Web lists-archives.com

Re: [Samba] Users list and the date the password will expire

Well, that was a little premature. Querying the attribute directly actually leads to a longer (and partly redundant) statement:

exp_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s sub -b $basedn cn=$user msDS-UserPasswordExpiryTimeComputed | grep msDS-UserPasswordExpiryTimeComputed | tr -dc '0-9'`


On 09.02.2017 11:25, Ole Traupe via samba wrote:
Exactly, and got reminded that I don't have to grep anything but can ask for specific parameters. Been a while that I used ldbsearch. ;)


On 08.02.2017 18:46, Rowland Penny via samba wrote:
On Wed, 8 Feb 2017 18:32:15 +0100
Ole Traupe via samba <samba@xxxxxxxxxxxxxxx> wrote:

That was weird: didn't see (expect) there to be a discussion right on
the same topic going on at this very moment.


On 08.02.2017 17:37, Ole Traupe via samba wrote:
Hi list,

long time no see! :)

I was looking for an email reminder script for users whose password
will expire. Some of our users are on long travels and will never
see the Domain's default notification. I haven't found any complete
(and simple) solution online. So I wrote one. In case it helps
anyone, you find it below.

You should only have to fill in the blanks for the the "basedn"
search parameter. Time conversion methods are taken from here:




max_pwAge=`samba-tool domain passwordsettings show | grep "Maximum
password age" | tr -dc '0-9'`
user_list=`wbinfo -u`


for user in $user_list; do

         set_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s
sub -b  $basedn cn=$user | grep pwdLastSet | tr -dc '0-9'`

         if [ $set_date ] && [ $set_date -gt 1 ]; then

                 then_sec=`date -d "1970-01-01 $UNIXTimeStamp sec
GMT" +%s`
                 now_sec=`date +%s`
                 diff_days=$(( ( $now_sec - $then_sec )/60/60/24 ))
                 exp_days=$(( $max_pwAge - $diff_days ))

                 if [ $exp_days == 90 ] || [ $exp_days == 60 ] || [
$exp_days == 30 ]; then

                         mail_string=`ldbsearch -H
/usr/local/samba/private/sam.ldb -s sub -b $basedn cn=$user | grep
mail` echo "Gotcha: $user" | mail -s "WARNING: Your
domain account password will expire in $exp_days days!"


Yes and now you know that you are using the wrong attribute LOL


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba