This is a regression in Samba 4. It works well in Samba 3.6.23. Here is the C code which can be used to open a file for write: #include <SDKDDKVer.h> #include <Windows.h> #include <stdio.h> #include <tchar.h> #include <conio.h> #include <ctype.h> int _tmain(int argc, _TCHAR* argv[]) { HANDLE hFile; if(argc <= 1) return 1; // Open the existing file. hFile = CreateFile(argv[1], GENERIC_READ | GENERIC_WRITE, FILE_SHARE_WRITE | FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hFile == INVALID_HANDLE_VALUE) { printf("ERROR: CreateFile() = %d\n", GetLastError()); return 1; } printf("File opened, press any key to exit ...\n"); getch(); CloseHandle(hFile); return 0; } Further investigation found that the smbd_check_access_rights() inside open_file() in source3/smbd/open.c returns ACCESS_DENIED error: /* Can we access this file ? */ if (!fsp->base_fsp) { /* Only do this check on non-stream open. */ if (file_existed) { status = smbd_check_access_rights(conn, smb_fname, false, access_mask); } else if (local_flags & O_CREAT){ status = check_parent_access(conn, smb_fname, SEC_DIR_ADD_FILE); } else { /* File didn't exist and no O_CREAT. */ return NT_STATUS_OBJECT_NAME_NOT_FOUND; } . . . }