2024-12-23 17:34:34 +03:00 · 0001-01-01 00:00:00 +00:00 · 0001-01-01 00:00:00 +00:00 · 19ab776bf9
commit 19ab776bf9
parent 6938b5b98a
32 changed files with 6522 additions and 4064 deletions
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@ -1,6 +1,12 @@
              WHATS NEW IN Samba 3.0 alphaX
              =============================

+Changes in alpha18
+ - huge number of changes! really too many to list ... (and its 1am
+   here, and I'm too tired) 
+   See the cvs tree at http://build.samba.org/
+
+
 Changes in alpha17
 - OpenLinux packaging updates (jht)
 - Locking updates - fix zero timeout (tridge, jra)
--- a/docs/Samba-HOWTO-Collection.pdf
+++ b/docs/Samba-HOWTO-Collection.pdf
--- a/docs/docbook/Makefile.in
+++ b/docs/docbook/Makefile.in
@ -61,7 +61,9 @@ HOWTOSRC=projdoc/DOMAIN_MEMBER.sgml projdoc/NT_Security.sgml \
 	projdoc/Samba-PDC-HOWTO.sgml projdoc/ENCRYPTION.sgml \
 	projdoc/CVS-Access.sgml projdoc/Integrating-with-Windows.sgml \
 	projdoc/PAM-Authentication-And-Samba.sgml projdoc/Samba-LDAP-HOWTO.sgml \
-	projdoc/Samba-BDC-HOWTO.sgml
+	projdoc/Samba-BDC-HOWTO.sgml projdoc/Printing.sgml projdoc/Diagnosis.sgml \
+	projdoc/security_level.sgml projdoc/Browsing.sgml projdoc/Bugs.sgml \
+	projdoc/Speed.sgml



--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@ -728,7 +728,7 @@
 		<listitem><para><link linkend="SOCKETADDRESS"><parameter>socket address</parameter></link></para></listitem>
 		<listitem><para><link linkend="SOCKETOPTIONS"><parameter>socket options</parameter></link></para></listitem>
 		<listitem><para><link linkend="SOURCEENVIRONMENT"><parameter>source environment</parameter></link></para></listitem>
-
+                <listitem><para><link linkend="SPNEGO"><parameter>use spnego</parameter></link></para></listitem>
 		<listitem><para><link linkend="STATCACHE"><parameter>stat cache</parameter></link></para></listitem>
 		<listitem><para><link linkend="STATCACHESIZE"><parameter>stat cache size</parameter></link></para></listitem>
 		<listitem><para><link linkend="STRIPDOT"><parameter>strip dot</parameter></link></para></listitem>
@ -1102,7 +1102,13 @@
 		%u</command></para>
 		</listitem>
 		</varlistentry>
+<varlistentry><term><anchor id="ADDGROUPSCRIPT">add group script (G)</term>
+<listitem><para>This is the full pathname to a script that will 
+		be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html">smbd(8) when a new group is requested. It will expand any <parameter>%g</parameter> to the group name passed.  This script is only useful for installations using the Windows NT domain administration tools.
+		</ulink> 

+</para></listitem>
+</varlistentry>


 		<varlistentry>
@ -1910,6 +1916,7 @@
                <para>This script is called when a remote client removes a user
                from the server, normally using 'User Manager for Domains' or
                <command>rpcclient</command>.
+		</para>

 		<para>This script should delete the given UNIX username. 
 		</para>
@ -2762,6 +2769,10 @@
 		<command>su -</command> command) and trying to print using the 
 		system print command such as <command>lpr(1)</command> or <command>
 		lp(1)</command>.</para>
+
+	        <para>This paramater does not accept % marcos, becouse
+	        many parts of the system require this value to be
+	        constant for correct operation</para>
 		
 		<para>Default: <emphasis>specified at compile time, usually 
 		"nobody"</emphasis></para>
@ -3281,10 +3292,9 @@

 		<varlistentry>
 		<term><anchor id="LDAPADMINDN">ldap admin dn (G)</term>
-		<para>
-		The <parameter>ldap admin dn</parameter> defines the Distinguished 
-		Name (DN) name used by Samba to contact the <link linkend="LDAPSERVER">ldap
-		server</link> when retreiving user account information. The <parameter>ldap
+		<listitem><para> The <parameter>ldap admin dn</parameter> defines the Distinguished 
+		Name (DN) name used by Samba to contact the ldap server when retreiving 
+		user account information. The <parameter>ldap
 		admin dn</parameter> is used in conjunction with the admin dn password
 		stored in the <filename>private/secrets.tdb</filename> file.  See the
 		<ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> man
@ -3301,8 +3311,7 @@

 		<varlistentry>
 		<term><anchor id="LDAPFILTER">ldap filter (G)</term>
-		<para>
-		This parameter specifies the RFC 2254 compliant LDAP search filter.
+		<listitem><para>This parameter specifies the RFC 2254 compliant LDAP search filter.
 		The default is to match the login name with the <constant>uid</constant> 
 		attribute for all entries matching the <constant>sambaAccount</constant>		
 		objectclass.  Note that this filter should only return one entry.
@ -3316,10 +3325,9 @@

 		<varlistentry>
 		<term><anchor id="LDAPSSL">ldap ssl (G)</term>
-		<para>
-		This option is used to define whether or not Samba should
-		use SSL when connecting to the <link linkend="LDAPSERVER"><parameter>ldap
-		server</parameter></link>.  This is <emphasis>NOT</emphasis> related to
+		<listitem><para>This option is used to define whether or not Samba should
+		use SSL when connecting to the ldap server
+		This is <emphasis>NOT</emphasis> related to
 		Samba's previous SSL support which was enabled by specifying the 
 		<command>--with-ssl</command> option to the <filename>configure</filename> 
 		script.
@ -3365,7 +3373,7 @@


 		<varlistentry>
-		<term><anchor id="LDAPSUFFIX">ldap machine suffix (G)</term>
+		<term><anchor id="LDAPMACHINESUFFIX">ldap machine suffix (G)</term>
 		<listitem><para>It specifies where machines should be 
                added to the ldap tree.
 		</para>
@ -3606,15 +3614,18 @@

 		<varlistentry>
 		<term><anchor id="LOGLEVEL">log level (G)</term>
-		<listitem><para>The value of the parameter (an integer) allows 
+		<listitem><para>The value of the parameter (a astring) allows 
 		the debug level (logging level) to be specified in the 
-		<filename>smb.conf</filename> file. This is to give greater 
+		<filename>smb.conf</filename> file. This parameter has been
+		extended since 2.2.x series, now it allow to specify the debug
+		level for multiple debug classes. This is to give greater 
 		flexibility in the configuration of the system.</para>

 		<para>The default will be the log level specified on 
 		the command line or level zero if none was specified.</para>

-		<para>Example: <command>log level = 3</command></para></listitem>
+		<para>Example: <command>log level = 3 passdb:5 auth:10 winbind:2
+		</command></para></listitem>
 		</varlistentry>


@ -6959,7 +6970,12 @@
 		/usr/local/smb_env_vars</command></para>
 		</listitem>
 		</varlistentry>
-
+<varlistentry>
+<term><anchor id="SPNEGO">use spnego (G)</term>
+<listitem><para> This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism.  As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller.  It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.</para>
+<para>Default:  <emphasis>use spnego = yes</emphasis></para>
+</listitem>
+</varlistentry>

 		<varlistentry>
 		<term><anchor id="STATCACHE">stat cache (G)</term>
@ -7570,6 +7586,12 @@
 		connection is made to a Samba server. Sites may use this to record the
 		user connecting to a Samba share.</para>

+	        <para>Due to the requirements of the utmp record, we
+	        are required to create a unique identifier for the
+	        incoming user.  Enabling this option creates an n^2
+	        algorithm to find this number.  This may impede
+	        performance on large installations. </para>
+
 		<para>See also the <link linkend="UTMPDIRECTORY"><parameter>
 		utmp directory</parameter></link> parameter.</para>

--- a/docs/docbook/manpages/smbcontrol.1.sgml
+++ b/docs/docbook/manpages/smbcontrol.1.sgml
@ -76,7 +76,7 @@
 		<constant>force-election</constant>, <constant>ping
 		</constant>, <constant>profile</constant>, <constant>
 		debuglevel</constant>, <constant>profilelevel</constant>, 
-		or <constant>printer-notify</constant>.</para>
+		or <constant>printnotify</constant>.</para>

 		<para>The <constant>close-share</constant> message-type sends a 
 		message to smbd which will then close the client connections to
@ -119,11 +119,55 @@
 		setting is returned by a  "profilelevel" message. This can be sent 
 		to any smbd or nmbd destinations.</para>

-		<para>The <constant>printer-notify</constant> message-type sends a 
+		<para>The <constant>printnotify</constant> message-type sends a 
 		message to smbd which in turn sends a printer notify message to 
-		any Windows NT clients connected to  a printer.  This message-type 
-		takes an argument of the printer name to  send notify messages to.   
-		This message can only be sent to <constant>smbd</constant>.</para>
+		any Windows NT clients connected to  a printer. This message-type
+		takes the following arguments:
+
+		<variablelist>
+
+		    <varlistentry>
+		    <term>queuepause printername</term>
+		    <listitem><para>Send a queue pause change notify
+		    message to the printer specified.</para></listitem>
+ 		    </varlistentry>
+
+		    <varlistentry>
+		    <term>queueresume printername</term>
+		    <listitem><para>Send a queue resume change notify
+		    message for the printer specified.</para></listitem>
+ 		    </varlistentry>
+
+		    <varlistentry>
+		    <term>jobpause printername unixjobid</term>
+		    <listitem><para>Send a job pause change notify
+		    message for the printer and unix jobid
+		    specified.</para></listitem> 
+ 		    </varlistentry>
+
+		    <varlistentry>
+		    <term>jobresume printername unixjobid</term>
+		    <listitem><para>Send a job resume change notify
+		    message for the printer and unix jobid
+		    specified.</para></listitem>  
+		    </varlistentry>
+
+		    <varlistentry>
+		    <term>jobdelete printername unixjobid</term>
+		    <listitem><para>Send a job delete change notify
+		    message for the printer and unix jobid
+		    specified.</para></listitem> 
+		    </varlistentry>
+
+		</variablelist>
+
+		Note that this message only sends notification that an
+		event has occured.  It doesn't actually cause the
+		event to happen.
+
+		This message can only be sent to <constant>smbd</constant>. 
+		</para>
+
 		</listitem>
 		</varlistentry>

--- a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml
+++ b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml
@ -326,7 +326,7 @@ use with an LDAP directory could appear as
     ldap suffix = "ou=people,dc=samba,dc=org"

     # generally the default ldap search filter is ok
-     # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
+     # ldap filter = "(&amp;(uid=%u)(objectclass=sambaAccount))"
 </programlisting></para>


--- a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
+++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
@ -1652,7 +1652,7 @@ I think this is all bogus, but have not deleted it. (Richard Sharpe)
 </warning>

 <para>
-The default logon path is \\%N\U%.  NT Workstation will attempt to create
+The default logon path is \\%N\%U.  NT Workstation will attempt to create
 a directory "\\samba-server\username.PDS" if you specify the logon path
 as "\\samba-server\username" with the NT User Manager.  Therefore, you
 will need to specify (for example) "\\samba-server\username\profile".
--- a/docs/docbook/projdoc/samba-doc.sgml
+++ b/docs/docbook/projdoc/samba-doc.sgml
@ -13,6 +13,12 @@
 <!ENTITY IntegratingWithWindows SYSTEM "Integrating-with-Windows.sgml">
 <!ENTITY Samba-PAM SYSTEM "PAM-Authentication-And-Samba.sgml">
 <!ENTITY Samba-LDAP SYSTEM "Samba-LDAP-HOWTO.sgml">
+<!ENTITY Diagnosis SYSTEM "Diagnosis.sgml">
+<!ENTITY PRINTING SYSTEM "Printing.sgml">
+<!ENTITY BUGS SYSTEM "Bugs.sgml">
+<!ENTITY SECURITY-LEVEL SYSTEM "security_level.sgml">
+<!ENTITY SPEED SYSTEM "Speed.sgml">
+<!ENTITY BROWSING SYSTEM "Browsing.sgml">
 <!ENTITY INDEX-FILE SYSTEM "index.sgml">
 ]>

@ -31,7 +37,7 @@
 <title>Abstract</title>

 <para>
-<emphasis>Last Update</emphasis> : Mon Apr  1 08:47:26 CST 2002
+<emphasis>Last Update</emphasis> : Thu Aug 15 12:48:45 CDT 2002
 </para>

 <para>
@ -58,18 +64,24 @@ Cheers, jerry

 <!-- Chapters -->
 &UNIX-INSTALL;
+&Diagnosis;
 &IntegratingWithWindows;
 &Samba-PAM;
 &MS-Dfs-Setup;
 &NT-Security;
 &PRINTER-DRIVER2;
+&PRINTING;
+&SECURITY-LEVEL;
 &DOMAIN-MEMBER;
+&WINBIND;
 &Samba-PDC-HOWTO;
 &Samba-BDC-HOWTO;
 &Samba-LDAP;
-&WINBIND;
+&BROWSING;
+&SPEED;
 &OS2-Client;
 &CVS-Access;
+&BUGS;

 <!-- Autogenerated Index -->
 &INDEX-FILE;
--- a/docs/docbook/projdoc/winbind.sgml
+++ b/docs/docbook/projdoc/winbind.sgml
@ -23,9 +23,19 @@
 			<address><email>jtrostel@snapserver.com</email></address>
 		</affiliation>
 	</author>
-	
-		
-	<pubdate>16 Oct 2000</pubdate>
+	<author>
+		<firstname>Naag</firstname><surname>Mummaneni</surname>
+		<affiliation>
+			<address><email>getnag@rediffmail.com</email></address>
+		</affiliation>
+	</author>
+	<author>
+		<firstname>Jelmer</firstname><surname>Vernooij</surname>
+		<affiliation>
+			<address><email>jelmer@nl.linux.org</email></address>
+		</affiliation>
+	</author>
+	<pubdate>27 June 2002</pubdate>
 </chapterinfo>

 <title>Unified Logons between Windows NT and UNIX using Winbind</title>
@ -489,6 +499,13 @@ I also found it necessary to make the following symbolic link:
 <prompt>root#</prompt> <command>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</command>
 </para>

+<para>And, in the case of Sun solaris:</para>
+<para>
+<prompt>root#</prompt> <command>ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1</command>
+<prompt>root#</prompt> <command>ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1</command>
+<prompt>root#</prompt> <command>ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2</command>
+</para>
+
 <para>
 Now, as root you need to edit <filename>/etc/nsswitch.conf</filename> to 
 allow user and group entries to be visible from the <command>winbindd</command> 
@ -682,14 +699,18 @@ The same thing can be done for groups with the command


 <sect3>
-<title>Fix the <filename>/etc/rc.d/init.d/smb</filename> startup files</title>
+<title>Fix the init.d startup scripts</title>
+
+<sect4>
+<title>Linux</title>

 <para>
 The <command>winbindd</command> daemon needs to start up after the 
 <command>smbd</command> and <command>nmbd</command> daemons are running.  
-To accomplish this task, you need to modify the <filename>/etc/init.d/smb</filename>
+To accomplish this task, you need to modify the startup scripts of your system. They are located at <filename>/etc/init.d/smb</filename> in RedHat and 
+<filename>/etc/init.d/samba</filename> in Debian.
 script to add commands to invoke this daemon in the proper sequence.  My 
-<filename>/etc/init.d/smb</filename> file starts up <command>smbd</command>, 
+startup script starts up <command>smbd</command>, 
 <command>nmbd</command>, and <command>winbindd</command> from the 
 <filename>/usr/local/samba/bin</filename> directory directly.  The 'start' 
 function in the script looks like this:
@ -744,18 +765,79 @@ stop() {
        return $RETVAL
 }
 </programlisting></para>
+</sect4>

+<sect4>
+<title>Solaris</title>
+
+<para>On solaris, you need to modify the 
+<filename>/etc/init.d/samba.server</filename> startup script. It usually 
+only starts smbd and nmbd but should now start winbindd too. If you 
+have samba installed in <filename>/usr/local/samba/bin</filename>, 
+the file could contains something like this:
+</para>
+
+<para><programlisting>
+##
+## samba.server
+##
+
+if [ ! -d /usr/bin ]
+then                    # /usr not mounted
+        exit
+fi
+
+killproc() {            # kill the named process(es)
+        pid=`/usr/bin/ps -e |
+             /usr/bin/grep -w $1 |
+             /usr/bin/sed -e 's/^  *//' -e 's/ .*//'`
+        [ "$pid" != "" ] && kill $pid
+}
+ 
+# Start/stop processes required for samba server
+
+case "$1" in
+
+'start')
+#
+# Edit these lines to suit your installation (paths, workgroup, host)
+#
+echo Starting SMBD
+   /usr/local/samba/bin/smbd -D -s \
+	/usr/local/samba/smb.conf
+
+echo Starting NMBD
+   /usr/local/samba/bin/nmbd -D -l \
+	/usr/local/samba/var/log -s /usr/local/samba/smb.conf
+
+echo Starting Winbind Daemon
+   /usr/local/samba/bin/winbindd
+   ;;
+
+'stop')
+   killproc nmbd
+   killproc smbd
+   killproc winbindd
+   ;;
+
+*)
+   echo "Usage: /etc/init.d/samba.server { start | stop }"
+   ;;
+esac
+</programlisting></para>
+</sect4>
+
+<sect4>
+<title>Restarting</title>
 <para>
 If you restart the <command>smbd</command>, <command>nmbd</command>, 
 and <command>winbindd</command> daemons at this point, you
 should be able to connect to the samba server as a domain member just as
 if you were a local user.
 </para>
-
+</sect4>
 </sect3>

