[Samba] Samba4 & Delegation

Andreas Krupp andreaskrupp at akrupp.ch
Thu Aug 15 03:07:05 MDT 2013

It has been a while that I did not come back to this topic, however I think I found a work-around for my initial problem.  
For information, what I was trying to do was:  
- Create an OU for a group of applications  
- Delegate control of this OU to a normal user (not helpdesk or domain admin) to be able to create groups and assign domain users to them  
The problem was, whenever I used "Security Groups" the delegation did not work. Impossible for the user to whom I delegated group creation and modifaction rights of the ou to add or remove domain users.  
The work-around (since Security Groups are all to picky) --> Use "Distribution Groups".  
Once I created distribution groups in the OU I was able to freely assing users to them and remove them as required.  
Now this is definetly not best pratice, but until the same is possible in an easy way with Security Groups this will well serve the purpose.  
Cheers & best,  
PS: Marc thx a lot for your help before - since I read a bit more about GIT, I know understand much better the Samba4 building howto and how to get the latest stable version. It's all good now ;-)  
*On 08 May 2013 23:00, Marc Muehlfeld  has written: *> Hello Andreas,  
> Am 08.05.2013 20:08, schrieb Andreas Krupp:  
> > Thx a lot for the quick reply.  
> > I will try to upgrade or possibly reinstall my Samba4 Instance.  
> > At the moment the command returns me: 4.1.Opre1-GIT-5f2edd1  
> > I guess that is not really right version or the latest release.  
> > I tried your command to reset the ACLs but that command is not part of my dbcheck. I tried and could not find your command in the list either. So I am starting to think that my problems maybe come from the entire version.  
> >  
> > I will set up a VM, reinstall centos + samba4 and see if that works better :)  
> The '--reset-well-known-acls' option was introduced in 4.0.5 (this is  
> the latest version).  
> Maybe someone else on the list can say if you can switch from your git  
> version to 4.0.5.  
> Regards,  
> Marc  

More information about the samba mailing list