[Samba] Samba-tool Delegation Control
Durga Prasad Dwarapureddi
durgaprasad at exzatechconsulting.com
Fri Jun 18 12:50:58 UTC 2021
Hi,
We are trying to build the Admin function delegation on OU in the UI we are
designing. Is there any command in Samba or any python binding that will
help us achieve this?
Below is the output we get after executing command - samba-tool delegation
--help
Available subcommands:
add-service - Add a service principal as msDS-AllowedToDelegateTo.
del-service - Delete a service principal as
msDS-AllowedToDelegateTo.
for-any-protocol - Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
(S4U2Proxy) for an account.
for-any-service - Set/unset UF_TRUSTED_FOR_DELEGATION for an account.
show - Show the delegation setting of an account.
After executing samba-tool delegation add-service --help
Usage: samba-tool delegation add-service <accountname> <principal> [options]
Options:
-h, --help show this help message and exit
-H URL, --URL=URL LDB URL for database or target server
>From the commands we have below questions
1) There is no <option> for passing the OU name in the "add-service"
subcommand.
2) What are all the possible inputs, we can pass in the for "principal"
parameter in the "add-service" subcommand.
3) Where we will get all the user/group accounts information about
delegated tasks on a specific OU.
*Thanks and Regards,*
*Durga Prasad D*
*Software Engineer*
*Exzatech Consulting and Services Pvt Ltd.*
*Phone: +91-9490150379.*
More information about the samba
mailing list