-
-
 <sect3>
 <title>Configure Winbind and PAM</title>

@ -781,13 +863,17 @@ by invoking the command
 from the <filename>../source</filename> directory.  The
 <filename>pam_winbind.so</filename> file should be copied to the location of
 your other pam security modules.  On my RedHat system, this was the
-<filename>/lib/security</filename> directory.
+<filename>/lib/security</filename> directory. On Solaris, the pam security 
+modules reside in <filename>/usr/lib/security</filename>.
 </para>

 <para>
 <prompt>root#</prompt> <command>cp ../samba/source/nsswitch/pam_winbind.so /lib/security</command>
 </para>

+<sect4>
+<title>Linux/FreeBSD-specific PAM configuration</title>
+
 <para>
 The <filename>/etc/pam.d/samba</filename> file does not need to be changed. I 
 just left this fileas it was:
@ -875,6 +961,92 @@ line after the <command>winbind.so</command> line to get rid of annoying
 double prompts for passwords.
 </para>

+</sect4>
+
+<sect4>
+<title>Solaris-specific configuration</title>
+
+<para>
+The /etc/pam.conf needs to be changed. I changed this file so that my Domain
+users can logon both locally as well as telnet.The following are the changes
+that I made.You can customize the pam.conf file as per your requirements,but
+be sure of those changes because in the worst case it will leave your system
+nearly impossible to boot.
+</para>
+
+<para><programlisting>
+#
+#ident	"@(#)pam.conf	1.14	99/09/16 SMI"
+#
+# Copyright (c) 1996-1999, Sun Microsystems, Inc.
+# All Rights Reserved.
+#
+# PAM configuration
+#
+# Authentication management
+#
+login   auth required   /usr/lib/security/pam_winbind.so
+login	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass 
+login	auth required 	/usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass 
+#
+rlogin  auth sufficient /usr/lib/security/pam_winbind.so
+rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
+rlogin	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
+#
+dtlogin auth sufficient /usr/lib/security/pam_winbind.so
+dtlogin	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
+#
+rsh	auth required	/usr/lib/security/$ISA/pam_rhosts_auth.so.1
+other   auth sufficient /usr/lib/security/pam_winbind.so
+other	auth required	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
+#
+# Account management
+#
+login   account sufficient      /usr/lib/security/pam_winbind.so
+login	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
+login	account required	/usr/lib/security/$ISA/pam_unix.so.1 
+#
+dtlogin account sufficient      /usr/lib/security/pam_winbind.so
+dtlogin	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
+dtlogin	account required	/usr/lib/security/$ISA/pam_unix.so.1 
+#
+other   account sufficient      /usr/lib/security/pam_winbind.so
+other	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
+other	account required	/usr/lib/security/$ISA/pam_unix.so.1 
+#
+# Session management
+#
+other	session required	/usr/lib/security/$ISA/pam_unix.so.1 
+#
+# Password management
+#
+#other   password sufficient     /usr/lib/security/pam_winbind.so
+other	password required	/usr/lib/security/$ISA/pam_unix.so.1 
+dtsession auth required	/usr/lib/security/$ISA/pam_unix.so.1
+#
+# Support for Kerberos V5 authentication (uncomment to use Kerberos)
+#
+#rlogin	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+#login	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+#dtlogin	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+#other	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+#dtlogin	account optional /usr/lib/security/$ISA/pam_krb5.so.1
+#other	account optional /usr/lib/security/$ISA/pam_krb5.so.1
+#other	session optional /usr/lib/security/$ISA/pam_krb5.so.1
+#other	password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+</programlisting></para>
+
+<para>
+I also added a try_first_pass line after the winbind.so line to get rid of
+annoying double prompts for passwords.
+</para>
+
+<para>
+Now restart your Samba & try connecting through your application that you
+configured in the pam.conf.
+</para>
+
+</sect4>

