I have two Linux systems, both running Debian Squeeze. Versions of (I think) the stuff involved are:

  kernel: 2.6.32-5-xen-amd64
  ii  nfs-kernel-server                   1:1.2.2-4squeeze2            support for NFS kernel server
  ii  libnfsidmap2                        0.23-2                       An nfs idmapping library
  ii  nfs-common                          1:1.2.2-4squeeze2            NFS support files common to client and server
  ii  portmap                             6.0.0-2                      RPC port mapper

(The client doesn't have nfs-kernel-server involved.)

I have a directory with ACLs:

# file: dirname
# owner: jon
# group: foogroup
# flags: -s-
user::rwx
user:www-data:rwx
group::r-x
group:foogroup:rwx
mask::rwx
other::r-x
default:...

There are two users, neither one of which owns the directory:

uid=3001(jake) gid=3001(jake) groups=3001(jake),104(wheel),3999(foogroup)
uid=3005(nic) gid=3005(nic) groups=3005(nic),3999(foogroup)

The jake user can create files in the directory without issues. The nic user can't. All UIDs/GIDs are the same on the client and server. I've verified (packet sniffing) that the right uids/gids get sent via AUTH_UNIX are correct-- uid=gid=3005, auxiliary gids=3005,3999-- and that the server replies with NFS3ERR_ACCESS, which the kernel on the client maps to EACCES (Permission denied).

Can anyone help me here?