[Samba] cifsacl not working
Aurélien Aptel
aaptel at suse.com
Fri Sep 25 12:37:13 UTC 2020
Rowland penny via samba <samba at lists.samba.org> writes:
> 'S-1-5-18' is SYSTEM and from the looks of it, neither cifs.idmap or
> winbind maps it on a Unix domain member (it does map on a Samba DC). It
> is hard to understand from the manpages, does cifsacls use the same ID's
> as Winbind, or does it calculate its own ?
* cifsacl is the mount option.
* When passed, it makes cifs.ko call the userspace program cifs.idmap
everytime it has to map a SID.
* cifs.idmap has a winbind or sssd backend (dynamicly loaded librairies
aka plugins).
* The winbind backend is idmapwb.so and is linked against libwbclient
and uses the same calls as wbinfo to do the mapping. Thus it returns
the same IDs.
I picked this SID as an example of a SID that doesn't map, I don't know
what sort of SID Ken is seeing.
If Ken is seeing a mapping error in the logs and also with wbinfo for
regular AD users it is likely something is wrong with his winbind setup.
Cheers,
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
More information about the samba
mailing list