 </sect3>

--- a/docs/htmldocs/Integrating-with-Windows.html
+++ b/docs/htmldocs/Integrating-with-Windows.html
@ -191,7 +191,7 @@ CLASS="FILENAME"
 > is one such file.</P
 ><P
 >When the IP address of the destination interface has been 
-determined a protocol called ARP/RARP isused to identify 
+determined a protocol called ARP/RARP is used to identify 
 the MAC address of the target interface. ARP stands for Address 
 Resolution Protocol, and is a broadcast oriented method that 
 uses UDP (User Datagram Protocol) to send a request to all 
@ -414,7 +414,7 @@ architecture of the MS Windows network. The term "workgroup" indicates
 that the primary nature of the network environment is that of a 
 peer-to-peer design. In a WORKGROUP all machines are responsible for 
 their own security, and generally such security is limited to use of 
-just a password (known as SHARE MORE security). In most situations 
+just a password (known as SHARE MODE security). In most situations 
 with peer-to-peer networking the users who control their own machines 
 will simply opt to have no security at all. It is possible to have 
 USER MODE security in a WORKGROUP environment, thus requiring use 
@ -444,8 +444,8 @@ NAME="AEN100"
 ></H2
 ><P
 >All MS Windows machines employ an in memory buffer in which is 
-stored the NetBIOS names and their IP addresses for all external 
-machines that that the local machine has communicated with over the 
+stored the NetBIOS names and IP addresses for all external 
+machines that that machine has communicated with over the 
 past 10-15 minutes. It is more efficient to obtain an IP address 
 for a machine from the local cache than it is to go through all the 
 configured name resolution mechanisms.</P
@ -453,7 +453,7 @@ configured name resolution mechanisms.</P
 >If a machine whose name is in the local name cache has been shut 
 down before the name had been expired and flushed from the cache, then 
 an attempt to exchange a message with that machine will be subject 
-to time-out delays. ie: It's name is in the cache, so a name resolution 
+to time-out delays. i.e.: Its name is in the cache, so a name resolution 
 lookup will succeed, but the machine can not respond. This can be 
 frustrating for users - but it is a characteristic of the protocol.</P
 ><P
@ -660,7 +660,7 @@ dependable browsing using Samba</A
 ></H1
 ><P
 >As stated above, MS Windows machines register their NetBIOS names 
-(ie: the machine name for each service type in operation) on start 
+(i.e.: the machine name for each service type in operation) on start 
 up. Also, as stated above, the exact method by which this name registration 
 takes place is determined by whether or not the MS Windows client/server 
 has been given a WINS server address, whether or not LMHOSTS lookup 
@ -685,7 +685,7 @@ Instead, the domain master browser serves the role of contacting each local
 master browser (found by asking WINS or from LMHOSTS) and exchanging browse 
 list contents. This way every master browser will eventually obtain a complete 
 list of all machines that are on the network. Every 11-15 minutes an election 
-is held to determine which machine will be the master browser. By nature of 
+is held to determine which machine will be the master browser. By the nature of 
 the election criteria used, the machine with the highest uptime, or the 
 most senior protocol version, or other criteria, will win the election 
 as domain master browser.</P
@ -770,8 +770,8 @@ these versions no longer support plain text passwords by default.</P
 ><P
 >MS Windows clients have a habit of dropping network mappings that 
 have been idle for 10 minutes or longer. When the user attempts to 
-use the mapped drive connection that has been dropped the SMB protocol 
-has a mechanism by which the connection can be re-established using 
+use the mapped drive connection that has been dropped, the client
+re-establishes the connection using 
 a cached copy of the password.</P
 ><P
 >When Microsoft changed the default password mode, they dropped support for 
@ -959,7 +959,7 @@ NAME="AEN196"
 ></H2
 ><P
 >This mode of authentication demands that there be on the 
-Unix/Linux system both a Unix style account as well as and 
+Unix/Linux system both a Unix style account as well as an 
 smbpasswd entry for the user. The Unix system account can be 
 locked if required as only the encrypted password will be 
 used for SMB client authentication.</P
--- a/docs/htmldocs/Samba-HOWTO-Collection.html
+++ b/docs/htmldocs/Samba-HOWTO-Collection.html
--- a/docs/htmldocs/Samba-LDAP-HOWTO.html
+++ b/docs/htmldocs/Samba-LDAP-HOWTO.html
@ -152,7 +152,7 @@ Identified (RID).</P
 >As a result of these defeciencies, a more robust means of storing user attributes
 used by smbd was developed.  The API which defines access to user accounts
 is commonly referred to as the samdb interface (previously this was called the passdb
-API, and is still so named in the CVS trees).  In Samba 2.2.3, enabling support
+API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
 for a samdb backend (e.g. <TT
 CLASS="PARAMETER"
 ><I
@ -498,7 +498,7 @@ CLASS="REPLACEABLE"
     ldap suffix = "ou=people,dc=samba,dc=org"

     # generally the default ldap search filter is ok
-     # ldap filter = "(&#38;(uid=%u)(objectclass=sambaAccount))"</PRE
+     # ldap filter = "(&amp;(uid=%u)(objectclass=sambaAccount))"</PRE
 ></P
 ></DIV
 ></DIV
--- a/docs/htmldocs/Samba-PDC-HOWTO.html
+++ b/docs/htmldocs/Samba-PDC-HOWTO.html
@ -2124,7 +2124,7 @@ ALIGN="LEFT"
 ></TABLE
 ></DIV
 ><P
->The default logon path is \\%N\U%.  NT Workstation will attempt to create
+>The default logon path is \\%N\%U.  NT Workstation will attempt to create
 a directory "\\samba-server\username.PDS" if you specify the logon path
 as "\\samba-server\username" with the NT User Manager.  Therefore, you
 will need to specify (for example) "\\samba-server\username\profile".
--- a/docs/htmldocs/UNIX_INSTALL.html
+++ b/docs/htmldocs/UNIX_INSTALL.html
@ -478,7 +478,7 @@ CLASS="REPLACEABLE"
 ></TT
 ></P
 ><P
->Your should get back a list of shares available on 
+>You should get back a list of shares available on 
 	your server. If you don't then something is incorrectly setup. 
 	Note that this method can also be used to see what shares 
 	are available on other LanManager clients (such as WfWg).</P
@ -656,8 +656,8 @@ NAME="AEN166"
 >By default Samba uses a blank scope ID. This means 
 		all your windows boxes must also have a blank scope ID. 
 		If you really want to use a non-blank scope ID then you will 
-		need to use the -i &lt;scope&gt; option to nmbd, smbd, and 
-		smbclient. All your PCs will need to have the same setting for 
+		need to use the 'netbios scope' smb.conf option.
+                All your PCs will need to have the same setting for 
 		this to work. I do not recommend scope IDs.</P
 ></DIV
 ><DIV
@ -778,19 +778,13 @@ NAME="AEN182"
 		its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE 
 		or DENY_ALL. There are also special compatibility modes called 
 		DENY_FCB and  DENY_DOS.</P
-><P
->You can disable share modes using "share modes = no". 
-		This may be useful on a heavily loaded server as the share 
-		modes code is very slow. See also the FAST_SHARE_MODES 
-		option in the Makefile for a way to do full share modes 
-		very fast using shared memory (if your OS supports it).</P
 ></DIV
 ><DIV
 CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN192"
+NAME="AEN191"
 >Mapping Usernames</A
 ></H2
 ><P
@ -798,21 +792,6 @@ NAME="AEN192"
 		the unix server then take a look at the "username map" option. 
 		See the smb.conf man page for details.</P
 ></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN195"
->Other Character Sets</A
-></H2
-><P
->If you have problems using filenames with accented 
-		characters in them (like the German, French or Scandinavian 
-		character sets) then I recommend you look at the "valid chars" 
-		option in smb.conf and also take a look at the validchars 
-		package in the examples directory.</P
-></DIV
 ></DIV
 ></DIV
 ></BODY
--- a/docs/htmldocs/rpcclient.1.html
+++ b/docs/htmldocs/rpcclient.1.html
@ -37,12 +37,12 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >rpcclient</B
->  [-A authfile] [-c &#60;command string&#62;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &#60;smb config file&#62;] [-U username[%password]] [-W workgroup] [-N] {server}</P
+>  [-A authfile] [-c &#60;command string&#62;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &#60;smb config file&#62;] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN22"
+NAME="AEN23"
 ></A
 ><H2
 >DESCRIPTION</H2
@ -65,7 +65,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN28"
+NAME="AEN29"
 ></A
 ><H2
 >OPTIONS</H2
@ -151,6 +151,35 @@ CLASS="FILENAME"
 		</P
 ></DD
 ><DT
+>-I IP-address</DT
+><DD
+><P
+><TT
+CLASS="REPLACEABLE"
+><I
+>IP address</I
+></TT
+> is the address of the server to connect to. 
+		It should be specified in standard "a.b.c.d" notation. </P
+><P
+>Normally the client would attempt to locate a named 
+		SMB/CIFS server by looking it up via the NetBIOS name resolution 
+		mechanism described above in the <TT
+CLASS="PARAMETER"
+><I
+>name resolve order</I
+></TT
+> 
+		parameter above. Using this parameter will force the client
+		to assume that the server is on the machine with the specified IP 
+		address and the NetBIOS name component of the resource being 
+		connected to will be ignored. </P
+><P
+>There is no default for this parameter. If not supplied, 
+		it will be determined automatically by the client as described 
+		above. </P
+></DD
+><DT
 >-l|--logfile=logbasename</DT
 ><DD
 ><P
@ -253,7 +282,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN92"
+NAME="AEN101"
 ></A
 ><H2
 >COMMANDS</H2
@ -647,7 +676,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN212"
+NAME="AEN221"
 ></A
 ><H2
 >BUGS</H2
@ -688,7 +717,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN222"
+NAME="AEN231"
 ></A
 ><H2
 >VERSION</H2
@ -699,7 +728,7 @@ NAME="AEN222"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN225"
+NAME="AEN234"
 ></A
 ><H2
 >AUTHOR</H2
--- a/docs/htmldocs/smb.conf.5.html
+++ b/docs/htmldocs/smb.conf.5.html
--- a/docs/htmldocs/smbcontrol.1.html
+++ b/docs/htmldocs/smbcontrol.1.html
@ -170,7 +170,7 @@ CLASS="CONSTANT"
 >, 
 		or <TT
 CLASS="CONSTANT"
->printer-notify</TT
+>printnotify</TT
 >.</P
 ><P
 >The <TT
@ -246,15 +246,68 @@ CLASS="CONSTANT"
 ><P
 >The <TT
 CLASS="CONSTANT"
->printer-notify</TT
+>printnotify</TT
 > message-type sends a 
 		message to smbd which in turn sends a printer notify message to 
-		any Windows NT clients connected to  a printer.  This message-type 
-		takes an argument of the printer name to  send notify messages to.   
+		any Windows NT clients connected to  a printer. This message-type
+		takes the following arguments:
+
+		<P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>queuepause printername</DT
+><DD
+><P
+>Send a queue pause change notify
+		    message to the printer specified.</P
+></DD
+><DT
+>queueresume printername</DT
+><DD
+><P
+>Send a queue resume change notify
+		    message for the printer specified.</P
+></DD
+><DT
+>jobpause printername unixjobid</DT
+><DD
+><P
+>Send a job pause change notify
+		    message for the printer and unix jobid
+		    specified.</P
+></DD
+><DT
