This boolean parameter controls whether smbd 8 will allow clients to attempt to access extended attributes on a share. In order to enable this parameter on a setup with default VFS modules: Samba must have been built with extended attributes support. The underlying filesystem exposed by the share must support extended attributes (e.g. the getfattr1 / setfattr1 utilities must work). Access to extended user attributes must be allowed by the underlying filesystem (e.g. when mounted with a system-dependent option like user_xattr on Linux). This option exposes the "user" attribute namespace from the underlying filesystem to clients. In order to match Windows conventions, the namespace prefix ("user.") is stripped from the attribute name on the client side. The handling of further attribute namespaces (like "security", "system", or "trusted") is not affected by this option. Note that the SMB protocol allows setting attributes whose value is 64K bytes long, and that on NTFS, the maximum storage space for extended attributes per file is 64K. On most UNIX systems (Solaris and ZFS file system being the exception), the limits are much lower - typically 4K. Worse, the same 4K space is often used to store system metadata such as POSIX ACLs, or Samba's NT ACLs. Giving clients access to this tight space via extended attribute support could consume all of it by unsuspecting client applications, which would prevent changing system metadata due to lack of space. The default has changed to yes in Samba release 4.9.0 and above to allow better Windows fileserver compatibility in a default install. yes