[Samba] cifsacl not working

Rowland penny rpenny at samba.org
Thu Sep 24 08:07:06 UTC 2020

On 24/09/2020 04:51, Ken Bass via samba wrote:
> I installed a new Ubuntu 20.4 LTS system (smbd 4.11.6) . Initially I 
> tried using the SSSD and 'realm' to join the domain. Everything worked 
> similar to my Centos 7 install and I thought I was finished.
> The one thing not working is  cifs shares showing the proper id 
> mapping. Based on some online posts, including from Rowland, I got rid 
> of SSSD and configured samba/winbind only. Lots of posts saying 
> 'winbind is not sssd'. Still doesn't work.
> In both cases,
> 1) The mounted share
> mount -t cifs // /mnt/test 
> -odomain=TESTDOM,sec=ntlmssp,cifsacl,credentials=xzy
> shows all files owned by root/root rather than the domain users.
'mount' is usually only runnable by root and you are not specifying 
'username=', so this might be the reason for that.
> 2) If I run getcifsacl /mnt/test it shows the proper named windows ACL 
> as expected
> 3) /usr/lib/x86_64-linux-gnu/cifs-utils/idmapwb.so is setup as the 
> /etc/cifs-utils/idmap-plugin
> I've been messing with this for a long time and cannot figure out why 
> this does not work. On Centos 7 (smbd 4.10.4) this worked fine using 
> sssd.
> It is as if the 'ls -al /mnt/test' is not doing the mapping or using 
> the plugin. I've got no idea what to try next. Everything else works - 
> 'getent passwd', wbinfo, etc.

The problem could be that mount.cifs appears to be using a different 
algorithm to calculate the ID's to the one that winbind uses.

It might help if you post your smb.conf and explain just what you are 
trying to achieve.


More information about the samba mailing list