QNAP NAS Domain Password Policy

With Samba4 becoming more relevant everyday as a drop in replacement for AD, I am regularly fielding questions regarding password management. Below I will describe the basics of password management on a QNAP NAS running Samba4 in Domain Controller Mode using the samba-tool. The following code shows the commands dealing with passwords and account expiration.

Note: This is only applicable to a QNAP NAS on version >= 4.3.x software, running in Domain Controller mode, with Domain Controller Users. Also note, on your QNAP samba-tool is located in /usr/local/samba/bin.
#Disable password expiration for the Administrator account.
samba-tool user setexpiry Administrator --noexpiry

#Show domain level password options.
samba-tool domain passwordsettings show

#Disable password complexity at the domain level.
samba-tool domain passwordsettings set --complexity=off

#Disable password history at the domain level.
samba-tool domain passwordsettings set --history-length=0

#Disable password min-age at the domain level.
samba-tool domain passwordsettings set --min-pwd-age=0

#Disable password max-age at the domain level.
samba-tool domain passwordsettings set --max-pwd-age=0

#Disable minimum password length at the domain level.
samba-tool domain passwordsettings set --min-pwd-length=0
Did you find this article useful? Why not share it with your friends?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.