I have a server running PC-BSD (FreeBSD) 10 and purely ZFS storage. I have created a jail with Warden and installed Samba 4. I have provisioned a domain, using the options for ntvfs and rfc2307 as recommended for FreeBSD+ZFS setups. I am using two zpools in my setup. The first zpool has a mirrored pair of 1TB drives and it contains all of the volumes for the operating system and any jails that I set up. The second zpool has four pairs of 4TB drives providing bulk storage. Volumes allocated from this second zpool are jailed and mounted in the jail I set up for Samba. Everything about this setup is working well, except for the ACLs. I have included the following options in my smb4.conf file, which if I understand things correctly, should allow Samba to use ZFS ACLs to store windows permissions:

vfs objects = zfsacl
nfs4:mode = special
mfs4:acedup = merge
nfs4:chwon = yes

I have also set aclmode=passthrough and aclinherit=passthrough on all of the ZFS volumes being shared by Samba. Regardless of what I try, though, the ZFS ACLs are being ignored. The Samba users are visible (I can log in using my Samba username and password, my username appears in directory listings) and I can assign ACL permissions for other Samba users to files using the setfacl command. However, Samba is completely ignoring the ZFS ACLs, and all Windows ACLs are being stored in an extended attribute user.NTACL. I would like for the Windows permissions to be stored in the ZFS ACLs so that access is consistent between users logged in through SSH and users accessing the shares through Windows.

I am sure this is just the result of my missing some small but crucial parameter or option somewhere, and I am hoping someone can set me on the right path. If you need any more information on my system, let me know and I will post it.

EDIT

Well, after several more days of intense searching online, I seem to have found the problem - I was using NTVFS instead of S3FS. When I was setting up my Samba server many months ago, I was running into problems with the domain provision script failing because of ZFS. The solution was to add the "--use-ntvfs" option as mentioned in a number of different guides. It is possible that this was a necessary option for the version of Samba4 that was current at the time I was installing, but it looks like the zfsacl module does not work with NTVFS in the version I am running now (4.0.25). By changing my smb4.conf file to use S3FS instead, the zfsacl module suddenly started doing it's thing.

TL;DR - use S3FS not NTVFS with the zfsacl module