Further information:
I logged onto the DL4100 with SSH via Putty and viewed the /etc/samba/smb.conf file. I also reviewed system logs.
The parameter workgroup = PAUKKUNEN in the smb.conf file is inconsistent with the GUI that shows workgroup as WORKGROUP. The logs show failed CIFS logons with my userid even when I enter creds for another user authorized to read/write on the share.
Next I used a separate VM and logged on as domain user dl4100test to that virtual PC. This is to avoid pass-thru authentication as described in previous paragraph. Attempting to access the ADTest share failed with the same results - CIFS authentication error on DL4100. Kerberos service on domain controller shows TGT success for the dl4100test user as well as the computer account wdmyclouddl4100$.
The thread located at DL4100 and DL2100 Domain Join Access Issues - #24 by TIM_L by Tim_L solved the problem. Commenting out the invalid users = followed by smbd reload fixes the problem temporarily at least. However any change to shares or a reboot overwrites the changes.
So netting it out, it looks like all AD groups of which a user is a member need to be added as allowed before a user can access a share. Having now spent a few hours on it, I am disgusted. Get your act together! Surely this cannot be that hard to fix …
