For example. User “user1”, has a primary group of “main-users”, and secondary group of “managers”. When “user1” tries to access a Samba folder(s) with “write list = @main-users” (their primary group) the permissions are applied properly and access granted, but when “user1” tries to access a Samba folder with “write list = @managers” (their secondary group) the folder(s) can not be accessed.
01. You need to delete and then recreate the group(s) in Samba. This does not delete any group(s) from OpenLDAP or Linux permissions, only Samba.
I found the easy way to do this was through webmin ( https://localhost:10000/ ).
Servers->Samba Windows File Sharing->Samba Users-Samba Groups
02. After making the necessary changes on the server side, have the user(s) reboot their systems in order for the changes to take effect.
I believe the issue is caused due to a possible de-linking of the OpenLDAP/Linux SIDs in Samba; recreating the groups in Samba re-links them to the correct domain group.