Web lists-archives.com

Re: [Samba] How to get password expiration?




On Tue, Feb 7, 2017 at 3:22 PM, Jeff Sadowski <jeff.sadowski@xxxxxxxxx>
wrote:

>
>
> On Tue, Feb 7, 2017 at 11:44 AM, Rowland Penny via samba <
> samba@xxxxxxxxxxxxxxx> wrote:
>
>> On Tue, 7 Feb 2017 11:30:52 -0700
>> Jeff Sadowski <jeff.sadowski@xxxxxxxxx> wrote:
>>
>> > figured out how to use ldapsearch also to get what I want.
>> > Also found how to convert AD time to unix time
>> > Another thing I wanted calculated was when an account expires.
>> >
>> > ldapsearch -h ad.mydomain.tld -b dc=ad,dc=mydomain,dc=tld
>> > "(sAMAccountName=$user)"
>> >
>> > gives all the good information about a user.
>> >
>> > here is how I used it to tell me all accounts expiring this next
>> > month.
>> >
>> > h=ad.mydomain.tld
>> > b=dc=ad,dc=mydomain,dc=tld
>> > q=accountExpires
>> > for user in $(wbinfo -u);do
>> > accountExpires=$(ldapsearch -h $h -b $b "(sAMAccountName=$user)" $q
>> > 2>/dev/null | grep "^$q" | awk '{print $2}')
>> > if [ "$(echo ${accountExpires}|wc -c)" -gt 7 ];then
>> >  #microsoft uses 100 nanosecond increments so I remove the last 7
>> > digits to get seconds
>> >  #microsoft's epoch is jan 1 1601 so I subtract 11644430400 seconds
>> > to make it unit time
>> >  act_exp=$(expr ${accountExpires::-7} - 11644430400)
>> >  days=$(expr $(expr $act_exp - `date "+%s"`) / 86400)
>> >  if [ "$days" -lt 30 ] && [ "$days" -gt 0 ];then
>> >   echo $user expires in $days days
>> >  fi
>> > fi
>> > done
>>
>> Hmm, accountExpires != msDS-UserPasswordExpiryTimeComputed
>>
>> And from my internet investigations:
>>
>> unixtimestamp=$((($WindowsTimeStamp/10000000)-11676009600))
>>
>> $WindowsTimeStamp/10000000
> is equal to
> ${WindowsTimeStamp::-7}
> I don't know what is a more expensive operation catting a string or
> division(I guessed division was a more expensive operation).
>
> 11676009600 doesn't work right. It gives me different times then what net
> use gives me that is how I got
> 11644430400 to match what net use gives me
>
> I plugged the  unixtimestamp into "date -d @${unixtimestamp}" and compared
it with "net user %username% /domain" untill they where showing the same
times for accountExpire.

date

>
>
>> and to turn that into number of days:
>>
>> DAYS=$((($unixtimestamp - $DATE) / 3600 / 24))
>>
> x/3600/24 = x/86400
>
>
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba