[Samba] cifsacl not working

Aurélien Aptel aaptel at suse.com
Fri Sep 25 12:37:13 UTC 2020

Rowland penny via samba <samba at lists.samba.org> writes:
> 'S-1-5-18' is SYSTEM and from the looks of it, neither cifs.idmap or 
> winbind maps it on a Unix domain member (it does map on a Samba DC). It 
> is hard to understand from the manpages, does cifsacls use the same ID's 
> as Winbind, or does it calculate its own ?

* cifsacl is the mount option.
* When passed, it makes cifs.ko call the userspace program cifs.idmap
  everytime it has to map a SID.
* cifs.idmap has a winbind or sssd backend (dynamicly loaded librairies
  aka plugins).
* The winbind backend is idmapwb.so and is linked against libwbclient
  and uses the same calls as wbinfo to do the mapping. Thus it returns
  the same IDs.

I picked this SID as an example of a SID that doesn't map, I don't know
what sort of SID Ken is seeing.

If Ken is seeing a mapping error in the logs and also with wbinfo for
regular AD users it is likely something is wrong with his winbind setup.

Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)

More information about the samba mailing list