[Samba] About password expiry

Amaury Viera Hernández avhernandez at uci.cu
Thu Nov 26 05:40:13 UTC 2015

Hi every one:
I'm using samba4 as domain controller and a I want to check every 1 hour in my mail server the password expiration for every user in the domain. I need to kow what is the attribute used in samba4. 
Using ldbsearch i see badPasswordTime and accountExpires, but in the microsoft documentation said that accountExpires is used for represent the date when the account expires. Can i use this and send the email to the users telling that they need to change their password?
About badPasswordTime said that represent The last time and date that an attempt to log on to this account was made with a password that is not valid.

I'm confuse. Could you help me to know which of this attributes I need for advise to the users about their password expiration?
Thanks in advance. Amaury.

ldbsearch --url=/var/lib/samba/private/sam.ldb samaccountname=pp
# record 1
dn: CN=pp,CN=Users,DC=eomarit,DC=com,DC=cu
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: pp
instanceType: 4
whenCreated: 20151124051519.0Z
whenChanged: 20151124051519.0Z
uSNCreated: 3847
name: pp
objectGUID: 95e62723-1bfb-4847-825a-8749705e4ef9
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-2370192828-1696309146-286596188-1117
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: pp
sAMAccountType: 805306368
userPrincipalName: pp at eomarit.com.cu
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=eomarit,DC=com,DC=cu
pwdLastSet: 130928157190000000
userAccountControl: 512
uSNChanged: 3849
distinguishedName: CN=pp,CN=Users,DC=eomarit,DC=com,DC=cu

More information about the samba mailing list