[Samba] Users list and the date the password will expire
Mark Foley
mfoley at ohprs.org
Sun Mar 26 04:16:13 UTC 2017
On Sat, 25 Mar 2017 18:28:37 +0000 Rowland Penny wrote:
>
> On Sat, 25 Mar 2017 14:11:00 -0400
> Mark Foley via samba <samba at lists.samba.org> wrote:
>
> > For a given Samba4 AD user, how do determine the number of days until
> > the password expires?
> >
> > --Mark
> >
>
> This was raised some time ago, try searching the list archives, but it
> basically revolves around the 'msDS-UserPasswordExpiryTimeComputed'
> attribute.
>
> Rowland
Yes, and thank you for that tip to search for msDS-UserPasswordExpiryTimeComputed. I've changed
my subject line to be the same as the other in that thread.
I found and tried the scripts discussed. It works perfectly ... on the AD/DC host.
I need it to work on a domain member. The command: `samba -b` run on the domain members does
indeed return PRIVATE_DIR, in my case /var/lib/samba/private. But,
ldbsearch --url="/var/lib/samba/private/sam.ldb" -b "DC=hprs,DC=local" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=mark))" msDS-UserPasswordExpiryTimeComputed
returns 0 records. Certainly because the --url refers the the PRIVATE_DIR on the domain server,
not the domain member. using mail:/var/lib/... or mail.hprs.local:/var/lib/... and a few other
variations I could think of did not work.
So, how do I get msDS-UserPasswordExpiryTimeComputed from a domain member?
Thanks --Mark
More information about the samba
mailing list