[Samba] NT-Domain - Can I use LDAP?

[Rowland Penny]

On Thu, 11 Oct 2018 12:55:13 -0700
Luke Barone via samba <samba at lists.samba.org> wrote:

> We are using Samba4 in NT mode. We have an application that can pull
> usernames - great! What we need as well though is to import other
> fields saved in Samba for the users. For example, Email Address, and
> Full Name.
> 
> Is it possible, without causing interruption to service, to connect
> with an LDAP query string to get this information, if it is not
> already setup for LDAP?
> 
> I am running on Debian Stretch, Samba version 4.5.12 from the Debian
> repos.
> 
> Server role: ROLE_DOMAIN_PDC
> 
> # Global parameters
> [global]
>         bind interfaces only = Yes
>         interfaces = eth0 127.0.0.1
>         netbios name = SAMBA
>         server string = ""
>         workgroup = EXAMPLE
>         domain master = Yes
>         preferred master = Yes
>         add machine script = /usr/sbin/useradd -d /var/lib/nobody -g
> 100 -s /bin/false -M %u
>         domain logons = Yes
>         logon drive = h:
>         logon script = login.bat
>         name resolve order = wins host bcast
>         unix extensions = No
>         check password script = /usr/local/sbin/complex_PW_check
>         pam password change = Yes
>         passwd chat = *new*password* %n\n *new*password* %n\n
> *updated* passwd program = /usr/bin/passwd %u
>         security = USER
>         unix password sync = Yes
>         wins support = Yes
>         idmap config * : backend = tdb
>         printing = lprng
>         admin users = admin1

No, you cannot use ldap to query your PDC, mainly because of the reason
you mentioned, it isn't using ldap.

If you mean 'can I change from tdbsam to ldap', then, yes I believe you
can, never done it myself though.

You would probably be better upgrading to AD.

Rowland