Re: [Samba] How to get password expiration?
- Date: Wed, 1 Feb 2017 12:12:09 -0700
- From: Jeff Sadowski via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] How to get password expiration?
Or maybe better like so on login
Last login: Wed Feb 1 10:47:53
Password Expires in 28 days
On Wed, Feb 1, 2017 at 12:10 PM, Jeff Sadowski <jeff.sadowski@xxxxxxxxx>
> I want something like so on login
> Last login: Wed Feb 1 10:47:53
> Password Expires: Wed March 1 00:00:00
> [myaduser@machine ~]$
> I just want them to know when their password expires.
> On Wed, Feb 1, 2017 at 9:39 AM, mathias dufresne <infractory@xxxxxxxxx>
>> You'd like to modify .bashrc to auto-disconnect user with expired
>> password? I thought modern tools to use AD (SSSD, winbind, nslcd) would
>> come with such a mechanism inside. I do believe to remember some Linux
>> disconnecting me for "disabled user" or "expired password"...
>> Anyway, don't put that into .bashrc, they can modify it. If you really go
>> into that way, uses /etc/profile which is owned by root (normally).
>> In AD (MS and Samba) I believe expiration is calculated. You take current
>> date, you take pwdLastSet, you take password expiration policy and you
>> check if password wasn't set to far from now.
>> But I still believe a well written tool should manage these expirations
>> automagically when it comes to tools responsible to retrieve users from AD.
>> 2017-01-31 17:00 GMT+01:00 Jeff Sadowski via samba <samba@xxxxxxxxxxxxxxx
>>> my smb.conf looks as follows.
>>> security = ads
>>> realm = AD.MYDOMAIN.TLD
>>> workgroup = AD
>>> idmap config * : backend = tdb
>>> idmap config * : range = 2000-7999
>>> idmap config MIND:backend = ad
>>> idmap config MIND:schema_mode = rfc2307
>>> idmap config MIND:range = 8000-9999999
>>> winbind nss info = rfc2307
>>> winbind use default domain = yes
>>> winbind enum users = yes
>>> winbind enum groups = yes
>>> restrict anonymous = 2
>>> ldap server require strong auth = no
>>> client ldap sasl wrapping = plain
>>> I'm connected to an Windows 2008 based Active Directory environment
>>> Is there a linux command users can run to get their password expiration
>>> that they could run from their .bashrc files?
>>> I searched the wiki and the mailing list but couldn't find what I am
>>> looking for.
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the