samba - Oct 2018 - NT-Domain - Can I use LDAP?

We are using Samba4 in NT mode. We have an application that can pull
usernames - great! What we need as well though is to import other fields
saved in Samba for the users. For example, Email Address, and Full Name.

Is it possible, without causing interruption to service, to connect with an
LDAP query string to get this information, if it is not already setup for
LDAP?

I am running on Debian Stretch, Samba version 4.5.12 from the Debian repos.

Server role: ROLE_DOMAIN_PDC

# Global parameters
[global]
        bind interfaces only = Yes
        interfaces = eth0 127.0.0.1
        netbios name = SAMBA
        server string = ""
        workgroup = EXAMPLE
        domain master = Yes
        preferred master = Yes
        add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s
/bin/false -M %u
        domain logons = Yes
        logon drive = h:
        logon script = login.bat
        name resolve order = wins host bcast
        unix extensions = No
        check password script = /usr/local/sbin/complex_PW_check
        pam password change = Yes
        passwd chat = *new*password* %n\n *new*password* %n\n *updated*
        passwd program = /usr/bin/passwd %u
        security = USER
        unix password sync = Yes
        wins support = Yes
        idmap config * : backend = tdb
        printing = lprng
        admin users = admin1

On Thu, 11 Oct 2018 12:55:13 -0700
Luke Barone via samba <samba at lists.samba.org> wrote:
> We are using Samba4 in NT mode. We have an application that can pull
> usernames - great! What we need as well though is to import other
> fields saved in Samba for the users. For example, Email Address, and
> Full Name.
> 
> Is it possible, without causing interruption to service, to connect
> with an LDAP query string to get this information, if it is not
> already setup for LDAP?
> 
> I am running on Debian Stretch, Samba version 4.5.12 from the Debian
> repos.
> 
> Server role: ROLE_DOMAIN_PDC
> 
> # Global parameters
> [global]
>         bind interfaces only = Yes
>         interfaces = eth0 127.0.0.1
>         netbios name = SAMBA
>         server string = ""
>         workgroup = EXAMPLE
>         domain master = Yes
>         preferred master = Yes
>         add machine script = /usr/sbin/useradd -d /var/lib/nobody -g
> 100 -s /bin/false -M %u
>         domain logons = Yes
>         logon drive = h:
>         logon script = login.bat
>         name resolve order = wins host bcast
>         unix extensions = No
>         check password script = /usr/local/sbin/complex_PW_check
>         pam password change = Yes
>         passwd chat = *new*password* %n\n *new*password* %n\n
> *updated* passwd program = /usr/bin/passwd %u
>         security = USER
>         unix password sync = Yes
>         wins support = Yes
>         idmap config * : backend = tdb
>         printing = lprng
>         admin users = admin1
No, you cannot use ldap to query your PDC, mainly because of the reason
you mentioned, it isn't using ldap.

If you mean 'can I change from tdbsam to ldap', then, yes I believe you
can, never done it myself though.

You would probably be better upgrading to AD.

Rowland

That's what I figured. Thanks for verifying for me!

On Thu, Oct 11, 2018 at 1:22 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 11 Oct 2018 12:55:13 -0700
> Luke Barone via samba <samba at lists.samba.org> wrote:
>
> > We are using Samba4 in NT mode. We have an application that can pull
> > usernames - great! What we need as well though is to import other
> > fields saved in Samba for the users. For example, Email Address, and
> > Full Name.
> >
> > Is it possible, without causing interruption to service, to connect
> > with an LDAP query string to get this information, if it is not
> > already setup for LDAP?
> >
> > I am running on Debian Stretch, Samba version 4.5.12 from the Debian
> > repos.
> >
> > Server role: ROLE_DOMAIN_PDC
> >
> > # Global parameters
> > [global]
> >         bind interfaces only = Yes
> >         interfaces = eth0 127.0.0.1
> >         netbios name = SAMBA
> >         server string = ""
> >         workgroup = EXAMPLE
> >         domain master = Yes
> >         preferred master = Yes
> >         add machine script = /usr/sbin/useradd -d /var/lib/nobody -g
> > 100 -s /bin/false -M %u
> >         domain logons = Yes
> >         logon drive = h:
> >         logon script = login.bat
> >         name resolve order = wins host bcast
> >         unix extensions = No
> >         check password script = /usr/local/sbin/complex_PW_check
> >         pam password change = Yes
> >         passwd chat = *new*password* %n\n *new*password* %n\n
> > *updated* passwd program = /usr/bin/passwd %u
> >         security = USER
> >         unix password sync = Yes
> >         wins support = Yes
> >         idmap config * : backend = tdb
> >         printing = lprng
> >         admin users = admin1
>
> No, you cannot use ldap to query your PDC, mainly because of the reason
> you mentioned, it isn't using ldap.
>
> If you mean 'can I change from tdbsam to ldap', then, yes I believe
you
> can, never done it myself though.
>
> You would probably be better upgrading to AD.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>