diff -r -u samba-4.14.0rc4/source3/modules/nfs4_acls.c samba-4.14.0rc4-LIU/source3/modules/nfs4_acls.c
--- samba-4.14.0rc4/source3/modules/nfs4_acls.c	2021-01-21 14:20:40.000000000 +0100
+++ samba-4.14.0rc4-LIU/source3/modules/nfs4_acls.c	2021-03-01 17:22:32.493233000 +0100
@@ -106,6 +106,7 @@
 	}
 
 	params->map_full_control = lp_acl_map_full_control(SNUM(conn));
+	params->force_attrib_write = lp_acl_force_attrib_write(SNUM(conn));
 
 	DEBUG(10, ("mode:%s, do_chown:%s, acedup: %s map full control:%s\n",
 		enum_smbacl4_modes[params->mode].name,
@@ -410,6 +411,23 @@
 		DEBUG(10, ("Windows mapped ace flags: 0x%x => 0x%x\n",
 		      ace->aceFlags, win_ace_flags));
 
+		/* https://bugzilla.samba.org/show_bug.cgi?id=13809
+		   Windows won't grant write access unless it also have write access on attrib so
+		   let's fake it. This is needed since the unix mode bits emulation of ZFS on FreeBSD
+		   creates an ACL without WRITE_ATTRIBUTES and WRITE_NAMED_ATTRS for group@/other@ entries.
+		*/
+		if (params->force_attrib_write) {
+			if (ace->aceMask & SMB_ACE4_WRITE_DATA) {
+				ace->aceMask |= (SMB_ACE4_WRITE_ATTRIBUTES|SMB_ACE4_WRITE_NAMED_ATTRS);
+			}
+			/*
+			if ((ace->aceMask & SMB_ACE4_READ_DATA) == 0) {
+				ace->aceMask &= ~(SMB_ACE4_READ_ATTRIBUTES|SMB_ACE4_READ_NAMED_ATTRS);
+			}
+			*/
+			DEBUG(10, ("Changing ACL, adding mask for win-compability." \
+				   " New mask: %x\n", ace->aceMask));
+		}
 		mask = ace->aceMask;
 
 		/* Mapping of owner@ and group@ to creator owner and
diff -r -u samba-4.14.0rc4/source3/modules/nfs4_acls.h samba-4.14.0rc4-LIU/source3/modules/nfs4_acls.h
--- samba-4.14.0rc4/source3/modules/nfs4_acls.h	2021-01-21 14:20:40.000000000 +0100
+++ samba-4.14.0rc4-LIU/source3/modules/nfs4_acls.h	2021-03-01 15:56:46.718018000 +0100
@@ -113,6 +113,7 @@
 	bool do_chown;
 	enum smbacl4_acedup_enum acedup;
 	bool map_full_control;
+	bool force_attrib_write;
 };
 
 int smbacl4_get_vfs_params(struct connection_struct *conn,
diff -r -u samba-4.14.0rc4/source3/param/loadparm.c samba-4.14.0rc4-LIU/source3/param/loadparm.c
--- samba-4.14.0rc4/source3/param/loadparm.c	2021-01-21 14:20:40.000000000 +0100
+++ samba-4.14.0rc4-LIU/source3/param/loadparm.c	2021-03-01 15:51:58.198328000 +0100
@@ -251,6 +251,7 @@
 	.smbd_getinfo_ask_sharemode = true,
 	.spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
 	.honor_change_notify_privilege = false,
+	.acl_force_attrib_write = false,
 	.dummy = ""
 };
 
--- samba-4.14.0rc4/docs-xml/smbdotconf/protocol/aclforceattribwrite.xml	2021-03-01 17:27:47.612190000 +0100
+++ samba-4.14.0rc4-LIU/docs-xml/smbdotconf/protocol/aclforceattribwrite.xml	2021-03-01 15:50:44.882248000 +0100
@@ -0,0 +1,15 @@
+<samba:parameter name="acl force attrib write"
+                 context="S"
+                 type="boolean"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>
+	This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+	<manvolnum>8</manvolnum></citerefentry> forcibly adds WRITE_ATTRIBUTES and WRITE_NAMED_ATTRS
+	permissions to the ACL sent to the client when WRITE permissions is detected. Windows refuses
+	to write to files on FreeBSD systems with ZFS otherwise for files given full Unix group/other
+	write permissions due to way it translates Unix mode bits to ZFS ACLs.
+    </para>
+</description>
+<value type="default">no</value>
+</samba:parameter>