[Samba] Force group syntax for multiple groups

[Le, Anh]

Hi Chris,



First of all, thank you very much for reply.



I have the situation here. I want to share a directory (vobstor) which has multiple subdirectories. These subdirectories are owned by different groups. How can I setup the correct permission here in samba so that each group can has the correct access to their files? Below are my smb.conf file. With this configuration a few of groups are not able to read the files but they are able to open the shared location and see the files.  Any idea would be very appreciated.



By the way, our samba server version is 3.5.11 and it is connecting to Windows 2008 R2 AD. I don't have the problem when the samba server is connecting to the Windows 2003 AD.



Thanks
Anh.



[global]

        workgroup = ENGINEERING

        realm = DOMAIN.COM

        preferred master = no

        server string = Samba %v - %h

        security = ADS

        encrypt passwords = yes



        inherit acls = Yes

        nt acl support = yes

        inherit permissions = yes

        debug level = 0

        log file = /var/log/smb.log



        winbind enum users = yes

        winbind enum groups = Yes

        winbind use default domain = Yes

        winbind nested groups = Yes

        winbind separator = +

        ;template primary group = "Domain Users"



#       idmap domains = DOMAIN

        idmap config DOMAIN:backend = ad

        idmap config DOMAIN:default = yes

        idmap config DOMAIN:readonly = yes

        idmap config DOMAIN:range = 8000-50000

        idmap config DOMAIN:schema = rfc2307

        idmap alloc backend = tdb

        idmap alloc config:range = 2000-3000



        load printers = No

        disable spoolss = Yes

        printcap name = /dev/null



[vobstor]

        comment = Vobstor Space

        path = /vobstor

        read only = No

        create mask = 0775

        directory mask = 0775





-----Original Message-----
From: Chris Weiss [mailto:cweiss at gmail.com]
Sent: Thursday, October 06, 2011 12:40 PM
To: Le, Anh; samba at lists.samba.org
Subject: Re: [Samba] Force group syntax for multiple groups



On Thu, Oct 6, 2011 at 11:13 AM, Le, Anh <anh.le at cognex.com<mailto:anh.le at cognex.com>> wrote:

> Hi All,

>

> What is the syntax of option "force group" for multiple groups? Is there any one can help me on this? I really appreciate it. I want to give the permission the shared directory to multiple groups but I don't know what is its syntax.

>

> I already tried "force group = group1, group2, group3" but it did not work.

>



this isn't for user group coaxing, it's for plain old POSIX primary permissions.  there can only be one primary group.