[Samba] force group does not work

Leander S. info at netocean.de
Sun Feb 9 03:56:54 MST 2014 

Hi

Thanks for your input, but this isn't really a workarround ;/
At the end of the day, I want to give each share it's own

valid users = @Groupname
force user  = Username(=Groupname)
force group = Groupname

This makes permission management way easier, since users could just be 
added or removed from the  Groupname in order to get permission on the 
share.

Also I don't need a cronjob, which sooner or later kills my HDDs, doing 
a periodic chmod -R and chown -R over all files. (This is anyway not a 
profeesional solution in my opinion)


My question is more likely: What am I missing in my config to make my 
setup work? Am I using the wrong syntax at some place, or what? This is 
quite frustrating ;)




Am 08.02.14 19:43, schrieb steve:
> On Sat, 2014-02-08 at 10:35 +0100, Leander S. wrote:
>> Hi
>>
>> I set up a samba 4.1.4 server on the latest FreeBSD RELEASE 10.
>> Unfortunately it doesn't seem to consider the option force group. After
>> hours ofresearch I couldn't figure out what I'm still missing. unix
>> extensions is set to no. Setting the debug level up to 10 also didn't
>> help ;(
>> Is this a bug or is there simply a mistake in my setup?
>>
>> When
>> *valid users = @Groupname*
>> is set, then I don't have access to the share at all anymore.
>>
>> As funny as it sounds, but
>> *force user* **= *MyUsername*
>> is working as expected.
>>
>>
>> id -Gn MyUsername
>> MyUsername Groupname
>>
>> getent group Groupname
>> Groupname:*:2004:MyUsername,Groupname
>>
>>
>> # ============= Global ============= #
>>
>>       [global]
>>
>>        # Basic server settings
>>        workgroup          = DOMAIN
>>        realm              = DOMAIN.LOCAL
>>        netbios name       = FILESERVER
>>        server role        = standalone server
>>
>>        # Password backend
>>        passdb backend     = samba_dsdb
>>
>>        # DNS
>>        dns forwarder      = 10.0.0.1
>>
>>        # Logging
>>        log level = 2
>>        max log size = 5000
>>
>>        # Charset
>>        unix charset       = UTF-8
>>        dos charset        = cp1252
>>
>>        # NTLMv2 aktivieren
>>        ntlm auth          = No
>>        lanman auth        = No
>>        client ntlmv2 auth = Yes
>>
>>        # Printing
>>        load printers = No
>>        printing      = BSD
>>        printcap name = /dev/null
>>
>>        # Default masks
>>        unix extensions      = No
> lose these for now:
>>        create mask          = 0770
>>        force create mode    = 0770
>>        directory mask       = 0770
>>        force directory mode = 0770
>>
>>        # Miscellaneous
>>        veto oplock files  = /*.doc/*.xls/*.ppt/*.mdb/*.docx/*.xlsx/*.ppt
>>
>>
>> # ============= Shares ============= #
>>
>>       [MyShare]
>>        comment     = NAS
>>        path        = /mnt/MyShare
>>        guest ok    = No
>>        read only   = No
>>        valid users = @Groupname
>>        forece user = MyUsername
>>        force group = Groupname
>>
>>
>>
>>
>>
>>
>>
>> Any help would be greatly appreciated ;)
>>
>> Best Regards
>> L.
>>
>>
> change this:
> force user = MyUsername
> and go for something like:
> chgrp Groupname /mnt/MyShare
> chmod g +s /mnt/MyShare
> maybe?
> Steve
>
>

More information about the samba mailing list