[Samba] cifsacl not working

[Rowland penny]

On 24/09/2020 04:51, Ken Bass via samba wrote:
> I installed a new Ubuntu 20.4 LTS system (smbd 4.11.6) . Initially I 
> tried using the SSSD and 'realm' to join the domain. Everything worked 
> similar to my Centos 7 install and I thought I was finished.
>
> The one thing not working is  cifs shares showing the proper id 
> mapping. Based on some online posts, including from Rowland, I got rid 
> of SSSD and configured samba/winbind only. Lots of posts saying 
> 'winbind is not sssd'. Still doesn't work.
>
> In both cases,
> 1) The mounted share
> mount -t cifs //192.168.1.1/test /mnt/test 
> -odomain=TESTDOM,sec=ntlmssp,cifsacl,credentials=xzy
>
> shows all files owned by root/root rather than the domain users.
'mount' is usually only runnable by root and you are not specifying 
'username=', so this might be the reason for that.
>
> 2) If I run getcifsacl /mnt/test it shows the proper named windows ACL 
> as expected
>
> 3) /usr/lib/x86_64-linux-gnu/cifs-utils/idmapwb.so is setup as the 
> /etc/cifs-utils/idmap-plugin
>
> I've been messing with this for a long time and cannot figure out why 
> this does not work. On Centos 7 (smbd 4.10.4) this worked fine using 
> sssd.
>
> It is as if the 'ls -al /mnt/test' is not doing the mapping or using 
> the plugin. I've got no idea what to try next. Everything else works - 
> 'getent passwd', wbinfo, etc.

The problem could be that mount.cifs appears to be using a different 
algorithm to calculate the ID's to the one that winbind uses.

It might help if you post your smb.conf and explain just what you are 
trying to achieve.

Rowland