samba - Feb 2014 - force group does not work

Hi

I set up a samba 4.1.4 server on the latest FreeBSD RELEASE 10. 
Unfortunately it doesn't seem to consider the option force group. After 
hours ofresearch I couldn't figure out what I'm still missing. unix 
extensions is set to no. Setting the debug level up to 10 also didn't 
help ;(
Is this a bug or is there simply a mistake in my setup?

When
*valid users = @Groupname*
is set, then I don't have access to the share at all anymore.

As funny as it sounds, but
*force user* **= *MyUsername*
is working as expected.


id -Gn MyUsername
MyUsername Groupname

getent group Groupname
Groupname:*:2004:MyUsername,Groupname


# ============= Global ============= #

     [global]

      # Basic server settings
      workgroup          = DOMAIN
      realm              = DOMAIN.LOCAL
      netbios name       = FILESERVER
      server role        = standalone server

      # Password backend
      passdb backend     = samba_dsdb

      # DNS
      dns forwarder      = 10.0.0.1

      # Logging
      log level = 2
      max log size = 5000

      # Charset
      unix charset       = UTF-8
      dos charset        = cp1252

      # NTLMv2 aktivieren
      ntlm auth          = No
      lanman auth        = No
      client ntlmv2 auth = Yes

      # Printing
      load printers = No
      printing      = BSD
      printcap name = /dev/null

      # Default masks
      unix extensions      = No
      create mask          = 0770
      force create mode    = 0770
      directory mask       = 0770
      force directory mode = 0770

      # Miscellaneous
      veto oplock files  = /*.doc/*.xls/*.ppt/*.mdb/*.docx/*.xlsx/*.ppt


# ============= Shares ============= #

     [MyShare]
      comment     = NAS
      path        = /mnt/MyShare
      guest ok    = No
      read only   = No
      valid users = @Groupname
      forece user = MyUsername
      force group = Groupname







Any help would be greatly appreciated ;)

Best Regards
L.

On Sat, 2014-02-08 at 10:35 +0100, Leander S. wrote:
> Hi
> 
> I set up a samba 4.1.4 server on the latest FreeBSD RELEASE 10. 
> Unfortunately it doesn't seem to consider the option force group. After
> hours ofresearch I couldn't figure out what I'm still missing. unix
> extensions is set to no. Setting the debug level up to 10 also didn't 
> help ;(
> Is this a bug or is there simply a mistake in my setup?
> 
> When
> *valid users = @Groupname*
> is set, then I don't have access to the share at all anymore.
> 
> As funny as it sounds, but
> *force user* **= *MyUsername*
> is working as expected.
> 
> 
> id -Gn MyUsername
> MyUsername Groupname
> 
> getent group Groupname
> Groupname:*:2004:MyUsername,Groupname
> 
> 
> # ============= Global ============= #
> 
>      [global]
> 
>       # Basic server settings
>       workgroup          = DOMAIN
>       realm              = DOMAIN.LOCAL
>       netbios name       = FILESERVER
>       server role        = standalone server
> 
>       # Password backend
>       passdb backend     = samba_dsdb
> 
>       # DNS
>       dns forwarder      = 10.0.0.1
> 
>       # Logging
>       log level = 2
>       max log size = 5000
> 
>       # Charset
>       unix charset       = UTF-8
>       dos charset        = cp1252
> 
>       # NTLMv2 aktivieren
>       ntlm auth          = No
>       lanman auth        = No
>       client ntlmv2 auth = Yes
> 
>       # Printing
>       load printers = No
>       printing      = BSD
>       printcap name = /dev/null
> 
>       # Default masks
>       unix extensions      = No
lose these for now:
>       create mask          = 0770
>       force create mode    = 0770
>       directory mask       = 0770
>       force directory mode = 0770
> 
>       # Miscellaneous
>       veto oplock files  = /*.doc/*.xls/*.ppt/*.mdb/*.docx/*.xlsx/*.ppt
> 
> 
> # ============= Shares ============= #
> 
>      [MyShare]
>       comment     = NAS
>       path        = /mnt/MyShare
>       guest ok    = No
>       read only   = No
>       valid users = @Groupname
>       forece user = MyUsername
>       force group = Groupname
> 
> 
> 
> 
> 
> 
> 
> Any help would be greatly appreciated ;)
> 
> Best Regards
> L.
> 
> 
change this:
force user = MyUsername
and go for something like:
chgrp Groupname /mnt/MyShare
chmod g +s /mnt/MyShare
maybe?
Steve

