[Samba] What options do I have to create OUs and ACLs in Samba4?

Marc Muehlfeld mmuehlfeld at samba.org
Sun Feb 15 11:27:57 MST 2015

Hello John,

Am 15.02.2015 um 18:56 schrieb John Lewis:
> I need to create a couple of OUs under Users to separate my internal
> users from my external users that have LDAP backed accounts so I can put
> ACLs over the external users so I can limit what they can see on the
> tree. What options do I have to create the OUs and the ACLs in a Samba4
> AD-DC domain?

The comfortable, easy and recommended way: Use ADUC.

The (very) unattractive way: OUs you can create LDAP-style via importing
LDIFs. ACLs can be set via samba-tool. But as far as I know, we don't
have any documentation yet about "samba-tool dsacl set". Here is an
example, that I found on the internet and the output it produces:
It seems to do something. But I have no idea what :-)


More information about the samba mailing list