From: Douglas Bagnall Date: Thu, 27 Feb 2025 02:33:01 +0000 (+1300) Subject: manpages: samba-tool kds root-key sub-options X-Git-Tag: tevent-0.17.0~559 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=612cf9f01aeb5da259acb28985616b9ddce51615;p=thirdparty%2Fsamba.git manpages: samba-tool kds root-key sub-options Signed-off-by: Douglas Bagnall Reviewed-by: Rowland Penny --- diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml index 08865910a90..dc2910a0d4e 100644 --- a/docs-xml/manpages/samba-tool.8.xml +++ b/docs-xml/manpages/samba-tool.8.xml @@ -2077,6 +2077,168 @@ Join a domain as either member or backup domain controller. + + domain kds root-key + Manage Key Distribution Service root keys. + + + + domain kds root-key create [options] + Create KDS root keys + + + -H, --URL + + LDB URL for database or target server. + + + + --use-start-time=["now"|iso8601 or LDIF time string] + The key will be valid from + this time. + Valid time format are + the string "now", the LDIF format + YYYYmmddHHMMSS.0Z, or the + ISO format YYYY-mm-dd[*HH[:MM[:SS[.fff[fff]]]][+HH:MM[:SS[.ffffff]]]] + where the '*' can be any character, and the optional last + '[+HH:MM[:SS[.ffffff]]]' is a timezone offset (e.g. '+00:00' for + UTC). + + + + + --json + + Output results in JSON format. + + + + + + + domain kds root-key delete --name={GUID} + Delete the named KDS root key. Use samba-tool domain kds root-key list to find the name of the key. + + + -H, --URL + + LDB URL for database or target server. + + + + --name=NAME + The name of the key to delete. It will be a GUID. + + + + + -v, --verbose + + Print all attributes (except secret ones, unless --show secrets is used). + + + + --json + + Output results in JSON format. + + + + + + + domain kds root-key list [options] + List KDS root keys. The newest keys are listed first. + + + -H, --URL + + LDB URL for database or target server. + + + + --show-secrets + Print secret or potentially + sensitive attributes, namely msKds-RootKeyData + and msKds-SecretAgreementParam. + + + + + -v, --verbose + + Print more attributes (but not secret ones, unless --show secrets is also used). + + + + --json + + Output results in JSON format. + + + + + + + domain kds root-key view [options] + View a KDS root key. The default output is similar to + that of samba-tool domain kds root-key list + --verbose, but with only one key show. The key can + be selected by using --latest for the + most recent key, or --name to select a key + by name. + + + + -H, --URL + + LDB URL for database or target server. + + + + --latest + View the most recent root key. + + + + + --name=NAME + The name of the key to view. It will be a GUID. + + + + + -v, --verbose + Print all attributes (except + secret ones, unless --show secrets is used). + This includes attributes that are only useful + for LDB bookkeeping. + + + --json + + Output results in JSON format. + + + + + + + + domain leave [options] + Run on a domain member, this will cause it to leave the domain. + To remove a domain server from the domain, you first need samba-tool domain demote. + + + --keep-account + + Disable the machine account instead of deleting it. + + + + + + domain level <replaceable>show|raise</replaceable> <replaceable>options</replaceable> [options] Show/raise domain and forest function levels.