samba - Mar 2021 - still no access to shared folder

>Please unsnip your smb.conf.
>Rowland
cat smb.conf
[global]
     workgroup = CARAG
     security = ADS
     realm = CARAG.LOCAL

     dedicated keytab file = /etc/krb5.keytab
     kerberos method = secrets and keytab
     server string = Samba Client %h

     winbind use default domain = yes
     winbind expand groups = 2
     winbind refresh tickets = Yes
     winbind offline logon = yes
     dns proxy = no

     idmap config * : backend = tdb
     idmap config * : range = 3000-7999
     idmap config CARAG : backend = rid
     idmap config CARAG : range = 10000-999999
     template shell = /bin/bash
     template homedir = /home/%U

     domain master = no
     local master = no
     preferred master = no
     host msdfs = no

     # user Administrator workaround, without it you are unable to set
privileges
     username map = /etc/samba/user.map

     # For ACL support on domain member
     vfs objects = acl_xattr
     map acl inherit = yes
     store dos attributes = yes

     # Share Setting Globally
     unix extensions = no
     reset on zero vc = yes
     hide unreadable = yes

     # disable printing completely
     load printers = no
     printing = bsd
     printcap name = /dev/null
     disable spoolss = yes

     # logging
     log level = 0
     max log size = 1000

[USERHOME]
        path = /shares/Userhome/
        read only = no
        force create mode = 0600
        force directory mode = 0700

[DATA]
        path = /shares/data
        writable = yes
        read only = no
        guest ok = yes
        create mask = 0666
        force create mode = 0666
        directory mask = 0777
        force directory mode = 0777

[GroupData01]
        path = /shares/GroupData01
        read only = no
        valid users = @caragfileshare
        write list = @caragfileshare
        vfs objects = zfsacl
        nfs4:mode = simple

thanks
Mauri

On 29/03/2021 10:09, Maurizio Caloro wrote:
>> Please unsnip your smb.conf.
>> Rowland
> cat smb.conf
> [global]
>       workgroup = CARAG
>       security = ADS
>       realm = CARAG.LOCAL
>
>       dedicated keytab file = /etc/krb5.keytab
>       kerberos method = secrets and keytab
>       server string = Samba Client %h
>
>       winbind use default domain = yes
>       winbind expand groups = 2
>       winbind refresh tickets = Yes
>       winbind offline logon = yes
>       dns proxy = no
>
>       idmap config * : backend = tdb
>       idmap config * : range = 3000-7999
>       idmap config CARAG : backend = rid
>       idmap config CARAG : range = 10000-999999
>       template shell = /bin/bash
>       template homedir = /home/%U
>
>       domain master = no
>       local master = no
>       preferred master = no
>       host msdfs = no
>
>       # user Administrator workaround, without it you are unable to set
> privileges
>       username map = /etc/samba/user.map
>
>       # For ACL support on domain member
>       vfs objects = acl_xattr
>       map acl inherit = yes
>       store dos attributes = yes
>
>       # Share Setting Globally
>       unix extensions = no
>       reset on zero vc = yes
>       hide unreadable = yes
>
>       # disable printing completely
>       load printers = no
>       printing = bsd
>       printcap name = /dev/null
>       disable spoolss = yes
>
>       # logging
>       log level = 0
>       max log size = 1000
>
> [USERHOME]
>          path = /shares/Userhome/
>          read only = no
>          force create mode = 0600
>          force directory mode = 0700
>
> [DATA]
>          path = /shares/data
>          writable = yes
>          read only = no
>          guest ok = yes

'guest ok' is pointless, you do not have 'map to guest = bad
user' in
'global'
>          create mask = 0666
>          force create mode = 0666
>          directory mask = 0777
>          force directory mode = 0777
>
> [GroupData01]
>          path = /shares/GroupData01
>          read only = no
>          valid users = @caragfileshare
>          write list = @caragfileshare
>          vfs objects = zfsacl
>          nfs4:mode = simple

Not being an expert on zfsacl (for that, read that I could never get it 
to work), but is this a share on freebsd, or is it ZOL ?

Do you have libnss-winbind installed ?

Do you have sssd installed ? If so, then remove it, you cannot use sssd 
with Samba >= 4.8.0 and shares.

The group 'caragfileshare' does not seem to have write permission on 
'GroupData01'

Rowland