Hi I set up a samba 4.1.4 server on the latest FreeBSD RELEASE 10. Unfortunately it doesn't seem to consider the option force group. After hours ofresearch I couldn't figure out what I'm still missing. unix extensions is set to no. Setting the debug level up to 10 also didn't help ;( Is this a bug or is there simply a mistake in my setup? When *valid users = @Groupname* is set, then I don't have access to the share at all anymore. As funny as it sounds, but *force user* **= *MyUsername* is working as expected. id -Gn MyUsername MyUsername Groupname getent group Groupname Groupname:*:2004:MyUsername,Groupname # ============= Global ============= # [global] # Basic server settings workgroup = DOMAIN realm = DOMAIN.LOCAL netbios name = FILESERVER server role = standalone server # Password backend passdb backend = samba_dsdb # DNS dns forwarder = 10.0.0.1 # Logging log level = 2 max log size = 5000 # Charset unix charset = UTF-8 dos charset = cp1252 # NTLMv2 aktivieren ntlm auth = No lanman auth = No client ntlmv2 auth = Yes # Printing load printers = No printing = BSD printcap name = /dev/null # Default masks unix extensions = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 # Miscellaneous veto oplock files = /*.doc/*.xls/*.ppt/*.mdb/*.docx/*.xlsx/*.ppt # ============= Shares ============= # [MyShare] comment = NAS path = /mnt/MyShare guest ok = No read only = No valid users = @Groupname forece user = MyUsername force group = Groupname Any help would be greatly appreciated ;) Best Regards L.
On Sat, 2014-02-08 at 10:35 +0100, Leander S. wrote:> Hi > > I set up a samba 4.1.4 server on the latest FreeBSD RELEASE 10. > Unfortunately it doesn't seem to consider the option force group. After > hours ofresearch I couldn't figure out what I'm still missing. unix > extensions is set to no. Setting the debug level up to 10 also didn't > help ;( > Is this a bug or is there simply a mistake in my setup? > > When > *valid users = @Groupname* > is set, then I don't have access to the share at all anymore. > > As funny as it sounds, but > *force user* **= *MyUsername* > is working as expected. > > > id -Gn MyUsername > MyUsername Groupname > > getent group Groupname > Groupname:*:2004:MyUsername,Groupname > > > # ============= Global ============= # > > [global] > > # Basic server settings > workgroup = DOMAIN > realm = DOMAIN.LOCAL > netbios name = FILESERVER > server role = standalone server > > # Password backend > passdb backend = samba_dsdb > > # DNS > dns forwarder = 10.0.0.1 > > # Logging > log level = 2 > max log size = 5000 > > # Charset > unix charset = UTF-8 > dos charset = cp1252 > > # NTLMv2 aktivieren > ntlm auth = No > lanman auth = No > client ntlmv2 auth = Yes > > # Printing > load printers = No > printing = BSD > printcap name = /dev/null > > # Default masks > unix extensions = Nolose these for now:> create mask = 0770 > force create mode = 0770 > directory mask = 0770 > force directory mode = 0770 >> # Miscellaneous > veto oplock files = /*.doc/*.xls/*.ppt/*.mdb/*.docx/*.xlsx/*.ppt > > > # ============= Shares ============= # > > [MyShare] > comment = NAS > path = /mnt/MyShare > guest ok = No > read only = No > valid users = @Groupname > forece user = MyUsername > force group = Groupname > > > > > > > > Any help would be greatly appreciated ;) > > Best Regards > L. > >change this: force user = MyUsername and go for something like: chgrp Groupname /mnt/MyShare chmod g +s /mnt/MyShare maybe? Steve
I couldn't get "valid users = @group" ?to work at all, but that was on a DC and I figured it was just not supported yet. Is that happening on a non-DC? Sent from my BlackBerry 10 smartphone. ? Original Message ? From: Leander S. Sent: Saturday, February 8, 2014 04:44 To: samba at lists.samba.org Reply To: Leander S. Subject: [Samba] force group does not work Hi I set up a samba 4.1.4 server on the latest FreeBSD RELEASE 10. Unfortunately it doesn't seem to consider the option force group. After hours ofresearch I couldn't figure out what I'm still missing. unix extensions is set to no. Setting the debug level up to 10 also didn't help ;( Is this a bug or is there simply a mistake in my setup? When *valid users = @Groupname* is set, then I don't have access to the share at all anymore. As funny as it sounds, but *force user* **= *MyUsername* is working as expected. id -Gn MyUsername MyUsername Groupname getent group Groupname Groupname:*:2004:MyUsername,Groupname # ============= Global ============= # [global] # Basic server settings workgroup = DOMAIN realm = DOMAIN.LOCAL netbios name = FILESERVER server role = standalone server # Password backend passdb backend = samba_dsdb # DNS dns forwarder = 10.0.0.1 # Logging log level = 2 max log size = 5000 # Charset unix charset = UTF-8 dos charset = cp1252 # NTLMv2 aktivieren ntlm auth = No lanman auth = No client ntlmv2 auth = Yes # Printing load printers = No printing = BSD printcap name = /dev/null # Default masks unix extensions = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 # Miscellaneous veto oplock files = /*.doc/*.xls/*.ppt/*.mdb/*.docx/*.xlsx/*.ppt # ============= Shares ============= # [MyShare] comment = NAS path = /mnt/MyShare guest ok = No read only = No valid users = @Groupname forece user = MyUsername force group = Groupname Any help would be greatly appreciated ;) Best Regards L. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On 08/02/14 09:35, Leander S. wrote:> Hi > > I set up a samba 4.1.4 server on the latest FreeBSD RELEASE 10. > Unfortunately it doesn't seem to consider the option force group. After > hours ofresearch I couldn't figure out what I'm still missing. unix > extensions is set to no. Setting the debug level up to 10 also didn't > help ;( > Is this a bug or is there simply a mistake in my setup? >You don't say what your clients are? In my experience the number one reason force group does not work is because you have Mac OSX clients and unix extensions enabled. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom.
Am 08.02.2014 10:35, schrieb Leander S.:> When > *valid users = @Groupname* > is set, then I don't have access to the share at all anymore.Due to an open bug the forced user must be included in 'valid users'. This bug breaks many setups and your question will not be the last question about it: https://bugzilla.samba.org/show_bug.cgi?id=9878> [MyShare] > comment = NAS > path = /mnt/MyShare > guest ok = No > read only = No > valid users = @Groupname > forece user = MyUsername^^^^^^ And this is a typo (forece != force). -- der tom
Possibly Parallel Threads
- Samba4 bug - "mount error(5): Input/output error"
- Can't mount samba share, Access denied
- unknown tag type 64 / recycle: stat for *:AFP_AfpInfo returned No such file or directory
- 2x Samba4 Bugs - "mount error(5): Input/output error" & "recycle: stat for ... AFP_AfpInfo returned No such file or directory"
- Samba 3.5.8 / Windows error and system errors while mapping network drive on some PC's