Samba 4 expects a filesystem which respects POSIX acls, but ZFS uses the nfsv4acl model. We can configure
ZFS to operate in passthrough mode, then tell Samba to use nfsv4 acls. In addition, we want to make the
volume’s .zfs/snapshot directory visible. This will allow us to present snapshots as Volume Shadow
Copies, which appear to Windows clients as Previous Versions of the volume.
zfs create -o mountpoint=/export/CIFSRoot -o aclmode=passthrough -o aclinherit=passthrough -o snapdir=visible tank/CIFSroot
[global]
## README.FreeBSD recommends commenting out or removing the three statements
## below when using Samba on ZFS
#server services = rpc, ...
#dcerpc endpoint servers = epmapper, ...
#posix:eadb = /var/db/samba4/private/eadb.tdb
## Enable user-based security and map unknown users to the Guest user
security = user
encrypt passwords = true
map to guest = bad user
guest account = smbguest
## Store DOS attributes in extended attributes (no mapping)
map hidden = no
map system = no
map archive = no
map readonly = no
store dos attributes = yes
## Extended attributes
ea support = yes
[public]
path = /export/CIFSRoot
public = yes
guest only = yes
guest ok = yes
writable = yes
read only = no
## Enable the zfsacl and shadow_copy2 modules for this share
vfs objects = zfsacl shadow_copy2
## Hide the .zfs directory from clients
veto files = /.zfs/
delete veto files = yes
## Present the contents of the .zfs/snapshot directory as Volume Shadow
## copies. These will appear as Previous Versions to Windows clients.
shadow:snapdir = .zfs/snapshot
shadow:format = %Y-%m-%d
shadow:sort = desc
## Use nfsv4 acls
## => See README.nfs4acls.txt for more information
## Use OWNER@ and GROUP@ special IDs
nfs4:mode = special
## Merge duplicate ACEs
nfs4:acedup = merge
## Enable changing owner and group
nfs4:chown = yes
map acl inherit = yes
Copyright © 2014-2015, Daniel Washburn. All Rights Reserved.