[Samba] Samba-tool Delegation Control
Durga Prasad Dwarapureddi
durgaprasad at exzatechconsulting.com
Thu Jun 17 14:07:18 UTC 2021
We are trying to build the Admin function delegation on OU in the UI we are
designing. Is there any command in Samba or any python binding that will
help us achieve this?
Below is the output we get after executing command - samba-tool delegation
add-service - Add a service principal as msDS-AllowedToDelegateTo.
del-service - Delete a service principal as
for-any-protocol - Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
(S4U2Proxy) for an account.
for-any-service - Set/unset UF_TRUSTED_FOR_DELEGATION for an account.
show - Show the delegation setting of an account.
After executing samba-tool delegation add-service --help
Usage: samba-tool delegation add-service <accountname> <principal> [options]
-h, --help show this help message and exit
-H URL, --URL=URL LDB URL for database or target server
>From the commands we have below questions
1) There is no <option> for passing the OU name in the "add-service"
2) What are all the possible inputs, we can pass in the for "principal"
parameter in the "add-service" subcommand.
3) Where we will get all the user/group accounts information about
delegated tasks on a specific OU.
*Thanks and Regards,*
*Durga Prasad D*
*Exzatech Consulting and Services Pvt Ltd.*
More information about the samba