[Samba] How to get password expiration?
Jeff Sadowski
jeff.sadowski at gmail.com
Wed Feb 1 19:10:31 UTC 2017
I want something like so on login
Last login: Wed Feb 1 10:47:53
Password Expires: Wed March 1 00:00:00
[myaduser at machine ~]$
I just want them to know when their password expires.
On Wed, Feb 1, 2017 at 9:39 AM, mathias dufresne <infractory at gmail.com>
wrote:
> Plop,
>
> You'd like to modify .bashrc to auto-disconnect user with expired
> password? I thought modern tools to use AD (SSSD, winbind, nslcd) would
> come with such a mechanism inside. I do believe to remember some Linux
> disconnecting me for "disabled user" or "expired password"...
>
> Anyway, don't put that into .bashrc, they can modify it. If you really go
> into that way, uses /etc/profile which is owned by root (normally).
>
> In AD (MS and Samba) I believe expiration is calculated. You take current
> date, you take pwdLastSet, you take password expiration policy and you
> check if password wasn't set to far from now.
>
> But I still believe a well written tool should manage these expirations
> automagically when it comes to tools responsible to retrieve users from AD.
>
> 2017-01-31 17:00 GMT+01:00 Jeff Sadowski via samba <samba at lists.samba.org>
> :
>
>> my smb.conf looks as follows.
>> [global]
>> security = ads
>> realm = AD.MYDOMAIN.TLD
>> workgroup = AD
>> idmap config * : backend = tdb
>> idmap config * : range = 2000-7999
>> idmap config MIND:backend = ad
>> idmap config MIND:schema_mode = rfc2307
>> idmap config MIND:range = 8000-9999999
>> winbind nss info = rfc2307
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>> restrict anonymous = 2
>> ldap server require strong auth = no
>> client ldap sasl wrapping = plain
>>
>> I'm connected to an Windows 2008 based Active Directory environment
>>
>> Is there a linux command users can run to get their password expiration
>> that they could run from their .bashrc files?
>>
>> I searched the wiki and the mailing list but couldn't find what I am
>> looking for.
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
More information about the samba
mailing list