[Samba] samba 4 authenticate with samba 3 ldap schema
Rowland Penny
rpenny at samba.org
Wed Jun 18 19:44:26 UTC 2025
On Wed, 18 Jun 2025 20:49:31 +0200
Andrea Zagli <azagli at libero.it> wrote:
> Rowland Penny via samba <samba at lists.samba.org> writes:
>
> > On Wed, 18 Jun 2025 15:39:43 +0200
> > Andrea Zagli via samba <samba at lists.samba.org> wrote:
> >
> >>
> >> Hi
> >>
> >> as the object: i have a samba 4 standalone server and i want to
> >> authenticate it using the openldap created for the samba 3 domain
> >> controller
> >>
> >> is it possible?
> >>
> >
> > Yes, it is still possible to set up Samba as an NT4-style PDC, but I
> > suggest you do not, that requires NetBIOS which requires SMBv1 and
> > that isn't secure. I suggest you investigate setting up a Samba AD
> > domain instead.
> >
> > Rowland
>
>
> sorry, i think i explained myself badly
>
> i don't want to have a samba 4 PDC NT4 (and neither an AD domain)
What you are describing, while it might not be a PDC, is nearly the
same thing and as such, is subject to the same problems. You will
need to use SMBv1
>
> but i already have a samba 3 pdc nt4 with openldap as passdb backend
>
> then i have a new samba 4 standalone server (not in domain), to simply
> share some directory, and i want to use the same openldap as passdb
> backend to authenticate users
Then join your standalone server to your NT4-style domain.
>
> i set the same options in smb.conf but when i try to login i get the
> error invalid sid
Well you would, even a standalone server has a SID.
>
> maybe samba 4 requires an ldap schema no more compatible with the one
> required by samba 3?
No, a Samba 4 NT4-style domain (or anything like it) uses the same
schema as a Samba 3 NT4-style domain
NT4-style domains are yesterdays methods (Microsoft stopped supporting
them over 20 years ago), I really urge you to upgrade to AD.
Rowland
More information about the samba
mailing list