[Samba] cannot enter below a 0750 share from samba DC

[steve]

Hi. I'm trying to get our office staff sharing files. Lubuntu 14.04 DC
(palmera) also serving shares. There is a Lubuntu  14.04 ws (guadalest)
joined to this domain. xp clients in the same domain are working as
expected.

On Lubuntu, we can only mount folders if the parent folder is world
'enterable':

[shared]
path = /home/shared/
read only = No

getfacl /home/shared/
# file: shared/
# owner: root
# group: staff2
user::rwx
group::r-x
other::---

getfacl /home/shared/stuff
# file: stuff
# owner: root
# group: domain\040users
# flags: -s-
user::rwx
group::rwx
other::r-x

autofs is running on the client and this share is active:
Mount point: /home/shared
source(s):
  instance type(s): sss 
  map: auto.shared
  * |
-fstype=cifs,sec=krb5,username=cifsuser,multiuser ://palmera/shared/&

julie is a domain user:

 getent passwd julie
julie:*:3000020:20513:julie:/home/users/julie:/bin/bash

 groups julie
julie : domain users staff2

getent group staff2
staff2:*:21107:julie

However, attempting to enter /home/shared/stuff
cd /home/shared/stuff
bash: cd: /home/shared/stuff: No such file or directory

she can enter /home/shared fine
she can also enter is /home/shared is 0755:
julie at guadalest:/home/shared$ cd ~
julie at guadalest:~$ cd /home/shared/stuff
julie at guadalest:/home/shared/stuff$ 

julie can work as expected and produce group rw files on an xp ws.

summary: unless the parent share is world 'enterable', we cannot mount anything below it. 
This works as expected under smbd. Can anyone verify this to be a feature of the DC file server? Any secure workaround?
We want only members of the group staff2 to be able to get into shared and below. Is cifs-utils OK on Ubuntu?
Cheers,
Steve