We are using Samba4 in NT mode. We have an application that can pull usernames - great! What we need as well though is to import other fields saved in Samba for the users. For example, Email Address, and Full Name. Is it possible, without causing interruption to service, to connect with an LDAP query string to get this information, if it is not already setup for LDAP? I am running on Debian Stretch, Samba version 4.5.12 from the Debian repos. Server role: ROLE_DOMAIN_PDC # Global parameters [global] bind interfaces only = Yes interfaces = eth0 127.0.0.1 netbios name = SAMBA server string = "" workgroup = EXAMPLE domain master = Yes preferred master = Yes add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u domain logons = Yes logon drive = h: logon script = login.bat name resolve order = wins host bcast unix extensions = No check password script = /usr/local/sbin/complex_PW_check pam password change = Yes passwd chat = *new*password* %n\n *new*password* %n\n *updated* passwd program = /usr/bin/passwd %u security = USER unix password sync = Yes wins support = Yes idmap config * : backend = tdb printing = lprng admin users = admin1
On Thu, 11 Oct 2018 12:55:13 -0700 Luke Barone via samba <samba at lists.samba.org> wrote:> We are using Samba4 in NT mode. We have an application that can pull > usernames - great! What we need as well though is to import other > fields saved in Samba for the users. For example, Email Address, and > Full Name. > > Is it possible, without causing interruption to service, to connect > with an LDAP query string to get this information, if it is not > already setup for LDAP? > > I am running on Debian Stretch, Samba version 4.5.12 from the Debian > repos. > > Server role: ROLE_DOMAIN_PDC > > # Global parameters > [global] > bind interfaces only = Yes > interfaces = eth0 127.0.0.1 > netbios name = SAMBA > server string = "" > workgroup = EXAMPLE > domain master = Yes > preferred master = Yes > add machine script = /usr/sbin/useradd -d /var/lib/nobody -g > 100 -s /bin/false -M %u > domain logons = Yes > logon drive = h: > logon script = login.bat > name resolve order = wins host bcast > unix extensions = No > check password script = /usr/local/sbin/complex_PW_check > pam password change = Yes > passwd chat = *new*password* %n\n *new*password* %n\n > *updated* passwd program = /usr/bin/passwd %u > security = USER > unix password sync = Yes > wins support = Yes > idmap config * : backend = tdb > printing = lprng > admin users = admin1No, you cannot use ldap to query your PDC, mainly because of the reason you mentioned, it isn't using ldap. If you mean 'can I change from tdbsam to ldap', then, yes I believe you can, never done it myself though. You would probably be better upgrading to AD. Rowland
That's what I figured. Thanks for verifying for me! On Thu, Oct 11, 2018 at 1:22 PM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Thu, 11 Oct 2018 12:55:13 -0700 > Luke Barone via samba <samba at lists.samba.org> wrote: > > > We are using Samba4 in NT mode. We have an application that can pull > > usernames - great! What we need as well though is to import other > > fields saved in Samba for the users. For example, Email Address, and > > Full Name. > > > > Is it possible, without causing interruption to service, to connect > > with an LDAP query string to get this information, if it is not > > already setup for LDAP? > > > > I am running on Debian Stretch, Samba version 4.5.12 from the Debian > > repos. > > > > Server role: ROLE_DOMAIN_PDC > > > > # Global parameters > > [global] > > bind interfaces only = Yes > > interfaces = eth0 127.0.0.1 > > netbios name = SAMBA > > server string = "" > > workgroup = EXAMPLE > > domain master = Yes > > preferred master = Yes > > add machine script = /usr/sbin/useradd -d /var/lib/nobody -g > > 100 -s /bin/false -M %u > > domain logons = Yes > > logon drive = h: > > logon script = login.bat > > name resolve order = wins host bcast > > unix extensions = No > > check password script = /usr/local/sbin/complex_PW_check > > pam password change = Yes > > passwd chat = *new*password* %n\n *new*password* %n\n > > *updated* passwd program = /usr/bin/passwd %u > > security = USER > > unix password sync = Yes > > wins support = Yes > > idmap config * : backend = tdb > > printing = lprng > > admin users = admin1 > > No, you cannot use ldap to query your PDC, mainly because of the reason > you mentioned, it isn't using ldap. > > If you mean 'can I change from tdbsam to ldap', then, yes I believe you > can, never done it myself though. > > You would probably be better upgrading to AD. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >