By default, when a user is added to the local smbpasswd file, it is enabled. And the output of sudo pdbedit -L -v does not specifically indicate that the user is enabled. Therefore, when you enable a user that is already enabled, nothing happens.
Per the smbpasswd(8) manpage:
-e
This option specifies that the username following should be enabled in the local smbpasswd file, if the account was previously disabled. If the account was not disabled this option has no effect. Once the account is enabled then the user will be able to authenticate via SMB once again.
However, after you disable a user, the Account Flags will show that the user is disabled with the D flag.
Per the smbpasswd(8) manpage:
-d
This option specifies that the username following should be disabled in the local smbpasswd file. This is done by writing a 'D' flag into the account control space in the smbpasswd file. Once this is done all attempts to authenticate via SMB using this username will fail.
Here is an example...
Before disabling the user, look at the output of sudo pdbedit -L -v. Notice that the Account Flags only shows a U. This means that this user is a regular user.
$ sudo pdbedit -L -v
---------------
Unix username: smb-user1
NT username:
Account Flags: [U ]
User SID: S-1-5-21-546278022-4217200412-1778477751-1001
Primary Group SID: S-1-5-21-546278022-4217200412-1778477751-513
Full Name:
Home Directory: \\TESTSERVER\smb-user1
HomeDir Drive:
Logon Script:
Profile Path: \\TESTSERVER\smb-user1\profile
Domain: TESTSERVER
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 15:06:39 UTC
Kickoff time: Wed, 06 Feb 2036 15:06:39 UTC
Password last set: Sun, 30 Jul 2023 20:45:45 UTC
Password can change: Sun, 30 Jul 2023 20:45:45 UTC
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Next, disable the user:
$ sudo smbpasswd -d smb-user1
Disabled user smb-user1.
Then look at the output of sudo pdbedit -L -v and you'll notice that the Account Flags have added a D, which indicates that the user is now disabled.
$ sudo pdbedit -L -v
---------------
Unix username: smb-user1
NT username:
Account Flags: [DU ]
User SID: S-1-5-21-546278022-4217200412-1778477751-1001
Primary Group SID: S-1-5-21-546278022-4217200412-1778477751-513
Full Name:
Home Directory: \\TESTSERVER\smb-user1
HomeDir Drive:
Logon Script:
Profile Path: \\TESTSERVER\smb-user1\profile
Domain: TESTSERVER
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 15:06:39 UTC
Kickoff time: Wed, 06 Feb 2036 15:06:39 UTC
Password last set: Sun, 30 Jul 2023 20:45:45 UTC
Password can change: Sun, 30 Jul 2023 20:45:45 UTC
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Finally, you can enable the user:
$ sudo smbpasswd -e smb-user1
Enabled user smb-user1.
Then run sudo pdbedit -L -v and you'll see that the D flag has been removed.
$ sudo pdbedit -L -v
---------------
Unix username: smb-user1
NT username:
Account Flags: [U ]
User SID: S-1-5-21-546278022-4217200412-1778477751-1001
Primary Group SID: S-1-5-21-546278022-4217200412-1778477751-513
Full Name:
Home Directory: \\TESTSERVER\smb-user1
HomeDir Drive:
Logon Script:
Profile Path: \\TESTSERVER\smb-user1\profile
Domain: TESTSERVER
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 15:06:39 UTC
Kickoff time: Wed, 06 Feb 2036 15:06:39 UTC
Password last set: Sun, 30 Jul 2023 20:45:45 UTC
Password can change: Sun, 30 Jul 2023 20:45:45 UTC
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
For a list and meaning of the account flags, look at man smbpasswd(5):
Account Flags
This section contains flags that describe the attributes of the users account. This field is bracketed by '[' and ']' characters and is always 13 characters in length (including the '[' and ']' characters). The contents of this field may be any of the following characters:
U - This means this is a "User" account, i.e. an ordinary user.
N - This means the account has no password (the passwords in the fields LANMAN Password Hash and NT Password Hash are ignored). Note that this will only allow users to log on with no password if the null passwords parameter is set in the smb.conf(5) config file.
D - This means the account is disabled and no SMB/CIFS logins will be allowed for this user.
X - This means the password does not expire.
W - This means this account is a "Workstation Trust" account. This kind of account is used in the Samba PDC code stream to allow Windows NT Workstations and Servers to join a Domain hosted by a Samba PDC.
Other flags may be added as the code is extended in future. The rest of this field space is filled in with spaces. For further information regarding the flags that are supported please refer to the man page for the pdbedit command.
Or for a more complete list, see the pdbedit(8) manpage:
-c|--account-control account-control
This option can be used while adding or modifying a user account. It will specify the users' account control property. Possible flags are listed below.
N: No password required
D: Account disabled
H: Home directory required
T: Temporary duplicate of other account
U: Regular user account
M: MNS logon user account
W: Workstation Trust Account
S: Server Trust Account
L: Automatic Locking
X: Password does not expire
I: Domain Trust Account
Example: -c "[X ]"
