[Samba] valid users with AD group

[jsl6uy js16uy]

Hello all, hope all is well/happy holidays

Issues with an old thread out there, valid users containing an AD group

Have tried this on systems running cent7u2 and ubuntu trusty. These systems
are running sssd. I can login with AD users and chown/chgrp file with AD
groups. However, I can't get AD groups to work with valid users for
restricting share access. If I just set individual AD users, works just
fine.
I did troll thru googles and this mailing list, but many posts were
leveraging winbind or winbind and older versions of samba. Faqs and docs
led me to try several variants for vaild users =

@"MC\MC-Services"
@"MC\\MC-Services"
@MC-Services
MC-Services

Any thoughts/help would be greatly appreciated.
thanks and regards


some samba vers on the centos host
samba-common-4.2.3-12.el7_2.noarch
samba-common-tools-4.2.3-12.el7_2.x86_64
samba-common-libs-4.2.3-12.el7_2.x86_64
samba-4.2.3-12.el7_2.x86_64
samba-libs-4.2.3-12.el7_2.x86_64
samba-client-libs-4.2.3-12.el7_2.x86_64

[root at Xsamba]# smbd -V
Version 4.2.3


>>>Here is the config

[global]
        workgroup = mc
        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        security = ads
        bind interfaces only = yes
        interfaces=192.168.99.0/24
        dedicated keytab file=/etc/krb5.keytab
        password server = 192.168.1.2 192.168.1.3
        realm = MC.FOO.COM
        passdb backend = tdbsam
        map to guest = Bad Uid


[homes]
        comment = Home Directories
        browseable = no
        writable = yes

[logs]
        comment = Server Logs
        path = /logs
        writable = no
        #valid users = jsmith
        valid users = @"MC\MC-Services"
        printable = no
~