[Samba] SAMBA-LDAP - Group permissions

[Stefan Schmitz]

Hi,

Do you want them to be admins from out of the Windows Tools
Usermanager/Servermanager?
Have a look at the privileges. (Samba Howto Collection chapter 15)

Another chance is to put some access controll lists in your slapd.conf
file and make the admins to use an ldap browser of their choice.

Good luck Stefan




Allysson Steve Mota Lacerda schrieb:
> Hi folks.
> 
> I have a functional Samba-LDAP server running as a PDC with Windows 2003
> clients.
> 
> I'm changing the structure of my LDAP tree and I want to give
> administrator's permissions to a branch (i.e.
> ou=teachers,dc=domain,dc=com).
> Is there a way to do this automatically (i.e. by using an argument in
> smb.conf)?
> 
> Ah... I tried to use admin users in smb.conf to give permissions to a
> single
> user but it didn't function.
> 
> Thanks a lot.
> 
> My smb.conf:
> 
> [global]
>        workgroup = FACOMP
>        netbios name = FACOMP01
>        server string = Controlador de Dominio
>        domain master = yes
>        preferred master = yes
>        local master = yes
>        domain logons = yes
>        enable privileges = yes
>        encrypt passwords = yes
>        ldap passwd sync = yes
>        admin users = rodrigoqueiroz
>        passdb backend = ldapsam:ldap://localhost smbpasswd guest
>        ldap suffix = dc=facomp,dc=edu,dc=br
>        ldap machine suffix = ou=Computadores
>        ldap user suffix = ou=Usuarios
>        ldap group suffix = ou=Grupos
>        ldap admin dn = cn=admin,dc=facomp,dc=edu,dc=br
>        ldap ssl = no
>        logon script = netlogon.bat
>        logon home = \\%L\%U\.profiles
>        logon path = \\%L\profiles\%U
>        security = user
>        os level = 256
>        interfaces = 192.168.0.1
>        log level = 3
>        veto files = /*.mp3/*.wma/*.wmv/*.avi/*.mpg/*.wav/*.rmvb/
>        delete veto files = Yes
>