[Samba] cifsacl not working

Ken Bass kbass at kenbass.com
Fri Sep 25 16:50:44 UTC 2020


On 9/25/20 12:23 PM, Rowland penny via samba wrote:
> On 25/09/2020 17:15, Ken Bass via samba wrote:
>> On 9/25/20 5:14 AM, Aurélien Aptel wrote:
>>> Ken Bass via samba <samba at lists.samba.org> writes:
>>>> Can you please expand on this, I am confused as to what you are
>>>> suggesting.  If 'getent pass' works properly and shows no
>>>> overlap/confusion, this seems to be related to cifsacl.
>>> It's still hard to say at this point.
>>>
>>> cifs.idmap logs messages in the syslog.
>>> Can you try mounting with cifsacl, then look at logs in one window
>>>
>>> # journalctl --since=now
>>>
>>> While you do a
>>>
>>> # ls -l /path/to/cifsaclmount/some_file
>>>
>>> If a mapping fails you should see something like this:
>>>
>>> cifs.idmap[8370]: key description: cifs.idmap;0;0;39010000;os:S-1-5-18
>>> cifs.idmap[8370]: Unable to convert 
>>> cifs.idmap;0;0;39010000;os:S-1-5-18 to UID: Some IDs could not be 
>>> mapped.
>>>
>>> "os" means it's the file owner (Owner Sid)
>>> "gs" means the file group (Group Sid).
>>>
>>> You can try to map the bad SID manually with wbinfo:
>>>
>>> # wbinfo --sid-to-uid S-1-5-18
>>> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
>>> Could not convert sid S-1-5-18 to uid
>>>
>>> And then it's a samba/winbind problem.
>>>
>>> Cheers,
>>
>> Is there a logging level required and for what application? I don't 
>> see a mention of cifs.idmap in the journal logs which deepens my 
>> suspicion that it not being used.
>> The only reference I see is:
>>
>> Sep 24 09:32:01 pc-u20 kernel: FS-Cache: Netfs 'cifs' registered for 
>> caching
>> Sep 24 09:32:01 pc-u20 kernel: Key type cifs.spnego registered
>> Sep 24 09:32:01 pc-u20 kernel: Key type cifs.idmap registered
>>
>> If I run 'getcifsacl -r /path/to/cifsaclmount/some_file' and then I 
>> use the 'wbinfo --sid-to-uid' on the returns SID, it reports the 
>> proper mapping.
>>
>> What / how does the cifs.idmap 'upcall' work? What triggers it? I 
>> think the issue must be in that area.
>>
>>
> Just a thought, do you have the keyutils package installed ?
>

Hmm...very interesting clue - that is not installed and I don't think 
the samba packages had that as a dependency. What is its role?
Is some other key management thing related to sssd or some other 
gnome/xfce thing supposed to handle this? If required, seems odd the 
package is listed as 'optional' and not required.
There is a libkeyutils1 that is installed however.

I also found
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1772148

Separately,

Enabling debug on the CIFS module, I do see the following (notice Can't 
map SID messages):

ls -al '/path/to/cifsaclmount/test'

Sep 25 12:32:02 pc-u20 kernel: fs/cifs/inode.c: Getting info on \test
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/smb2misc.c: Calculated size 190 
length 192 mismatch mid 50
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/smb2misc.c: Calculated size 124 
length 128 mismatch mid 51
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/smb2ops.c: get smb3 acl for path 
\test
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/smb2ops.c: CIFS VFS: in 
get_smb2_acl_by_path as Xid: 1917 with uid: 0
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/smb2pdu.c: create/open
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/smb2pdu.c: Query Info
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/smb2pdu.c: Close
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/smb2ops.c: CIFS VFS: leaving 
get_smb2_acl_by_path (xid = 1917) rc = 0
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/smb2ops.c: get_smb2_acl_by_path: 
rc = 0 ACL len 176
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/cifsacl.c: sid_to_id: Can't map 
SID os:S-1-5-21-xxx-1115 to a uid
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/cifsacl.c: sid_to_id: Can't map 
SID gs:S-1-5-21-xxx-513 to a gid
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/inode.c: looking for uniqueid=3276811
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/inode.c: cifs_revalidate_cache: 
revalidating inode 3276811
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/inode.c: cifs_revalidate_cache: 
inode 3276811 is new
Sep 25 12:32:02 pc-u20 kernel: fs/cifs/dir.c: CIFS VFS: leaving 
cifs_lookup (xid = 1916) rc = 0





More information about the samba mailing list