[Samba] NT-Domain - Can I use LDAP?

Luke Barone lukebarone at gmail.com
Thu Oct 11 21:42:16 UTC 2018


That's what I figured. Thanks for verifying for me!

On Thu, Oct 11, 2018 at 1:22 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Thu, 11 Oct 2018 12:55:13 -0700
> Luke Barone via samba <samba at lists.samba.org> wrote:
>
> > We are using Samba4 in NT mode. We have an application that can pull
> > usernames - great! What we need as well though is to import other
> > fields saved in Samba for the users. For example, Email Address, and
> > Full Name.
> >
> > Is it possible, without causing interruption to service, to connect
> > with an LDAP query string to get this information, if it is not
> > already setup for LDAP?
> >
> > I am running on Debian Stretch, Samba version 4.5.12 from the Debian
> > repos.
> >
> > Server role: ROLE_DOMAIN_PDC
> >
> > # Global parameters
> > [global]
> >         bind interfaces only = Yes
> >         interfaces = eth0 127.0.0.1
> >         netbios name = SAMBA
> >         server string = ""
> >         workgroup = EXAMPLE
> >         domain master = Yes
> >         preferred master = Yes
> >         add machine script = /usr/sbin/useradd -d /var/lib/nobody -g
> > 100 -s /bin/false -M %u
> >         domain logons = Yes
> >         logon drive = h:
> >         logon script = login.bat
> >         name resolve order = wins host bcast
> >         unix extensions = No
> >         check password script = /usr/local/sbin/complex_PW_check
> >         pam password change = Yes
> >         passwd chat = *new*password* %n\n *new*password* %n\n
> > *updated* passwd program = /usr/bin/passwd %u
> >         security = USER
> >         unix password sync = Yes
> >         wins support = Yes
> >         idmap config * : backend = tdb
> >         printing = lprng
> >         admin users = admin1
>
> No, you cannot use ldap to query your PDC, mainly because of the reason
> you mentioned, it isn't using ldap.
>
> If you mean 'can I change from tdbsam to ldap', then, yes I believe you
> can, never done it myself though.
>
> You would probably be better upgrading to AD.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list