[Samba] group permissions not setting correctly.

delpheye delpheye at gmail.com
Fri Jul 9 14:49:19 MDT 2010

On Samba 3.5.4, I have a share that should be writable by all in the Domain
Users group.  When I write to the share, the permission mode is correct but
the data doesn't have the correct group and instead lists the username as
the group.  I tried using "force group" but the share stopped being
accessible after a restart so I removed it.  It doesn't seem like this is
standard behavior so I'm not sure what could be causing it.

Relevant smb.conf info:

workgroup = domain
netbios name = fs
server string = domauin FS
passdb backend = ldapsam:ldap://
printcap name = cups
printing = cups
security = user
log level = 3
name resolve order = wins bcast hosts

ldap ssl = off
ldap admin dn = cn=root,dc=domain,dc=com
ldap suffix = dc=domain,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers

ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
#logon script = %U.bat
logon script = logon.bat

domain master = Yes
domain logons = Yes
os level = 35
preferred master = Yes

idmap uid = 15000-20000
idmap gid = 15000-20000

passwd program = /usr/bin/passwd '%u'
unix password sync = yes
passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX password*" %n\n
"*updated successfully*"
enable privileges = yes
username map = /etc/samba/smbusers
wins support = yes

path = /data/public
create mask = 0775
create mode = 0775
directory mask = 0775
guest ok = no
browseable = Yes
writable = yes
write list = "@Domain Users"

More information about the samba mailing list