salt.modules.pdbedit

Manage accounts in Samba's passdb using pdbedit

maintainer:Jorge Schrauwen <sjorge@blackdot.be>
maturity:new
platform:posix

New in version 2017.7.0.

salt.modules.pdbedit.create(login, password, password_hashed=False, machine_account=False)

Create user account

login
: string
login name
password
: string
password
password_hashed
: boolean
set if password is a nt hash instead of plain text
machine_account
: boolean
set to create a machine trust account instead

CLI Example:

salt '*' pdbedit.create zoe 9764951149F84E770889011E1DC4A927 nthash
salt '*' pdbedit.create river  1sw4ll0w3d4bug
salt.modules.pdbedit.delete(login)

Delete user account

login
: string
login name

CLI Example:

salt '*' pdbedit.delete wash
salt.modules.pdbedit.generate_nt_hash(password)

Generate a NT HASH

CLI Example:

salt '*' pdbedit.generate_nt_hash my_passwd
salt.modules.pdbedit.get(login, hashes=False)

Get user account details

login
: string
login name
hashes
: boolean
include NTHASH and LMHASH in verbose output

CLI Example:

salt '*' pdbedit.get kaylee
salt.modules.pdbedit.list(verbose=True, hashes=False)

List user accounts

verbose
: boolean
return all information
hashes
: boolean
include NT HASH and LM HASH in verbose output

CLI Example:

salt '*' pdbedit.list
salt.modules.pdbedit.modify(login, password=None, password_hashed=False, domain=None, profile=None, script=None, drive=None, homedir=None, fullname=None, account_desc=None, account_control=None, machine_sid=None, user_sid=None, reset_login_hours=False, reset_bad_password_count=False)

Modify user account

login
: string
login name
password
: string
password
password_hashed
: boolean
set if password is a nt hash instead of plain text
domain
: string
users domain
profile
: string
profile path
script
: string
logon script
drive
: string
home drive
homedir
: string
home directory
fullname
: string
full name
account_desc
: string
account description
machine_sid
: string
specify the machines new primary group SID or rid
user_sid
: string
specify the users new primary group SID or rid
account_control
: string

specify user account control properties

Note

Only the follwing can be set: - N: No password required - D: Account disabled - H: Home directory required - L: Automatic Locking - X: Password does not expire

reset_login_hours
: boolean
reset the users allowed logon hours
reset_bad_password_count
: boolean
reset the stored bad login counter

Note

if user is absent and password is provided, the user will be created

CLI Example:

salt '*' pdbedit.modify inara fullname='Inara Serra'
salt '*' pdbedit.modify simon password=r1v3r
salt '*' pdbedit.modify jane drive='V:' homedir='\\serenity\jane\profile'
salt '*' pdbedit.modify mal account_control=NX