Web lists-archives.com

Re: [Samba] Users list and the date the password will expire




Exactly, and got reminded that I don't have to grep anything but can ask for specific parameters. Been a while that I used ldbsearch. ;)

Ole


On 08.02.2017 18:46, Rowland Penny via samba wrote:
On Wed, 8 Feb 2017 18:32:15 +0100
Ole Traupe via samba <samba@xxxxxxxxxxxxxxx> wrote:

That was weird: didn't see (expect) there to be a discussion right on
the same topic going on at this very moment.

Ole


On 08.02.2017 17:37, Ole Traupe via samba wrote:
Hi list,

long time no see! :)

I was looking for an email reminder script for users whose password
will expire. Some of our users are on long travels and will never
see the Domain's default notification. I haven't found any complete
(and simple) solution online. So I wrote one. In case it helps
anyone, you find it below.

You should only have to fill in the blanks for the the "basedn"
search parameter. Time conversion methods are taken from here:
http://meinit.nl/convert-active-directory-lastlogon-time-to-unix-readable-time


Ole




--

#!/bin/sh

max_pwAge=`samba-tool domain passwordsettings show | grep "Maximum
password age" | tr -dc '0-9'`
user_list=`wbinfo -u`

basedn="OU=*,DC=*,DC=*,DC=*"

for user in $user_list; do

         set_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s
sub -b  $basedn cn=$user | grep pwdLastSet | tr -dc '0-9'`

         if [ $set_date ] && [ $set_date -gt 1 ]; then

UNIXTimeStamp=$((($set_date/10000000)-11644473600))
                 then_sec=`date -d "1970-01-01 $UNIXTimeStamp sec
GMT" +%s`
                 now_sec=`date +%s`
                 diff_days=$(( ( $now_sec - $then_sec )/60/60/24 ))
                 exp_days=$(( $max_pwAge - $diff_days ))

                 if [ $exp_days == 90 ] || [ $exp_days == 60 ] || [
$exp_days == 30 ]; then

                         mail_string=`ldbsearch -H
/usr/local/samba/private/sam.ldb -s sub -b $basedn cn=$user | grep
mail` echo "Gotcha: $user" | mail -s "WARNING: Your
domain account password will expire in $exp_days days!"
${mail_string:6}

                 fi
         fi
done


Yes and now you know that you are using the wrong attribute LOL

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba