samba - Feb 2014 - Solaris Extended ACLs samba-3.6 vs samba-4.1 differences

In our situation, we have users home directories on a zfs filesystem which are
available from both nfs and via samba. One of our requirements is that we have
to prevent users on the nfs mounted systems from being able to perform a chmod
on their own home directory that allows other users access to their home
directories.

To this end we use ZFS ACLs such that we chown the user's home directory to
root, then allow them the normal access to their directory via the ZFS ACLs,
except we deny the "write_acl" part. The ACLs are pretty much the
defaults that happen with a normal chmod except for the write_acl part.

It looks like this:

chown root username
chmod  A- username
chmod og-rwx username
chmod A+user:username:write_acl:deny username
chmod
A+user:username:list_directory/read_data/add_file/write_data/add_subdirectory/append_data/read_xattr/write_xattr/execute/delete_child/read_attributes/read_acl/write_owner/synchronize:allow
username
chmod A+group@:read_xattr/read_attributes/read_acl/synchronize:allow username
chmod A+everyone@:read_xattr/read_attributes/read_acl/synchronize:allow username

This all works very well when using an NFS mounted filesystem, and works with
samba-3.6.22.
However, with samba-4.1.4 users cannot access their home share - we get a
permission error in this case.

Just wondering why this might be and if it's by design in samba-4.1 - maybe
caused by the ownership of the user's home directory now being different?
We would much prefer to use the latest versions of samba as we want to continue
on upgrading as samba is improved.

Regards,

Bernie.