[Samba] Users list and the date the password will expire

Mark Foley mfoley at ohprs.org
Sun Mar 26 04:16:13 UTC 2017

On Sat, 25 Mar 2017 18:28:37 +0000 Rowland Penny wrote:
> On Sat, 25 Mar 2017 14:11:00 -0400
> Mark Foley via samba <samba at lists.samba.org> wrote:
> > For a given Samba4 AD user, how do determine the number of days until
> > the password expires?
> > 
> > --Mark
> > 
> This was raised some time ago, try searching the list archives, but it
> basically revolves around the 'msDS-UserPasswordExpiryTimeComputed'
> attribute.
> Rowland

Yes, and thank you for that tip to search for msDS-UserPasswordExpiryTimeComputed. I've changed
my subject line to be the same as the other in that thread.

I found and tried the scripts discussed. It works perfectly ... on the AD/DC host.

I need it to work on a domain member. The command: `samba -b` run on the domain members does
indeed return PRIVATE_DIR, in my case /var/lib/samba/private. But, 

ldbsearch --url="/var/lib/samba/private/sam.ldb" -b "DC=hprs,DC=local" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=mark))" msDS-UserPasswordExpiryTimeComputed

returns 0 records. Certainly because the --url refers the the PRIVATE_DIR on the domain server,
not the domain member. using mail:/var/lib/... or mail.hprs.local:/var/lib/... and a few other
variations I could think of did not work.

So, how do I get msDS-UserPasswordExpiryTimeComputed from a domain member?

Thanks --Mark

More information about the samba mailing list