[Samba] Samba-tool Delegation Control

Durga Prasad Dwarapureddi durgaprasad at exzatechconsulting.com
Thu Jun 17 14:07:18 UTC 2021


We are trying to build the Admin function delegation on OU in the UI we are
designing. Is there any command in Samba or any python binding that will
help us achieve this?

Below is the output we get after executing command  - samba-tool delegation

Available subcommands:
  add-service       - Add a service principal as msDS-AllowedToDelegateTo.
  del-service       - Delete a service principal as
(S4U2Proxy) for an account.
  for-any-service   - Set/unset UF_TRUSTED_FOR_DELEGATION for an account.
  show              - Show the delegation setting of an account.

After executing samba-tool delegation add-service --help

Usage: samba-tool delegation add-service <accountname> <principal> [options]
  -h, --help            show this help message and exit
  -H URL, --URL=URL     LDB URL for database or target server

>From the commands we have below questions

1) There is no <option> for passing the OU name in the "add-service"
2) What are all the possible inputs, we can pass in the for "principal"
parameter in the "add-service" subcommand.
3) Where we will get all the user/group accounts information about
delegated tasks on a specific OU.

*Thanks and Regards,*

*Durga Prasad D*

*Software Engineer*

*Exzatech Consulting and Services Pvt Ltd.*

*Phone: +91-9490150379.*

More information about the samba mailing list