[Samba] Can't map SID to a uid (but works for gid)

Mon Feb 9 12:49:17 UTC 2026

On Mon, 9 Feb 2026 11:39:23 +0000
Matthew Richardson via samba <samba at lists.samba.org> wrote:

> I have a samba server joined to an AD, with rfc2307 enabled.
> 
> Samba ad/idmap config:
> 
> security = ads
> realm = FOO.EXAMPLE.COM
> workgroup = FOO
> idmap config * : backend = tdb
> idmap config * : range = 1-1024
> idmap config ED : backend = ad
> idmap config ED : range = 1025-9999999
> idmap config ED : schema_mode = rfc2307
> idmap config ED : unix_nss_info = True
> idmap config ED : unix_primary_group = True
> 
> This seems to be working on the server side, for example with test
> user account:
> 
> wbinfo -i FOO\\josoap
> FOO\josoap:*:143463:143463:Jo Soap:/home/josoap:/bin/bash
> 
> On the 'real' fs on the server I have /home/josoap owned 143463:143463
> 
> I am mounting on a client (Ubuntu 24.04 6.17 kernel, cifs version
> 2.56). The client is not running sssd or winbind and is not in any
> way joined to the AD or other domain.
> 
> mount -t cifs //homes.example.com/homes /mnt/smb -o 
> username=josoap,domain=FOO,posix,vers=3.11
> 
> If I do ls -l /mnt/smb I see:
> 
> # ls -ln /mnt
> total 0
> drwxr-xr-x 2 0 143463 6 Feb  5 19:10 josoap
> 
> So the uid is set to 0, but the gid is correct.
> 
> Looking at the logs (sid obfuscated) I see the following:
> 
> kernel: CIFS: fs/smb/client/readdir.c: new entry 0000000016c7f25e old 
> entry 00000000bd7f7558
> kernel: CIFS: fs/smb/client/readdir.c: posix fattr: dev -2, reparse
> 0, mode 10755
> kernel: CIFS: fs/smb/client/cifsacl.c: sid_to_id: Can't map SID 
> os:S-1-5-21-XXX to a uid
> kernel: CIFS: fs/smb/client/cifsacl.c: Unix UID 143463 returned from
> SID Feb 09 11:22:26 w8822 kernel: CIFS: fs/smb/client/readdir.c: 
> cifs_prime_dcache: for josoap
> 
> The same issue of uid = 0 occurs for any file/owner, and using a 
> different domain account to mount doesn't change anything.
> 
> 
> Can anyone suggest what might be causing the uid to not be mapped 
> correctly, while it seems to handle gid fine?
> 
> I've tried restarting samba, clearing the cache (net cache flush) and 
> also setting:
> 
> idmap cache time = 1
> idmap negative cache time = 1
> 
> But that hasn't changed anything.
> 
> Thanks,
> 
> Matthew
> 
> 
> 

From the above, it sounds like there are at least three machines
involved. An AD DC (type unknown), a Samba server (Samba version
unknown) running as a fileserver and a Ubuntu 24.04 client. The client
is reportedly not joined to the domain.

Is the above correct ?

If it is, then can you explain just why you expect Samba on the Ubuntu
client to know any Domain users & groups ?

Further to that, have any uidNumber & gidNumber attributes been
added to AD, they are not there by default, following up on this, do
you realise that because of the ranges in use, you cannot have any
local Unix users or groups on the Samba server ?

Rowland