We have a service with "valid user = toto"
It is possible to access to this service with a user name toto_titi and the
password of toto, even if the unix and samba count "toto_titi" do not exist.
Only "toto" count exist.
It seems that the user control by samba is only on what is before the
Excuse-me for my english.
security = share and valid users doesn't make sense.
one is a password based authentication and one is a
user based authorization check.