Manage Samba 4 Active Directory from Command Line on Ubuntu 20.04 LTS

Опубликовано: 13 Март 2021
на канале: ErrorAndFix

1,513

Manage Samba 4 Active Directory from Command Line on Ubuntu 20 04 LTS
== User Management ==
---------------------

samba user -h
Available subcommands:
add - Create a new user.
create - Create a new user.
delete - Delete a user.
disable - Disable a user.
edit - Modify User AD object.
enable - Enable a user.
getpassword - Get the password fields of a user/computer account.
list - List all users.
move - Move a user to an organizational unit/container.
password - Change password for a user account (the one provided in authentication).
sensitive - Set/unset or show UF_NOT_DELEGATED for an account.
setexpiry - Set the expiration of a user account.
setpassword - Set or reset the password of a user account.
show - Display a user AD object.
syncpasswords - Sync the password of user accounts.

List all samba AD domain user:
sudo samba-tool user list

Create a user on AD:
sudo samba-tool user add your_domain_user --given-name=your_name --surname=your_username [email protected] --login-shell=/bin/bash

sudo samba-tool user create ceo01 abc@123 --given-name="ceo" --surname=01 --userou='ou=CEO,ou=HTUGROUPS'

Delete a samba AD domain user:
sudo samba-tool delete your_domain_user

Reset a samba domain user password:
sudo samba-tool user setpassword your_domain_user

In order to disable or enable an samba AD User account:
sudo samba-tool user disable your_domain_user
sudo samba-tool user enable your_domain_user

== Group Management ==
----------------------

List all samba group:
sudo samba-tool group list

To list all the samba domain members:
sudo samba-tool group listmembers "groupname"

Add group:
sudo samba-tool group add your_domain_group
sudo samba-tool group add Gsale --groupou='ou=SALE,ou=TEST'

Delete a samba domain group:
sudo samba-tool group delete your_domain_group

Adding/Removing a member from a samba domain group:
sudo samba-tool group addmembers your_domain_group your_domain_user
sudo samba-tool group remove members your_domain_group your_domain_user
Examples:
$ sudo samba-tool group addmembers Gceo ceo01
$ sudo samba-tool group addmembers Gceo ceo02,ceo03

To review your samba domain password settings:
$ sudo samba-tool domain passwordsettings show
$ sudo samba-tool domain passwordsettings set --complexity=off
$ sudo samba-tool domain passwordsettings set --history-length=0
$ sudo samba-tool domain passwordsettings set --min-pwd-age=0
$ sudo samba-tool domain passwordsettings set --max-pwd-age=0

== Organizational Units (OU) management ==
------------------------------------------

samba-tool ou -h
---
create - Create an organizational unit.
delete - Delete an organizational unit.
list - List all organizational units.
listobjects - List all objects in an organizational unit.
move - Move an organizational unit.
rename - Rename an organizational unit.
---
Examples:
$ sudo samba-tool ou create 'ou=HTUGROUPS,dc=htu,dc=local'
$ sudo samba-tool ou create 'ou=ADMINS,ou=HTUGROUPS,dc=htu,dc=local'
$ sudo samba-tool ou create 'OU=SubOU,OU=OrgUnit,DC=samdom,DC=example,DC=com'

Review your samba domain password settings use the below command:
$ sudo samba-tool domain passwordsettings show

Modify samba domain password policy, such as the password complexity level, password ageing, length, how many old password to remember and other security features required for a Domain Controller use the below screenshot as a guide.
$ sudo samba-tool domain passwordsettings -h

$ sudo samba-tool domain passwordsettings set --complexity=off
$ sudo samba-tool domain passwordsettings set --history-length=0
$ sudo samba-tool domain passwordsettings set --min-pwd-age=0
$ sudo samba-tool domain passwordsettings set --max-pwd-age=0
$ sudo samba-tool domain passwordsettings set --min-pwd-length=4
$ sudo samba-tool domain passwordsettings show