堆栈内存溢出
  简体   繁体   English

如何从Active Directory获取用户密码的到期日期?

[英]How to get user password expiration date from Active Directory?

 原文  2016-01-05 10:57:30       linux/ windows/ active-directory/ passwords/ samba

问题描述

folks! 乡亲们!

There are an Active Directory (Windows) and a Linux samba client. 有一个Active Directory(Windows)和一个Linux samba客户端。 At the Active Directory the policy had adjusted in a such way so users need to change his passwords periodically (passwords have an expiration time). 在Active Directory中,策略已以这种方式进行了调整,因此用户需要定期更改其密码(密码具有到期时间)。

My question is pretty simple: can I get this expiration time for the given user if I work on the Linux machine with the Samba? 我的问题很简单:如果我使用Samba在Linux机器上工作,我可以为给定的用户获得这个到期时间吗?

3 个解决方案

解决方案1
 4 已采纳  2016-01-20 09:37:40

This depends on the configuration of the domaincontroller. 这取决于域控制器的配置。 You can try: 你可以试试: 

net ads user info USERNAME@DOMAIN.COM -S DC_SERVER_NAME -U USERNAME

where USERNAME@DOMAIN.COM is the account to gather info from, DC_SERVER_NAME is the hostname of your domain controller and USERNAME is your username. 其中USERNAME@DOMAIN.COM是从中收集信息的帐户,DC_SERVER_NAME是域控制器的主机名,而USERNAME是您的用户名。

You will be prompted for your domain password. 系统将提示您输入域密码。

Now you get either information to your account, including expiry date of your password or you get 现在,您可以将其中一个信息(包括密码的到期日期)发送到您的帐户,或者 

ads_pull_uint32 failed

in this case, your domain controller is not configured to provide account information to UNIX like systems. 在这种情况下,您的域控制器未配置为向类似UNIX的系统提供帐户信息。

You may contact your domain administrator to convince him to install and configure Microsoft Windows Services for UNIX so that this command gives you the needed information. 您可以联系您的域管理员,说服他安装和配置UNIX的Microsoft Windows服务,以便此命令为您提供所需的信息。

This answer might be frustrating. 这个答案可能令人沮丧。 It is for me as I am in the same situation and researched the topic a lot. 因为我处于相同的情况,所以对我进行了很多研究。

My workaround: I set a calendar reminder 80 days in the future, when I set my domain password (smbpasswd -U USERNAME -r DC_SERVER_NAME), since it expires every 90 days. 我的变通办法:设置域密码(smbpasswd -U USERNAME -r DC_SERVER_NAME)时,我会在80天后设置日历提醒,因为它每90天失效一次。 Not perfect, but workable. 不完美,但可行。

[UPDATE] I found a way to determine the expiration date of your domain password with rpcclient, here is my script: [更新]我找到了一种使用rpcclient来确定您的域密码的失效日期的方法,这是我的脚本: 

#!/bin/bash
# author: Tim Wahrendorff 2016
# licence: Public Domain - https://wiki.creativecommons.org/wiki/Public_domain
# 
# To use this script you need at least: 
# sudo apt-get install libnotify-bin rpcclient
#
# Please set your account, password and domaincontroller to use this script


USER="username" # Domain accountname
PASS="Pa$$W0rd" # Domain password
DC="vmdc01"     # Domaincontroller

### START RPCCLIENT query
if [ "x$USERDCID" == "x" ]; then
    RPCLOOKUPID=$(rpcclient -U $USER%$PASS -c "lookupnames $USER" $DC 2> ./rpc_errFile)

    USERDCID=$(echo "$RPCLOOKUPID" | grep -e '[0-9]\{4,9\} ' -o)
fi

QUERYUSER=$(rpcclient -U $USER%$PASS -c "queryuser $USERDCID" $DC 2> ./rpc_errFile)

EXPDATE=$(echo "$QUERYUSER" | grep 'Password must change Time' | grep -e '[a-Z]\{2\}, [0-9]\{2\} [a-Z]\{3\} [0-9]\{4\} [0-9]\{2\}:[0-9]\{2\}' -o)

## Load rpc error Message
RPCERR=$(<./rpc_errFile)

## send notifications to Unity Desktop
if [ "x$RPCERR" != "x" ]; then
    notify-send -i /usr/share/icons/gnome/48x48/status/dialog-error.png "Error while fetching expiration date of your domain password" "$RPCERR"    
else
    notify-send -i /usr/share/icons/gnome/48x48/status/dialog-information.png "your domain password expires at " "$EXPDATE h"
fi

### END RPCCLIENT query

I configured this script to run on autostart, I shows me when my domain password will expire in a Unity notification. 我将该脚本配置为在自动启动时运行,并在Unity通知中显示我的域密码何时过期。 Feel free to extend, improve and republish this script, it is public domain. 可以随意扩展,改进和重新发布此脚本,它是公共领域。

[/UPDATE] [/更新]

解决方案2
 0  2016-08-03 09:58:59

If you are using kerberos tickets, ADpassword is a simple python app to check password expiration and ask users to change it. 如果您使用的是kerberos票证,则ADpassword是一个简单的python应用程序,用于检查密码到期并要求用户对其进行更改。

ADpassword in GitHub GitHub中的ADpassword

解决方案3
 0  2019-11-26 12:48:29

On linux you can use pdbedit 在Linux上,您可以使用pdbedit 

pdbedit -L -v -u <username>

And look for the line: Password must change 并查找以下行:密码必须更改

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Linux-用户有效日期(以小时为单位) - Linux - User expiration date in hours 如何从 PEM 编码证书中确定 SSL 证书到期日期? - How to determine SSL cert expiration date from a PEM encoded certificate? 如何在领域加入活动目录命令中提供密码作为参数 - How to supply the password as an argument in realm join to active directory command 如何通过 Python 脚本以简单、快速和安全的方式获取 Active Directory 用户的递归组? - How to get recursive groups of an Active Directory user via Python Script, in a easy, fast and safe way? 如何查找导入的 pgp 密钥的到期日期 - How to find expiration date of an imported pgp key 有没有办法使用 Kerberos 从 Active Directory 中获取所有用户? - Is there any way to get all users from Active Directory using Kerberos? 如何从python更改Linux用户密码 - How to change a Linux user password from python 托管Subversion(svn)存储库的密码到期如何工作? - How does password expiration with a hosted Subversion (svn) repository work? ipmitool:获取用户密码 - ipmitool : get user password 如何在Linux上的Active Directory中为Tomcat创建.keytab? - How do I create a .keytab from Active Directory for Tomcat on Linux?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM