[Samba] Can't map SID to a uid (but works for gid)

Matthew Richardson m.richardson at ed.ac.uk
Mon Feb 9 11:39:23 UTC 2026 

I have a samba server joined to an AD, with rfc2307 enabled.

Samba ad/idmap config:

security = ads
realm = FOO.EXAMPLE.COM
workgroup = FOO
idmap config * : backend = tdb
idmap config * : range = 1-1024
idmap config ED : backend = ad
idmap config ED : range = 1025-9999999
idmap config ED : schema_mode = rfc2307
idmap config ED : unix_nss_info = True
idmap config ED : unix_primary_group = True

This seems to be working on the server side, for example with test user 
account:

wbinfo -i FOO\\josoap
FOO\josoap:*:143463:143463:Jo Soap:/home/josoap:/bin/bash

On the 'real' fs on the server I have /home/josoap owned 143463:143463

I am mounting on a client (Ubuntu 24.04 6.17 kernel, cifs version 2.56). 
The client is not running sssd or winbind and is not in any way joined 
to the AD or other domain.

mount -t cifs //homes.example.com/homes /mnt/smb -o 
username=josoap,domain=FOO,posix,vers=3.11

If I do ls -l /mnt/smb I see:

# ls -ln /mnt
total 0
drwxr-xr-x 2 0 143463 6 Feb  5 19:10 josoap

So the uid is set to 0, but the gid is correct.

Looking at the logs (sid obfuscated) I see the following:

kernel: CIFS: fs/smb/client/readdir.c: new entry 0000000016c7f25e old 
entry 00000000bd7f7558
kernel: CIFS: fs/smb/client/readdir.c: posix fattr: dev -2, reparse 0, 
mode 10755
kernel: CIFS: fs/smb/client/cifsacl.c: sid_to_id: Can't map SID 
os:S-1-5-21-XXX to a uid
kernel: CIFS: fs/smb/client/cifsacl.c: Unix UID 143463 returned from SID
Feb 09 11:22:26 w8822 kernel: CIFS: fs/smb/client/readdir.c: 
cifs_prime_dcache: for josoap

The same issue of uid = 0 occurs for any file/owner, and using a 
different domain account to mount doesn't change anything.


Can anyone suggest what might be causing the uid to not be mapped 
correctly, while it seems to handle gid fine?

I've tried restarting samba, clearing the cache (net cache flush) and 
also setting:

idmap cache time = 1
idmap negative cache time = 1

But that hasn't changed anything.

Thanks,

Matthew



-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20260209/6b79501e/OpenPGP_signature.sig>

More information about the samba mailing list