[Samba] Force group syntax for multiple groups

Daniel Müller mueller at tropenklinik.de
Mon Oct 10 00:20:29 MDT 2011

Let vbstore be a virtual dfs directory (dfsroot) on your samba.
For each subdirectory you have to make a share in your smb.conf with the
rights you need.

In the dfs root (vbstore) make an ln -s msdfs for each share... and you are


EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Le, Anh
Gesendet: Freitag, 7. Oktober 2011 14:54
An: Chris Weiss; samba at lists.samba.org
Betreff: Re: [Samba] Force group syntax for multiple groups

Hi Chris,

First of all, thank you very much for reply.

I have the situation here. I want to share a directory (vobstor) which has
multiple subdirectories. These subdirectories are owned by different groups.
How can I setup the correct permission here in samba so that each group can
has the correct access to their files? Below are my smb.conf file. With this
configuration a few of groups are not able to read the files but they are
able to open the shared location and see the files.  Any idea would be very

By the way, our samba server version is 3.5.11 and it is connecting to
Windows 2008 R2 AD. I don't have the problem when the samba server is
connecting to the Windows 2003 AD.



        workgroup = ENGINEERING

        realm = DOMAIN.COM

        preferred master = no

        server string = Samba %v - %h

        security = ADS

        encrypt passwords = yes

        inherit acls = Yes

        nt acl support = yes

        inherit permissions = yes

        debug level = 0

        log file = /var/log/smb.log

        winbind enum users = yes

        winbind enum groups = Yes

        winbind use default domain = Yes

        winbind nested groups = Yes

        winbind separator = +

        ;template primary group = "Domain Users"

#       idmap domains = DOMAIN

        idmap config DOMAIN:backend = ad

        idmap config DOMAIN:default = yes

        idmap config DOMAIN:readonly = yes

        idmap config DOMAIN:range = 8000-50000

        idmap config DOMAIN:schema = rfc2307

        idmap alloc backend = tdb

        idmap alloc config:range = 2000-3000

        load printers = No

        disable spoolss = Yes

        printcap name = /dev/null


        comment = Vobstor Space

        path = /vobstor

        read only = No

        create mask = 0775

        directory mask = 0775

-----Original Message-----
From: Chris Weiss [mailto:cweiss at gmail.com]
Sent: Thursday, October 06, 2011 12:40 PM
To: Le, Anh; samba at lists.samba.org
Subject: Re: [Samba] Force group syntax for multiple groups

On Thu, Oct 6, 2011 at 11:13 AM, Le, Anh
<anh.le at cognex.com<mailto:anh.le at cognex.com>> wrote:

> Hi All,


> What is the syntax of option "force group" for multiple groups? Is there
any one can help me on this? I really appreciate it. I want to give the
permission the shared directory to multiple groups but I don't know what is
its syntax.


> I already tried "force group = group1, group2, group3" but it did not


this isn't for user group coaxing, it's for plain old POSIX primary
permissions.  there can only be one primary group.
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list