|
Kerberos and Active Directory Integration
Hello,
We have a Windows Server which handles all of the user accounts/information and we have several Windows and Linux boxes deployed. The Linux machines all run Scientific Linux 6 (Essentially CentOS 6, which is a redhat like distribution). They use Kerberos to authenticate with the Active Directory server. When logging in on the Linux machines, when a password is about to expire, it shows "Your password will expire in XX days". Does anyone know the command line approach to find out how many days the password is valid for or expiration date? Similar to using net user in Windows command prompt. I've been searching all over the internet and cannot seem to figure this one out. Thank you, Jonathan |
You will use the same net user syntax to the windows AD machine. The password policy is maintained on the AD server and as such it is queried from there by kerberos.
|
Thanks,
Do you know what command I would use to sort of "tunnel" the command to the AD server then? |
net user username
|
I tried that originally, but it complains about the syntax being "net ads user info username" which asks for password and then output:
[***@***:~]# net ads user info **** [2012/07/19 23:17:13.249505, 0] utils/net_ads.c:285(ads_startup_int) ads_connect: No logon servers [2012/07/19 23:17:16.496133, 0] utils/net_ads.c:285(ads_startup_int) ads_connect: No logon servers Not sure why it is doing this... Edit: Ok with: net ads user info **** --server=Domain Controller now returns below... [2012/07/19 23:24:57.040867, 0] libads/kerberos.c:333(ads_kinit_password) kerberos_kinit_password root@<Domain controller here> failed: Clients credentials have been revoked I'm getting closer! EDIT 2: After running "kinit <username>" and running the command again, i get wbcLookupSid: WBC_ERR_WINBIND_NOT_AVAILABLE Any clues? |
| All times are GMT -5. The time now is 09:14 PM. |