NOBODY updates my scripts! Except whoever wants, of course. ;) Would you mind going into details regarding you changes? Ole On 09.02.2017 12:02, Rowland Penny via samba wrote:> On Thu, 9 Feb 2017 11:26:55 +0100 > Ole Traupe <ole.traupe at tu-berlin.de> wrote: > >> But I got the timestamp subtraction constant right from the beginning! > > Hope you don't mind but I updated your script ;-) > > #!/bin/bash > > ### Set system defaults > > # Get path to sam.ldb > LDBDIR=$(samba -b | grep 'PRIVATE_DIR' | awk -F ':' '{print $NF}' | sed 's/^ *//g') > if [ -z "${LDBDIR}" ]; then > echo "This is supposed to be a DC, but cannot obtain the Private dir." > echo "Cannot Continue...Exiting." > exit 1 > else > LDBDB="${LDBDIR}/sam.ldb" > fi > > # Get the default naming context of the domain # DC=samdom,DC=example,DC=com > domainDN=$(ldbsearch -H "${LDBDB}" -b "" -s base defaultNamingContext | grep 'defaultNamingContext' | sed 's|defaultNamingContext: ||') > if [ -z "${domainDN}" ]; then > echo "Could not obtain AD rootDSE" > exit 1 > fi > > user_list=$(wbinfo -u) > > for user in $user_list; do > user=$(echo "${user}" | awk -F '\\' '{print $2}') > user_expire_date=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" msDS-UserPasswordExpiryTimeComputed | grep "msDS-UserPasswordExpiryTimeComputed: " | sed "s|msDS-UserPasswordExpiryTimeComputed: ||") > UNIXTimeStamp=$((("${user_expire_date}"/10000000)-11644473600)) > date_now=$(date +%s) > exp_days=$((("${UNIXTimeStamp}" - "${date_now}") / 3600 / 24)) > if [ "${exp_days}" -le "0" ]; then > mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" mail | grep mail: | sed "s|mail: ||") > if [ -n "${mail_string}" ]; then > echo "Gotcha: ${user}" | mail -s "WARNING: Your domain account password has expired!!!" "${mail_string}" > fi > elif [ "${exp_days}" == "90" ] || [ "${exp_days}" == "60" ] || [ "${exp_days}" == "30" ]; then > mail_string=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" mail | grep mail: | sed "s|mail: ||") > if [ -n "${mail_string}" ]; then > echo echo "Gotcha: ${user}" | mail -s "WARNING: Your domain account password will expire in ${exp_days} days!" "${mail_string}" > fi > fi > done > > exit 0 >
Rowland Penny
2017-Feb-09 11:38 UTC
[Samba] Users list and the date the password will expire
On Thu, 9 Feb 2017 12:21:35 +0100 Ole Traupe via samba <samba at lists.samba.org> wrote:> NOBODY updates my scripts! Except whoever wants, of course. ;) > > Would you mind going into details regarding you changes? > > OleIt will run a Samba AD DC and find the path to sam.ldb, this way it work on any DC It then finds the default naming context i.e. DC=samdom,DC=example,DC=com This way you don't have to enter it. It then uses this in the searches It also uses '(objectCategory=person)', this ensures you only get users and not computers (you did know that a computer is also a user, didn't you) It uses the users 'msDS-UserPasswordExpiryTimeComputed' attribute contents. If a user doesn't change the password and it expires, it sends a different email. Rowland
Never mind. However, with your update I get the following error right on
the first found "user":
./mailtest_rowland.sh: line 27: (""/10000000)-11644473600: syntax
error:
operand expected (error token is """/10000000)-11644473600")
Ole
On 09.02.2017 12:21, Ole Traupe via samba wrote:> NOBODY updates my scripts! Except whoever wants, of course. ;)
>
> Would you mind going into details regarding you changes?
>
> Ole
>
>
>
> On 09.02.2017 12:02, Rowland Penny via samba wrote:
>> On Thu, 9 Feb 2017 11:26:55 +0100
>> Ole Traupe <ole.traupe at tu-berlin.de> wrote:
>>
>>> But I got the timestamp subtraction constant right from the
beginning!
>>
>> Hope you don't mind but I updated your script ;-)
>>
>> #!/bin/bash
>>
>> ### Set system defaults
>>
>> # Get path to sam.ldb
>> LDBDIR=$(samba -b | grep 'PRIVATE_DIR' | awk -F ':'
'{print $NF}' |
>> sed 's/^ *//g')
>> if [ -z "${LDBDIR}" ]; then
>> echo "This is supposed to be a DC, but cannot obtain the
Private
>> dir."
>> echo "Cannot Continue...Exiting."
>> exit 1
>> else
>> LDBDB="${LDBDIR}/sam.ldb"
>> fi
>>
>> # Get the default naming context of the domain #
>> DC=samdom,DC=example,DC=com
>> domainDN=$(ldbsearch -H "${LDBDB}" -b "" -s base
defaultNamingContext
>> | grep 'defaultNamingContext' | sed
's|defaultNamingContext: ||')
>> if [ -z "${domainDN}" ]; then
>> echo "Could not obtain AD rootDSE"
>> exit 1
>> fi
>>
>> user_list=$(wbinfo -u)
>>
>> for user in $user_list; do
>> user=$(echo "${user}" | awk -F '\\' '{print
$2}')
>> user_expire_date=$(ldbsearch --url="${LDBDB}" -b
"${domainDN}"
>> -s sub
>>
"(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))"
>> msDS-UserPasswordExpiryTimeComputed | grep
>> "msDS-UserPasswordExpiryTimeComputed: " | sed
>> "s|msDS-UserPasswordExpiryTimeComputed: ||")
>>
UNIXTimeStamp=$((("${user_expire_date}"/10000000)-11644473600))
>> date_now=$(date +%s)
>> exp_days=$((("${UNIXTimeStamp}" -
"${date_now}") / 3600 / 24))
>> if [ "${exp_days}" -le "0" ]; then
>> mail_string=$(ldbsearch --url="${LDBDB}" -b
"${domainDN}" -s
>> sub
>>
"(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))"
>> mail | grep mail: | sed "s|mail: ||")
>> if [ -n "${mail_string}" ]; then
>> echo "Gotcha: ${user}" | mail -s "WARNING:
Your domain
>> account password has expired!!!" "${mail_string}"
>> fi
>> elif [ "${exp_days}" == "90" ] || [
"${exp_days}" == "60" ] || [
>> "${exp_days}" == "30" ]; then
>> mail_string=$(ldbsearch --url="${LDBDB}" -b
"${domainDN}"
>> -s sub
>>
"(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))"
>> mail | grep mail: | sed "s|mail: ||")
>> if [ -n "${mail_string}" ]; then
>> echo echo "Gotcha: ${user}" | mail -s
"WARNING: Your
>> domain account password will expire in ${exp_days} days!"
>> "${mail_string}"
>> fi
>> fi
>> done
>>
>> exit 0
>>
>
>
Rowland Penny
2017-Feb-09 12:14 UTC
[Samba] Users list and the date the password will expire
On Thu, 9 Feb 2017 12:49:12 +0100 Ole Traupe via samba <samba at lists.samba.org> wrote:> Never mind. However, with your update I get the following error right > on the first found "user": > > ./mailtest_rowland.sh: line 27: (""/10000000)-11644473600: syntax > error: operand expected (error token is """/10000000)-11644473600") >I initially got that, so I added: user=$(echo "${user}" | awk -F '\\' '{print $2}') because, 'wbinfo -u' gives you 'DOMAIN\username' It looks like for some reason this is failing, are you using 'dash' instead of 'bash' ? You could try adding 'echo "User: ${user}" ' above and below line 25 i.e. Change: for user in $user_list; do user=$(echo "${user}" | awk -F '\\' '{print $2}') To: for user in $user_list; do echo "User: ${user}" user=$(echo "${user}" | awk -F '\\' '{print $2}') echo "User: ${user}" break This should print the username before and after the removal of the domain name and then break out of the loop. Rowland