[Samba] cifsacl not working

Ken Bass kbass at kenbass.com
Fri Sep 25 16:15:33 UTC 2020

On 9/25/20 5:14 AM, Aurélien Aptel wrote:
> Ken Bass via samba <samba at lists.samba.org> writes:
>> Can you please expand on this, I am confused as to what you are
>> suggesting.  If 'getent pass' works properly and shows no
>> overlap/confusion, this seems to be related to cifsacl.
> It's still hard to say at this point.
> cifs.idmap logs messages in the syslog.
> Can you try mounting with cifsacl, then look at logs in one window
> # journalctl --since=now
> While you do a
> # ls -l /path/to/cifsaclmount/some_file
> If a mapping fails you should see something like this:
> cifs.idmap[8370]: key description: cifs.idmap;0;0;39010000;os:S-1-5-18
> cifs.idmap[8370]: Unable to convert cifs.idmap;0;0;39010000;os:S-1-5-18 to UID: Some IDs could not be mapped.
> "os" means it's the file owner (Owner Sid)
> "gs" means the file group (Group Sid).
> You can try to map the bad SID manually with wbinfo:
> # wbinfo --sid-to-uid S-1-5-18
> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert sid S-1-5-18 to uid
> And then it's a samba/winbind problem.
> Cheers,

Is there a logging level required and for what application? I don't see 
a mention of cifs.idmap in the journal logs which deepens my suspicion 
that it not being used.
The only reference I see is:

Sep 24 09:32:01 pc-u20 kernel: FS-Cache: Netfs 'cifs' registered for caching
Sep 24 09:32:01 pc-u20 kernel: Key type cifs.spnego registered
Sep 24 09:32:01 pc-u20 kernel: Key type cifs.idmap registered

If I run 'getcifsacl -r /path/to/cifsaclmount/some_file' and then I use 
the 'wbinfo --sid-to-uid' on the returns SID, it reports the proper mapping.

What / how does the cifs.idmap 'upcall' work? What triggers it? I think 
the issue must be in that area.

More information about the samba mailing list