I've run into a problem with a Lion Server (10.7.5) where the ACL's of the file shares aren't working properly on client machines that log into the server. Client machines see the files in the share, but it's as if the ACL's aren't available or visible.
Users are logging in via OD authentication, and a group "Access" is applied to their user account.
The File Share in question has the "Access" group with full read/write permissions.
Permissions have been propagated to all files and folders within the share.
Inherited Entries were made explicit.
When logging in as a client machine on the network, using proper OD authentication credentials with the "Access" group applied to the user, I have access to the file, but if I try to save the file, I get an error that I don't have permission to save the file. If you look at the permissions on the file/folder from the client machine, it's as if the ACL's from the server don't exist.
When SMB users (Windows) try to save a file to the share, they're not accessible by the AFP users. Again, all files and folders in this share should have full read/write access for all "Access" users, which includes both AFP and SMB users.
Propagating permissions again
A new share (same problem, but on new share)
Accessing via other machines and user accounts
Turning off SMB
Rebooting all machines
Wiping off all ACL's and adding new ACL's
Calling Apple (they're also stumped)
The share is on a Pegasus R4 connected via Thunderbolt.
Haven't had this issue before, and it seems recent after update beyond 10.7.2.
Had to rebuild OD from scratch after upgrade to 10.7.4 due to Kerberos problems.