[Samba] cifsacl not working
kbass at kenbass.com
Thu Sep 24 14:12:01 UTC 2020
On 9/24/20 8:53 AM, Aurélien Aptel wrote:
> Ken Bass via samba <samba at lists.samba.org> writes:
>> I installed a new Ubuntu 20.4 LTS system (smbd 4.11.6) . Initially I
>> tried using the SSSD and 'realm' to join the domain. Everything worked
>> similar to my Centos 7 install and I thought I was finished.
>> The one thing not working is cifs shares showing the proper id mapping.
>> Based on some online posts, including from Rowland, I got rid of SSSD
>> and configured samba/winbind only. Lots of posts saying 'winbind is not
>> sssd'. Still doesn't work.
> Do you have /etc/request-keys.conf setup to call cifs.idmap?
I don't have a /etc/request-keys.conf, but there is a
/etc/request-key.d directory with a cifs.idmap.conf file. It contains:
create cifs.idmap * * /usr/sbin/cifs.idmap %k
However I don't know if it is being used. For example, I temporarily
renamed the above cifs.idmap to cifs.idmap.DISABLED and saw no
difference. (I restarted smbd, winbind, and ran net cache flush).
Since mount.cifs man page says
' If either upcall to cifs.idmap is not setup correctly or winbind is
not configured and running, ID mapping will fail.
In that case uid and gid will default to either to those
values of the share or to the values of uid and/or gid mount
options if specified.'
So I am not sure how much my troubleshooting step tells me.
My smb.conf is:
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
# Global parameters
dedicated keytab file = /etc/krb5.keytab
disable spoolss = Yes
interfaces = lo 192.168.2.0/24
kerberos method = secrets and keytab
load printers = No
log file = /var/log/samba/%m.log
printcap name = /dev/null
realm = MYDOM.XYZ.NET
security = ADS
server string = xyz
template homedir = /home/%U
template shell = /bin/bash
username map = /etc/samba/user.map
winbind enum groups = Yes
winbind enum users = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = MYDOM
idmap config mydom : unix_primary_group = yes
idmap config mydom : range = 1000-29999
idmap config mydom : schema_mode = rfc2307
idmap config mydom : backend = ad
idmap config * : range = 30000-39999
idmap config * : backend = tdb
cups options = raw
hosts allow = 127. 192.168.2.
map acl inherit = Yes
printing = bsd
vfs objects = acl_xattr
More information about the samba