Samba shared folder with setgid problem

I am setting up a file server with a shared directory. Inside, there are per-user folders that are readable by any user and a shared directory that is readable and writeable by any user. The per-user folders are simple enough. However, I am having some issues with the shared folder. I performed the standard procedure for making a set GID folder:

# chown root shared
# chmod -R ug+rwX shared
# chgrp -R users shared
# find shared -type d -exec chmod g+s "{}" ;
# find shared -type d -exec setfacl -m "default:group::rwx" "{}" ;

After ensuring all users are in the ‘users’ group, this works perfectly via direct console login, ssh, rsync, etc. However, there are some issues with samba.

With the default samba config, the SGID bit and GID are propagated, but new files and folders do not have the group write bit set. This appears to be because the ACL is being ignored. According to Samba Ignoring POSIX ACLs, the solution is to add vfs objects = acl_xattr to smb.conf. When I set that, the group write permission is correctly set. However, the group is then set to the user’s primary group instead of the group of the parent directory, which rather defeats the purpose of the set GID bit. I tried the other smb.conf adjustments noted in the link (map acl inherit = yes, store dos attributes = yes, and inherit acls = yes), but these had no effect. What’s the proper way to make this work?