Glad you 've make it working 
I totally understand your feeling, … IT WORKS , I MADE IT WORK, HEUREKA!!!, now i can cut the trees with bare hands
EDIT: before i do the translation in my CZ post…some notes (i tried to keep it simply, but i am sometimes tooo chatty
workgroup
once you have it working, change the default workgroup name to something else. That will prevent any client/server to overtake the “master” from the TOS and in combination with “guest” it is kind of unsecure (as any client with windows default setup might see your shares)
dialect
if you set the max, it is good to use also min (if you are not using some devices with obsolete Samba clients you can use SMB2 as min and max for most scenarios. If you upgrade to Samba 4.x on TOS you can use min=SMB2 and max=SMB3 (so you can benefit from new dialect and that will reduce amount of open ports, SMB1 is kind of obsolete nowadays (due that netbios layer)
read vs write options
“readonly=yes” together with “writeable=no” in “general” section is fine, it should work. You just have to set individually each share for write/read. (which is , better as you have option to have each share folder setup individually. Reverse setup is also fine, but, but you should consider situation when “share” section is not loaded/applied and “general” options is.
permissions
regading mask for new files. It is better to set it (there is default anyway, which might not suit you well) for example 644 in samba world is mask 113 in unix world causing chmod 664 on file. “dir_mask” (samba mask), “create_mask”(unix permission)
https://www.samba.org/samba/docs/using_samba/figs/sam2_0802.gif
guest
guest, you should set it to NO, do not use guest at all(possible security breach). Somehow “guest” is threated differently, you should set some real unix user and sync it with samba (via smbpasswd,smbpwd…or similar tool)
i faced situation when guest was used and i was able to traverse whole filesystem freely (i was able to list any folder – so if you have readonly you are safe, if writeable=yes, such guset user can try to write/remove some files … )
forced_user
if you have some dedicated samba user (not running it under nobody/nogroup), set that user to be “forced_user” so all files/folders are owned by that user:group. To allow other users to access the files, add them simply to same group (in my case “users”)
legit/invalid users
legitimate users, there you list all unix users which are also samba users (having smbpasswd synced/set). there is also “invalid users” where you specify users without any access to smb (so it is wise to put “root” there)
EDIT2: i made draft translation of my notes(for now just initial post, rest will follow soon) : Maxmilian's notes on smb.conf