[Samba] Users list and the date the password will expire

Thu Feb 9 11:03:42 UTC 2017

Well, that was a little premature. Querying the attribute directly 
actually leads to a longer (and partly redundant) statement:

exp_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s sub -b 
$basedn cn=$user msDS-UserPasswordExpiryTimeComputed | grep 
msDS-UserPasswordExpiryTimeComputed | tr -dc '0-9'`

Ole

On 09.02.2017 11:25, Ole Traupe via samba wrote:
> Exactly, and got reminded that I don't have to grep anything but can 
> ask for specific parameters. Been a while that I used ldbsearch. ;)
>
> Ole
>
>
> On 08.02.2017 18:46, Rowland Penny via samba wrote:
>> On Wed, 8 Feb 2017 18:32:15 +0100
>> Ole Traupe via samba <samba at lists.samba.org> wrote:
>>
>>> That was weird: didn't see (expect) there to be a discussion right on
>>> the same topic going on at this very moment.
>>>
>>> Ole
>>>
>>>
>>> On 08.02.2017 17:37, Ole Traupe via samba wrote:
>>>> Hi list,
>>>>
>>>> long time no see! :)
>>>>
>>>> I was looking for an email reminder script for users whose password
>>>> will expire. Some of our users are on long travels and will never
>>>> see the Domain's default notification. I haven't found any complete
>>>> (and simple) solution online. So I wrote one. In case it helps
>>>> anyone, you find it below.
>>>>
>>>> You should only have to fill in the blanks for the the "basedn"
>>>> search parameter. Time conversion methods are taken from here:
>>>> http://meinit.nl/convert-active-directory-lastlogon-time-to-unix-readable-time 
>>>>
>>>>
>>>>
>>>> Ole
>>>>
>>>>
>>>>
>>>>
>>>> -- 
>>>>
>>>> #!/bin/sh
>>>>
>>>> max_pwAge=`samba-tool domain passwordsettings show | grep "Maximum
>>>> password age" | tr -dc '0-9'`
>>>> user_list=`wbinfo -u`
>>>>
>>>> basedn="OU=*,DC=*,DC=*,DC=*"
>>>>
>>>> for user in $user_list; do
>>>>
>>>>          set_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s
>>>> sub -b  $basedn cn=$user | grep pwdLastSet | tr -dc '0-9'`
>>>>
>>>>          if [ $set_date ] && [ $set_date -gt 1 ]; then
>>>>
>>>> UNIXTimeStamp=$((($set_date/10000000)-11644473600))
>>>>                  then_sec=`date -d "1970-01-01 $UNIXTimeStamp sec
>>>> GMT" +%s`
>>>>                  now_sec=`date +%s`
>>>>                  diff_days=$(( ( $now_sec - $then_sec )/60/60/24 ))
>>>>                  exp_days=$(( $max_pwAge - $diff_days ))
>>>>
>>>>                  if [ $exp_days == 90 ] || [ $exp_days == 60 ] || [
>>>> $exp_days == 30 ]; then
>>>>
>>>>                          mail_string=`ldbsearch -H
>>>> /usr/local/samba/private/sam.ldb -s sub -b $basedn cn=$user | grep
>>>> mail` echo "Gotcha: $user" | mail -s "WARNING: Your
>>>> domain account password will expire in $exp_days days!"
>>>> ${mail_string:6}
>>>>
>>>>                  fi
>>>>          fi
>>>> done
>>>>
>>>
>> Yes and now you know that you are using the wrong attribute LOL
>>
>> Rowland
>>
>
>