I believe I figured out this issue. The underlying Samba configuration file, smb.conf, file is using the “invalid users” statement for each share created. From a security perspective, including this statement is a good idea. However, from an operational perspective, using both “invalid users” and “valid users” statements in the same share doesn’t work as we would like. If a user is a member of any group specified in the “invalid users” statement, they are denied access even if they are listed in the “valid users” statement.
This excerpt from Chapter 9 of the Samba docs confirms this: “The important rule to remember with these options is that any name or group in the invalid users list will always be denied access, even if it is included (in any form) in the valid users list.”
The workaround for this is to either allow all groups that the user is a member of to access the share or SSH into the NAS and comment out (#) the invalid users statement. Unfortunately, if you decide to comment out the invalid users statement, it doesn’t persist after a reboot.
Hopefully, WD will figure out a more permanent solution than either one of these workarounds.