samba-tool user
The samba-tool user
command is a powerful utility provided by Samba for managing user accounts in an Active Directory domain. It offers a wide range of subcommands that allow administrators to add, delete, modify, and query user information, thereby simplifying user administration in mixed Windows/Unix environments.
Overview
Using samba-tool user
, you can:
Create new user accounts
Delete existing accounts
Modify user attributes
Rename user accounts
Manage passwords
Unlock, disable, or enable accounts
Display detailed user information
List all domain users
Below are the common subcommands along with usage examples.
Common Subcommands
1. Add a New User
Purpose: Create a new user account in the domain.
Usage:
samba-tool user add <username> [password] [options]
Example:
samba-tool user add jdoe P@ssw0rd --given-name="John" --surname="Doe" --mail-address=jdoe@example.com
This command creates a new user jdoe
with the specified password and additional attributes.
2. Delete a User
Purpose: Remove an existing user account from the domain.
Usage:
samba-tool user delete <username>
Example:
samba-tool user delete jdoe
This removes the user jdoe
from the Active Directory.
3. Modify User Attributes
Purpose: Update properties of an existing user account.
Usage:
samba-tool user modify <username> [attribute options]
Example (setting an expiry date):
samba-tool user setexpiry jdoe 2023-12-31
This sets the password expiry for jdoe
to December 31, 2023.
4. Rename a User
Purpose: Change the username of an existing account.
Usage:
samba-tool user rename <oldusername> <newusername>
Example:
samba-tool user rename jdoe john.doe
This renames the user account from jdoe
to john.doe
.
5. Set or Reset a User’s Password
Purpose: Assign or update a user's password.
Usage:
samba-tool user setpassword <username>
Example:
samba-tool user setpassword john.doe
This command prompts for a new password for john.doe
.
6. Unlock a User Account
Purpose: Remove a lock from a user account that was locked due to multiple failed logins.
Usage:
samba-tool user unlock <username>
Example:
samba-tool user unlock john.doe
This unlocks the user account john.doe
.
7. Enable or Disable a User Account
Purpose: Control the active status of a user account.
Usage:
Disable a user:
samba-tool user disable <username>
Enable a user:
samba-tool user enable <username>
Example:
samba-tool user disable john.doe
samba-tool user enable john.doe
These commands disable and then enable the user john.doe
.
8. Show User Details
Purpose: Display detailed information about a specific user.
Usage:
samba-tool user show <username>
Example:
samba-tool user show john.doe
This displays detailed attributes of the user john.doe
, such as SID, account flags, and other properties.
9. List All Users
Purpose: Retrieve a list of all user accounts in the domain.
Usage:
samba-tool user list
Example:
samba-tool user list
This command lists all the user accounts available in the domain.
Additional Options and Considerations
Attribute Options: When adding or modifying a user, you can supply additional attributes (e.g.,
--given-name
,--surname
,--mail-address
).Scripting and Automation: The commands in
samba-tool user
are script-friendly, enabling batch operations for large-scale user management.Privileges: Operations typically require domain administrator privileges. Ensure you run these commands with appropriate credentials.
Verification: After performing changes, use
samba-tool user show <username>
to verify that the modifications are applied as expected.
Conclusion
The samba-tool user
command is an essential utility for managing user accounts in a Samba Active Directory environment. It provides comprehensive functionality—from creating and deleting users to managing passwords and modifying account properties—enabling administrators to maintain a secure and well-organized domain. By integrating these subcommands into your administrative workflows, you can efficiently manage user identities in mixed-OS environments.
Last updated