[Samba] acl_xattr access denied when adding permissions for another user

[Thomas Nau]

On 04/05/2011 01:02 PM, Volker Lendecke wrote:
> On Tue, Apr 05, 2011 at 12:40:12PM +0200, Thomas Nau wrote:
>> We run Samba 3.5.8 on a Solaris 11 box on top of ZFS We got the
>> impression that the VFS module acl_xattr provides the best way
>> of keeping Windows ACLs. We don't have concurrent NFS or local users
>> so it's Windows only.
> 
> ZFS does NFSv4 ACLs which are quite close, albeit not
> perfect. There's a zfs_acl module for Solaris, you might
> also give that a try.

We use that with another server for quite a while by now.
I usually does a great job but in rare cases, reason unknown,
either the module or the OS are messing up ACLs. I have to
confess this is one of the real old Sun Samba (3.0.3?) versions
and I haven't tried the latest.
The only hint I got that the problem occurs mostly with
moving folders or accesses by Microsoft Office tools

>> The clients as well as the Samba server are members of an AD domain.
>> Creating files/directories works as expected and also manipulating
>> permissions for the initial user/group does not raise any problem.
>> Trying to add permissions for an additional user (looked up in AD)
>> fails with the Windows XP client side "permission denied" pop-up box.
> 
> Does "acl_xattr : ignore system acls"  help?

acl_xattr: ignore system acls = yes


I added

	acl_xattr: ignore system acls = yes

but it makes things worse as I cannot even grant myself (the authenticated
user) full access anymore even though I already have the full rights inherited

Is there any additional data I can provide?

Thomas