I couldn't get "valid users = @group" ?to work at all, but that
was on a DC and I figured it was just not supported yet. Is that happening on a
non-DC?

Sent from my BlackBerry 10 smartphone.
? Original Message ?
From: Leander S.
Sent: Saturday, February 8, 2014 04:44
To: samba at lists.samba.org
Reply To: Leander S.
Subject: [Samba] force group does not work

Hi

I set up a samba 4.1.4 server on the latest FreeBSD RELEASE 10. 
Unfortunately it doesn't seem to consider the option force group. After 
hours ofresearch I couldn't figure out what I'm still missing. unix 
extensions is set to no. Setting the debug level up to 10 also didn't 
help ;(
Is this a bug or is there simply a mistake in my setup?

When
*valid users = @Groupname*
is set, then I don't have access to the share at all anymore.

As funny as it sounds, but
*force user* **= *MyUsername*
is working as expected.


id -Gn MyUsername
MyUsername Groupname

getent group Groupname
Groupname:*:2004:MyUsername,Groupname


# ============= Global ============= #

[global]

# Basic server settings
workgroup = DOMAIN
realm = DOMAIN.LOCAL
netbios name = FILESERVER
server role = standalone server

# Password backend
passdb backend = samba_dsdb

# DNS
dns forwarder = 10.0.0.1

# Logging
log level = 2
max log size = 5000

# Charset
unix charset = UTF-8
dos charset = cp1252

# NTLMv2 aktivieren
ntlm auth = No
lanman auth = No
client ntlmv2 auth = Yes

# Printing
load printers = No
printing = BSD
printcap name = /dev/null

# Default masks
unix extensions = No
create mask = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770

# Miscellaneous
veto oplock files = /*.doc/*.xls/*.ppt/*.mdb/*.docx/*.xlsx/*.ppt


# ============= Shares ============= #

[MyShare]
comment = NAS
path = /mnt/MyShare
guest ok = No
read only = No
valid users = @Groupname
forece user = MyUsername
force group = Groupname







Any help would be greatly appreciated ;)

Best Regards
L.


-- 
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

On 08/02/14 09:35, Leander S. wrote:
> Hi
>
> I set up a samba 4.1.4 server on the latest FreeBSD RELEASE 10.
> Unfortunately it doesn't seem to consider the option force group. After
> hours ofresearch I couldn't figure out what I'm still missing. unix
> extensions is set to no. Setting the debug level up to 10 also didn't
> help ;(
> Is this a bug or is there simply a mistake in my setup?
>
You don't say what your clients are? In my experience the number one 
reason force group does not work is because you have Mac OSX clients and 
unix extensions enabled.


JAB.

-- 
Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

Am 08.02.2014 10:35, schrieb Leander S.:
> When
> *valid users = @Groupname*
> is set, then I don't have access to the share at all anymore.
Due to an open bug the forced user must be included in 'valid users'.
This bug breaks many setups and your question will not be the last 
question about it:

https://bugzilla.samba.org/show_bug.cgi?id=9878
>      [MyShare]
>       comment     = NAS
>       path        = /mnt/MyShare
>       guest ok    = No
>       read only   = No
>       valid users = @Groupname
>       forece user = MyUsername
         ^^^^^^

And this is a typo (forece != force).

-- 
der tom