yum -y install samba samba-client samba-common samba-winbind samba-winbind-clients pam_krb5 ntp acl

systemctl enable ntpd
systemctl restart ntpd
systemctl enable smb
systemctl enable nmb
systemctl restart smb
systemctl restart nmb
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload
nano /etc/hosts 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.1.0.20   fs1 fs1.augin.ru

authconfig \
--enablekrb5 \
--krb5kdc=dc.augin.ru \
--krb5adminserver=dc.augin.ru \
--krb5realm=DC.AUGIN.RU \
--enablewinbind \
--enablewinbindauth \
--smbsecurity=ads \
--smbrealm=AUGIN.RU \
--smbservers=dc.augin.ru \
--smbworkgroup=AUGIN \
--winbindtemplatehomedir=/home/%D/%U \
--winbindtemplateshell=/bin/bash \
--enablemkhomedir \
--enablewinbindusedefaultdomain \
--update

net ads join -U Administrator 

systemctl start winbind
systemctl enable winbind

net ads info
wbinfo -u
smb.conf 
...

vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes

...
[homes]
comment = %U Home dir
path = /home/%D/%U
browseable = no
writable = yes
inherit acls = yes
map acl inherit = yes
root preexec = /etc/samba/makedir.sh %U

[disk1$]
comment = disk1
path = /home/disk1
public = yes
writable = yes
veto files = /*.vir/*.vir2/
delete veto files = yes
nano /etc/samba/makedir.sh 
#!/bin/bash

if [ ! -d /home/disk1/users/$1 ]; then
        mkdir /home/disk1/users/$1
        chmod g+s /home/disk1/users/$1
        chown "$1" /home/disk1/users/$1
        chmod 770 /home/disk1/users/$1
        setfacl -m g:"domain admins":rwx /home/disk1/users/$1
        setfacl -d -m g:"domain admins":rwx /home/disk1/users/$1
        setfacl -m u:"$1":rwx /home/disk1/users/$1
        setfacl -d -m u:"$1":rwx /home/disk1/users/$1
fi
exit 0


setfacl -R -m g:"domain admins":rwx /home/disk1/
setfacl -R -d -m g:"domain admins":rwx /home/disk1/
nano acl_users.sh 
#!/bin/bash

for D in *; do
if [ -d "${D}" ]; then
echo "${D}"   # your processing here
setfacl -R -d -m u:"${D}":rwx /home/disk1/users/${D}
setfacl -R -m u:"${D}":rwx /home/disk1/users/${D}

fi