Hola,
básicamente la configuración del samba es la siguiente:
[global]
workgroup = colegio
realm = colegio.lan
server string = Fileserver
security = ADS
password server = ad.colegio.lan
syslog = 0
load printers = No
domain master = No
wins server = 172.21.0.157
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config * : range = 10000-29999
idmap config * : backend = tdb
path = /opt/sambashare
[SAMBASHARE]
valid users = "@domain users"
read _only_ = No
create mask = 0770
directory mask = 0770
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes
map acl inherit = Yes
hide special files = Yes
store dos attributes = Yes
oplocks = No
veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF/*.xlsx/*.xls
root@sambafs:/opt# ls -ld SAMBASHARE/
drwxrwxr--+ 10 capelari domain users 4096 oct 11 15:54 SAMBASHARE/
root@sambafs:/opt# getfacl SAMBASHARE
# file: SAMBASHARE/
# owner: capelari
# group: domain\040users
user::rwx
group::rwx
group:domain\040users:rwx
mask::rwx
other::r--