diff --git a/samba-files/samba-fileserver.yaml b/samba-files/samba-fileserver.yaml
index 724d2cc..af77b56 100644
--- a/samba-files/samba-fileserver.yaml
+++ b/samba-files/samba-fileserver.yaml
@@ -18,54 +18,6 @@ data:
 ---
 apiVersion: v1
 kind: ConfigMap
-metadata:
-  name: samba-files-config
-  namespace: samba-files
-data:
-  smb.conf: |
-    [global]
-        log level = 3 auth:5 winbind:5
-        logging = stderr
-
-        server role = member server
-        security = ADS
-        realm = UNDERCLOUD.LOCAL
-        workgroup = UNDERCLOUD
-        netbios name = FILESRV1
-
-        kerberos method = secrets and keytab
-        dedicated keytab file = /etc/krb5.keytab
-
-        name resolve order = host bcast
-
-        winbind use default domain = yes
-        winbind refresh tickets = yes
-        winbind enum users = no
-        winbind enum groups = no
-
-        idmap config * : backend = tdb
-        idmap config * : range = 10000-19999
-        idmap config UNDERCLOUD : backend = rid
-        idmap config UNDERCLOUD : range = 20000-999999
-
-        server min protocol = SMB2
-        disable spoolss = yes
-        load printers = no
-        printing = bsd
-        printcap name = /dev/null
-        map to guest = never
-
-    [data]
-        path = /data
-        read only = no
-        browseable = yes
-        valid users = @"UNDERCLOUD\fileserver-access"
-        force group = "UNDERCLOUD\fileserver-access"
-        create mask = 0660
-        directory mask = 0770
----
-apiVersion: v1
-kind: ConfigMap
 metadata:
   name: samba-files-krb5
   namespace: samba-files
@@ -259,6 +211,12 @@ spec:
                 sleep 5
               done
 
+              until getent group 'UNDERCLOUD\fileserver-access' >/dev/null; do
+                echo "waiting for group resolution"
+                sleep 2
+              done
+
+              chgrp 'UNDERCLOUD\fileserver-access' /data || chgrp 21105 /data
               chmod 2770 /data
 
               exec smbd --foreground --no-process-group --debug-stdout -d 3
diff --git a/samba-files/smb-conf.yaml b/samba-files/smb-conf.yaml
new file mode 100644
index 0000000..2b26f64
--- /dev/null
+++ b/samba-files/smb-conf.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: samba-files-config
+  namespace: samba-files
+data:
+  smb.conf: |
+    [global]
+        log level = 3 auth:5 winbind:5
+        logging = stderr
+
+        server role = member server
+        security = ADS
+        realm = UNDERCLOUD.LOCAL
+        workgroup = UNDERCLOUD
+        netbios name = FILESRV1
+
+        kerberos method = secrets and keytab
+        dedicated keytab file = /etc/krb5.keytab
+
+        name resolve order = host bcast
+
+        winbind use default domain = yes
+        winbind refresh tickets = yes
+        winbind enum users = no
+        winbind enum groups = no
+
+        idmap config * : backend = tdb
+        idmap config * : range = 10000-19999
+        idmap config UNDERCLOUD : backend = rid
+        idmap config UNDERCLOUD : range = 20000-999999
+
+        server min protocol = SMB2
+        disable spoolss = yes
+        load printers = no
+        printing = bsd
+        printcap name = /dev/null
+        map to guest = never
+
+    [data]
+        path = /data
+        read only = no
+        browseable = yes
+        valid users = @"UNDERCLOUD\fileserver-access"
+        force group = "UNDERCLOUD\fileserver-access"
+        create mask = 0660
+        directory mask = 0770
+        inherit permissions = yes
\ No newline at end of file