With Samba4 becoming more relevant everyday as a drop in replacement for AD, I am regularly fielding questions regarding password management. Below I will describe the basics of password management on a QNAP NAS running Samba4 in Domain Controller Mode using the samba-tool
. The following code shows the commands dealing with passwords and account expiration.
Note: This is only applicable to a QNAP NAS on version >= 4.3.x software, running in Domain Controller mode, with Domain Controller Users. Also note, on your QNAP samba-tool is located in /usr/local/samba/bin.
#Disable password expiration for the Administrator account. samba-tool user setexpiry Administrator --noexpiry #Show domain level password options. samba-tool domain passwordsettings show #Disable password complexity at the domain level. samba-tool domain passwordsettings set --complexity=off #Disable password history at the domain level. samba-tool domain passwordsettings set --history-length=0 #Disable password min-age at the domain level. samba-tool domain passwordsettings set --min-pwd-age=0 #Disable password max-age at the domain level. samba-tool domain passwordsettings set --max-pwd-age=0 #Disable minimum password length at the domain level. samba-tool domain passwordsettings set --min-pwd-length=0