diff --git a/docs-xml/smbdotconf/security/inheritacls.xml b/docs-xml/smbdotconf/security/inheritacls.xml
index 44afa8a..e2552e3 100644
--- a/docs-xml/smbdotconf/security/inheritacls.xml
+++ b/docs-xml/smbdotconf/security/inheritacls.xml
@@ -9,6 +9,11 @@
     behavior is to use the unix mode specified when creating the directory. 
     Enabling this option sets the unix mode to 0777, thus guaranteeing that 
     default directory acls are propagated.
+
+    Note that using the VFS modules acl_xattr or acl_tdb which store native
+    Windows as meta-data will automatically turn this option on for any
+    share for which they are loaded, as they require this option to emulate
+    Windows ACLs correctly.
 </para>
 </description>
 
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 0dbc1c7..49d0100 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4373,6 +4373,7 @@ void lp_set_posix_default_cifsx_readwrite_locktype(enum brl_flavour val);
 int lp_min_receive_file_size(void);
 char* lp_perfcount_module(void);
 void lp_set_passdb_backend(const char *backend);
+bool set_inherit_acls(int i);
 
 /* The following definitions come from param/util.c  */
 
diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index 424ecbf..3d06e52 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -382,6 +382,12 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle,
 	SMB_VFS_HANDLE_SET_DATA(handle, db, free_acl_tdb_data,
 				struct db_context, return -1);
 
+	/* Ensure we have "inherit acls = yes" if we're
+	 * using this module. */
+	DEBUG(2,("connect_acl_tdb: setting 'inherit acls = true' for service %s\n",
+		service ));
+	set_inherit_acls(SNUM(handle->conn));
+
 	return 0;
 }
 
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index 7a9cd27..11ca890 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -208,8 +208,20 @@ static int sys_acl_set_fd_xattr(vfs_handle_struct *handle,
 	return ret;
 }
 
+static int connect_acl_xattr(struct vfs_handle_struct *handle,
+				const char *service,
+				const char *user)
+{
+	/* Ensure we have "inherit acls = yes" if we're
+	 * using this module. */
+	DEBUG(2,("connect_acl_xattr: setting 'inherit acls = true' for service %s\n",
+		service ));
+	set_inherit_acls(SNUM(handle->conn));
+	return 0;
+}
 
 static struct vfs_fn_pointers vfs_acl_xattr_fns = {
+	.connect_fn = connect_acl_xattr,
 	.mkdir = mkdir_acl_common,
 	.open = open_acl_common,
 	.fget_nt_acl = fget_nt_acl_common,
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index c62deb5..b317dc6 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -9843,3 +9843,11 @@ void lp_set_passdb_backend(const char *backend)
 {
 	string_set(&Globals.szPassdbBackend, backend);
 }
+
+bool set_inherit_acls(int i)
+{
+	if (!LP_SNUM_OK(i)) {
+		return false;
+	}
+	ServicePtrs[(i)]->bInheritACLS = true;
+}