My working Samba configuration

NOTES

I had to also do the following items to play nicely with SELinux:

Restore the proper SELinux labels on smb.conf and my smbusers:
# chcon system_u:object_r:samba_etc_t:s0 smb.conf
# chcon system_u:object_r:samba_etc_t:s0 smbusers 

Allow Samba to access home dirs:
# setsebool -P samba_enable_home_dirs 1

SETroubleshooot Details

SELinux is preventing /usr/sbin/smbd from getattr access on the file .

*****  Plugin catchall_boolean (32.5 confidence) suggests   ******************

If you want to allow samba to export all ro
Then you must tell SELinux about this by enabling the 'samba_export_all_ro' boolean.
You can read 'None' man page for more details.
Do
setsebool -P samba_export_all_ro 1

*****  Plugin catchall_boolean (32.5 confidence) suggests   ******************

If you want to allow samba to enable home dirs
Then you must tell SELinux about this by enabling the 'samba_enable_home_dirs' boolean.
You can read 'None' man page for more details.
Do
setsebool -P samba_enable_home_dirs 1

*****  Plugin catchall_boolean (32.5 confidence) suggests   ******************

If you want to allow samba to export all rw
Then you must tell SELinux about this by enabling the 'samba_export_all_rw' boolean.
You can read 'None' man page for more details.
Do
setsebool -P samba_export_all_rw 1

*****  Plugin catchall (4.5 confidence) suggests   ***************************

If you believe that smbd should be allowed getattr access on the  file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep smbd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:smbd_t:s0
Target Context                unconfined_u:object_r:iceauth_home_t:s0
Target Objects                 [ file ]
Source                        smbd
Source Path                   /usr/sbin/smbd
Port                          <Unknown>
Host                          jonathon-centos7
Source RPM Packages           samba-4.1.1-37.el7_0.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-153.el7_0.13.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     jonathon-centos7
Platform                      Linux jonathon-centos7 3.10.0-123.el7.x86_64 #1
                              SMP Mon Jun 30 12:09:22 UTC 2014 x86_64 x86_64
Alert Count                   1
First Seen                    2015-01-06 03:48:52 EST
Last Seen                     2015-01-06 03:48:52 EST
Local ID                      e4028d83-8037-4dde-8328-549b1b3938e9

Raw Audit Messages
type=AVC msg=audit(1420534132.161:26536): avc:  denied  { getattr } for  pid=13144 comm="smbd" path="/home/jreinhart/.ICEauthority" dev="dm-2" ino=207 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:iceauth_home_t:s0 tclass=file


type=SYSCALL msg=audit(1420534132.161:26536): arch=x86_64 syscall=newfstatat success=yes exit=0 a0=22 a1=7f93e2e46a9b a2=7fffb2f3bbb0 a3=0 items=0 ppid=13137 pid=13144 auid=4294967295 uid=1000 gid=0 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=0 fsgid=1000 tty=(none) ses=4294967295 comm=smbd exe=/usr/sbin/smbd subj=system_u:system_r:smbd_t:s0 key=(null)

Hash: smbd,smbd_t,iceauth_home_t,file,getattr

smb.conf

[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = centos
security = user
username map = /etc/samba/smbusers
map to guest = bad user
dns proxy = no
#log level = 2
unix password sync = yes

[homes]
path=/home/%u
comment = Home Directories
browseable = no
writable = yes
valid users = %S

smbusers

# Unix username = whitespace-separated SMB client usernames
jreinhart = Jonathon