Hey everyone, When someone leaves the company, I prefer to disable their account rather than remove it (so that you can see who owns any files they might leave on a filesystem somewhere). I'm using an LDAP backend for Samba, and I'm using smbldap-tools to manage accounts.
So, today I was going to disable an account for the first time since switching over from plain /etc/passwd and /etc/samba/smbpasswd, and it doesn't seem like there is any tool that can handle both Unix and Samba accounts. Specifically, smbldap-usermod has a "-I" option, which is described as "disable user". It sets the "D" flag on the Samba account info, but it doesn't have any effect on the RFC 2307 userPassword. I noticed smbldap_tools.pm has a disable_user() sub in it, which is even exported from the module, but nothing calls it, and when I tried calling it myself from a little Perl code, it didn't seem to work. Oh, and I can't really use the straightforward "passwd -l" command, because I'm using Slackware, which doesn't grok LDAP. I ended up writing a little bash script which uses ldapmodify, which does the job, but I'm wondering if there's a better way that I'm missing. It seems odd that smbldap-useradd supports adding both Unix and Samba accounts, and smbldap-userdel supports deleting both, but smbldap-usermod only supports disabling the Samba half of things... - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
