[Samba] cifsacl not working

Rowland penny rpenny at samba.org
Fri Sep 25 09:36:21 UTC 2020

On 25/09/2020 10:14, Aurélien Aptel via samba wrote:
> Ken Bass via samba <samba at lists.samba.org> writes:
>> Can you please expand on this, I am confused as to what you are
>> suggesting.  If 'getent pass' works properly and shows no
>> overlap/confusion, this seems to be related to cifsacl.
> It's still hard to say at this point.
> cifs.idmap logs messages in the syslog.
> Can you try mounting with cifsacl, then look at logs in one window
> # journalctl --since=now
> While you do a
> # ls -l /path/to/cifsaclmount/some_file
> If a mapping fails you should see something like this:
> cifs.idmap[8370]: key description: cifs.idmap;0;0;39010000;os:S-1-5-18
> cifs.idmap[8370]: Unable to convert cifs.idmap;0;0;39010000;os:S-1-5-18 to UID: Some IDs could not be mapped.
> "os" means it's the file owner (Owner Sid)
> "gs" means the file group (Group Sid).
> You can try to map the bad SID manually with wbinfo:
> # wbinfo --sid-to-uid S-1-5-18
> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert sid S-1-5-18 to uid
> And then it's a samba/winbind problem.

Not sure how this could be a Samba problem ?

'S-1-5-18' is SYSTEM and from the looks of it, neither cifs.idmap or 
winbind maps it on a Unix domain member (it does map on a Samba DC). It 
is hard to understand from the manpages, does cifsacls use the same ID's 
as Winbind, or does it calculate its own ?


More information about the samba mailing list