[Samba] force group does not work
Leander S.
info at netocean.de
Sun Feb 9 04:11:31 MST 2014
Am 09.02.14 11:56, schrieb Leander S.:
> Hi
>
> Thanks for your input, but this isn't really a workarround ;/
> At the end of the day, I want to give each share it's own
>
> valid users = @Groupname
> force user = Username(=Groupname)
> force group = Groupname
>
> This makes permission management way easier, since users could just be
> added or removed from the Groupname in order to get permission on the
> share.
>
> Also I don't need a cronjob, which sooner or later kills my HDDs,
> doing a periodic chmod -R and chown -R over all files. (This is anyway
> not a profeesional solution in my opinion)
>
>
> My question is more likely: What am I missing in my config to make my
> setup work? Am I using the wrong syntax at some place, or what? This
> is quite frustrating ;)
>
>
>
>
> Am 08.02.14 19:43, schrieb steve:
>> On Sat, 2014-02-08 at 10:35 +0100, Leander S. wrote:
>>> Hi
>>>
>>> I set up a samba 4.1.4 server on the latest FreeBSD RELEASE 10.
>>> Unfortunately it doesn't seem to consider the option force group. After
>>> hours ofresearch I couldn't figure out what I'm still missing. unix
>>> extensions is set to no. Setting the debug level up to 10 also didn't
>>> help ;(
>>> Is this a bug or is there simply a mistake in my setup?
>>>
>>> When
>>> *valid users = @Groupname*
>>> is set, then I don't have access to the share at all anymore.
>>>
>>> As funny as it sounds, but
>>> *force user* **= *MyUsername*
>>> is working as expected.
>>>
>>>
>>> id -Gn MyUsername
>>> MyUsername Groupname
>>>
>>> getent group Groupname
>>> Groupname:*:2004:MyUsername,Groupname
>>>
>>>
>>> # ============= Global ============= #
>>>
>>> [global]
>>>
>>> # Basic server settings
>>> workgroup = DOMAIN
>>> realm = DOMAIN.LOCAL
>>> netbios name = FILESERVER
>>> server role = standalone server
>>>
>>> # Password backend
>>> passdb backend = samba_dsdb
>>>
>>> # DNS
>>> dns forwarder = 10.0.0.1
>>>
>>> # Logging
>>> log level = 2
>>> max log size = 5000
>>>
>>> # Charset
>>> unix charset = UTF-8
>>> dos charset = cp1252
>>>
>>> # NTLMv2 aktivieren
>>> ntlm auth = No
>>> lanman auth = No
>>> client ntlmv2 auth = Yes
>>>
>>> # Printing
>>> load printers = No
>>> printing = BSD
>>> printcap name = /dev/null
>>>
>>> # Default masks
>>> unix extensions = No
>> lose these for now:
>>> create mask = 0770
>>> force create mode = 0770
>>> directory mask = 0770
>>> force directory mode = 0770
>>>
>>> # Miscellaneous
>>> veto oplock files =
>>> /*.doc/*.xls/*.ppt/*.mdb/*.docx/*.xlsx/*.ppt
>>>
>>>
>>> # ============= Shares ============= #
>>>
>>> [MyShare]
>>> comment = NAS
>>> path = /mnt/MyShare
>>> guest ok = No
>>> read only = No
>>> valid users = @Groupname
>>> forece user = MyUsername
>>> force group = Groupname
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Any help would be greatly appreciated ;)
>>>
>>> Best Regards
>>> L.
>>>
>>>
>> change this:
>> force user = MyUsername
>> and go for something like:
>> chgrp Groupname /mnt/MyShare
>> chmod g +s /mnt/MyShare
>> maybe?
>> Steve
>>
>>
>
valid users = admin
force user = admin
force group = @admin
Results in:
*smbclient -U admin \\\\HOSTNAME-01\\DOMAIN <password>*
Domain=[DOMAIN] OS=[Unix] Server=[Samba 4.1.4]
tree connect failed: NT_STATUS_NO_SUCH_GROUP
Yet it exists and is member of:
*id -Gn admin*
admin wheel
*getent group admin*
admin:*:1001
*BUT:*
*wbinfo -u*
HOSTNAME-01\HOSTNAME-01$
HOSTNAME-01\administrator
HOSTNAME-01\krbtgt
HOSTNAME-01\guest
HOSTNAME-01\admin
*wbinfo -g*
HOSTNAME-01\read-only domain controllers
HOSTNAME-01\group policy creator owners
HOSTNAME-01\domain controllers
HOSTNAME-01\domain computers
HOSTNAME-01\domain admins
HOSTNAME-01\domain guests
HOSTNAME-01\domain users
# ========================================================= #
While following setup results in a valid login
valid users = admin
force user = admin
force group = admin
BUT
ls -lach /mnt/MyShare
[...]
drwxrwxrwx 2 admin *wheel* 2B Feb 9 12:08 TestFolder
[...]
it seems like it falling back to wheel, which is just wrong here ;(
More information about the samba
mailing list