samba - Aug 2006 - managing Win2K3 ACL from debian server

I want to modify ACL on files which are on a win2K3 server from a Debian
Sarge server.
my config. is:
Linux Debian Sarge testing with kernel 2.6
samba 3.0.22 configured with winbind
krb5 installed, the Linux server is member of a AD domain on witch the
win2K3 server is a domain controller.
I want to do the following (as root):
smbmount //mywin2k3server/share /mnt/smb/mountingfolder -o
username:domainuser
then:
setfacl -m u:domainuser:w /mnt/smb/mountingfolder/afile
 
the first problem is that the mounting command line with smbmount
doesn't work; there is no message, but the folder become unreachable.
the same command executed on a windows NT or a windows 2000 share
success.
 
the second problem is that the setfacl command line doesn't work on
files which are on those windows server (NTFS format). It display : "
Not supported operation ".
setfacl on a file which is on a Linux ext3 disk success, and an ACL
modification from a windows computer to a file on the Linux server
success.
 
regards.
Vincent.
 
echo of smb.conf:
[global]
workgroup = WIN2K3DOM
server string = %h server (Samba %v)
load printers = yes
guest account = nobody
invalid users = root
log file = /var/log/samba/log.%m
max log size = 1000
panic action = /usr/share/samba/panic-action %d
security = ADS
realm = WIN2K3DOM.DOM
password server = 192.168.5.44
client use spnego = yes
encrypt passwords = true
passdb backend = tdbsam guest
enable privileges = yes
#dos filemode = yes
nt acl support = yes
map acl inherit = yes
os level = 20
domain master = auto
preferred master = auto
dns proxy = yes
unix password sync = true
pam password change = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
template homedir = /home/winnt/%D/%U
idmap uid = 10000-20000
idmap gid = 10000-20000
#======================= Share Definitions ====etc...

Vincent,

smbmount fails for win2k3-hosted shares because it doesn't support
win2k3-style digitally signed communications.  The symptom is that the
mount succeeds, but any attempt to access the mounted share gets
Access Denied.  Using "mount -t cifs" instead of "smbmount"
works much
better.

Dear Stephen,

thanks for your help, with the the command line:
 mount -t cifs //mywin2k3server/share /mnt/smb/mountingfolder -o
acl,username=vm
I can access to win2k3-hosted shares.
The first problem is solved, but the second is still there; 
it seems that cifs isn't more compatible with Win2K3 ACLs than smbfs.
When I execute:
 setfacl -m u:domainuser:w /mnt/smb/mountingfolder/afile
The answer is still: "Not supported operation ".
Do you know if there is an other way to do this?

Regards.

Vincent MALIEN