>> I think the ACL list on XFS (installed with Centos7) is too large and
it
>> can't store the additional ACLs. Hopefully that is it, and even if
it
>> isn't, thanks chaps for letting me think aloud, it often helps to
bounce
>> ideas off others to eliminate other possible issues.
>> Sadly this probably means a reformat... grrr.
Isn't that a bit too drastic? I have two DCs here, both working on XFS, one
with CentOS 6 and the other with CentOS 7. I have lots of GPOs and complex ACLs
and never found a limit with ACLs.
If I remember correctly, XFS can accommodate 64kB of Extended Attributes.
Did you try "samba-tool ntacl sysvolreset" ?
As I told you before, I once met the same problem you now have and I was able to
solve it, I don't exactly remember how but I think it was related to the
issue I referred to in previous posts.