[Samba] How to get password expiration?

Jeff Sadowski jeff.sadowski at gmail.com
Tue Feb 7 18:30:52 UTC 2017


figured out how to use ldapsearch also to get what I want.
Also found how to convert AD time to unix time
Another thing I wanted calculated was when an account expires.

ldapsearch -h ad.mydomain.tld -b dc=ad,dc=mydomain,dc=tld
"(sAMAccountName=$user)"

gives all the good information about a user.

here is how I used it to tell me all accounts expiring this next month.

h=ad.mydomain.tld
b=dc=ad,dc=mydomain,dc=tld
q=accountExpires
for user in $(wbinfo -u);do
accountExpires=$(ldapsearch -h $h -b $b "(sAMAccountName=$user)" $q
2>/dev/null | grep "^$q" | awk '{print $2}')
if [ "$(echo ${accountExpires}|wc -c)" -gt 7 ];then
 #microsoft uses 100 nanosecond increments so I remove the last 7 digits to
get seconds
 #microsoft's epoch is jan 1 1601 so I subtract 11644430400 seconds to make
it unit time
 act_exp=$(expr ${accountExpires::-7} - 11644430400)
 days=$(expr $(expr $act_exp - `date "+%s"`) / 86400)
 if [ "$days" -lt 30 ] && [ "$days" -gt 0 ];then
  echo $user expires in $days days
 fi
fi
done




On Fri, Feb 3, 2017 at 12:53 PM, Rowland Penny <rpenny at samba.org> wrote:

> On Fri, 3 Feb 2017 12:39:20 -0700
> Jeff Sadowski via samba <samba at lists.samba.org> wrote:
>
> > On my ubuntu machines I added
> >
> > auth    required        pam_exec.so /scripts/password_expire.sh
> >
> > to the beginning of /etc/pam.d/common-auth
> >
>
> That's where I was going wrong, I added it to common-session, but this
> being Unix, I have found another way ;-)
>
> On Mate (so should work on gnome as well), create a .desktop file
> in /etc/xdg/autostart to run a script in /usr/local/bin and you get the
> attached screenshot.
>
> Rowland


More information about the samba mailing list