samba - Mar 2004 - create_canon_ace_lists: unable to map SID

I have a samba server on linux with a LDAP DC, 

On a client server, I was do

net join -S DOMSERV -Uadmin%PASSWORD

and that's work

The server member of DOMSERV have a share XFS filesystem.

When I set manualy the acl (setfacl -m g:group:rwx the_file)
It's ok, the other domain member see the ACL

But when I set the acl with a Windows Workstation, that's don't work

smbd/posix_acls.c:create_canon_ace_lists(1380)
create_canon_ace_lists: unable to map SID 

my client smb.conf 

 [global]
        workgroup = TOTODOM
        server string = Samba Server
        security = DOMAIN
        password server = domain-srv
        log file = /var/log/samba/%m.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = No
        dns proxy = No
        ldap ssl = no
        map acl inherit = Yes


my server smb.conf

[global]
        unix charset = ASCII
        workgroup = DOMSERV
        server string = Samba Server
        update encrypted = Yes
        passdb backend = ldapsam:ldap://192.168.53.58, guest
        passwd program = /usr/bin/smbpasswd %u
        passwd chat = *new*password* %n\n  *new*password*  %n\n
*changed*
        passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
        unix password sync = no
        encrypt passwords = Yes
        passwd chat debug = Yes
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        bind interfaces only = no
        interfaces = eth0 lo
        pam password change = yes
        add user script = /usr/bin/smbpasswd -a %u -D 256
        delete user script = /usr/bin/smbpasswd -x %u -D 256
        add machine script = /usr/bin/smbpasswd  -m -a %u$ -D 256
        logon script = netlogon.bat
        logon path = \\srv-image\profiles\%u
        logon drive = X:
        logon home = \\srv-image\%u
        domain logons = Yes
        os level = 65
        preferred master = No
        domain master = Yes
        dns proxy = No
        ldap suffix = dc=domserv,dc=com
        ldap machine suffix = ou=hosts
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap admin dn = cn=manager,dc=domserv,dc=com
        #ldap delete dn = Yes
        #ldap trust ids = Yes
        ldap ssl = no
        ldap passwd sync = Yes
        admin users = Administrator root
        hosts allow = 192.168.53.0/255.255.255.0 127.0.0.1
        #ldap filter = (&(uid=%u) (objectclass=sambaAccount))
        ldap delete dn =yes



Someone can help me??


-- 
Daniel Ch?nard
 
Croesus Finansoft Inc.
2 Place Laval, Suite 510
Laval, Quebec
Canada H7N 5N6
Site Web: www.croesus.com
 
Daniel.Chenard@croesus.com
Tel: +1 450-662-6101, 145
Fax: +1 450-662-3629
 
Please Note: The Light at the End of The Tunnel
             will be turned off until further
             notice due to budget cutbacks.
                                --The Managemen