Unable to access SMB shares using network account credentials
My environment is a home network with six Macintosh computers (the hardware isn't relevant). One machine runs macOS High Sierra Server as an OD master, and the five client Macs are all bound to this server, with one running High Sierra and the rest running Mojave. Everyone in the home logs onto his/her respective Mac using a network login account on the OD master. We have a couple of SMB file shares on the server, and everyone connects to those shares using their respective network login account credentials (i.e., server-based SMB shares are secured by adding users' network accounts from OD to the ACL). This works great, and has always worked great since I originally set it up clear back on Snow Leopard. Or was it Lion? Anyway...
What does NOT work--and has never worked--is if a user shares a directory on their client desktop Mac, and assigns someone's network account credentials to the ACL. When this is done, the specified user's network credentials appear to be accepted (authenticated), but they are denied access to the share with the error, "You do not have permission to access this server." This happens even with the Login Option set to "Allow network users to log in at login window" option set, and the option for All Users chosen.
Here's an example. On my wife's iMac (computer name "iss") she has a shared folder called "Temp". She has added Read/Write permission for the user Edison Carter, which is a local account on her iMac, as well as for the user Max Headroom, which is a network account in OD on our High Sierra Server. Here's a shot from sharing Preferences Panel.
When I attempt to connecting to the file share from my desktop iMac, when prompted for credentials if I specify the account credentials for the account local to my wife's iMac Edison Carter (ecarter), I can connect and access the folder with no difficulty. However, if I specify the network account from OD Max Headroom (maxheadroom), I see this.
I've tried embedding the username/password in a string "smb://username:password@iss..." in the Connect to server dialog and I've tried specifying things with the mount command in Terminal. I found an article that recommended that I make sure NTLMv2 was enabled in OD (it is). As I said previously, I think it's authenticating the username and password correctly because if I specify a bad password or username, the credential prompt dialog "shakes me off" as expected with a bad username/password combo and I don't get the above error.
Again, these are all Macs, all either High Sierra, Mojave, or Catalina. There are no Windows machines involved, and no Active Directory, the is purely Apple's Open Directory implementation with High Sierra Server.
This problem has driven me nuts for years. I've always had to work around it by either putting shared data in a share on the server (where network account credentials seem to work just fine with file shares), or else share the folder on a client Mac use the credentials of an account with local admin rights (which is clearly non-optimal).
I would appreciate any suggestions anyone may have. Surely, I must be overlooking something obvious but I'm ****** if I can figure out what.
Mac mini, macOS 10.13