Web lists-archives.com

Re: [Samba] How to get password expiration?




I want something like so on login

Last login: Wed Feb 1 10:47:53
Password Expires: Wed March 1 00:00:00
[myaduser@machine ~]$

I just want them to know when their password expires.



On Wed, Feb 1, 2017 at 9:39 AM, mathias dufresne <infractory@xxxxxxxxx>
wrote:

> Plop,
>
> You'd like to modify .bashrc to auto-disconnect user with expired
> password? I thought modern tools to use AD (SSSD, winbind, nslcd) would
> come with such a mechanism inside. I do believe to remember some Linux
> disconnecting me for "disabled user" or "expired password"...
>
> Anyway, don't put that into .bashrc, they can modify it. If you really go
> into that way, uses /etc/profile which is owned by root (normally).
>
> In AD (MS and Samba) I believe expiration is calculated. You take current
> date, you take pwdLastSet, you take password expiration policy and you
> check if password wasn't set to far from now.
>
> But I still believe a well written tool should manage these expirations
> automagically when it comes to tools responsible to retrieve users from AD.
>
> 2017-01-31 17:00 GMT+01:00 Jeff Sadowski via samba <samba@xxxxxxxxxxxxxxx>
> :
>
>> my smb.conf looks as follows.
>> [global]
>>    security = ads
>>    realm = AD.MYDOMAIN.TLD
>>    workgroup = AD
>>    idmap config * : backend = tdb
>>    idmap config * : range = 2000-7999
>>    idmap config MIND:backend = ad
>>    idmap config MIND:schema_mode = rfc2307
>>    idmap config MIND:range = 8000-9999999
>>    winbind nss info = rfc2307
>>    winbind use default domain = yes
>>    winbind enum users = yes
>>    winbind enum groups = yes
>>    restrict anonymous = 2
>>    ldap server require strong auth = no
>>    client ldap sasl wrapping = plain
>>
>> I'm connected to an Windows 2008 based Active Directory environment
>>
>> Is there a linux command users can run to get their password expiration
>> that they could run from their .bashrc files?
>>
>> I searched the wiki and the mailing list but couldn't find what I am
>> looking for.
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba