[Samba] Samba and LDAP: Trouble adding Win XP machines to the domain

Edmundo Valle Neto edmundo.valle at terra.com.br
Fri Jun 29 15:16:09 GMT 2007

mikelOn escreveu:
> Hi,
> I have been trying different approaches to get it working and apparently I
> do need nss installed to get it working (which I have not found as mandatory
> in many tutorials). Once I installed nss-ldap and configured it still
> failed, but then I removed the line "ldapsam:trusted = yes" and the machines
> started to join the domain correctly.
> Summing up, I needed nss-ldap and I did not need "ldapsam:trusted = yes".
> Now I am trying to get the whole thing working with "ldapsam:trusted = yes"
> uncommented.
> Thank you all very much for your help. I expect to be able to help others
> solve the problems I have had.

NSS is mandatory in the samba documentation, about the other "cake 
recipes" that you have readed, probably are incomplete.
You can read smb.conf man page to see what is expected from 
"ldapsam:trusted = yes". You dont need it to samba work, but it speeds 
up name resolution, resolving names directly in LDAP without consulting 
NSS. You must have all samba accounts in LDAP and with samba and posix 
attributes together in each object. So, yes, it can be problematic.


Edmundo Valle Neto

More information about the samba mailing list