Web lists-archives.com

Re: [Samba] How to get password expiration?

On 02/02/2017 15:17, mathias dufresne wrote:
So, back to ldapsearch -Y GSSAPI (if your users generate kerberos ticket at connection time) to retrieve LDAP attribute PwdLastSet. It's not an UNIX timestamp, it should be called LDAP time stamp or 18-digit LDAP timestamp...

Aside: it's a Microsoft Win32 FILETIME. (The LDAP standard uses ISO times)

pwdLastSet doesn't tell you when it expires, so you'd have to combine this with the domain password expiry policy too: i.e. do the equivalent of "samba-tool domain passwordsettings show"

If he only wants to display the information to the user at login time, I think the best/easiest place to do this would be in the PAM module which enforces the password expiry, since it has all the information to hand already.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba