[Samba] 3.0.24 and disappearing ACL entries

[Aaron Kincer]

I've been working at this for a few days now and I can't figure out what 
is broken. Google turns up similar issues from years back, but I hope 
this is a bug resurfacing. ACL entries are being deleted when files are 
saved. Here is an example:

username: user1
group membership: Domain Users
directory: /share/test
file: test.xls

getfacl /share

# file: share
# owner: DOMAIN+backupuser
# group: DOMAIN+domain\040users
user::rwx
user:DOMAIN+backupuser:rwx
group::rwx
group:DOMAIN+domain\040users:rwx
mask::rwx
other::rwx

getfacl /share/test

# file: share/test
# owner: DOMAIN+backupuser
# group: DOMAIN+domain\040admins
user::rwx
group::rwx
group:DOMAIN+domain\040users:rwx
group:DOMAIN+domain\040admins:rwx
mask::rwx
other::rwx

getfacl /share/test/test.xls

# file: test.xls
# owner: DOMAIN+backupuser
# group: DOMAIN+domain\040admins
user::rwx
user:DOMAIN+backupuser:rwx
group::rwx
group:DOMAIN+domain\040users:rwx
group:DOMAIN+domain\040admins:rwx
mask::rwx
other::rwx

If user1 opens the file in excel, makes a change and saves it, then the 
facl for test.xls becomes:

# file: test.xls
# owner: DOMAIN+user1
# group: DOMAIN+domain\040users
user::rwx
user:DOMAIN+backupuser:rwx
group::rwx
group:DOMAIN+domain\040admins:rwx
mask::rwx
other::rwx

The entry for Domain Users was deleted. Note that I have the default 
group other set to rwx as a work around because it causes users to be 
locked out of their files. If you want to see something really strange, 
you should see what happens if I change the file and group owner back to 
what it was before user1 modified it and let user1 save it again. But 
for now, I need to know how to fix this. Anyone have any ideas? My 
config from 3.0.22 didn't change, but I've tried a variety of things to 
fix this. I've got these all set:

       [global]

        store dos attributes = Yes
        dos filemode = Yes
        dos filetime resolution = Yes
        acl compatibility = yes
        ea support = Yes
        map acl inherit = yes
        inherit permissions = Yes
        inherit acls = Yes
      
        [test]

        comment = test drive
        path = /share/test
        read only = No
        create mask = 0777
        directory mask = 0777
        guest ok = Yes
        map readonly = permissions
        nt acl support = yes
        inherit acls = yes
       
Any ideas would be greatly appreciated.

Thanks,

Aaron Kincer