[Samba] Users list and the date the password will expire

Rowland Penny rpenny at samba.org
Wed Feb 8 17:46:23 UTC 2017 

On Wed, 8 Feb 2017 18:32:15 +0100
Ole Traupe via samba <samba at lists.samba.org> wrote:

> That was weird: didn't see (expect) there to be a discussion right on 
> the same topic going on at this very moment.
> 
> Ole
> 
> 
> On 08.02.2017 17:37, Ole Traupe via samba wrote:
> > Hi list,
> >
> > long time no see! :)
> >
> > I was looking for an email reminder script for users whose password 
> > will expire. Some of our users are on long travels and will never
> > see the Domain's default notification. I haven't found any complete
> > (and simple) solution online. So I wrote one. In case it helps
> > anyone, you find it below.
> >
> > You should only have to fill in the blanks for the the "basedn"
> > search parameter. Time conversion methods are taken from here:
> > http://meinit.nl/convert-active-directory-lastlogon-time-to-unix-readable-time 
> >
> >
> > Ole
> >
> >
> >
> >
> > -- 
> >
> > #!/bin/sh
> >
> > max_pwAge=`samba-tool domain passwordsettings show | grep "Maximum 
> > password age" | tr -dc '0-9'`
> > user_list=`wbinfo -u`
> >
> > basedn="OU=*,DC=*,DC=*,DC=*"
> >
> > for user in $user_list; do
> >
> >         set_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s
> > sub -b  $basedn cn=$user | grep pwdLastSet | tr -dc '0-9'`
> >
> >         if [ $set_date ] && [ $set_date -gt 1 ]; then
> >
> > UNIXTimeStamp=$((($set_date/10000000)-11644473600))
> >                 then_sec=`date -d "1970-01-01 $UNIXTimeStamp sec
> > GMT" +%s`
> >                 now_sec=`date +%s`
> >                 diff_days=$(( ( $now_sec - $then_sec )/60/60/24 ))
> >                 exp_days=$(( $max_pwAge - $diff_days ))
> >
> >                 if [ $exp_days == 90 ] || [ $exp_days == 60 ] || [ 
> > $exp_days == 30 ]; then
> >
> >                         mail_string=`ldbsearch -H 
> > /usr/local/samba/private/sam.ldb -s sub -b $basedn cn=$user | grep
> > mail` echo "Gotcha: $user" | mail -s "WARNING: Your 
> > domain account password will expire in $exp_days days!"
> > ${mail_string:6}
> >
> >                 fi
> >         fi
> > done
> >
> 
> 

Yes and now you know that you are using the wrong attribute LOL

Rowland

More information about the samba mailing list