Rowland Penny
2017-Mar-26 08:20 UTC
[Samba] Users list and the date the password will expire
On Sun, 26 Mar 2017 00:16:13 -0400 Mark Foley via samba <samba at lists.samba.org> wrote:> > ldbsearch --url="/var/lib/samba/private/sam.ldb" -b > "DC=hprs,DC=local" -s sub > "(&(objectCategory=person)(objectClass=user)(sAMAccountName=mark))" > msDS-UserPasswordExpiryTimeComputed > > returns 0 records. Certainly because the --url refers the the > PRIVATE_DIR on the domain server, not the domain member. using > mail:/var/lib/... or mail.hprs.local:/var/lib/... and a few other > variations I could think of did not work. > > So, how do I get msDS-UserPasswordExpiryTimeComputed from a domain > member? >Try this: ldbsearch --url=ldap://A_DC_HOSTNAME -b "DC=hprs,DC=local" -s sub "(&(sAMAccountType=805306368)(sAMAccountName=mark))" msDS-UserPasswordExpiryTimeComputed Replace 'A_DC_HOSTNAME' with your DCs short hostname. Rowland
On 26 Mar 2017 09:20:35 +0100 Rowland Penny wrote> > On Sun, 26 Mar 2017 00:16:13 -0400 > Mark Foley via samba <samba at lists.samba.org> wrote: > > > > > ldbsearch --url="/var/lib/samba/private/sam.ldb" -b > > "DC=hprs,DC=local" -s sub > > "(&(objectCategory=person)(objectClass=user)(sAMAccountName=mark))" > > msDS-UserPasswordExpiryTimeComputed > > > > returns 0 records. Certainly because the --url refers the the > > PRIVATE_DIR on the domain server, not the domain member. using > > mail:/var/lib/... or mail.hprs.local:/var/lib/... and a few other > > variations I could think of did not work. > > > > So, how do I get msDS-UserPasswordExpiryTimeComputed from a domain > > member? > > > > Try this: > > ldbsearch --url=ldap://A_DC_HOSTNAME -b "DC=hprs,DC=local" -s sub > "(&(sAMAccountType=805306368)(sAMAccountName=mark))" > msDS-UserPasswordExpiryTimeComputed > > Replace 'A_DC_HOSTNAME' with your DCs short hostname. > > Rowlandas root: ldbsearch --url=ldap://mail -b "DC=hprs,DC=local" -s sub "(&(sAMAccountType=805306368)(sAMAccountName=mark))" msDS-UserPasswordExpiryTimeComputed search error - LDAP error 1 LDAP_OPERATIONS_ERROR - <00002020: Operation unavailable without authentication> <> When I added `-U user%pass` it worked. I don't suppose there is a way to NOT specify the password? I'd rather not have to propigate the domain administrator's password among all the domain members (-N did not work). Thanks --Mark
Rowland Penny
2017-Mar-26 18:53 UTC
[Samba] Users list and the date the password will expire
On Sun, 26 Mar 2017 14:32:53 -0400 Mark Foley via samba <samba at lists.samba.org> wrote:> as root: > > ldbsearch --url=ldap://mail -b "DC=hprs,DC=local" -s sub > "(&(sAMAccountType=805306368)(sAMAccountName=mark))" > msDS-UserPasswordExpiryTimeComputed > > search error - LDAP error 1 LDAP_OPERATIONS_ERROR - <00002020: > Operation unavailable without authentication> <> > > When I added `-U user%pass` it worked. I don't suppose there is a way > to NOT specify the password? I'd rather not have to propigate the > domain administrator's password among all the domain members (-N did > not work). > > Thanks --Mark >Sorry, forgot about the required authentication, try it with '-P' without '-U administrator' Rowland