[Samba] How to get password expiration?

Jeff Sadowski jeff.sadowski at gmail.com
Tue Feb 7 18:30:52 UTC 2017

figured out how to use ldapsearch also to get what I want.
Also found how to convert AD time to unix time
Another thing I wanted calculated was when an account expires.

ldapsearch -h ad.mydomain.tld -b dc=ad,dc=mydomain,dc=tld

gives all the good information about a user.

here is how I used it to tell me all accounts expiring this next month.

for user in $(wbinfo -u);do
accountExpires=$(ldapsearch -h $h -b $b "(sAMAccountName=$user)" $q
2>/dev/null | grep "^$q" | awk '{print $2}')
if [ "$(echo ${accountExpires}|wc -c)" -gt 7 ];then
 #microsoft uses 100 nanosecond increments so I remove the last 7 digits to
get seconds
 #microsoft's epoch is jan 1 1601 so I subtract 11644430400 seconds to make
it unit time
 act_exp=$(expr ${accountExpires::-7} - 11644430400)
 days=$(expr $(expr $act_exp - `date "+%s"`) / 86400)
 if [ "$days" -lt 30 ] && [ "$days" -gt 0 ];then
  echo $user expires in $days days

On Fri, Feb 3, 2017 at 12:53 PM, Rowland Penny <rpenny at samba.org> wrote:

> On Fri, 3 Feb 2017 12:39:20 -0700
> Jeff Sadowski via samba <samba at lists.samba.org> wrote:
> > On my ubuntu machines I added
> >
> > auth    required        pam_exec.so /scripts/password_expire.sh
> >
> > to the beginning of /etc/pam.d/common-auth
> >
> That's where I was going wrong, I added it to common-session, but this
> being Unix, I have found another way ;-)
> On Mate (so should work on gnome as well), create a .desktop file
> in /etc/xdg/autostart to run a script in /usr/local/bin and you get the
> attached screenshot.
> Rowland

More information about the samba mailing list