[Samba] cifsacl not working
Rowland penny
rpenny at samba.org
Fri Sep 25 09:36:21 UTC 2020
On 25/09/2020 10:14, Aurélien Aptel via samba wrote:
> Ken Bass via samba <samba at lists.samba.org> writes:
>> Can you please expand on this, I am confused as to what you are
>> suggesting. If 'getent pass' works properly and shows no
>> overlap/confusion, this seems to be related to cifsacl.
> It's still hard to say at this point.
>
> cifs.idmap logs messages in the syslog.
> Can you try mounting with cifsacl, then look at logs in one window
>
> # journalctl --since=now
>
> While you do a
>
> # ls -l /path/to/cifsaclmount/some_file
>
> If a mapping fails you should see something like this:
>
> cifs.idmap[8370]: key description: cifs.idmap;0;0;39010000;os:S-1-5-18
> cifs.idmap[8370]: Unable to convert cifs.idmap;0;0;39010000;os:S-1-5-18 to UID: Some IDs could not be mapped.
>
> "os" means it's the file owner (Owner Sid)
> "gs" means the file group (Group Sid).
>
> You can try to map the bad SID manually with wbinfo:
>
> # wbinfo --sid-to-uid S-1-5-18
> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert sid S-1-5-18 to uid
>
> And then it's a samba/winbind problem.
Not sure how this could be a Samba problem ?
'S-1-5-18' is SYSTEM and from the looks of it, neither cifs.idmap or
winbind maps it on a Unix domain member (it does map on a Samba DC). It
is hard to understand from the manpages, does cifsacls use the same ID's
as Winbind, or does it calculate its own ?
Rowland
More information about the samba
mailing list