[Samba] Get PasswordMustChangeNow parameter from command line
lukebarone at gmail.com
Wed Jan 23 20:44:44 UTC 2019
Perfect, I got the parameter I needed! I just checked for
`msDS-UserPasswordExpiryTimeComputed`, and if it's 0, then I know the
password needs to change on the next login!
Thanks! I honestly had no idea what the attributes were, but now I see
they're the attributes that are in Active Directory.
On Wed, Jan 23, 2019 at 11:19 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Wed, 23 Jan 2019 10:44:01 -0800
> Luke Barone via samba <samba at lists.samba.org> wrote:
> > I am adapting a script that needs to know whether a user needs to
> > change their password on the next login from NT to AD with Samba.
> > I have tried "samba-tool user getpassword <user> --attributes
> > PwdMustChangeNow", but that's not giving me anything useful - just a
> > DN, and "Got password OK" (even on users that do need the password to
> > change).
> It wouldn't, mainly because 'PwdMustChangeNow' isn't one of the listed
> attributes and I don't know where you got it from.
> > Is there another line I can use that will show when a user's password
> > must change? The OS is Debian 9, running samba 4.5.12-Debian (yes, I
> > know it's EOL, but it's what the Debian repo has)
> No and it has nothing to do with your version of Samba ;-)
> There is an attribute 'msDS-UserPasswordExpiryTimeComputed' which would
> give you what you want, but this doesn't seem to exist in AD yet.
> You need to obtain two attributes from AD, the domains 'maxPwdAge' and
> the users 'pwdLastSet', then with a bit of maths (okay, a lot), you can
> calculate when the password will expire.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba