I have read this document trying the indicated steps:
When i try this command
"In the following, we will grant the privilege to the group "Domain Admins", but before doing this, make sure that the group is available to the local OS by NSS; usually via Winbindd:"
# getent group "Domain Admins"
I don't have any otuput
"If you don't get an output showing the queried name and its ID, there may be something wrong in your NSS configuration or if you are using Winbindd with RFC2307 (idmap_ad), you might not have an ID assigned (see User and group management for how to administer Unix Attributes in an AD). If the "Domain Admins" group is available to the OS, you can grant the SeDiskOperatorPrivilege privilege to (add the "-I dc1.samdom.example.com" if you had the previous error with NT_STATUS_CANT_ACCESS_DOMAIN_INFO)_:"
Then, when i confirm a ACL in Windows, in /var/log/samba/log.IP_OF_THE_PC i have these entry logged:
[2016/10/25 17:22:10.291691, 0] ../source3/smbd/posix_acls.c:2080(create_canon_ace_lists)
create_canon_ace_lists: unable to map SID S-1-5-21-3602257460-887192637-3718906551-1112 to uid or gid.