[Samba] Users list and the date the password will expire

Ole Traupe ole.traupe at tu-berlin.de
Wed Feb 8 16:37:54 UTC 2017

Hi list,

long time no see! :)

I was looking for an email reminder script for users whose password will 
expire. Some of our users are on long travels and will never see the 
Domain's default notification. I haven't found any complete (and simple) 
solution online. So I wrote one. In case it helps anyone, you find it below.

You should only have to fill in the blanks for the the "basedn" search 
parameter. Time conversion methods are taken from here:




max_pwAge=`samba-tool domain passwordsettings show | grep "Maximum 
password age" | tr -dc '0-9'`
user_list=`wbinfo -u`


for user in $user_list; do

         set_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s sub 
-b  $basedn cn=$user | grep pwdLastSet | tr -dc '0-9'`

         if [ $set_date ] && [ $set_date -gt 1 ]; then

                 then_sec=`date -d "1970-01-01 $UNIXTimeStamp sec GMT" +%s`
                 now_sec=`date +%s`
                 diff_days=$(( ( $now_sec - $then_sec )/60/60/24 ))
                 exp_days=$(( $max_pwAge - $diff_days ))

                 if [ $exp_days == 90 ] || [ $exp_days == 60 ] || [ 
$exp_days == 30 ]; then

                         mail_string=`ldbsearch -H 
/usr/local/samba/private/sam.ldb -s sub -b $basedn cn=$user | grep mail`
                         echo "Gotcha: $user" | mail -s "WARNING: Your 
domain account password will expire in $exp_days days!" ${mail_string:6}


More information about the samba mailing list