[Samba] Domain Password Settings

[Mike Ray]

Hello all-

I'm looking to tweak password settings for my domain but have a few question
regarding the settings under "samba-tool domain passwordsettings show".

While I found some settings were documented on the wiki
(https://wiki.samba.org/index.php/Password_Settings_Objects), I did not find
answers to a few questions I had.


If "maximum password age (days)" is set to "0", it seems that passwords never
have to change. If "minimum password age (days)" is set to "0", can passwords be
changed multiple times per day, or does it set other behavior?

If "account lockout duration (mins)" is set to "0", is the account not locked
out at all or is it locked out until manually unlocked? If the latter, how is
that done? Is that done through the "unlock account" action in AD Users and
Computers? Does "samba-tool user enable" provide the same functionality?

If "reset account lockout after (mins)" is set to "0", is the counter never
reset? If so, can it be manually cleared?

If "reset account lockout after (mins)" is set to a value less than "account
lock duration (mins)", after "reset account lockout after (mins)" expires, does
the account remain locked until "account lockout duration (mins)"?

If an account is locked out and the "account lockout duration (mins)" starts but
then a new authentication failure occurs, is the timer reset?



Thanks much to anyone who can provide answers on these questions.


Mike Ray