Samba ADS inherit

[roster79]

Добрый вечер! Уважаемые форумчане прошу помочь со следующей ситуацией. Сделал сервак на Debian 6 - Samba 3.5.6  domain member
Проблема заключается в том, что при раздаче прав доступа через винду (acl, Проводник и на шаре, правой кн. мыши на папке, ставим нужных юзерей) , права не наследуются на вложенные папки. wbinfo -u, wbinfo -g отрабатывают правильно.На Debian 5.0.6 подобная конфигурация работает правильно.
Тут проблема с обоими выпусками x86 и x86_64
#cat /etc/hosts

127.0.0.1   localhost
ip1 myserver.mydomain.ru   myserver
ip2   pdc.mydomain.ru                pdc
ip3   dc2.mydomain.ru                dc2

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

#cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat winbind
group:          compat winbind
shadow:         compat winbind

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

#cat /etc/krb5.conf
[libdefaults]
   default_realm = MYDOMAIN.RU
   krb4_config = /etc/krb.conf
   krb4_realms = /etc/krb.realms
   kdc_timesync = 1
   ccache_type = 4
   forwardable = true
   proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
   v4_instance_resolve = false
   v4_name_convert = {
      host = {
         rcmd = host
         ftp = ftp
      }
      plain = {
         something = something-else
      }
   }
#   fcc-mit-ticketflags = true

[realms]
   MYDOMAIN.RU = {
      kdc = pdc.mydomain.ru
      kdc = dc2.mydomain.ru
      admin_server = pdc.mydomain.ru
   }

[domain_realm]
   .mydomain.ru = MYDOMAIN.RU
   mydomain.ru = MYDOMAIN.RU

[login]
   krb4_convert = true
   krb4_get_tickets = false

# cat /etc/samba/smb.conf

[global]
   netbios name = myserver
   server string = File Server
   workgroup = MYDOMAIN
   security = ADS
   realm = MYDOMAIN.RU

   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   read raw = no
   interfaces = eth0 lo
   bind interfaces only = yes

   auth methods = winbind
   winbind use default domain = true
   winbind refresh tickets = yes
   password server = pdc.mydomain.ru dc2.mydomain.ru
   idmap uid = 10000-700000
   idmap gid = 10000-700000
   encrypt passwords = true
   allow trusted domains = yes
#   admin nt acl support = yes
   admin users = "domain admins"

   os level = 15
   preferred master = No
   local master = No
   domain master = No
   dns proxy = No
   time server = Yes
   ldap ssl = no
#   strict locking = No

   log file = /var/log/samba/samba.log
   max log size = 500 0
#   log level = 1
   log level = 10
#vfs:10
#locking:5

   load printers = No
   printing = bsd
   printcap name = /dev/null
   show add printer wizard = No
   disable spoolss = Yes

   display charset = utf-8
   unix charset = utf-8
   dos charset = cp866
   case sensitive = no
   default case = lower
   preserve case = yes


[share1]
        comment = corporate net drive
        path = /mnt/ex/1
        writable = yes
        read list = "domain users"
        write list = "domain users"
        create mask = 0770
        directory mask = 0770
        read only = no
        inherit owner = yes
        inherit acls = yes
         inherit permissions = yes
        map acl inherit = yes
        nt acl support = yes

# cat /etc/fstab | grep /mnt/ex
/dev/cciss/c0d0p10   /mnt/ex   ext3 rw,noatime,nodiratime,acl    0   2