Samba, can't find UNIX groups from Windows

[bxbzq]

Platform: FBSD 15.0, Samba 4.16. Here is smb4.conf.

[global]
        workgroup = RET
        server string = office samba server %v
        server role = standalone server
        passdb backend = tdbsam
        vfs objects = zfsacl fruit streams_xattr
        fruit:metadata = stream
        fruit:copyfile = yes
        fruit:veto_appledouble = no
        disable netbios = yes
        nfs4:acedup = merge
        nfs4:chown = yes
        store dos attributes = yes
        ea support = yes
        #acl_xattr:ignore system acls = yes
        security = user
        hosts allow = 192.168.0.0/16 10.8.0.0/16 127.0.0.1
        server min protocol = SMB3
        aio read size = 1
        aio write size = 1
        aio max threads = 256
        strict sync = no
        hosts allow = 127.0.0.1 192.168.0.0/16 10.8.0.0/16
        map to guest = Bad User
        log level = 1
        max log size = 5000
        log file = /var/log/samba4/%m.log
        interfaces = re0 wg0 lo0
        bind interfaces only = yes
        server multi channel support = yes
        use sendfile = yes

[data1]
        path = /jails/samba/tank1
        valid users = @eng @mfg @qual @purch @hr @fina @smbadm
        writable  = yes
        browsable = yes
        guest ok = no
        create mask = 0770
        force create mode = 0760
        directory mask = 2770
        force directory mode = 2770
        inherit acls = no
        inherit permissions = yes

Users are created and added to groups listed as valid users. They are also added and mapped to samba database, via pdbedit -a -u and smbpasswd -a. pdbedit -L lists all samba users.
Assign ownership and unix permissions.

# chown -R smbadm:smbadm /jails/samba/tank1
# chmod -R 2770 /jails/samba/tank1
# setfacl -R -b /jails/samba/tank1
# setfacl -a 0 owner@:full_set:fd:allow \
-a 1 group:smbadm:full_set:fd:allow \
-a 2 group:eng:write_set:fd:allow \
-a 3 group:mfg:read_set:fd:allow \
-a 4 group:purch:read_set:fd:allow \
-a 5 group:qual:read_set:fd:allow \
-a 6 group:hr:read_set:fd:allow \
-a 7 group:fina:read_set:fd:allow \
-a 8 everyone@:---:fd:allow \
/jails/samba/tank1

# ll /jails/samba/
drwxrws---+  3 smbadm smbadm    3B Mar  7 16:53 tank1/

# ll /jails/samba/tank1/
drwxrws---+ 4 smbadm smbadm    4B Mar  7 16:53 design/
drwxrws---+ 4 smbadm smbadm    4B Mar  7 16:53 proj/
......

All seems ok. I would like to set group based access to the share and subdirectories from Windows. Connecting and mapping the share in Windows works fine. The problem is when I try to add groups to the directory, design for instance, I couldn't find any group - right click 'design', Properties -> Security -> Edit -> Add -> type 'eng' -> Check Names, Name not found box pops up. Worth mentioning, adding users seems ok - there is permission conflict, but at least users can be found.
Help is needed. Please shed some light.

 

[Hiroo Ono]

does net usersidlist shows user names and SID?
if it does, you should use the SID instead of user name on Windows.

 

[bxbzq]

does net usersidlist shows user names and SID? if it does, you should use the SID instead of user name on Windows.

net usersidlist
Could not get the user/sid list

net groupmap list
returns nothing. Maybe I could try
net groupmap add?

 

[Hiroo Ono]

Sorry forget about my above comments. SID seems to be used in Active Directory case and not standaloneserver case.

how about writing RET\eng instead of just eng?

 

[bxbzq]

Adding RET before group name makes no difference. I think the problem is the group names are not mapped to samba database so Windows doesn't know.

net groupmap add does the mapping. Now from Windows those groups can be found and added. I'm not sure if this is the "good" way though, as I suppose it's for Active Directory domain controller setup.