Manage UNIX groups and users in Samba Active Directory.
Create groups.
$ sudo samba-tool group add cats --gid-number 8000 --nis-domain OCTOCAT --description "Cats group"
Added group cats
$ sudo samba-tool group add vampires --gid-number 8001 --nis-domain OCTOCAT --description "Vampires group"
Added group dogs
$ sudo samba-tool group add octocat --gid-number=10000 --nis-domain=OCTOCAT --description "Octocat group"
Added group octocat
Edit group.
$ sudo samba-tool group edit octocat
dn: CN=octocat,CN=Users,DC=octocat,DC=lab objectClass: top objectClass: group cn: octocat description: Octocat group instanceType: 4 whenCreated: 20210930172216.0Z whenChanged: 20210930172216.0Z uSNCreated: 4080 uSNChanged: 4080 name: octocat objectGUID: 76e7e98d-2867-4062-9cb7-21a9345135b3 objectSid: S-1-5-21-3581266272-3984212215-1130392956-1106 sAMAccountName: octocat sAMAccountType: 268435456 groupType: -2147483646 objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=octocat,DC=lab msSFU30Name: octocat msSFU30NisDomain: OCTOCAT gidNumber: 10000 distinguishedName: CN=octocat,CN=Users,DC=octocat,DC=lab
Modified group 'octocat' successfully
Create users.
$ sudo samba-tool user create \
octo 0ctOpass \
--given-name Octo --surname Cat --home-directory /home/octocat \
--uid octo --uid-number 10000 --gid-number 10000 \
--unix-home /home/octocat \
--gecos 'Octo Cat' \
--nis-domain OCTOCAT \
--login-shell=/bin/bash
User 'octo' created successfully
$ sudo samba-tool user create vampire v4mP4ss
User 'vampire' created successfully
Add UNIX attributes to specific user.
$ sudo samba-tool user addunixattrs vampire 10001 --gid-number 100 --unix-home /home/vampire --login-shell /bin/bash
Modified User 'vampire' successfully
Display user information.
$ sudo samba-tool user show vampire
dn: CN=vampire,CN=Users,DC=octocat,DC=lab objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: vampire instanceType: 4 whenCreated: 20210930172540.0Z uSNCreated: 4085 name: vampire objectGUID: e64f4bd0-5b79-48ea-8ed6-91843f1ed14e badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid: S-1-5-21-3581266272-3984212215-1130392956-1108 accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: vampire sAMAccountType: 805306368 userPrincipalName: vampire@octocat.lab objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=octocat,DC=lab pwdLastSet: 132774963400609290 userAccountControl: 512 uidNumber: 10001 gidNumber: 100 gecos: vampire uid: vampire loginShell: /bin/bash unixHomeDirectory: /home/vampire whenChanged: 20210930172831.0Z uSNChanged: 4088 distinguishedName: CN=vampire,CN=Users,DC=octocat,DC=lab
Get user groups.
$ sudo samba-tool user getgroups octo
Domain Users cats
List users.
$ sudo samba-tool user list
octo Guest vampire dns-ad Administrator krbtgt
Define password expiration.
$ sudo samba-tool user setexpiry --days 120 octo
Expiry for user 'octo' set to 120 days.
$ sudo samba-tool user setexpiry --noexpiry vampire
Expiry for user 'vampire' disabled.
Add user to group.
$ sudo samba-tool group addmembers cats octo,vampire
Added members to group cats
$ sudo samba-tool group addmembers vampires vampire
Added members to group vampires
List groups.
$ sudo samba-tool group list
Event Log Readers Certificate Service DCOM Access Print Operators Incoming Forest Trust Builders Remote Desktop Users Enterprise Read-only Domain Controllers RAS and IAS Servers Domain Users Windows Authorization Access Group Domain Admins Denied RODC Password Replication Group vampires Performance Log Users Pre-Windows 2000 Compatible Access Backup Operators Domain Computers Cert Publishers Users Account Operators DnsUpdateProxy octocat Read-only Domain Controllers Group Policy Creator Owners Enterprise Admins cats Schema Admins Domain Controllers Distributed COM Users Cryptographic Operators Allowed RODC Password Replication Group IIS_IUSRS Terminal Server License Servers Domain Guests Guests Replicator Performance Monitor Users DnsAdmins Server Operators Administrators Network Configuration Operators
List group members.
$ sudo samba-tool group listmembers cats
vampire octo
Remove user from a group.
$ sudo samba-tool group removemembers cats vampire
Removed members from group cats
Delete group.
$ sudo samba-tool group delete vampires
Deleted group vampires
Delete user.
$ sudo samba-tool user delete vampire
Deleted user vampire
Change user password.
$ sudo samba-tool user password -U octo
Password for [OCTOCAT\octo]: ************ New Password: ************ Retype Password: ************ Changed password OK