Domain based ACL permissions not working

Hi, I’m new to TrueNAS so this might be something really simple but I can’t get domain based permissions to work.

New install of TrueNAS Scale (Dragonfish-24.04.0) on an old Dell Poweredge T320, all installed ok and pool setup.

Domain join didn’t work at first but after a restart that worked fine, I can see domain users and groups etc when setting permissions.

However, no matter what domain permissions I set as soon as I take everyone@ off the ACL list I can no longer access the share from a windows machine (permission denied).

I’ve tried adding both user and group permissions.

If I set a local user permission and enter the credentials that works ok.

If I set everyone@ and leave the user/group permissions in I can see the permissions under windows so they are there (see image), but just removing everyone@ I can no longer access the folder or view its permissions from windows.

Share ACL is everyone@ / FULL / Allowed

/mnt/Storage/Shares is the same

/mnt/Storage/Shares/Test2 is as the screenshot shows just with everyone@ removed.

Am I missing something really simple?

Audit is on but samba4/smbd log isn’t showing any errors

Turned on full logging, and it seems the windows machine was still using the local TrueNAS account so I removed that, restarted the windows machine and suddenly couldn’t see any shares. Setup a new share and now its working correctly with domain user permissions!