[Samba] Inheritable Permissions Issue

[David Eisner]

I have a Centos 3 server running Samba 3.0.28.  It's a member of an AD
domain on a Windows Server 2003 R2 Standard x64 SP2 box.  From the
W2K3 server I can see the samba share I created.  Using the Security
tab in the Windows Explorer file properties dialog I can add and
remove users and change their permissions.  However, in the
Permissions tab of the Advanced Security Settings dialog, whenever I
uncheck the "Allow inheritable permissions from the parent to
propagate to this object and all child objects" checkbox, and hit
Apply, the checkbox always returns to the checked state immediately.
It is never possible to get it into an unchecked state. Is this the
expected behavior?

I have mounted the exported filesystem with the acl and user_xattr
attributes, and I've compiled samba with ads, acl, and xattr support.

Here are the settings for the share in question:

[voltest]
        comment = Volume Test
        path = /home/voltest
        admin users = DOMAINNAME\administrator
        read only = No
        inherit acls = Yes
        map acl inherit = Yes
        store dos attributes = Yes

Though the "inheritable permissions" checkbox stays checked, I
*sometimes* see that the user.SAMBA_PAI attribute is getting set:

$ getfattr -d /home/voltest/test_folder/foo.doc
getfattr: Removing leading '/' from absolute path names
# file: home/voltest/test_folder/foo.doc
user.DOSATTRIB="0x20"
user.SAMBA_PAI=0sAQACAAAAABAnAAABHycAAA==

Often, though, it's not set at all.

Thanks in advance for your help.

-David

-- 
David Eisner     http://cradle.brokenglass.com