This page outlines how to perform common tasks with active directory
NOTE: This page is a work in progress and is subject to change without warning
Changing Passwords
samson ~ # smbpasswd -e username
N.B. the presence of the -e switch is to enable/unlock the account at the same time.
Locking/Unlocking Accounts
Lock
samson ~ # samba-tool user disable username
Unlock
samson ~ # samba-tool user enable username
Editing user attributes
User attributes can be changed by editing a users LDAP record. The easiest way to do this interactively is with either samba-tool user edit <username> on a domain controller or ldapvi cn=<username> if editing from any other machine.
Users can also be batch edited with ldapmodify. See below for details.
Important attributes that might need to be changed are:
Field |
Description |
displayName |
automatically generated as "<givenName> <sn>" |
givenName |
Firstname |
sn |
Surname |
gecos |
Stores the user's real name on *NIX systems, defaults to be the same as displayName |
LoginShell |
User's *NIX shell, defaults to /bin/zsh |
gidNumber |
The user's primary POSIX group |
ldap tools
LDAP access in AD environments requires authentication to work properly, either use -x -W -D "<your_username>@ad.ucc.gu.uwa.edu.au" to authenticate the query, or Kerberos (kinit and add -Y GSSAPI to ldapvi or whatever)
fixing email
If the user has their email in their mail folder in their homedir rather than the general mail spool use ldapvi to fix where it looks for their mailbox
kinit
ldapvi -b dc=ad,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au --host AD.UCC.GU.UWA.EDU.AU -Y GSSAPI
find the user, then add their mail location, something like:
otherMailbox: mbox:/home/ucc/<username>/Mail:INBOX=/home/ucc/<username>/Mail/inbox
