samba - Aug 2010 - (force) create mode not instantly applied

Hi,

if I connect from a winxp machine to my samba share and create a new 
file, it does not get the permissions specified by "create mask" and 
"force create mode" at first. Only after I modify the permissions on
the
client, the file finally gets the right permissions on the server. 
Thereby it does not matter what I change on the client, even if I remove 
all access rights. After clicking OK, the permissions of the file would 
be set to the specified (force) create mode and cannot be changed from 
the client any more.

Example:
- connect to samba share from winxp
- create file "test.txt" from client
- file gets "rw--w----", but should get "rw-rw-r--" (664,
see smb.conf)
- edit file permissions from winxp, e.g. delete all; click OK
- file now has "rw-rw-r--" on the server
- view permissions again in winxp; correctly mapped; cannot be altered

It's the same thing for creating directories (except that the initial 
permissions differ).
When connecting from a linux client, the permissions are set correctly 
on file creation. I haven't tried microsoft clients other than WinXP yet.

Any ideas how to make samba set the desired permissions right on file 
creation, without manual intervention?


Here's my config:

   client:

     WinXP Prof. SP3

   server:

     OpenSUSE 11.1
     Kernel 2.6.27.45-0.1-pae
     Samba 3.5.4-1.1-2382-SUSE-CODE11

   smb.conf:

     [global]
     server string = samba %h
     workgroup = MNS_SVR1
     encrypt passwords = Yes
     printing = cups
     printcap name = cups
     printcap cache time = 750
     cups options = raw
     map to guest = Bad User
     logon path = \\%L\profiles\.msprofile
     logon home = \\%L\%U\.9xprofile
     logon drive = P:
     usershare allow guests = No
     local master = Yes
     netbios name = MNSSVR1
     os level = 65
     passdb backend = tdbsam
     security = user
     wins support = No
     pam password change = Yes
     passwd program = /usr/bin/passwd %u
     passwd chat debug = Yes
     passwd chat timeout = 4
     unix password sync = Yes
     client lanman auth = No
     client plaintext auth = No
     invalid users = root @wheel
     obey pam restrictions = Yes
	

     [share1]
     path = /data/samba-shares/share1
     read only = No
     valid users = @share-access
     read list = @share-access
     write list = @share-write-access
     security mask = 0664
     force security mode = 0664
     create mode = 0664
     force create mode = 0664
     directory mask = 0775
     force directory mode = 0775
     directory security mask = 0775
     force directory security mode = 0775
     force group = share-write-access
     browseable = Yes
     writable = Yes
     map archive = No
     map hidden = No
     map readonly = No
     vfs objects = scannedonly
     scannedonly:domain_socket = True
     scannedonly:socketname = /var/lib/scannedonly/scannedonly-socket


Thanks,
Alex