samba-tool ntacl: allow to run get/set-ntacl command in non-AD-DC role

Björn Baumbach bb at
Mon Oct 8 19:06:44 UTC 2018


The attached patch set allows to use the samba-tool ntacl get/set
commands on a Samba member server. This can be used locally, runs much
faster than smbcacls and does not need a smb connection.

But since there is no smb connection, there is no real session. There is
some code in the vfs modules which segfaults if there is no session info
available. Therefore I've added some functionality to pass a system
session in the pysmbd code.

Volker has already reviewed the code. But I like to introduce the
changes here. Comments are welcome :-)

Best regards,

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen, mailto:kontakt at
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ntacl.txt
URL: <>

More information about the samba-technical mailing list