[Samba] Delegation of control failure for any built-in Security Principals
Rowland Penny
rpenny at samba.org
Sun Jan 22 14:46:37 UTC 2023
On 22/01/2023 13:31, Sorin P. via samba wrote:
> Hi team.
>
> I am trying to allocate some rights to users in Active Directory, by using the "Delegation of Control Wizard" from ADUC.
> The steps I'm following were executed under the domain administrator user and are the following:
>
> 1. open ADUC and right click the top level OU (Ex. domain.org)
> 2. from the pop-up menu, select “Delegate Control…”
> 3. click next in the first page of the wizard (which is the "Welcome" page)
> 4. on the next page "Users or Groups", select the “Add” button, and type ‘SELF’ then ‘Check Names’.
> 5. I'm getting an error window with the following message:
> "Windows cannot process the object with the name "SELF" because of the following error:
> Name translation: Input name found, but not the associated output format.
I think that means that the user 'SELF' cannot be mapped, does it work
with a domain user ?
>
> After the error, I am unable to continue with the wizard to delegate tasks.The same error appears if I try to select any other built in security principals like: Everyone or SYSTEM, etc
> The logs show nothing suspicious (with log level 10).
> The only log entry which I've found and looked strange to me was this one:
> gendb_search_v: CN=Self,CN=WellKnown Security Principals,CN=Configuration,DC=domain,DC=org NULL -> 1
I think that means the same, the DN is valid, but the user is unknown on
Linux.
>
> Any ideas on what might be wrong?
>
> The platform I'm using:
> Software: Samba Version 4.17.4 (built from source)
> OS: Debian GNU/Linux 11 (bullseye)
> Architecture: aarch64
Can I ask why you are:
A) referring to aarch64 on Debian, when they call it arm64 ?
B) compiling Samba yourself when 4.17.4 is available from bullseye
backports ?
Nothing to do with your problem, just interested.
Rowland
More information about the samba
mailing list