I did the mistake to add profile acls = yes as global option. 
So every of my shares has this option. I suggest to add something similiar as 
http://docs.hp.com/en/B8725-90103/ch04s08.html to the profileacls.xml

e.g.
git diff
diff --git a/docs-xml/smbdotconf/protocol/profileacls.xml b/docs-xml/smbdotconf/
index 1c6f0c9..c0c4fa5 100644
--- a/docs-xml/smbdotconf/protocol/profileacls.xml
+++ b/docs-xml/smbdotconf/protocol/profileacls.xml
@@ -25,6 +25,11 @@
        every returned ACL. This will allow any Windows 2000 or XP workstation
        user to access the profile.
        </para>
+
+       <para>
+       Do not set profile acls = yes on normal shares as this will result in 
+       incorrect ownership of the files on those shares. 
+       </para>
        
        <para>
        Note that if you have multiple users logging


I have a few win 7 and a few XP clients using this samba server. The parameter set for all shares seems not to influence how XP accesses files. But it does for Win 7.

One user who belongs to more than one group is not able to access files which don't belong to him and not to his major group. The group rights are rx. And the user is a member of that other group. Existing files can't be readed using samba while they can be readed on a linux shell.


The current documentation should give a hint so it is much easier next time to understand this problem if someone else runs in it..