salt.modules.pdbedit

Manage accounts in Samba's passdb using pdbedit

maintainer:

Jorge Schrauwen <sjorge@blackdot.be>

maturity:

new

platform:

posix

New in version 2017.7.0.

salt.modules.pdbedit.create(login, password, password_hashed=False, machine_account=False)

Create user account

loginstring

login name

passwordstring

password

password_hashedboolean

set if password is a nt hash instead of plain text

machine_accountboolean

set to create a machine trust account instead

CLI Example:

salt '*' pdbedit.create zoe 9764951149F84E770889011E1DC4A927 nthash
salt '*' pdbedit.create river  1sw4ll0w3d4bug
salt.modules.pdbedit.delete(login)

Delete user account

loginstring

login name

CLI Example:

salt '*' pdbedit.delete wash
salt.modules.pdbedit.generate_nt_hash(password)

Generate a NT HASH

CLI Example:

salt '*' pdbedit.generate_nt_hash my_passwd
salt.modules.pdbedit.get_user(login, hashes=False)

Get user account details

loginstring

login name

hashesboolean

include NTHASH and LMHASH in verbose output

CLI Example:

salt '*' pdbedit.get kaylee
salt.modules.pdbedit.list_users(verbose=True, hashes=False)

List user accounts

verboseboolean

return all information

hashesboolean

include NT HASH and LM HASH in verbose output

CLI Example:

salt '*' pdbedit.list
salt.modules.pdbedit.modify(login, password=None, password_hashed=False, domain=None, profile=None, script=None, drive=None, homedir=None, fullname=None, account_desc=None, account_control=None, machine_sid=None, user_sid=None, reset_login_hours=False, reset_bad_password_count=False)

Modify user account

loginstring

login name

passwordstring

password

password_hashedboolean

set if password is a nt hash instead of plain text

domainstring

users domain

profilestring

profile path

scriptstring

logon script

drivestring

home drive

homedirstring

home directory

fullnamestring

full name

account_descstring

account description

machine_sidstring

specify the machines new primary group SID or rid

user_sidstring

specify the users new primary group SID or rid

account_controlstring

specify user account control properties

Note

Only the following can be set: - N: No password required - D: Account disabled - H: Home directory required - L: Automatic Locking - X: Password does not expire

reset_login_hoursboolean

reset the users allowed logon hours

reset_bad_password_countboolean

reset the stored bad login counter

Note

if user is absent and password is provided, the user will be created

CLI Example:

salt '*' pdbedit.modify inara fullname='Inara Serra'
salt '*' pdbedit.modify simon password=r1v3r
salt '*' pdbedit.modify jane drive='V:' homedir='\\serenity\jane\profile'
salt '*' pdbedit.modify mal account_control=NX