I would like to set up my NAS properly with user and group permissions.

While this was easy to accomplish for all Linux boxes using NFS, I cannot get it to work with Windows and Samba, Windows7 and Samba 3.5.2 in this case. Basic funtionality works, especially everything that is public and writeable by "others". But of course that's only half of it.

My username is daddy on all Linuxes and Windows(es?) and my (clear text) password is also always the same. On the NAS and Linuxes daddy belongs in particular to the groups family and everybody. I have a specific share which is only accessible by the (Linux) user family and users belonging to the group family. Within the share, there is a directory called "private", which belongs to family:family and has set its permissions to 770.

The share has in particular these settings:

browsable = yes
public = yes
invalid users = "guest"
write list = @"family","family"
valid users = "root",@"family","family"
inherit permissions = yes

I can access the share from the Windows machine without being asked for username/password. Using Windows, I can create a file and work with it. On the NAS the file will be owned by daddy:everybody with a 666 permissions mask. So apparently it magically works that a mapping between my Windows/Linux username occurs.

What doesn't work is accessing "private". Windows tells me I don't have the permissions required. Using Linux and NFS this works, of course, as daddy is a member of group family. Oddly enough, samba must have made the connection between daddy and family as well, otherwise it wouldn't let me create and edit files on that share.

I set smbd's log level to 1023 but all i get are large files and no information I can work with. grep daddy log* doesn't even yield any results. However, I sometimes see this:

log.192.168.0.10:[2014/01/05 18:46:29.919729,  5] smbd/uid.c:369(change_to_root_user)
log.192.168.0.10:  change_to_root_user: now uid=(0,0) gid=(0,0)
log.192.168.0.10:  smb_uid=0
log.192.168.0.10:  smb_uid=0

I tried to statically map the samba share to a driver letter. When doing this one has the option to select a checkbox which lets me provide different username/password for connecting the share. When I do this and provide daddy and my password, Windows will reprompt me for username password ... which I take to mean that the provided username/password were incorrect. Yet the samba log files on the NAS don't record a failed connection attempt.

As of now, I don't even know what needs fixing Linux user settings, Windows user settings, Samba, something else?! Any help in resolving this issue and making the directory "private" accessible to only users belonging to a certain group is appreciated!