[Samba] Users list and the date the password will expire
Rowland Penny
rpenny at samba.org
Thu Feb 9 13:02:32 UTC 2017
On Thu, 9 Feb 2017 13:40:29 +0100
Ole Traupe <ole.traupe at tu-berlin.de> wrote:
> Actually, there were 2 problems. These lines work for me:
>
There you go for relying on 'shellcheck', it didn't raise an error on
the quotes, but it did after I removed them ;-)
so here is the latest version of the script:
#!/bin/bash
# Get path to sam.ldb
LDBDIR=$(samba -b | grep 'PRIVATE_DIR' | awk -F ':' '{print $NF}' | sed 's/^ *//g')
if [ -z "${LDBDIR}" ]; then
echo "This is supposed to be a DC, but cannot obtain the Private dir."
echo "Cannot Continue...Exiting."
exit 1
else
LDBDB="${LDBDIR}/sam.ldb"
fi
# Get the default naming context of the domain # DC=samdom,DC=example,DC=com
domainDN=$(ldbsearch -H "${LDBDB}" -b "" -s base defaultNamingContext | grep 'defaultNamingContext' | sed 's|defaultNamingContext: ||')
if [ -z "${domainDN}" ]; then
echo "Could not obtain AD rootDSE"
exit 1
fi
user_list=$(wbinfo -u)
for user in $user_list; do
user=$(echo "${user}" | awk -F '\\' '{print $2}')
user_expire_date=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" msDS-UserPasswordExpiryTimeComputed | grep "msDS-UserPasswordExpiryTimeComputed: " | sed "s|msDS-UserPasswordExpiryTimeComputed: ||")
UNIXTimeStamp=$(((user_expire_date/10000000)-11644473600))
date_now=$(date +%s)
exp_days=$(((UNIXTimeStamp - date_now) / 3600 / 24))
if [ "${exp_days}" -le "0" ]; then
mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" mail | grep mail: | sed "s|mail: ||")
if [ -n "${mail_string}" ]; then
echo "Gotcha: ${user}" | mail -s "WARNING: Your domain account password has expired!!!" "${mail_string}"
fi
elif [ "${exp_days}" == "90" ] || [ "${exp_days}" == "60" ] || [ "${exp_days}" == "30" ]; then
mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" mail | grep mail: | sed "s|mail: ||")
if [ -n "${mail_string}" ]; then
echo echo "Gotcha: ${user}" | mail -s "WARNING: Your domain account password will expire in ${exp_days} days!" "${mail_string}"
fi
fi
done
exit 0
It has been tested on bash, don't know if it will work on dash etc
I have to have the line:
user=$(echo "${user}" | awk -F '\\' '{print $2}')
Or I get:
ldb_handler_fold: unable to casefold string [SAMDOM�ministrator]
and All my users have expired passwords, which they haven't
Rowland
More information about the samba
mailing list