Re: Users list and the date the password will expire

classic Classic list List threaded Threaded
46 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
Hi list,

long time no see! :)

I was looking for an email reminder script for users whose password will
expire. Some of our users are on long travels and will never see the
Domain's default notification. I haven't found any complete (and simple)
solution online. So I wrote one. In case it helps anyone, you find it below.

You should only have to fill in the blanks for the the "basedn" search
parameter. Time conversion methods are taken from here:
http://meinit.nl/convert-active-directory-lastlogon-time-to-unix-readable-time

Ole




--

#!/bin/sh

max_pwAge=`samba-tool domain passwordsettings show | grep "Maximum
password age" | tr -dc '0-9'`
user_list=`wbinfo -u`

basedn="OU=*,DC=*,DC=*,DC=*"

for user in $user_list; do

         set_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s sub
-b  $basedn cn=$user | grep pwdLastSet | tr -dc '0-9'`

         if [ $set_date ] && [ $set_date -gt 1 ]; then

                 UNIXTimeStamp=$((($set_date/10000000)-11644473600))
                 then_sec=`date -d "1970-01-01 $UNIXTimeStamp sec GMT" +%s`
                 now_sec=`date +%s`
                 diff_days=$(( ( $now_sec - $then_sec )/60/60/24 ))
                 exp_days=$(( $max_pwAge - $diff_days ))

                 if [ $exp_days == 90 ] || [ $exp_days == 60 ] || [
$exp_days == 30 ]; then

                         mail_string=`ldbsearch -H
/usr/local/samba/private/sam.ldb -s sub -b $basedn cn=$user | grep mail`
                         echo "Gotcha: $user" | mail -s "WARNING: Your
domain account password will expire in $exp_days days!" ${mail_string:6}

                 fi
         fi
done

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
That was weird: didn't see (expect) there to be a discussion right on
the same topic going on at this very moment.

Ole


On 08.02.2017 17:37, Ole Traupe via samba wrote:

> Hi list,
>
> long time no see! :)
>
> I was looking for an email reminder script for users whose password
> will expire. Some of our users are on long travels and will never see
> the Domain's default notification. I haven't found any complete (and
> simple) solution online. So I wrote one. In case it helps anyone, you
> find it below.
>
> You should only have to fill in the blanks for the the "basedn" search
> parameter. Time conversion methods are taken from here:
> http://meinit.nl/convert-active-directory-lastlogon-time-to-unix-readable-time 
>
>
> Ole
>
>
>
>
> --
>
> #!/bin/sh
>
> max_pwAge=`samba-tool domain passwordsettings show | grep "Maximum
> password age" | tr -dc '0-9'`
> user_list=`wbinfo -u`
>
> basedn="OU=*,DC=*,DC=*,DC=*"
>
> for user in $user_list; do
>
>         set_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s sub
> -b  $basedn cn=$user | grep pwdLastSet | tr -dc '0-9'`
>
>         if [ $set_date ] && [ $set_date -gt 1 ]; then
>
> UNIXTimeStamp=$((($set_date/10000000)-11644473600))
>                 then_sec=`date -d "1970-01-01 $UNIXTimeStamp sec GMT"
> +%s`
>                 now_sec=`date +%s`
>                 diff_days=$(( ( $now_sec - $then_sec )/60/60/24 ))
>                 exp_days=$(( $max_pwAge - $diff_days ))
>
>                 if [ $exp_days == 90 ] || [ $exp_days == 60 ] || [
> $exp_days == 30 ]; then
>
>                         mail_string=`ldbsearch -H
> /usr/local/samba/private/sam.ldb -s sub -b $basedn cn=$user | grep mail`
>                         echo "Gotcha: $user" | mail -s "WARNING: Your
> domain account password will expire in $exp_days days!" ${mail_string:6}
>
>                 fi
>         fi
> done
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
On Wed, 8 Feb 2017 18:32:15 +0100
Ole Traupe via samba <[hidden email]> wrote:

> That was weird: didn't see (expect) there to be a discussion right on
> the same topic going on at this very moment.
>
> Ole
>
>
> On 08.02.2017 17:37, Ole Traupe via samba wrote:
> > Hi list,
> >
> > long time no see! :)
> >
> > I was looking for an email reminder script for users whose password
> > will expire. Some of our users are on long travels and will never
> > see the Domain's default notification. I haven't found any complete
> > (and simple) solution online. So I wrote one. In case it helps
> > anyone, you find it below.
> >
> > You should only have to fill in the blanks for the the "basedn"
> > search parameter. Time conversion methods are taken from here:
> > http://meinit.nl/convert-active-directory-lastlogon-time-to-unix-readable-time 
> >
> >
> > Ole
> >
> >
> >
> >
> > --
> >
> > #!/bin/sh
> >
> > max_pwAge=`samba-tool domain passwordsettings show | grep "Maximum
> > password age" | tr -dc '0-9'`
> > user_list=`wbinfo -u`
> >
> > basedn="OU=*,DC=*,DC=*,DC=*"
> >
> > for user in $user_list; do
> >
> >         set_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s
> > sub -b  $basedn cn=$user | grep pwdLastSet | tr -dc '0-9'`
> >
> >         if [ $set_date ] && [ $set_date -gt 1 ]; then
> >
> > UNIXTimeStamp=$((($set_date/10000000)-11644473600))
> >                 then_sec=`date -d "1970-01-01 $UNIXTimeStamp sec
> > GMT" +%s`
> >                 now_sec=`date +%s`
> >                 diff_days=$(( ( $now_sec - $then_sec )/60/60/24 ))
> >                 exp_days=$(( $max_pwAge - $diff_days ))
> >
> >                 if [ $exp_days == 90 ] || [ $exp_days == 60 ] || [
> > $exp_days == 30 ]; then
> >
> >                         mail_string=`ldbsearch -H
> > /usr/local/samba/private/sam.ldb -s sub -b $basedn cn=$user | grep
> > mail` echo "Gotcha: $user" | mail -s "WARNING: Your
> > domain account password will expire in $exp_days days!"
> > ${mail_string:6}
> >
> >                 fi
> >         fi
> > done
> >
>
>

Yes and now you know that you are using the wrong attribute LOL

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
Exactly, and got reminded that I don't have to grep anything but can ask
for specific parameters. Been a while that I used ldbsearch. ;)

Ole


On 08.02.2017 18:46, Rowland Penny via samba wrote:

> On Wed, 8 Feb 2017 18:32:15 +0100
> Ole Traupe via samba <[hidden email]> wrote:
>
>> That was weird: didn't see (expect) there to be a discussion right on
>> the same topic going on at this very moment.
>>
>> Ole
>>
>>
>> On 08.02.2017 17:37, Ole Traupe via samba wrote:
>>> Hi list,
>>>
>>> long time no see! :)
>>>
>>> I was looking for an email reminder script for users whose password
>>> will expire. Some of our users are on long travels and will never
>>> see the Domain's default notification. I haven't found any complete
>>> (and simple) solution online. So I wrote one. In case it helps
>>> anyone, you find it below.
>>>
>>> You should only have to fill in the blanks for the the "basedn"
>>> search parameter. Time conversion methods are taken from here:
>>> http://meinit.nl/convert-active-directory-lastlogon-time-to-unix-readable-time
>>>
>>>
>>> Ole
>>>
>>>
>>>
>>>
>>> --
>>>
>>> #!/bin/sh
>>>
>>> max_pwAge=`samba-tool domain passwordsettings show | grep "Maximum
>>> password age" | tr -dc '0-9'`
>>> user_list=`wbinfo -u`
>>>
>>> basedn="OU=*,DC=*,DC=*,DC=*"
>>>
>>> for user in $user_list; do
>>>
>>>          set_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s
>>> sub -b  $basedn cn=$user | grep pwdLastSet | tr -dc '0-9'`
>>>
>>>          if [ $set_date ] && [ $set_date -gt 1 ]; then
>>>
>>> UNIXTimeStamp=$((($set_date/10000000)-11644473600))
>>>                  then_sec=`date -d "1970-01-01 $UNIXTimeStamp sec
>>> GMT" +%s`
>>>                  now_sec=`date +%s`
>>>                  diff_days=$(( ( $now_sec - $then_sec )/60/60/24 ))
>>>                  exp_days=$(( $max_pwAge - $diff_days ))
>>>
>>>                  if [ $exp_days == 90 ] || [ $exp_days == 60 ] || [
>>> $exp_days == 30 ]; then
>>>
>>>                          mail_string=`ldbsearch -H
>>> /usr/local/samba/private/sam.ldb -s sub -b $basedn cn=$user | grep
>>> mail` echo "Gotcha: $user" | mail -s "WARNING: Your
>>> domain account password will expire in $exp_days days!"
>>> ${mail_string:6}
>>>
>>>                  fi
>>>          fi
>>> done
>>>
>>
> Yes and now you know that you are using the wrong attribute LOL
>
> Rowland
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list


On 02/09/2017 11:25 AM, Ole Traupe via samba wrote:
> Exactly, and got reminded that I don't have to grep anything but can ask
> for specific parameters. Been a while that I used ldbsearch. ;)
>

So there will be an updated version of your script? :-)

Your script is something we could use as well, appreciated!

MJ

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Thu, 9 Feb 2017 11:26:55 +0100
Ole Traupe <[hidden email]> wrote:

> But I got the timestamp subtraction constant right from the beginning!


Hope you don't mind but I updated your script ;-)

#!/bin/bash

### Set system defaults

# Get path to sam.ldb
LDBDIR=$(samba -b | grep 'PRIVATE_DIR' | awk -F ':' '{print $NF}' | sed 's/^ *//g')
if [ -z "${LDBDIR}" ]; then
    echo "This is supposed to be a DC, but cannot obtain the Private dir."
    echo "Cannot Continue...Exiting."
    exit 1
else
    LDBDB="${LDBDIR}/sam.ldb"
fi

# Get the default naming context of the domain # DC=samdom,DC=example,DC=com
domainDN=$(ldbsearch -H "${LDBDB}" -b "" -s base defaultNamingContext | grep 'defaultNamingContext' | sed 's|defaultNamingContext: ||')
if [ -z "${domainDN}" ]; then
    echo "Could not obtain AD rootDSE"
    exit 1
fi

user_list=$(wbinfo -u)

for user in $user_list; do
    user=$(echo "${user}" | awk -F '\\' '{print $2}')
    user_expire_date=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" msDS-UserPasswordExpiryTimeComputed | grep "msDS-UserPasswordExpiryTimeComputed: " | sed "s|msDS-UserPasswordExpiryTimeComputed: ||")
    UNIXTimeStamp=$((("${user_expire_date}"/10000000)-11644473600))
    date_now=$(date +%s)
    exp_days=$((("${UNIXTimeStamp}" - "${date_now}") / 3600 / 24))
    if [ "${exp_days}" -le "0" ]; then
        mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" mail | grep mail: | sed "s|mail: ||")
        if [ -n "${mail_string}" ]; then
            echo "Gotcha: ${user}" | mail -s "WARNING: Your domain account password has expired!!!" "${mail_string}"
        fi
    elif [ "${exp_days}" == "90" ] || [ "${exp_days}" == "60" ] || [ "${exp_days}" == "30" ]; then
          mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" mail | grep mail: | sed "s|mail: ||")
          if [ -n "${mail_string}" ]; then
              echo echo "Gotcha: ${user}" | mail -s "WARNING: Your domain account password will expire in ${exp_days} days!" "${mail_string}"
          fi
    fi
done

exit 0

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
In reply to this post by Samba - General mailing list
Well, that was a little premature. Querying the attribute directly
actually leads to a longer (and partly redundant) statement:

exp_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s sub -b
$basedn cn=$user msDS-UserPasswordExpiryTimeComputed | grep
msDS-UserPasswordExpiryTimeComputed | tr -dc '0-9'`

Ole


On 09.02.2017 11:25, Ole Traupe via samba wrote:

> Exactly, and got reminded that I don't have to grep anything but can
> ask for specific parameters. Been a while that I used ldbsearch. ;)
>
> Ole
>
>
> On 08.02.2017 18:46, Rowland Penny via samba wrote:
>> On Wed, 8 Feb 2017 18:32:15 +0100
>> Ole Traupe via samba <[hidden email]> wrote:
>>
>>> That was weird: didn't see (expect) there to be a discussion right on
>>> the same topic going on at this very moment.
>>>
>>> Ole
>>>
>>>
>>> On 08.02.2017 17:37, Ole Traupe via samba wrote:
>>>> Hi list,
>>>>
>>>> long time no see! :)
>>>>
>>>> I was looking for an email reminder script for users whose password
>>>> will expire. Some of our users are on long travels and will never
>>>> see the Domain's default notification. I haven't found any complete
>>>> (and simple) solution online. So I wrote one. In case it helps
>>>> anyone, you find it below.
>>>>
>>>> You should only have to fill in the blanks for the the "basedn"
>>>> search parameter. Time conversion methods are taken from here:
>>>> http://meinit.nl/convert-active-directory-lastlogon-time-to-unix-readable-time 
>>>>
>>>>
>>>>
>>>> Ole
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> #!/bin/sh
>>>>
>>>> max_pwAge=`samba-tool domain passwordsettings show | grep "Maximum
>>>> password age" | tr -dc '0-9'`
>>>> user_list=`wbinfo -u`
>>>>
>>>> basedn="OU=*,DC=*,DC=*,DC=*"
>>>>
>>>> for user in $user_list; do
>>>>
>>>>          set_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s
>>>> sub -b  $basedn cn=$user | grep pwdLastSet | tr -dc '0-9'`
>>>>
>>>>          if [ $set_date ] && [ $set_date -gt 1 ]; then
>>>>
>>>> UNIXTimeStamp=$((($set_date/10000000)-11644473600))
>>>>                  then_sec=`date -d "1970-01-01 $UNIXTimeStamp sec
>>>> GMT" +%s`
>>>>                  now_sec=`date +%s`
>>>>                  diff_days=$(( ( $now_sec - $then_sec )/60/60/24 ))
>>>>                  exp_days=$(( $max_pwAge - $diff_days ))
>>>>
>>>>                  if [ $exp_days == 90 ] || [ $exp_days == 60 ] || [
>>>> $exp_days == 30 ]; then
>>>>
>>>>                          mail_string=`ldbsearch -H
>>>> /usr/local/samba/private/sam.ldb -s sub -b $basedn cn=$user | grep
>>>> mail` echo "Gotcha: $user" | mail -s "WARNING: Your
>>>> domain account password will expire in $exp_days days!"
>>>> ${mail_string:6}
>>>>
>>>>                  fi
>>>>          fi
>>>> done
>>>>
>>>
>> Yes and now you know that you are using the wrong attribute LOL
>>
>> Rowland
>>
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
In reply to this post by Samba - General mailing list
Welcome, good to be able to give something back.

Find the update below. Also replaced container name ('cn') with
'sAMAccountName' for stability reasons (in case sub-units contain
machines as well).

Comment out 'echo' lines for (rooted) cron-based use - except the mail
send line, of course.

Ole


#!/bin/sh

max_pwAge=`samba-tool domain passwordsettings show | grep "Maximum
password age" | tr -dc '0-9'`
user_list=`wbinfo -u`

basedn="OU=*,DC=*,DC=*,DC=*"

for user in $user_list; do

         exp_date=`ldbsearch -H /usr/local/samba/private/sam.ldb -s sub
-b $basedn sAMAccountName=$user msDS-UserPasswordExpiryTimeComputed |
grep msDS-UserPasswordExpiryTimeComputed | tr -dc '0-9'`

         echo "User: " $user
         echo "Password expiry date: " $exp_date

         if [ $exp_date ] && [ $exp_date -gt 1 ]; then

                 UNIXTimeStamp=$((($exp_date/10000000)-11644473600))
                 exp_sec=`date -d "1970-01-01 $UNIXTimeStamp sec GMT" +%s`
                 now_sec=`date +%s`
                 exp_days=$(( ( $exp_sec - $now_sec )/60/60/24 ))

                 echo "Days to expiration: " $exp_days

                 if [ $exp_days == 90 ] || [ $exp_days == 60 ] || [
$exp_days == 30 ] || [ $exp_days == 20 ] || [ $exp_days == 10 ]; then

                         mail_string=`ldbsearch -H
/usr/local/samba/private/sam.ldb -s sub -b $basedn cn=$user mail | grep
mail`
                         echo "Gotcha: $user" | mail -s "WARNING: Your
domain account password will expire in $exp_days days!" ${mail_string:6}

                         echo "mail sent to user $user via
${mail_string:6}, password will expire in $exp_days days"

                 fi
         fi

         echo ""

done


On 09.02.2017 11:44, mj via samba wrote:

>
>
> On 02/09/2017 11:25 AM, Ole Traupe via samba wrote:
>> Exactly, and got reminded that I don't have to grep anything but can ask
>> for specific parameters. Been a while that I used ldbsearch. ;)
>>
>
> So there will be an updated version of your script? :-)
>
> Your script is something we could use as well, appreciated!
>
> MJ
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
In reply to this post by Samba - General mailing list
NOBODY updates my scripts! Except whoever wants, of course. ;)

Would you mind going into details regarding you changes?

Ole



On 09.02.2017 12:02, Rowland Penny via samba wrote:

> On Thu, 9 Feb 2017 11:26:55 +0100
> Ole Traupe <[hidden email]> wrote:
>
>> But I got the timestamp subtraction constant right from the beginning!
>
> Hope you don't mind but I updated your script ;-)
>
> #!/bin/bash
>
> ### Set system defaults
>
> # Get path to sam.ldb
> LDBDIR=$(samba -b | grep 'PRIVATE_DIR' | awk -F ':' '{print $NF}' | sed 's/^ *//g')
> if [ -z "${LDBDIR}" ]; then
>      echo "This is supposed to be a DC, but cannot obtain the Private dir."
>      echo "Cannot Continue...Exiting."
>      exit 1
> else
>      LDBDB="${LDBDIR}/sam.ldb"
> fi
>
> # Get the default naming context of the domain # DC=samdom,DC=example,DC=com
> domainDN=$(ldbsearch -H "${LDBDB}" -b "" -s base defaultNamingContext | grep 'defaultNamingContext' | sed 's|defaultNamingContext: ||')
> if [ -z "${domainDN}" ]; then
>      echo "Could not obtain AD rootDSE"
>      exit 1
> fi
>
> user_list=$(wbinfo -u)
>
> for user in $user_list; do
>      user=$(echo "${user}" | awk -F '\\' '{print $2}')
>      user_expire_date=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" msDS-UserPasswordExpiryTimeComputed | grep "msDS-UserPasswordExpiryTimeComputed: " | sed "s|msDS-UserPasswordExpiryTimeComputed: ||")
>      UNIXTimeStamp=$((("${user_expire_date}"/10000000)-11644473600))
>      date_now=$(date +%s)
>      exp_days=$((("${UNIXTimeStamp}" - "${date_now}") / 3600 / 24))
>      if [ "${exp_days}" -le "0" ]; then
>          mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" mail | grep mail: | sed "s|mail: ||")
>          if [ -n "${mail_string}" ]; then
>              echo "Gotcha: ${user}" | mail -s "WARNING: Your domain account password has expired!!!" "${mail_string}"
>          fi
>      elif [ "${exp_days}" == "90" ] || [ "${exp_days}" == "60" ] || [ "${exp_days}" == "30" ]; then
>            mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" mail | grep mail: | sed "s|mail: ||")
>            if [ -n "${mail_string}" ]; then
>                echo echo "Gotcha: ${user}" | mail -s "WARNING: Your domain account password will expire in ${exp_days} days!" "${mail_string}"
>            fi
>      fi
> done
>
> exit 0
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
On Thu, 9 Feb 2017 12:21:35 +0100
Ole Traupe via samba <[hidden email]> wrote:

> NOBODY updates my scripts! Except whoever wants, of course. ;)
>
> Would you mind going into details regarding you changes?
>
> Ole

It will run a Samba AD DC and find the path to sam.ldb, this way it
work on any DC

It then finds the default naming context i.e.
DC=samdom,DC=example,DC=com
This way you don't have to enter it.
It then uses this in the searches

It also uses '(objectCategory=person)', this ensures you only get users
and not computers (you did know that a computer is also a user, didn't
you)

It uses the users 'msDS-UserPasswordExpiryTimeComputed' attribute
contents.

If a user doesn't change the password and it expires, it sends a
different email.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
In reply to this post by Samba - General mailing list
Never mind. However, with your update I get the following error right on
the first found "user":

./mailtest_rowland.sh: line 27: (""/10000000)-11644473600: syntax error:
operand expected (error token is """/10000000)-11644473600")

Ole


On 09.02.2017 12:21, Ole Traupe via samba wrote:

> NOBODY updates my scripts! Except whoever wants, of course. ;)
>
> Would you mind going into details regarding you changes?
>
> Ole
>
>
>
> On 09.02.2017 12:02, Rowland Penny via samba wrote:
>> On Thu, 9 Feb 2017 11:26:55 +0100
>> Ole Traupe <[hidden email]> wrote:
>>
>>> But I got the timestamp subtraction constant right from the beginning!
>>
>> Hope you don't mind but I updated your script ;-)
>>
>> #!/bin/bash
>>
>> ### Set system defaults
>>
>> # Get path to sam.ldb
>> LDBDIR=$(samba -b | grep 'PRIVATE_DIR' | awk -F ':' '{print $NF}' |
>> sed 's/^ *//g')
>> if [ -z "${LDBDIR}" ]; then
>>      echo "This is supposed to be a DC, but cannot obtain the Private
>> dir."
>>      echo "Cannot Continue...Exiting."
>>      exit 1
>> else
>>      LDBDB="${LDBDIR}/sam.ldb"
>> fi
>>
>> # Get the default naming context of the domain #
>> DC=samdom,DC=example,DC=com
>> domainDN=$(ldbsearch -H "${LDBDB}" -b "" -s base defaultNamingContext
>> | grep 'defaultNamingContext' | sed 's|defaultNamingContext: ||')
>> if [ -z "${domainDN}" ]; then
>>      echo "Could not obtain AD rootDSE"
>>      exit 1
>> fi
>>
>> user_list=$(wbinfo -u)
>>
>> for user in $user_list; do
>>      user=$(echo "${user}" | awk -F '\\' '{print $2}')
>>      user_expire_date=$(ldbsearch --url="${LDBDB}" -b "${domainDN}"
>> -s sub
>> "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))"
>> msDS-UserPasswordExpiryTimeComputed | grep
>> "msDS-UserPasswordExpiryTimeComputed: " | sed
>> "s|msDS-UserPasswordExpiryTimeComputed: ||")
>> UNIXTimeStamp=$((("${user_expire_date}"/10000000)-11644473600))
>>      date_now=$(date +%s)
>>      exp_days=$((("${UNIXTimeStamp}" - "${date_now}") / 3600 / 24))
>>      if [ "${exp_days}" -le "0" ]; then
>>          mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s
>> sub
>> "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))"
>> mail | grep mail: | sed "s|mail: ||")
>>          if [ -n "${mail_string}" ]; then
>>              echo "Gotcha: ${user}" | mail -s "WARNING: Your domain
>> account password has expired!!!" "${mail_string}"
>>          fi
>>      elif [ "${exp_days}" == "90" ] || [ "${exp_days}" == "60" ] || [
>> "${exp_days}" == "30" ]; then
>>            mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}"
>> -s sub
>> "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))"
>> mail | grep mail: | sed "s|mail: ||")
>>            if [ -n "${mail_string}" ]; then
>>                echo echo "Gotcha: ${user}" | mail -s "WARNING: Your
>> domain account password will expire in ${exp_days} days!"
>> "${mail_string}"
>>            fi
>>      fi
>> done
>>
>> exit 0
>>
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
On Thu, 9 Feb 2017 12:49:12 +0100
Ole Traupe via samba <[hidden email]> wrote:

> Never mind. However, with your update I get the following error right
> on the first found "user":
>
> ./mailtest_rowland.sh: line 27: (""/10000000)-11644473600: syntax
> error: operand expected (error token is """/10000000)-11644473600")
>

I initially got that, so I added:
user=$(echo "${user}" | awk -F '\\' '{print $2}')

because, 'wbinfo -u' gives you 'DOMAIN\username'

It looks like for some reason this is failing, are you using 'dash'
instead of 'bash' ?

You could try adding 'echo "User: ${user}" ' above and below line 25

i.e. Change:

for user in $user_list; do
    user=$(echo "${user}" | awk -F '\\' '{print $2}')

To:

for user in $user_list; do
    echo "User: ${user}"
    user=$(echo "${user}" | awk -F '\\' '{print $2}')
    echo "User: ${user}"
    break

This should print the username before and after the removal of the
domain name and then break out of the loop.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
Hi Rowland,

I'm getting the same error here, on bash.

Edited the script per your request, and the output looks sane:

> root@dc4:~# ./expired_passwords
> User: DOMAIN\onyteemenam
> User: onyteemenam
> root@dc4:~#

So no problem there?

I'm on debian wheezy with samba 4.4.4.

MJ

On 02/09/2017 01:14 PM, Rowland Penny via samba wrote:

> On Thu, 9 Feb 2017 12:49:12 +0100
> Ole Traupe via samba <[hidden email]> wrote:
>
>> Never mind. However, with your update I get the following error right
>> on the first found "user":
>>
>> ./mailtest_rowland.sh: line 27: (""/10000000)-11644473600: syntax
>> error: operand expected (error token is """/10000000)-11644473600")
>>
>
> I initially got that, so I added:
> user=$(echo "${user}" | awk -F '\\' '{print $2}')
>
> because, 'wbinfo -u' gives you 'DOMAIN\username'
>
> It looks like for some reason this is failing, are you using 'dash'
> instead of 'bash' ?
>
> You could try adding 'echo "User: ${user}" ' above and below line 25
>
> i.e. Change:
>
> for user in $user_list; do
>     user=$(echo "${user}" | awk -F '\\' '{print $2}')
>
> To:
>
> for user in $user_list; do
>     echo "User: ${user}"
>     user=$(echo "${user}" | awk -F '\\' '{print $2}')
>     echo "User: ${user}"
>     break
>
> This should print the username before and after the removal of the
> domain name and then break out of the loop.
>
> Rowland
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
In reply to this post by Samba - General mailing list
Actually, there were 2 problems. These lines work for me:

     #user=$(echo "${user}" | awk -F '\\' '{print $2}')
     user_expire_date=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s
sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))"
msDS-UserPasswordExpiryTimeComputed | grep
"msDS-UserPasswordExpiryTimeComputed: " | sed
"s|msDS-UserPasswordExpiryTimeComputed: ||")
     UNIXTimeStamp=$(((${user_expire_date}/10000000)-11644473600))
     date_now=$(date +%s)
     exp_days=$(((${UNIXTimeStamp} - ${date_now}) / 3600 / 24))

With the 'awk' the user is empty. Querying $user before the awk shows
the correct user name without "DOMAIN\". This line seems not to be
necessary for me.

I also had to remove the quotes in the 3rd and last of these lines:

e.g.
./mailtest_rowland.sh: line 29:
("131479598790000000"/10000000)-11644473600: syntax error: operand
expected (error token is ""131479598790000000"/10000000)-11644473600")

Ole


On 09.02.2017 13:14, Rowland Penny wrote:

> On Thu, 9 Feb 2017 12:49:12 +0100
> Ole Traupe via samba <[hidden email]> wrote:
>
>> Never mind. However, with your update I get the following error right
>> on the first found "user":
>>
>> ./mailtest_rowland.sh: line 27: (""/10000000)-11644473600: syntax
>> error: operand expected (error token is """/10000000)-11644473600")
>>
> I initially got that, so I added:
> user=$(echo "${user}" | awk -F '\\' '{print $2}')
>
> because, 'wbinfo -u' gives you 'DOMAIN\username'
>
> It looks like for some reason this is failing, are you using 'dash'
> instead of 'bash' ?
>
> You could try adding 'echo "User: ${user}" ' above and below line 25
>
> i.e. Change:
>
> for user in $user_list; do
>      user=$(echo "${user}" | awk -F '\\' '{print $2}')
>
> To:
>
> for user in $user_list; do
>      echo "User: ${user}"
>      user=$(echo "${user}" | awk -F '\\' '{print $2}')
>      echo "User: ${user}"
>      break
>
> This should print the username before and after the removal of the
> domain name and then break out of the loop.
>
> Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
On Thu, 9 Feb 2017 13:40:29 +0100
Ole Traupe <[hidden email]> wrote:

> Actually, there were 2 problems. These lines work for me:
>

There you go for relying on 'shellcheck', it didn't raise an error on
the quotes, but it did after I removed them ;-)

so here is the latest version of the script:

#!/bin/bash

# Get path to sam.ldb
LDBDIR=$(samba -b | grep 'PRIVATE_DIR' | awk -F ':' '{print $NF}' | sed 's/^ *//g')
if [ -z "${LDBDIR}" ]; then
    echo "This is supposed to be a DC, but cannot obtain the Private dir."
    echo "Cannot Continue...Exiting."
    exit 1
else
    LDBDB="${LDBDIR}/sam.ldb"
fi

# Get the default naming context of the domain # DC=samdom,DC=example,DC=com
domainDN=$(ldbsearch -H "${LDBDB}" -b "" -s base defaultNamingContext | grep 'defaultNamingContext' | sed 's|defaultNamingContext: ||')
if [ -z "${domainDN}" ]; then
    echo "Could not obtain AD rootDSE"
    exit 1
fi

user_list=$(wbinfo -u)

for user in $user_list; do
    user=$(echo "${user}" | awk -F '\\' '{print $2}')
    user_expire_date=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" msDS-UserPasswordExpiryTimeComputed | grep "msDS-UserPasswordExpiryTimeComputed: " | sed "s|msDS-UserPasswordExpiryTimeComputed: ||")
    UNIXTimeStamp=$(((user_expire_date/10000000)-11644473600))
    date_now=$(date +%s)
    exp_days=$(((UNIXTimeStamp - date_now) / 3600 / 24))
    if [ "${exp_days}" -le "0" ]; then
        mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" mail | grep mail: | sed "s|mail: ||")
        if [ -n "${mail_string}" ]; then
            echo "Gotcha: ${user}" | mail -s "WARNING: Your domain account password has expired!!!" "${mail_string}"
        fi
    elif [ "${exp_days}" == "90" ] || [ "${exp_days}" == "60" ] || [ "${exp_days}" == "30" ]; then
          mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" mail | grep mail: | sed "s|mail: ||")
          if [ -n "${mail_string}" ]; then
              echo echo "Gotcha: ${user}" | mail -s "WARNING: Your domain account password will expire in ${exp_days} days!" "${mail_string}"
          fi
    fi
done

exit 0

It has been tested on bash, don't know if it will work on dash etc

I have to have the line:

user=$(echo "${user}" | awk -F '\\' '{print $2}')

Or I get:

ldb_handler_fold: unable to casefold string [SAMDOM�ministrator]

and All my users have expired passwords, which they haven't

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Thu, 9 Feb 2017 13:40:29 +0100
Ole Traupe <[hidden email]> wrote:

>
> With the 'awk' the user is empty. Querying $user before the awk shows
> the correct user name without "DOMAIN\". This line seems not to be
> necessary for me.
>

Just noticed this, are you running this on a Samba AD DC and if so, why
are you not getting the DOMAIN name in front of the username ??

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
In reply to this post by Samba - General mailing list
I am running this on a CentOS 6.7 DC with Samba version 4.2.5.

Ole



On 09.02.2017 13:40, Ole Traupe via samba wrote:

> Actually, there were 2 problems. These lines work for me:
>
>     #user=$(echo "${user}" | awk -F '\\' '{print $2}')
>     user_expire_date=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s
> sub
> "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))"
> msDS-UserPasswordExpiryTimeComputed | grep
> "msDS-UserPasswordExpiryTimeComputed: " | sed
> "s|msDS-UserPasswordExpiryTimeComputed: ||")
>     UNIXTimeStamp=$(((${user_expire_date}/10000000)-11644473600))
>     date_now=$(date +%s)
>     exp_days=$(((${UNIXTimeStamp} - ${date_now}) / 3600 / 24))
>
> With the 'awk' the user is empty. Querying $user before the awk shows
> the correct user name without "DOMAIN\". This line seems not to be
> necessary for me.
>
> I also had to remove the quotes in the 3rd and last of these lines:
>
> e.g.
> ./mailtest_rowland.sh: line 29:
> ("131479598790000000"/10000000)-11644473600: syntax error: operand
> expected (error token is ""131479598790000000"/10000000)-11644473600")
>
> Ole
>
>
> On 09.02.2017 13:14, Rowland Penny wrote:
>> On Thu, 9 Feb 2017 12:49:12 +0100
>> Ole Traupe via samba <[hidden email]> wrote:
>>
>>> Never mind. However, with your update I get the following error right
>>> on the first found "user":
>>>
>>> ./mailtest_rowland.sh: line 27: (""/10000000)-11644473600: syntax
>>> error: operand expected (error token is """/10000000)-11644473600")
>>>
>> I initially got that, so I added:
>> user=$(echo "${user}" | awk -F '\\' '{print $2}')
>>
>> because, 'wbinfo -u' gives you 'DOMAIN\username'
>>
>> It looks like for some reason this is failing, are you using 'dash'
>> instead of 'bash' ?
>>
>> You could try adding 'echo "User: ${user}" ' above and below line 25
>>
>> i.e. Change:
>>
>> for user in $user_list; do
>>      user=$(echo "${user}" | awk -F '\\' '{print $2}')
>>
>> To:
>>
>> for user in $user_list; do
>>      echo "User: ${user}"
>>      user=$(echo "${user}" | awk -F '\\' '{print $2}')
>>      echo "User: ${user}"
>>      break
>>
>> This should print the username before and after the removal of the
>> domain name and then break out of the loop.
>>
>> Rowland
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
In reply to this post by Samba - General mailing list
Beats me. ;)

Ole


On 09.02.2017 14:09, Rowland Penny via samba wrote:

> On Thu, 9 Feb 2017 13:40:29 +0100
> Ole Traupe <[hidden email]> wrote:
>
>> With the 'awk' the user is empty. Querying $user before the awk shows
>> the correct user name without "DOMAIN\". This line seems not to be
>> necessary for me.
>>
> Just noticed this, are you running this on a Samba AD DC and if so, why
> are you not getting the DOMAIN name in front of the username ??
>
> Rowland
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
On Thu, 9 Feb 2017 14:28:21 +0100
Ole Traupe via samba <[hidden email]> wrote:

> Beats me. ;)

And me ;-)

If I run wbinfo -u , I get:

SAMDOM\albert
SAMDOM\administrator
SAMDOM\rowland
SAMDOM\suser5
SAMDOM\suser6
SAMDOM\suser3
..........
.......
....

Yours Mystified

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Users list and the date the password will expire

Samba - General mailing list
I only get the usernames:

[...]
bcistudent01
bcistudent02
bcistudent03
bcistudent04
bcistudent05
bcistudent06
neuroergo10
neuroergo1
neuroergo2
neuroergo3
neuroergo4
[...]

Same on member servers, btw. Initially I thought this comes from
"winbind: use default domain", but this is neither present on my DCs nor
would it have any effect (afaik).

Anyways, no problem for me to accommodate your script to my environment.
Thank you for your valuable extensions!

Ole



On 09.02.2017 14:39, Rowland Penny via samba wrote:

> On Thu, 9 Feb 2017 14:28:21 +0100
> Ole Traupe via samba <[hidden email]> wrote:
>
>> Beats me. ;)
> And me ;-)
>
> If I run wbinfo -u , I get:
>
> SAMDOM\albert
> SAMDOM\administrator
> SAMDOM\rowland
> SAMDOM\suser5
> SAMDOM\suser6
> SAMDOM\suser3
> ..........
> .......
> ....
>
> Yours Mystified
>
> Rowland
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
123