[Samba] cifsacl not working

Aurélien Aptel aaptel at suse.com
Fri Sep 25 09:14:09 UTC 2020

Ken Bass via samba <samba at lists.samba.org> writes:
> Can you please expand on this, I am confused as to what you are 
> suggesting.  If 'getent pass' works properly and shows no 
> overlap/confusion, this seems to be related to cifsacl.

It's still hard to say at this point.

cifs.idmap logs messages in the syslog.
Can you try mounting with cifsacl, then look at logs in one window

# journalctl --since=now

While you do a

# ls -l /path/to/cifsaclmount/some_file

If a mapping fails you should see something like this:

cifs.idmap[8370]: key description: cifs.idmap;0;0;39010000;os:S-1-5-18
cifs.idmap[8370]: Unable to convert cifs.idmap;0;0;39010000;os:S-1-5-18 to UID: Some IDs could not be mapped.

"os" means it's the file owner (Owner Sid)
"gs" means the file group (Group Sid).

You can try to map the bad SID manually with wbinfo:

# wbinfo --sid-to-uid S-1-5-18
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND           
Could not convert sid S-1-5-18 to uid                          

And then it's a samba/winbind problem.

Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)

More information about the samba mailing list