similar to: How to get password expiration?

Displaying 20 results from an estimated 10000 matches similar to: "How to get password expiration?"

2017 Feb 01
3
How to get password expiration?
I want something like so on login Last login: Wed Feb 1 10:47:53 Password Expires: Wed March 1 00:00:00 [myaduser at machine ~]$ I just want them to know when their password expires. On Wed, Feb 1, 2017 at 9:39 AM, mathias dufresne <infractory at gmail.com> wrote: > Plop, > > You'd like to modify .bashrc to auto-disconnect user with expired > password? I thought modern
2017 Feb 01
1
How to get password expiration?
I was thinking of maybe putting a request update password expire time on login and have a system user go find the expire times. with ldap or something? It could put a file in the users home directory with a timestamp of when the user's password expires. Ex: In the bashrc or tcshrc (the global ones) add a line like so touch /tmp/requestpwexpupdate/${USER} and have a cronjob the searches
2017 Feb 02
2
How to get password expiration?
On 01/02/2017 19:12, Jeff Sadowski wrote: > Or maybe better like so on login > > Last login: Wed Feb 1 10:47:53 > Password Expires in 28 days > [myaduser at machine ~]$ Something like this? warn_pwd_expire Defines number of days before pam_winbind starts to warn about passwords that are going to expire. Defaults to 14 days.
2017 Feb 01
0
How to get password expiration?
Or maybe better like so on login Last login: Wed Feb 1 10:47:53 Password Expires in 28 days [myaduser at machine ~]$ On Wed, Feb 1, 2017 at 12:10 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > I want something like so on login > > Last login: Wed Feb 1 10:47:53 > Password Expires: Wed March 1 00:00:00 > [myaduser at machine ~]$ > > I just want them to know
2017 Feb 01
0
How to get password expiration?
Plop, You'd like to modify .bashrc to auto-disconnect user with expired password? I thought modern tools to use AD (SSSD, winbind, nslcd) would come with such a mechanism inside. I do believe to remember some Linux disconnecting me for "disabled user" or "expired password"... Anyway, don't put that into .bashrc, they can modify it. If you really go into that way, uses
2017 Feb 03
2
How to get password expiration?
Actually is there a way to show it more like a timestamp. It is hard to compute days left with a date format like that. I guess I could use date to do the conversion but I was wondering if there is a cleaner way On Fri, Feb 3, 2017 at 8:51 AM, Rowland Penny via samba < samba at lists.samba.org> wrote: > On Fri, 3 Feb 2017 07:44:39 -0700 > Jeff Sadowski via samba <samba at
2017 Oct 30
2
winbind rfc2307 not being obeyed
I found what I needed to do DOMAIN=MIND.UNM.EDU SHORT=MIND authconfig --enablekrb5 --krb5kdc=${DOMAIN} --krb5adminserver=${DOMAIN} --krb5realm=${DOMAIN} --enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=${DOMAIN} --smbservers=${DOMAIN} --smbworkgroup=${SHORT} --winbindtemplatehomedir=/na/homes/%U --winbindtemplateshell=/bin/bash --enablemkhomedir --enablewinbindusedefaultdomain
2017 Oct 30
2
winbind rfc2307 not being obeyed
My smb.conf file now looks like so [global] #--authconfig--start-line-- # Generated by authconfig on 2017/10/30 10:47:34 # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) # Any modification may be deleted or altered by authconfig in future workgroup = MIND password server = MIND.UNM.EDU realm = MIND.UNM.EDU security = ads idmap config * : range = 2000-7999
2016 Apr 26
3
unexpected groups 2000(BUILTIN\administrators) 2001(BUILTIN\users)?
So happy for BadLock bug it finally pushed Ubuntu to upgrade samba :-) So many things work better * I can now sudo without having to newgrp first * I can now run id and get a list of all groups I am in * I can now run getent group and get a list of the domain groups but I now have two unexpected groups running the following I get id | sed 's/,/\n/g' | sort > id_without.txt id $USER
2015 Dec 08
2
Adding an AD group to /etc/sudoers?
