Hi, My problem relates to SAMBA 4.0.5, especially with acl / ntacl problem. Explanation: I'm currently trying to install a TEST System with a Samba4 ADDC system, using Ubuntu server 12.04. I've successfully completed the install and followed mostly the howto's on samba.org for SAMBA4. I'm currently struggling with changing ACL on the Samba 4 Share itself, and inside the shares... It's now been a few weeks that I've started working on this, starting with 4.0.3 to 4.0.4 and now 4.0.5. Using the windows Admin Pak, I simply can't change the ACL to "Domain Admin" on the share itself; It's always giving me a "Permission Denied". I can't seem to find the error in the samba logs, logging at different levels. Here's the setup I've used: krb5.conf: ================================[libdefaults] default_realm = mydomain.com [realms] mydomain.com = { kdc = maindc.mydomain.com admin_server = maindc.mydomain.com default_domain = mydomain.com [domain_realm] .mydomain.com = mydomain.com ================================ smb.conf: ================================[global] workgroup = MYDOMAIN realm = mydomain.com netbios name = FSLINUX2 server role = active directory domain controller [netlogon] path = /usr/local/samba/var/locks/sysvol/mydomain.com/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [TEST] comment = Repertoire de base pour donnees path= /TEST read only = no ================================ Samba compiled with: ./configure --with-ads --with-shared-modules=idmap_ad ACL & Attributes: ================================root at fslinux2:/usr/local/samba# ls -ald /TEST drwxrwx---+ 2 3000014 3000014 4096 Apr 16 16:25 /TEST root at fslinux2:/usr/local/samba# getfacl /TEST getfacl: Removing leading '/' from absolute path names # file: TEST # owner: 3000014 # group: 3000014 user::rwx group::rwx group:3000014:rwx group:3000020:rwx group:3000185:rwx group:3000209:rwx mask::rwx other::--- default:user::rwx default:user:3000014:rwx default:group::--- default:group:3000014:rwx default:group:3000020:rwx default:group:3000185:rwx default:group:3000209:rwx default:mask::rwx default:other::--- root at fslinux2:/usr/local/samba# getfattr -d -m "" /TEST getfattr: Removing leading '/' from absolute path names # file: TEST security.NTACL=0sAwADAAAAAgAEAAIAAQByycVyHtPFedtdWtQSN4l5838ZCS5zl6QBLwkWxhSORgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAScZAAAAIAAAAAAAAAAnAAAAAEFAAAAAAAFFQAAADWvCsf4q6zzUPp1ZgACAAABBQAAAAAABRUAAAA1rwrH+Kus81D6dWYAAgAAAgCcAAUAAAAACxQA/wEfAAEBAAAAAAADAAAAAAADJAD/AR8AAQUAAAAAAAUVAAAANa8Kx/irrPNQ+nVmIQYAAAADJAD/AR8AAQUAAAAAAAUVAAAANa8Kx/irrPNQ+nVmIAwAAAADJAD/AR8AAQUAAAAAAAUVAAAANa8Kx/irrPNQ+nVmAAIAAAADFAD/AR8AAQEAAAAAAAUSAAAA system.posix_acl_access=0sAgAAAAEABwD/////BAAHAP////8IAAcAzsYtAAgABwDUxi0ACAAHAHnHLQAIAAcAkcctABAABwD/////IAAAAP////8system.posix_acl_default=0sAgAAAAEABwD/////AgAHAM7GLQAEAAAA/////wgABwDOxi0ACAAHANTGLQAIAAcAecctAAgABwCRxy0AEAAHAP////8gAAAA/////w================================= /etc/fstab: ================================/dev/mapper/fslinux2-root / ext4 errors=remount-ro,*user_xattr,acl,barrier=1* ================================ log.samba: Well, this is ambiguous; I was not able to associate the ACL situation with a specific error message... This is the only message that may be related, there no WERR_ errors, no other NT_STATUS errors at the time I've tried to add/change ACLs... ================================[2013/04/16 15:13:15, 5, pid=7606, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) [2013/04/16 15:13:15, 3, pid=7607, effective(0, 0), real(0, 0)] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' [2013/04/16 15:13:15, 5, pid=7607, effective(0, 0), real(0, 0)] ../source4/lib/messaging/messaging.c:554(imessaging_cleanup) imessaging: cleaning up /usr/local/samba/private/smbd.tmp/msg/msg.7607.27 [2013/04/16 15:13:15, 3, pid=7607, effective(0, 0), real(0, 0)] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] [2013/04/16 15:13:15, 10, pid=7607, effective(0, 0), real(0, 0)] ../source4/winbind/wb_server.c:72(wbsrv_call_loop) ================================ Please let me know if I can provide any further information to help me understand this situation. Thank you all for your help and listening. Regards,