[Samba] Users list and the date the password will expire

Mark Foley mfoley at ohprs.org
Wed Mar 29 16:41:46 UTC 2017

On Tue, 28 Mar 2017 16:48:24 +0100 Rowland Penny wrote:
> On Tue, 28 Mar 2017 11:23:23 -0400
> Mark Foley via samba <samba at lists.samba.org> wrote:
> > It seems like there is no endpoint to this problem! After changing
> > user 'mark's password, the ldbsearch no longer works with the -k yes
> > parameter:
> > 
> > $ /usr/bin/ldbsearch --url=ldap://mail -b "DC=hprs,DC=local" -k yes
> > -s sub "(&(sAMAccountType=805306368)(sAMAccountName=$USER))"
> > msDS-UserPasswordExpiryTimeComputed Password for [HPRS\mark]:
> > 
> > I am now prompted for a password. How do I fix this?
> > 
> > Thanks --Mark
> > 
> Didn't you get my offlist message ?

Yes, I did get it, but due to labyrinthine .procmailrc settings, it did not go to the mailbox
in which I normally read the sambalist messages!

Checking my offline mailbox ... in that email, you suggest (expanded):

$ /usr/bin/rpcclient -U "" -c "lookupnames $USER" mail
Enter 's password:

So, it *still* asks for a password, and the user's ID in the prompt is empty (from the empty
-U?). If I leave off the -U it asks for mark's password.

Am I doing something wrong?

Once I enter the password, the rest of your script ultimately does get me the "Password must
change Time". BUT ... I need to enter the user's password! (neither -k nor -N work)

Back to the original method, why would

/usr/bin/ldbsearch --url=ldap://mail -b "DC=hprs,DC=local" -k yes ...

work until I changed the user's domain password. Is there some way to get kerberos to "refresh"
the user's info so the -k works again? This might also help with your rpcclient suggestion.

I'm posting this both to the regular sambalist and back to you, so if you want to continue
responding offlist, I'll check that list hereafter. 

THX --Mark

More information about the samba mailing list