[Samba] How to get password expiration?

Jeff Sadowski jeff.sadowski at gmail.com
Wed Feb 1 19:12:09 UTC 2017 

Or maybe better like so on login

Last login: Wed Feb 1 10:47:53
Password Expires in 28 days
[myaduser at machine ~]$



On Wed, Feb 1, 2017 at 12:10 PM, Jeff Sadowski <jeff.sadowski at gmail.com>
wrote:

> I want something like so on login
>
> Last login: Wed Feb 1 10:47:53
> Password Expires: Wed March 1 00:00:00
> [myaduser at machine ~]$
>
> I just want them to know when their password expires.
>
>
>
> On Wed, Feb 1, 2017 at 9:39 AM, mathias dufresne <infractory at gmail.com>
> wrote:
>
>> Plop,
>>
>> You'd like to modify .bashrc to auto-disconnect user with expired
>> password? I thought modern tools to use AD (SSSD, winbind, nslcd) would
>> come with such a mechanism inside. I do believe to remember some Linux
>> disconnecting me for "disabled user" or "expired password"...
>>
>> Anyway, don't put that into .bashrc, they can modify it. If you really go
>> into that way, uses /etc/profile which is owned by root (normally).
>>
>> In AD (MS and Samba) I believe expiration is calculated. You take current
>> date, you take pwdLastSet, you take password expiration policy and you
>> check if password wasn't set to far from now.
>>
>> But I still believe a well written tool should manage these expirations
>> automagically when it comes to tools responsible to retrieve users from AD.
>>
>> 2017-01-31 17:00 GMT+01:00 Jeff Sadowski via samba <samba at lists.samba.org
>> >:
>>
>>> my smb.conf looks as follows.
>>> [global]
>>>    security = ads
>>>    realm = AD.MYDOMAIN.TLD
>>>    workgroup = AD
>>>    idmap config * : backend = tdb
>>>    idmap config * : range = 2000-7999
>>>    idmap config MIND:backend = ad
>>>    idmap config MIND:schema_mode = rfc2307
>>>    idmap config MIND:range = 8000-9999999
>>>    winbind nss info = rfc2307
>>>    winbind use default domain = yes
>>>    winbind enum users = yes
>>>    winbind enum groups = yes
>>>    restrict anonymous = 2
>>>    ldap server require strong auth = no
>>>    client ldap sasl wrapping = plain
>>>
>>> I'm connected to an Windows 2008 based Active Directory environment
>>>
>>> Is there a linux command users can run to get their password expiration
>>> that they could run from their .bashrc files?
>>>
>>> I searched the wiki and the mailing list but couldn't find what I am
>>> looking for.
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>

More information about the samba mailing list