Linux – How to map Windows ACL to Linux ones on a CIFS share

Context

We have a Windows server with an Active Directory domain and a network share.

I have a Linux machine and I want to mount the share.

sudo mount -t cifs //server/share /mnt/share -o user=[act-dir user],domain=[domain],uid=[linux user],gid=[linux group]

It's more or less OK. My Linux user gets mapped to all files on the share and some of the ACL are translated. But I want to go a level further:

• More than one user is connected to the Linux box
• Each Linux user has a dedicated Active Directory account
• I want each Windows owner to be mapped to the corresponding Linux owner if it exists

A solution and the problem

Samba offers the mount option cifsacl which requires to set-up cifs.idmap and winbindd. Both are installed, I've read both man pages and tried to configure them but it does not work. The newly mount command is now:

sudo mount -t cifs //server/share /mnt/share -o user=[act-dir user],domain=[domain],cifsacl

But everything is mapped to root:root, which means the cifs.idmap could not be performed.

Actually, I'm not all surprised because I did not understand where to write the actual mapping so where should I write that Windows userX actually maps to Linux userY? And I'm not sure that the winbindd configuration is correct, what should be the minimum set of parameters and is smbd and/or nmbd require to run? Do I need to open the port in the firewall?

Background infos

Share structure

The shared directory has several sub directories, some commons and some "privates" (although the private ones are actually readable by everyone). Each user would need to access from time to time the common space, and also other user private directories, but mainly/often their own directory.

Tech data

• RHEL 6, Samba 3.5.6
• Ubuntu 12.04, Samba 3.6.3