Hi all, i'm new in this mailing list, i need some help with a problem i experience with my samba setup. I set up a fileserver on top of debian 6 with samba-3.6.6 on an XFS filesystem partition. I tried to use vsf acl_xattr for better windows compatibility and it seems generally working good, but i experience some strange behavior: I added two acls with different restrictions one for a user and the other for a group the user is member of, it seems that the more restrictive permissions are evaluated. To reproduce the problem i used a domain user that is member of group1 and that group1 has read-wrire(modify) permissions on the file i want to write to. As soon as i apply another acl with read-only permission on the same file for the specified user, i can't write to file anymore. The very strange thing is that as i try to apply a read only acl to group and a read write acl to user i can write the file normally. I dont know if this is some sort of my misconfiguration or wrong filesystem permision on top of the share i tried many variations including enabling end disabling acl_xattr:ignore system acls option. but no change. Filesystem is XFS and comes with extended attributes enabled. Follows the global smb.conf and the share definition. Any help will be appreciated. Mitja Tavcar [global] workgroup = INTRA realm = INTRA.COMUNE.TRENTO.IT server string = File server applicazioni security = ADS log file = /var/log/samba/%m-%U.smbd load printers = No printcap name = /dev/null disable spoolss = Yes local master = No domain master = No registry shares = Yes template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config INTRA : range = 10000-99999 idmap config INTRA : backend = rid idmap config * : range = 1000000-2000000 idmap config * : backend = tdb hosts allow = 192.168.0.0/255.255.0.0, 10.2.0.0/255.255.0.0 [pippo$] path = /smbmnt/disk_servizi/Servizi/pippo/ read only = no browseable = No store dos attributes = Yes vfs objects = acl_xattr acl_xattr:ignore system acls = Yes ea support = Yes inherit acls = Yes guest ok = no available = yes inherit permissions = yes map acl inherit = yes acl map full control = no