samba - Sep 2007 - Is there a simple way to let particular windows users have read/write on ALL samba shares?

Hi all,

I have a samba server that provides storage for student users.
Teachers want to be able to see and copy files from one student
directory to another, but students should not be able to see and copy
files from other students. I thought defining my teachers as "admin
users" would do the trick but it didn't. What is the most rational way
to do this?

My SAMBA Server is joined to AD via winbind.

Relevant portions of smb.conf is below

Many thanks for any help someone might provide!

John


        security = ads
        realm = VANGUARD
        server string = studentserv
        password server = 10.114.5.50
        workgroup = VANGUARD
#       winbind separator = +
        idmap backend = idmap_rid:VANGUARD=10000-200000
        idmap uid = 10000-200000
        idmap gid = 10000-200000
        winbind enum users = yes
        winbind enum groups = yes
        winbind nested groups = yes
        log level = 5
        template homedir = /home/%D/%U
        #template homedir = /home/%G/%U
        template shell = /bin/bash
        client use spnego = yes
        client ntlmv2 auth = yes
        encrypt passwords = yes
        allow trusted domains = no
        winbind use default domain = yes
        restrict anonymous = 2
        domain master = no
        local master = no
        preferred master = no
        os level = 0



 #======================= Share Definitions ======================
# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares.  This will share each
# user's home directory as \\server\username
#[homes]
#   comment = Home Directories
#   browseable = no


[ALLSTUDENTS]

 path = /home/ALLSTUDENTS
     # valid users = %S
      readonly = no
      writable = yes
      printable = no
      create mode = 0700
      directory mode = 0700
      admin users = @"VANGUARD\domain admins"
@"VANGUARD\mcmcomputer admins"
      vfs objects = recycle
      recycle: config-files = /etc/samba/samba-recycle.conf