[Samba] cifsacl not working

[Rowland penny]

On 25/09/2020 17:15, Ken Bass via samba wrote:
> On 9/25/20 5:14 AM, Aurélien Aptel wrote:
>> Ken Bass via samba <samba at lists.samba.org> writes:
>>> Can you please expand on this, I am confused as to what you are
>>> suggesting.  If 'getent pass' works properly and shows no
>>> overlap/confusion, this seems to be related to cifsacl.
>> It's still hard to say at this point.
>>
>> cifs.idmap logs messages in the syslog.
>> Can you try mounting with cifsacl, then look at logs in one window
>>
>> # journalctl --since=now
>>
>> While you do a
>>
>> # ls -l /path/to/cifsaclmount/some_file
>>
>> If a mapping fails you should see something like this:
>>
>> cifs.idmap[8370]: key description: cifs.idmap;0;0;39010000;os:S-1-5-18
>> cifs.idmap[8370]: Unable to convert 
>> cifs.idmap;0;0;39010000;os:S-1-5-18 to UID: Some IDs could not be 
>> mapped.
>>
>> "os" means it's the file owner (Owner Sid)
>> "gs" means the file group (Group Sid).
>>
>> You can try to map the bad SID manually with wbinfo:
>>
>> # wbinfo --sid-to-uid S-1-5-18
>> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not convert sid S-1-5-18 to uid
>>
>> And then it's a samba/winbind problem.
>>
>> Cheers,
>
> Is there a logging level required and for what application? I don't 
> see a mention of cifs.idmap in the journal logs which deepens my 
> suspicion that it not being used.
> The only reference I see is:
>
> Sep 24 09:32:01 pc-u20 kernel: FS-Cache: Netfs 'cifs' registered for 
> caching
> Sep 24 09:32:01 pc-u20 kernel: Key type cifs.spnego registered
> Sep 24 09:32:01 pc-u20 kernel: Key type cifs.idmap registered
>
> If I run 'getcifsacl -r /path/to/cifsaclmount/some_file' and then I 
> use the 'wbinfo --sid-to-uid' on the returns SID, it reports the 
> proper mapping.
>
> What / how does the cifs.idmap 'upcall' work? What triggers it? I 
> think the issue must be in that area.
>
>
Just a thought, do you have the keyutils package installed ?

Rowland