[Samba] SAMBA-LDAP - Group permissions

Allysson Steve Mota Lacerda stevelacerda at gmail.com
Thu Jan 11 18:30:50 GMT 2007

Hi folks.

I have a functional Samba-LDAP server running as a PDC with Windows 2003

I'm changing the structure of my LDAP tree and I want to give
administrator's permissions to a branch (i.e. ou=teachers,dc=domain,dc=com).
Is there a way to do this automatically (i.e. by using an argument in

Ah... I tried to use admin users in smb.conf to give permissions to a single
user but it didn't function.

Thanks a lot.

My smb.conf:

        workgroup = FACOMP
        netbios name = FACOMP01
        server string = Controlador de Dominio
        domain master = yes
        preferred master = yes
        local master = yes
        domain logons = yes
        enable privileges = yes
        encrypt passwords = yes
        ldap passwd sync = yes
        admin users = rodrigoqueiroz
        passdb backend = ldapsam:ldap://localhost smbpasswd guest
        ldap suffix = dc=facomp,dc=edu,dc=br
        ldap machine suffix = ou=Computadores
        ldap user suffix = ou=Usuarios
        ldap group suffix = ou=Grupos
        ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br
        ldap ssl = no
        logon script = netlogon.bat
        logon home = \\%L\%U\.profiles
        logon path = \\%L\profiles\%U
        security = user
        os level = 256
        interfaces =
        log level = 3
        veto files = /*.mp3/*.wma/*.wmv/*.avi/*.mpg/*.wav/*.rmvb/
        delete veto files = Yes

Allysson Steve Mota Lacerda
stevelacerda at stevelacerda.net

More information about the samba mailing list