With user administrator the creation of new policy when using the s3fs backend fails. The attached trace show that packet 96 and 97 are the cause of the failure. S3FS fails to set ACLs as requested by the client.
No trace attached
Created attachment 7486 [details] tcpdump trace
(In reply to comment #1) > No trace attached Oups sorry, trace uploaded.
Ok, we need to support "Domain Admins" as file owner in acl_xattr
Possible explanation: Acl code wants to set the owner to Domain Admins, which is a group. This triggers a chown in the lower level (posix acls), and this fails because this is a group. Maybe idmap_both support can help curing this. Including metze.
Matthieu, does this still fail?
(In reply to comment #6) > Matthieu, does this still fail? It doesn't fail with beta3: Creating a GPO as Administrator from a Windows 7 client: # file: opt/samba/var/locks/sysvol/testrealm.private/Policies/{3244D071-24CA-4104-B693-C34CE004EF68} # owner: 3000011 # group: users user::rwx user:3000011:rwx group::--- group:Enterprise\040Admins:rwx group:Domain\040Admins:rwx group:3000012:r-x group:3000016:rwx group:3000017:r-x mask::rwx other::--- default:user::rwx default:user:3000011:rwx default:group::--- default:group:Enterprise\040Admins:rwx default:group:Domain\040Admins:rwx default:group:3000012:r-x default:group:3000016:rwx default:group:3000017:r-x default:mask::rwx default:other::---
Marking as fixed on this basis.