"id" alone does not show my user in the it group "id username" does why would id alone give different results? which is odd because as my username I can get into a folder that has 0760 permissions with user as root and it as the group as for %it ALL=(ALL) ALL instead of: %it ALL=(ALL:ALL) ALL seems to work the same On Tue, Dec 8, 2015 at 1:29 PM, Mattias Zhabinskiy <
2018 Mar 27
6
10 minutes between primary group change and effect on Fedora 27
My smb.conf looks like so. [global] security = ads realm = MIND.UNM.EDU workgroup = MIND idmap config * : backend = tdb idmap config * : range = 2000-7999 idmap config MIND:backend = ad idmap config MIND:schema_mode = rfc2307 idmap config MIND:range = 8000-9999999 idmap config MIND:unix_nss_info = yes winbind use default domain = yes restrict anonymous = 2 I have
2019 Jul 30
3
winbind and locking accounts?
On 30/07/2019 15:39, Jeff Sadowski via samba wrote: > winbindd -V > Failed to create /var/log/samba/cores for user 11490 with mode 0700 > Unable to setup corepath for winbindd: Permission denied > Version 4.10.5 > > cat /etc/samba/smb.conf > [global] > log level = 3 winbind:5 > winbind cache time = 10 > security = ads > realm = SUB.DOMAIN >
2019 Jul 30
4
winbind and locking accounts?
One of my colleagues at work brought to my attention that they could continuously attempt different passwords on a linux machine connected via AD via winbind. I did a test or too and it appears not to lock the account after numerous attempts. Is there a way to get the behavior like windows where too many invalid passwords puts a temporary lock on the account?
2015 Dec 08
2
Adding an AD group to /etc/sudoers?
# id username|sed "s/,/\n/g"|wc -l 155 # id|sed "s/,/\n/g"|wc -l 28 On Tue, Dec 8, 2015 at 2:56 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > wbinfo -r username > shows the gid of it > and a bunch of -1's id guess for groups without gid's > my user belongs to 155 groups is there a problem with that many groups? > > On Tue, Dec 8,
2018 Mar 13
2
Odd default group behaviour.
On Tue, Mar 13, 2018 at 4:03 PM, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Tue, 13 Mar 2018 15:57:35 -0600 > Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > >> On Tue, Mar 13, 2018 at 12:54 PM, Rowland Penny via samba >> <samba at lists.samba.org> wrote: >> > On Tue, 13 Mar 2018 12:13:32 -0600 >> > Jeff Sadowski via
2018 Mar 13
2
Odd default group behaviour.
On Tue, Mar 13, 2018 at 4:12 PM, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Tue, 13 Mar 2018 16:05:53 -0600 > Jeff Sadowski <jeff.sadowski at gmail.com> wrote: > >> On Tue, Mar 13, 2018 at 4:03 PM, Rowland Penny via samba >> <samba at lists.samba.org> wrote: >> > On Tue, 13 Mar 2018 15:57:35 -0600 >> > Jeff Sadowski
2015 Dec 09
2
Adding an AD group to /etc/sudoers?
# cat /proc/sys/kernel/ngroups_max 65536 # sysctl kernel.ngroups_max kernel.ngroups_max = 65536 Is there a way to change/look at AUTH_SYS? Seems I have 28 groups now as my user I tried created a test user with much less groups but it turns out it is on all those other groups. As such I tried winbind nested groups=no but this doesn't seem to change anything. On Tue, Dec 8, 2015 at 5:05
2018 Mar 13
2
Odd default group behaviour.
On Tue, Mar 13, 2018 at 12:54 PM, Rowland Penny via samba <samba at lists.samba.org> wrote: > On Tue, 13 Mar 2018 12:13:32 -0600 > Jeff Sadowski via samba <samba at lists.samba.org> wrote: > >> My smb.conf file looks like so >> >> [global] >> security = ads >> realm = MIND.UNM.EDU >> workgroup = MIND >> idmap config * :
2017 Oct 30
4
winbind rfc2307 not being obeyed
OS:fedora-26 SAMBA:4.6.8 [root at squints ~]# cat /etc/samba/smb.conf [global] security = ads realm = MIND.UNM.EDU workgroup = MIND idmap config * : backend = tdb idmap config * : range = 2000-7999 idmap config MIND:backend = ad idmap config MIND:schema_mode = rfc2307 idmap config MIND:range = 8000-9999999 winbind nss info = rfc2307 winbind use default domain = yes
2017 Feb 03
7
How to get password expiration?
This seems to work for maxPwdAge ldapsearch -LLL -Q -s base -h ad.mydomain.tld -b dc=ad,dc=mydomain,dc=tld maxPwdAge now I just need to query a users pwdLastSetq I tried the commands above but am not getting anything. I tried looking at the ungrepped output but I don't see how to link the pwdLastSet with any user. I get a long list. I think I'm looking for dn: and a matching pwdLastSet?