From: Douglas Bagnall Date: Sun, 2 Mar 2025 00:59:19 +0000 (+1300) Subject: manpages:samba-tool: separate passwordsettings set/show X-Git-Tag: tevent-0.17.0~541 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73bc0a406ce9cec186bc6b9e539ad8498c07c713;p=thirdparty%2Fsamba.git manpages:samba-tool: separate passwordsettings set/show Signed-off-by: Douglas Bagnall Reviewed-by: Rowland Penny --- diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml index 0581532af7f..8014e8bf204 100644 --- a/docs-xml/manpages/samba-tool.8.xml +++ b/docs-xml/manpages/samba-tool.8.xml @@ -2323,8 +2323,74 @@ - domain passwordsettings <replaceable>show|set</replaceable> <replaceable>options</replaceable> [options] - Show/set password settings. + domain passwordsettings set <replaceable>options</replaceable> [options] + + Set password settings, including complexity + requirements, lockout policy, history length, minimum password + length, and minimum and maximum password age on a Samba AD DC + server. + + Use against a Windows DC is possible, but group policy will override it. + + + + + -H URL, --URL=URL + LDB URL for database or target server + + + -q, --quiet + Be quiet + + + --complexity=COMPLEXITY + The password complexity (on | off | default). Default is 'on' + + + --store-plaintext=STORE_PLAINTEXT + Store plaintext passwords where account have 'store passwords with reversible encryption' set (on | off | default). Default is 'off' + + + --history-length=HISTORY_LENGTH + The password history length (integer | default). Default is 24. + + + --min-pwd-length=MIN_PWD_LENGTH + The minimum password length (integer | default). Default is 7. + + + --min-pwd-age=MIN_PWD_AGE + The minimum password age (number of days | default). Default is 1. + + + --max-pwd-age=MAX_PWD_AGE + The maximum password age (number of days | default). Default is 43. + + + --account-lockout-duration=ACCOUNT_LOCKOUT_DURATION + The length of time an account is locked out after exceeding the limit on bad password attempts (number of minutes | default). Default is 30 mins. + + + --account-lockout-threshold=ACCOUNT_LOCKOUT_THRESHOLD + The number of bad password attempts allowed before locking out the account (integer | default). Default is 0 (never lock out). + + + --reset-account-lockout-after=RESET_ACCOUNT_LOCKOUT_AFTER + After this time is elapsed, the recorded number of attempts restarts from zero (integer | default). Default is 30. + + + + + + domain passwordsettings show <replaceable>options</replaceable> [options] + Display current password settings for the domain. + + + + -H URL, --URL=URL + LDB URL for database or target server + +