Ubuntu
cifs-utils package

  1. Bug #1772148
  2. Comment #10

Comment 10 for bug 1772148

Revision history for this message
krbvroc1 (kbass) wrote :

I just spent days troubleshooting mount.cifs not working and ultimately determined it was due to this bug. I could mount okay, but no id/group mapping to the proper users would take place. All files were owned by the mounter or the uid/gid passed to the mount command. For 'cifsacl' option, this is not how it is supposed to work.

I started with an sssd setup which didn't work and then tried straight samba/winbind which equally didn't work.

I use mount.cifs with the 'cifsacl' option. 'cifsacl' will use winbind to perform the mapping. In the Linux kernel, cifsacl.c calls functions such as 'sid_to_id' which in turn issues a 'request_key' call.

So the cifs-utils package installs
/etc/request-key.d/cifs.idmap.conf
/etc/request-key.d/cifs.spnego.conf

However the package only has a 'suggestion' of the keyutils package. Without installing keyutils which creates the /etc/request-key.conf file AND installs the /sbin/request-key binary, the 'cifsacl' option doesn't work / perform the winbind mapping as it should. cifs-utils installed the cifs.idmap.conf which requires the /sbin/request-key binary be installed to invoke the cifs.idmap userspace helper.

If this cifs-utils does not change the keyutils to a required dependency, then I think there at least needs to be some serious logging/warning when a mount with cifsacl option is done to warn the user that cifs.idmap is not going to work / be invoked.

One I installed the keyutils package, then everything worked as I expected (and had been working on a different distro).

After enabling debugging of the cifs module, I had seen the following messages when keyutils was not installed when accessing the mounted fs (with cifsacl):

kernel: fs/cifs/smb2ops.c: get_smb2_acl_by_path: rc = 0 ACL len 176
kernel: fs/cifs/cifsacl.c: sid_to_id: Can't map SID os:S-1-5-21-xxx-1115 to a uid
kernel: fs/cifs/cifsacl.c: sid_to_id: Can't map SID gs:S-1-5-21-xxx-513 to a gid
kernel: fs/cifs/inode.c: looking for uniqueid=3276811

Those debug level messages were not very helpful in indicating the request-key was failing rather than a samba/winbind issue.

This was on a new Ubuntu 20.04 LTS install.

Some comments above indicated an 'it works for me'. However those scenarios did not include the 'cifsacl' option, so the use of the cifs.idmap upcall was not exercised.