Fresh samba43 on FreeBSD jail with ZFS.
ZFS is mounted with aclinherit=passthrough and aclmode=passthrough
A new DC is provisioned:
samba-tool domain provision […] --use-xattrs=no --use-ntvfs
After provisioning, the following lines were removed from /usr/local/etc/smb4.conf:
'server services', 'dcerpc endpoint servers', 'posix:eadb'
The following line was added to /etc/smb4.conf:
vfs objects = zfsacl
This, as I understand it, is the procedure as it is recommended by FreeBSD ports.
I tried samba44 as well, but it didn't have --use-ntvfs available. Not using --use-ntvfs causes an error stating that ACLs are not supported.
When I try to run `samba-tool ntacl sysvolreset`, the program fails with an error:
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires. Try the mounting the filesystem with the 'acl' option.
Upon inspection of the referred script, I find the following Python file:
Which reads starting on line 1547:
smbd.set_simple_acl(file.name, 0755, gid)
raise ProvisioningError("Your filesystem or build does not support posix ACLs […]")
The smbd object comes from samba.samba3, which is an .so file.
What I have found so far:
There is a thread on the mailing list from 2013 already identifying this problem.
I have asked on Server Fault, where the answer is that NFSv4 ACLs should be used. Which is what Windows uses and what ZFS uses, but not what s3fs uses.
A comment on the question states "aha. That's a bug in the tool, I would take it up upstream (samba project). In fact, it would be much better for samba to support those ace's [sic] out of the box, they are much more like Windows ace's [sic]".