Windows Explorer Remote ACL editing to Samba - works from Windows 10 but not Windows 8.1

Jeremy Allison jra at
Tue Nov 8 21:36:15 UTC 2016

On Tue, Nov 08, 2016 at 03:00:09PM -0600, Steve French wrote:
> Was experimenting with some ACL editing issues that our testers reported,
> and ran into an interesting issue.
> When you add an ACE for a remote user (ie a user on the Samba server) in
> Windows Explorer's ACL editor (see e.g.
> )
> Our testers noticed (and I confirmed with e.g. Samba 4.5, on Fedora etc.)
> that if you try to add an ACE for a user (in my case a user defined on the
> remote system, ie Samba server) from Windows 8.1 it fails, but for Windows
> 10 it works.
> Comparing wireshark traces:
> 1) netwkstagetinfo
> 2) getinfo on lsarpc
> 3) lsa_OpenPolicy2 (only on Windows 10)
> 4) lsa_LookupNames (only on Windows 10)
> 5) DsRoleGetPrimaryDomainInfo
> Any idea why Samba doesn't act as expected for Windows 8.1 ACL editing to
> work.   Also by the way, our testers found other versions (not just Windows
> 8.1) that failed - but most recent Windows (and IIRC Windows 7 as well)
> worked.

Log a bug and upload wireshark traces. No one else has seen that,
otherwise it would have been mentioned on the list already.

More information about the samba-technical mailing list