[Samba] POSIX-Share fails with NFS-mounts

Thu Jul 30 09:28:46 UTC 2015

Hi there,

I'm sure this must have been discussed before, but I can't find anything that addresses exactly my problem in the archives.

The problem I ran into is, that a samba-share relying on POSIX file-permissions stops working as soon as the shared folder is a NFS-mount itself.
In that case, it is no longer possible for any user to access files or folders.
So in my example, if "/samba/shares" is a local folder, everythings works as expected. If I mount an external storage to "/samba/shares" via NFS, the access from the Windows clients via samba is denied to this share.
I need to get this construct running, since for some reason I can't get a customized samba running directly on the storage, so I need to use a dedicated machine for this that mounts the data to be shared somehow.
I'm using samba 4.2.1 here.
Is there a solution for this?
Many thanks in advance.

Kind regards,
Christian Keck

Here's my smb.conf:

[global]
        workgroup = MYGROUP
        server string = Samba Server Version %v
        netbios name = sambavm
        netbios aliases = sambavm sambavm.mydomain.local

        log file = /var/log/samba/smb.log
        log level = 2

        passdb backend = ldapsam:ldap://ldap.mydomain.local/
        ldap ssl = no
        ldap suffix = dc=mydomain,dc=local
        ldap admin dn = cn=admin,dc=mydomain,dc=local
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=Idmap
        ldap delete dn = no
        ldap passwd sync = no
        unix password sync = no

        idmap_ldb:use rfc2307 = Yes

        add user script = /usr/sbin/smbldap-useradd -m -a %u
        delete user script = /usr/sbin/smbldap-userdel %u
        add group script = /usr/sbin/smbldap-groupadd -p %g
        delete group script = /usr/sbin/smbldap-groupdel %g
        add user to group script = /usr/sbin/smbldap-groupmod -m %g %u
        delete user from group script = /usr/sbin/smbldap-groupmod -x %g %u
        set primary group script = /usr/sbin/smbldap-usermod -g %g %u
        add machine script = /usr/sbin/smbldap-useradd -i -w %u

        wins support = yes

        veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/. at __thumb/. at __desc/:2e*/

[homes]
        comment = Home Directories
        read only = No
        browseable = No
        create mask = 0700
        directory mask = 2700
        guest ok = Yes
        root preexec = /usr/sbin/mkhomedir.sh %u %g

[mydomain]
        comment = mydomain Share
        path = /samba/shares
        read only = No
        create mask = 0770
        force create mode = 0660
        force security mode = 0660
        directory mask = 2770
        force directory mode = 2770
        force directory security mode = 2770
        inherit permissions = Yes
        hide unreadable = Yes
        hide unwriteable files = Yes