[Samba] Samba-tool Delegation Control

Prasad Dwarapureddi ursdurgaprasad.d at gmail.com
Sat Jun 19 16:44:11 UTC 2021


We are trying to build the Admin function delegation on OU in the UI we are
designing. Is there any command in Samba or any python binding that will
help us achieve this?

Below is the output we get after executing command  - samba-tool delegation

Available subcommands:
  add-service       - Add a service principal as msDS-AllowedToDelegateTo.
  del-service       - Delete a service principal as
(S4U2Proxy) for an account.
  for-any-service   - Set/unset UF_TRUSTED_FOR_DELEGATION for an account.
  show              - Show the delegation setting of an account.

After executing samba-tool delegation add-service --help

Usage: samba-tool delegation add-service <accountname> <principal> [options]
  -h, --help            show this help message and exit
  -H URL, --URL=URL     LDB URL for database or target server

>From the commands we have below questions

1) There is no <option> for passing the OU name in the "add-service"
2) What are all the possible inputs, we can pass in the for "principal"
parameter in the "add-service" subcommand.
3) Where we will get all the user/group accounts information about
delegated tasks on a specific OU.

*Thanks and Regards,*

*Durga Prasad D*

More information about the samba mailing list