A simple share using Samba 4.15.9 fails with "NT_STATUS_ACCESS_DENIED opening remote file \test" Below is the contents of smb.conf [global] security = user log file = /var/log/samba/samba.log log level = 10 server multi channel support = no load printers = no printcap name = /dev/null disable spoolss = yes [samba_share] path = /smbtest/samba/share public = yes writable = yes guest ok = yes browseable = yes guest account = nobody guest only = yes create mask = 666 directory mask = 777 Looking into the logs, I see posix_fget_nt_acl: called for file test [2022/09/22 13:35:28.099703, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0)] ../../source3/modules/vfs_aixacl.c:44(aixacl_sys_acl_get_fd) Entering AIX sys_acl_get_fd [2022/09/22 13:35:28.099740, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0)] ../../source3/modules/vfs_aixacl.c:45(aixacl_sys_acl_get_fd) [2022/09/22 13:35:28.099772, 0, pid=4260330, effective(4294967294, 4294967294), real(0, 0)] ../../source3/smbd/fd_handle.c:93(fsp_get_io_fd) fsp_get_io_fd: fsp [test] is a path referencing fsp fd is -1 [2022/09/22 13:35:28.099890, 0, pid=4260330, effective(4294967294, 4294967294), real(0, 0)] ../../source3/smbd/fd_handle.c:93(fsp_get_io_fd) fsp_get_io_fd: fsp [test] is a path referencing fsp [2022/09/22 13:35:28.099962, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0)] ../../source3/modules/vfs_aixacl.c:73(aixacl_sys_acl_get_fd) Got facl and returned it [2022/09/22 13:35:28.100000, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0)] ../../source3/modules/vfs_aixacl_util.c:43(aixacl_to_smbacl) acl_entry is 300edc98 acl_last(file_acl) id 300edc88 [2022/09/22 13:35:28.100083, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0)] ../../source3/modules/vfs_aixacl_util.c:139(aixacl_to_smbacl) i is 1 [2022/09/22 13:35:28.100123, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0)] ../../source3/modules/vfs_aixacl_util.c:154(aixacl_to_smbacl) ace->info.user.uid = 0 [2022/09/22 13:35:28.100163, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0)] ../../source3/modules/vfs_aixacl_util.c:182(aixacl_to_smbacl) ace->a_perm = 0 ... ... ... ... ... canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2022/09/22 13:35:28.104383, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0), class=acls] ../../source3/smbd/posix_acls.c:2705(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- [2022/09/22 13:35:28.104450, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0), class=acls] ../../source3/smbd/posix_acls.c:2705(canonicalise_acl) canon_ace index 2. Type = allow SID = S-1-22-1-0 uid 0 SMB_ACL_USER_OBJ ace_flags = 0x0 perms --- [2022/09/22 13:35:28.104518, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0), class=acls] ../../source3/smbd/posix_acls.c:766(print_canon_ace_list) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 SMB_ACL_USER_OBJ ace_flags = 0x0 perms --- canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms --- canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2022/09/22 13:35:28.104656, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0), class=acls] ../../source3/smbd/posix_acls.c:1030(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2022/09/22 13:35:28.104701, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0), class=acls] ../../source3/smbd/posix_acls.c:1030(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2022/09/22 13:35:28.104745, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0), class=acls] ../../source3/smbd/posix_acls.c:1030(map_canon_ace_perms) map_canon_ace_perms: Mapped (UNIX) 0 to (NT) 0 [2022/09/22 13:35:28.104805, 10, pid=4260330, effective(4294967294, 4294967294), real(0, 0)] ../../source3/smbd/open.c:187(smbd_check_access_rights_sd) smbd_check_access_rights_sd: File [test] requesting [0x120089] returning [0x120009] (NT_STATUS_ACCESS_DENIED) "fsp_get_io_fd: fsp [test] is a path referencing fsp fd is -1 " This issue is not there with aixacl2. And I see aixacl2 has the code to handle the case where fsp->fsp_flags.is_pathref is true , but not aixacl code.