | MOS | > ITIL-F | ISFS | CLOUDF | CI-SCS | VCA-DCV | > > > 2016-08-01 13:51 GMT-03:00 Rowland penny <rpenny at samba.org>: > > > On 01/08/16 17:40, Anderson Hoffmann do Carmo wrote: > > > >> Hi for all! > >> > >> It's a simple question, but I did not find the answer! > >> How unlock domain user after the account blocked by wrong password? > >> How to do this by samba-tool or any other tool in Linux_AD? > >> Or is this possible only by Windows RSAT_Tool? > >> > >> > >> Anderson Hoffmann do Carmo > >> MCP | MTA | MCDST | MCTS | MCSA | MS | MOS | > >> ITIL-F | ISFS | CLOUDF | CI-SCS | VCA-DCV | > >> > > > > > > Try 'samba-tool user enable <username>' > > > > Rowland > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >