Rowland Penny
2017-Feb-09 12:14 UTC
[Samba] Users list and the date the password will expire
On Thu, 9 Feb 2017 12:49:12 +0100 Ole Traupe via samba <samba at lists.samba.org> wrote:> Never mind. However, with your update I get the following error right > on the first found "user": > > ./mailtest_rowland.sh: line 27: (""/10000000)-11644473600: syntax > error: operand expected (error token is """/10000000)-11644473600") >I initially got that, so I added: user=$(echo "${user}" | awk -F '\\' '{print $2}') because, 'wbinfo -u' gives you 'DOMAIN\username' It looks like for some reason this is failing, are you using 'dash' instead of 'bash' ? You could try adding 'echo "User: ${user}" ' above and below line 25 i.e. Change: for user in $user_list; do user=$(echo "${user}" | awk -F '\\' '{print $2}') To: for user in $user_list; do echo "User: ${user}" user=$(echo "${user}" | awk -F '\\' '{print $2}') echo "User: ${user}" break This should print the username before and after the removal of the domain name and then break out of the loop. Rowland
Hi Rowland, I'm getting the same error here, on bash. Edited the script per your request, and the output looks sane:> root at dc4:~# ./expired_passwords > User: DOMAIN\onyteemenam > User: onyteemenam > root at dc4:~#So no problem there? I'm on debian wheezy with samba 4.4.4. MJ On 02/09/2017 01:14 PM, Rowland Penny via samba wrote:> On Thu, 9 Feb 2017 12:49:12 +0100 > Ole Traupe via samba <samba at lists.samba.org> wrote: > >> Never mind. However, with your update I get the following error right >> on the first found "user": >> >> ./mailtest_rowland.sh: line 27: (""/10000000)-11644473600: syntax >> error: operand expected (error token is """/10000000)-11644473600") >> > > I initially got that, so I added: > user=$(echo "${user}" | awk -F '\\' '{print $2}') > > because, 'wbinfo -u' gives you 'DOMAIN\username' > > It looks like for some reason this is failing, are you using 'dash' > instead of 'bash' ? > > You could try adding 'echo "User: ${user}" ' above and below line 25 > > i.e. Change: > > for user in $user_list; do > user=$(echo "${user}" | awk -F '\\' '{print $2}') > > To: > > for user in $user_list; do > echo "User: ${user}" > user=$(echo "${user}" | awk -F '\\' '{print $2}') > echo "User: ${user}" > break > > This should print the username before and after the removal of the > domain name and then break out of the loop. > > Rowland >
Actually, there were 2 problems. These lines work for me: #user=$(echo "${user}" | awk -F '\\' '{print $2}') user_expire_date=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" msDS-UserPasswordExpiryTimeComputed | grep "msDS-UserPasswordExpiryTimeComputed: " | sed "s|msDS-UserPasswordExpiryTimeComputed: ||") UNIXTimeStamp=$(((${user_expire_date}/10000000)-11644473600)) date_now=$(date +%s) exp_days=$(((${UNIXTimeStamp} - ${date_now}) / 3600 / 24)) With the 'awk' the user is empty. Querying $user before the awk shows the correct user name without "DOMAIN\". This line seems not to be necessary for me. I also had to remove the quotes in the 3rd and last of these lines: e.g. ./mailtest_rowland.sh: line 29: ("131479598790000000"/10000000)-11644473600: syntax error: operand expected (error token is ""131479598790000000"/10000000)-11644473600") Ole On 09.02.2017 13:14, Rowland Penny wrote:> On Thu, 9 Feb 2017 12:49:12 +0100 > Ole Traupe via samba <samba at lists.samba.org> wrote: > >> Never mind. However, with your update I get the following error right >> on the first found "user": >> >> ./mailtest_rowland.sh: line 27: (""/10000000)-11644473600: syntax >> error: operand expected (error token is """/10000000)-11644473600") >> > I initially got that, so I added: > user=$(echo "${user}" | awk -F '\\' '{print $2}') > > because, 'wbinfo -u' gives you 'DOMAIN\username' > > It looks like for some reason this is failing, are you using 'dash' > instead of 'bash' ? > > You could try adding 'echo "User: ${user}" ' above and below line 25 > > i.e. Change: > > for user in $user_list; do > user=$(echo "${user}" | awk -F '\\' '{print $2}') > > To: > > for user in $user_list; do > echo "User: ${user}" > user=$(echo "${user}" | awk -F '\\' '{print $2}') > echo "User: ${user}" > break > > This should print the username before and after the removal of the > domain name and then break out of the loop. > > Rowland
Rowland Penny
2017-Feb-09 13:02 UTC
[Samba] Users list and the date the password will expire
