As I’ve written earlier, if you only want members of the group
Tradecom-Office to have access to that share, you have to set the
valid users option (
Gültige Benutzer oder Gruppen in German) to
@Tradecom-Office. Leaving that field empty as it was in the screenshot you posted will allow anyone to connect to that share.
force group (
Erzwungene Gruppe in German) only tells Samba which group to use to access the files — it has no bearing on the decision whether or not someone may connect to the share.
About exporting NFS-mounted shares over Samba: you’re saying that you don’t want to use ACLs. That’s fine. That combination should work. Just be aware: while NFS supports Linux ACLs (Posix ACLs), it doesn’t support Extended Attributes. Why is that a problem? Because Samba stores Windows ACLs that cannot be mapped to Linux ACLs directly as an Extended Attribute named
security.NTACL. Meaning you will likely not be able to manage ACLs via e.g. Windows Explorer properly.