Hi, I just did some more digging: The `error -13 getting sec desc` was caused by a file my user had zero access to, so it is unimportant. Furthermore, the acl xattr was being exposed, I just used getfattr wrong; `getfattr -n system.cifs_acl` works perfectly. The getxattr syscall also works fine. I also tried listing the xattrs directly using `listxattr`, and it did not return system.cifs_acl, so that may be a bug in the cifs xattrs implementation? The UID/GID mapping is also still not working correctly. My assumption here is that the user/group should be the same ones that getcifsacl is showing; so if I can resolve the UID/GID manually by using `getent passwd`, cifs should be showing it too, is that even correct? Best, Karolin Varner On 10/11/2016 09:57 AM, Karolin Varner wrote: > Hi, > > I was just trying to set up a Samba server at my company that would > mirror one of the existing windows servers and integrate well with > the Windows ACL and Active Directory. > > My plan was to mount both the windows server and the samba server using > CIFS with -o winacl and rsync from windows to linux using -X (preserve xattrs); > since CIFS exposes the windows ACLs as the system.cifs_acl xattr, this > should also copy the windows ACLs. > > The Samba server and the AD integration seem to work well; I can set > ACLs on the Samba File Server, log in as a user from AD and see the AD > users on my local system (`getent passwd`/`getent group`). > > Now, unfortunately I can't get the CIFS UID/GID mapping to work: I can > mount the windows share, read files, write files, create directories. > I can also read the Windows ACLs (`getcifsacl`) with the user names mapped > by winbind, and even change permissions using chmod/chown. > > The user/group then show UP in the ACL and I can see the permissions > changed in the normal `ls` output. > Unfortunately, I can not read the ACLs using `attr -g system.cifs_acl` > and the UID/GID of each file is just set to the fallback user/group. > > For some files – when `ls`ing – I get the error message below: > > CIFS VFS: cifs_acl_to_fattr: error -13 getting sec desc > > and sometimes I see this error: > > Oct 10 13:41:55 ... cifs.idmap[15777]: key description: ... > Oct 10 13:41:55 ... cifs.idmap[15777]: Unable to convert ... to UID: Some IDs could not be mapped. > > Any ideas? > > Thank You very much! > Karolin Varner > -- > To unsubscribe from this list: send the line "unsubscribe linux-cifs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