On Thu, 9 Feb 2017 13:40:29 +0100 Ole Traupe <ole.traupe at tu-berlin.de> wrote:> Actually, there were 2 problems. These lines work for me: >There you go for relying on 'shellcheck', it didn't raise an error on the quotes, but it did after I removed them ;-) so here is the latest version of the script: #!/bin/bash # Get path to sam.ldb LDBDIR=$(samba -b | grep 'PRIVATE_DIR' | awk -F ':' '{print $NF}' | sed 's/^ *//g') if [ -z "${LDBDIR}" ]; then echo "This is supposed to be a DC, but cannot obtain the Private dir." echo "Cannot Continue...Exiting." exit 1 else LDBDB="${LDBDIR}/sam.ldb" fi # Get the default naming context of the domain # DC=samdom,DC=example,DC=com domainDN=$(ldbsearch -H "${LDBDB}" -b "" -s base defaultNamingContext | grep 'defaultNamingContext' | sed 's|defaultNamingContext: ||') if [ -z "${domainDN}" ]; then echo "Could not obtain AD rootDSE" exit 1 fi user_list=$(wbinfo -u) for user in $user_list; do user=$(echo "${user}" | awk -F '\\' '{print $2}') user_expire_date=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" msDS-UserPasswordExpiryTimeComputed | grep "msDS-UserPasswordExpiryTimeComputed: " | sed "s|msDS-UserPasswordExpiryTimeComputed: ||") UNIXTimeStamp=$(((user_expire_date/10000000)-11644473600)) date_now=$(date +%s) exp_days=$(((UNIXTimeStamp - date_now) / 3600 / 24)) if [ "${exp_days}" -le "0" ]; then mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" mail | grep mail: | sed "s|mail: ||") if [ -n "${mail_string}" ]; then echo "Gotcha: ${user}" | mail -s "WARNING: Your domain account password has expired!!!" "${mail_string}" fi elif [ "${exp_days}" == "90" ] || [ "${exp_days}" == "60" ] || [ "${exp_days}" == "30" ]; then mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" mail | grep mail: | sed "s|mail: ||") if [ -n "${mail_string}" ]; then echo echo "Gotcha: ${user}" | mail -s "WARNING: Your domain account password will expire in ${exp_days} days!" "${mail_string}" fi fi done exit 0 It has been tested on bash, don't know if it will work on dash etc I have to have the line: user=$(echo "${user}" | awk -F '\\' '{print $2}') Or I get: ldb_handler_fold: unable to casefold string [SAMDOM�ministrator] and All my users have expired passwords, which they haven't Rowland
Rowland Penny
2017-Feb-09 13:09 UTC
[Samba] Users list and the date the password will expire
On Thu, 9 Feb 2017 13:40:29 +0100 Ole Traupe <ole.traupe at tu-berlin.de> wrote:> > With the 'awk' the user is empty. Querying $user before the awk shows > the correct user name without "DOMAIN\". This line seems not to be > necessary for me. >Just noticed this, are you running this on a Samba AD DC and if so, why are you not getting the DOMAIN name in front of the username ?? Rowland
I am running this on a CentOS 6.7 DC with Samba version 4.2.5. Ole On 09.02.2017 13:40, Ole Traupe via samba wrote:> Actually, there were 2 problems. These lines work for me: > > #user=$(echo "${user}" | awk -F '\\' '{print $2}') > user_expire_date=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s > sub > "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" > msDS-UserPasswordExpiryTimeComputed | grep > "msDS-UserPasswordExpiryTimeComputed: " | sed > "s|msDS-UserPasswordExpiryTimeComputed: ||") > UNIXTimeStamp=$(((${user_expire_date}/10000000)-11644473600)) > date_now=$(date +%s) > exp_days=$(((${UNIXTimeStamp} - ${date_now}) / 3600 / 24)) > > With the 'awk' the user is empty. Querying $user before the awk shows > the correct user name without "DOMAIN\". This line seems not to be > necessary for me. > > I also had to remove the quotes in the 3rd and last of these lines: > > e.g. > ./mailtest_rowland.sh: line 29: > ("131479598790000000"/10000000)-11644473600: syntax error: operand > expected (error token is ""131479598790000000"/10000000)-11644473600") > > Ole > > > On 09.02.2017 13:14, Rowland Penny wrote: >> On Thu, 9 Feb 2017 12:49:12 +0100 >> Ole Traupe via samba <samba at lists.samba.org> wrote: >> >>> Never mind. However, with your update I get the following error right >>> on the first found "user": >>> >>> ./mailtest_rowland.sh: line 27: (""/10000000)-11644473600: syntax >>> error: operand expected (error token is """/10000000)-11644473600") >>> >> I initially got that, so I added: >> user=$(echo "${user}" | awk -F '\\' '{print $2}') >> >> because, 'wbinfo -u' gives you 'DOMAIN\username' >> >> It looks like for some reason this is failing, are you using 'dash' >> instead of 'bash' ? >> >> You could try adding 'echo "User: ${user}" ' above and below line 25 >> >> i.e. Change: >> >> for user in $user_list; do >> user=$(echo "${user}" | awk -F '\\' '{print $2}') >> >> To: >> >> for user in $user_list; do >> echo "User: ${user}" >> user=$(echo "${user}" | awk -F '\\' '{print $2}') >> echo "User: ${user}" >> break >> >> This should print the username before and after the removal of the >> domain name and then break out of the loop. >> >> Rowland > >