does ldapsam:trusted=yes really work?

Tomasz Chmielewski mangoo at
Mon Jan 30 10:00:31 GMT 2006

According to smb.conf, with ldapsam:trusted=yes "Samba can completely 
bypass the NSS system to query user information".

I thought I will give it a try, and removed "ldap" from 
/etc/nsswitch.conf, leaving only files - to make sure NSS is really 

passwd:     files
shadow:     files
group:      files

Restarted Samba, tried to logon, and unfortunately:

   User Administrator in passdb, but getpwnam() fails!
[2006/01/30 10:42:41, 0] auth/auth_sam.c:check_sam_security(327)
   check_sam_security: make_server_info_sam() failed with 
[2006/01/30 10:42:41, 3] auth/auth_winbind.c:check_winbind_security(80)
   check_winbind_security: Not using winbind, requested domain [MAGISTA] 
was for this SAM.
[2006/01/30 10:42:41, 2] auth/auth.c:check_ntlm_password(317)
   check_ntlm_password:  Authentication for user [Administrator] -> 
[Administrator] FAILED with error NT_STATUS_NO_SUCH_USER

Why does Samba still want to use NSS with "ldapsam:trusted=yes" in smb.conf?

Perhaps I need to do some more to use that feature?

I tried that on two different systems with Samba 3.0.20 and Samba 3.0.21a.

Tomasz Chmielewski

More information about the samba-technical mailing list