+>jobresume printername unixjobid</DT
+><DD
+><P
+>Send a job resume change notify
+		    message for the printer and unix jobid
+		    specified.</P
+></DD
+><DT
+>jobdelete printername unixjobid</DT
+><DD
+><P
+>Send a job delete change notify
+		    message for the printer and unix jobid
+		    specified.</P
+></DD
+></DL
+></DIV
+>
+
+		Note that this message only sends notification that an
+		event has occured.  It doesn't actually cause the
+		event to happen.
+
 		This message can only be sent to <TT
 CLASS="CONSTANT"
 >smbd</TT
->.</P
+>. 
+		</P
 ></DD
 ><DT
 >parameters</DT
@ -268,7 +321,7 @@ CLASS="CONSTANT"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN81"
+NAME="AEN102"
 ></A
 ><H2
 >VERSION</H2
@ -279,7 +332,7 @@ NAME="AEN81"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN84"
+NAME="AEN105"
 ></A
 ><H2
 >SEE ALSO</H2
@ -305,7 +358,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN91"
+NAME="AEN112"
 ></A
 ><H2
 >AUTHOR</H2
--- a/docs/htmldocs/winbind.html
+++ b/docs/htmldocs/winbind.html
@ -410,12 +410,20 @@ for providing the HOWTO for this section.</P
 >This HOWTO describes how to get winbind services up and running 
 to control access and authenticate users on your Linux box using 
 the winbind services which come with SAMBA 2.2.2.</P
+><P
+>There is also some Solaris specific information in 
+<TT
+CLASS="FILENAME"
+>docs/textdocs/Solaris-Winbind-HOWTO.txt</TT
+>.
+Future revisions of this document will incorporate that
+information.</P
 ><DIV
 CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN76"
+NAME="AEN78"
 >Introduction</A
 ></H2
 ><P
@ -468,7 +476,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN89"
+NAME="AEN91"
 >Requirements</A
 ></H2
 ><P
@ -529,7 +537,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN103"
+NAME="AEN105"
 >Testing Things Out</A
 ></H2
 ><P
@ -574,7 +582,7 @@ CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN114"
+NAME="AEN116"
 >Configure and compile SAMBA</A
 ></H3
 ><P
@ -640,7 +648,7 @@ CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN133"
+NAME="AEN135"
 >Configure <TT
 CLASS="FILENAME"
 >nsswitch.conf</TT
@ -672,6 +680,30 @@ CLASS="COMMAND"
 >ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B
 ></P
 ><P
+>And, in the case of Sun solaris:</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2</B
+></P
+><P
 >Now, as root you need to edit <TT
 CLASS="FILENAME"
 >/etc/nsswitch.conf</TT
@ -721,7 +753,7 @@ CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN158"
+NAME="AEN168"
 >Configure smb.conf</A
 ></H3
 ><P
@ -796,7 +828,7 @@ CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN174"
+NAME="AEN184"
 >Join the SAMBA server to the PDC domain</A
 ></H3
 ><P
@ -842,7 +874,7 @@ CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN185"
+NAME="AEN195"
 >Start up the winbindd daemon and test it!</A
 ></H3
 ><P
@ -965,12 +997,17 @@ CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN221"
->Fix the <TT
-CLASS="FILENAME"
->/etc/rc.d/init.d/smb</TT
-> startup files</A
+NAME="AEN231"
+>Fix the init.d startup scripts</A
 ></H3
+><DIV
+CLASS="SECT4"
+><H4
+CLASS="SECT4"
+><A
+NAME="AEN233"
+>Linux</A
+></H4
 ><P
 >The <B
 CLASS="COMMAND"
@ -983,15 +1020,16 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >nmbd</B
 > daemons are running.  
-To accomplish this task, you need to modify the <TT
+To accomplish this task, you need to modify the startup scripts of your system. They are located at <TT
 CLASS="FILENAME"
 >/etc/init.d/smb</TT
->
-script to add commands to invoke this daemon in the proper sequence.  My 
+> in RedHat and 
 <TT
 CLASS="FILENAME"
->/etc/init.d/smb</TT
-> file starts up <B
+>/etc/init.d/samba</TT
+> in Debian.
+script to add commands to invoke this daemon in the proper sequence.  My 
+startup script starts up <B
 CLASS="COMMAND"
 >smbd</B
 >, 
@ -1057,6 +1095,86 @@ CLASS="PROGRAMLISTING"
        return $RETVAL
 }</PRE
 ></P
+></DIV
+><DIV
+CLASS="SECT4"
+><HR><H4
+CLASS="SECT4"
+><A
+NAME="AEN250"
+>Solaris</A
+></H4
+><P
+>On solaris, you need to modify the 
+<TT
+CLASS="FILENAME"
+>/etc/init.d/samba.server</TT
+> startup script. It usually 
+only starts smbd and nmbd but should now start winbindd too. If you 
+have samba installed in <TT
+CLASS="FILENAME"
+>/usr/local/samba/bin</TT
+>, 
+the file could contains something like this:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>##
+## samba.server
+##
+
+if [ ! -d /usr/bin ]
+then                    # /usr not mounted
+        exit
+fi
+
+killproc() {            # kill the named process(es)
+        pid=`/usr/bin/ps -e |
+             /usr/bin/grep -w $1 |
+             /usr/bin/sed -e 's/^  *//' -e 's/ .*//'`
+        [ "$pid" != "" ] &#38;&#38; kill $pid
+}
+ 
+# Start/stop processes required for samba server
+
+case "$1" in
+
+'start')
+#
+# Edit these lines to suit your installation (paths, workgroup, host)
+#
+echo Starting SMBD
+   /usr/local/samba/bin/smbd -D -s \
+	/usr/local/samba/smb.conf
+
+echo Starting NMBD
+   /usr/local/samba/bin/nmbd -D -l \
+	/usr/local/samba/var/log -s /usr/local/samba/smb.conf
+
+echo Starting Winbind Daemon
+   /usr/local/samba/bin/winbindd
+   ;;
+
+'stop')
+   killproc nmbd
+   killproc smbd
+   killproc winbindd
+   ;;
+
+*)
+   echo "Usage: /etc/init.d/samba.server { start | stop }"
+   ;;
+esac</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT4"
+><HR><H4
+CLASS="SECT4"
+><A
+NAME="AEN257"
+>Restarting</A
+></H4
 ><P
 >If you restart the <B
 CLASS="COMMAND"
@ -1072,12 +1190,13 @@ CLASS="COMMAND"
 should be able to connect to the samba server as a domain member just as
 if you were a local user.</P
 ></DIV
+></DIV
 ><DIV
 CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN243"
+NAME="AEN263"
 >Configure Winbind and PAM</A
 ></H3
 ><P
@ -1117,7 +1236,11 @@ your other pam security modules.  On my RedHat system, this was the
 <TT
 CLASS="FILENAME"
 >/lib/security</TT
-> directory.</P
+> directory. On Solaris, the pam security 
+modules reside in <TT
+CLASS="FILENAME"
+>/usr/lib/security</TT
+>.</P
 ><P
 ><TT
 CLASS="PROMPT"
@ -1126,6 +1249,14 @@ CLASS="PROMPT"
 CLASS="COMMAND"
 >cp ../samba/source/nsswitch/pam_winbind.so /lib/security</B
 ></P
+><DIV
+CLASS="SECT4"
+><HR><H4
+CLASS="SECT4"
+><A
+NAME="AEN280"
+>Linux/FreeBSD-specific PAM configuration</A
+></H4
 ><P
 >The <TT
 CLASS="FILENAME"
@ -1247,6 +1378,91 @@ CLASS="COMMAND"
 > line to get rid of annoying 
 double prompts for passwords.</P
 ></DIV
+><DIV
+CLASS="SECT4"
+><HR><H4
+CLASS="SECT4"
+><A
+NAME="AEN313"
+>Solaris-specific configuration</A
+></H4
+><P
+>The /etc/pam.conf needs to be changed. I changed this file so that my Domain
+users can logon both locally as well as telnet.The following are the changes
+that I made.You can customize the pam.conf file as per your requirements,but
+be sure of those changes because in the worst case it will leave your system
+nearly impossible to boot.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>#
+#ident	"@(#)pam.conf	1.14	99/09/16 SMI"
+#
+# Copyright (c) 1996-1999, Sun Microsystems, Inc.
+# All Rights Reserved.
+#
+# PAM configuration
+#
+# Authentication management
+#
+login   auth required   /usr/lib/security/pam_winbind.so
+login	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass 
+login	auth required 	/usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass 
+#
+rlogin  auth sufficient /usr/lib/security/pam_winbind.so
+rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
+rlogin	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
+#
+dtlogin auth sufficient /usr/lib/security/pam_winbind.so
+dtlogin	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
+#
+rsh	auth required	/usr/lib/security/$ISA/pam_rhosts_auth.so.1
+other   auth sufficient /usr/lib/security/pam_winbind.so
+other	auth required	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
+#
+# Account management
+#
+login   account sufficient      /usr/lib/security/pam_winbind.so
+login	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
+login	account required	/usr/lib/security/$ISA/pam_unix.so.1 
+#
+dtlogin account sufficient      /usr/lib/security/pam_winbind.so
+dtlogin	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
+dtlogin	account required	/usr/lib/security/$ISA/pam_unix.so.1 
+#
+other   account sufficient      /usr/lib/security/pam_winbind.so
+other	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
+other	account required	/usr/lib/security/$ISA/pam_unix.so.1 
+#
+# Session management
+#
+other	session required	/usr/lib/security/$ISA/pam_unix.so.1 
+#
+# Password management
+#
+#other   password sufficient     /usr/lib/security/pam_winbind.so
+other	password required	/usr/lib/security/$ISA/pam_unix.so.1 
+dtsession auth required	/usr/lib/security/$ISA/pam_unix.so.1
+#
+# Support for Kerberos V5 authentication (uncomment to use Kerberos)
+#
+#rlogin	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+#login	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+#dtlogin	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+#other	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+#dtlogin	account optional /usr/lib/security/$ISA/pam_krb5.so.1
+#other	account optional /usr/lib/security/$ISA/pam_krb5.so.1
+#other	session optional /usr/lib/security/$ISA/pam_krb5.so.1
+#other	password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass</PRE
+></P
+><P
+>I also added a try_first_pass line after the winbind.so line to get rid of
+annoying double prompts for passwords.</P
+><P
+>Now restart your Samba &#38; try connecting through your application that you
+configured in the pam.conf.</P
+></DIV
+></DIV
 ></DIV
 ></DIV
 ><DIV
@ -1254,7 +1470,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN290"
+NAME="AEN320"
 >Limitations</A
 ></H1
 ><P
@ -1295,7 +1511,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN300"
+NAME="AEN330"
 >Conclusion</A
 ></H1
 ><P
--- a/docs/manpages/rpcclient.1
+++ b/docs/manpages/rpcclient.1
@ -3,12 +3,12 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "RPCCLIENT" "1" "16 April 2002" "" ""
+.TH "RPCCLIENT" "1" "15 August 2002" "" ""
 .SH NAME
 rpcclient \- tool for executing client side  MS-RPC functions
 .SH SYNOPSIS
 .sp
-\fBrpcclient\fR [ \fB-A authfile\fR ]  [ \fB-c <command string>\fR ]  [ \fB-d debuglevel\fR ]  [ \fB-h\fR ]  [ \fB-l logfile\fR ]  [ \fB-N\fR ]  [ \fB-s <smb config file>\fR ]  [ \fB-U username[%password]\fR ]  [ \fB-W workgroup\fR ]  [ \fB-N\fR ]  \fBserver\fR
+\fBrpcclient\fR [ \fB-A authfile\fR ]  [ \fB-c <command string>\fR ]  [ \fB-d debuglevel\fR ]  [ \fB-h\fR ]  [ \fB-l logfile\fR ]  [ \fB-N\fR ]  [ \fB-s <smb config file>\fR ]  [ \fB-U username[%password]\fR ]  [ \fB-W workgroup\fR ]  [ \fB-N\fR ]  [ \fB-I destinationIP\fR ]  \fBserver\fR
 .SH "DESCRIPTION"
 .PP
 This tool is part of the  Sambasuite.
@ -55,6 +55,22 @@ planning on submitting a bug report to the Samba team (see \fIBUGS.txt\fR).
 \fB-h|--help\fR
 Print a summary of command line options.
 .TP
+\fB-I IP-address\fR
+\fIIP address\fR is the address of the server to connect to. 
+It should be specified in standard "a.b.c.d" notation. 
+
+Normally the client would attempt to locate a named 
+SMB/CIFS server by looking it up via the NetBIOS name resolution 
+mechanism described above in the \fIname resolve order\fR 
+parameter above. Using this parameter will force the client
+to assume that the server is on the machine with the specified IP 
+address and the NetBIOS name component of the resource being 
+connected to will be ignored. 
+
+There is no default for this parameter. If not supplied, 
+it will be determined automatically by the client as described 
+above. 
+.TP
 \fB-l|--logfile=logbasename\fR
 File name for log/debug files. The extension 
 \&'.client' will be appended. The log file is never removed 
--- a/docs/manpages/smb.conf.5
+++ b/docs/manpages/smb.conf.5
@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMB.CONF" "5" "08 May 2002" "" ""
+.TH "SMB.CONF" "5" "15 August 2002" "" ""
 .SH NAME
 smb.conf \- The configuration file for the Samba suite
 .SH "SYNOPSIS"
@ -657,18 +657,18 @@ each parameter for details. Note that some are synonyms.
 \fIldap filter\fR
 .TP 0.2i
 \(bu
-\fIldap port\fR
-.TP 0.2i
-\(bu
-\fIldap server\fR
-.TP 0.2i
-\(bu
 \fIldap ssl\fR
 .TP 0.2i
 \(bu
 \fIldap suffix\fR
 .TP 0.2i
 \(bu
+\fIldap suffix\fR
+.TP 0.2i
+\(bu
+\fIldap suffix\fR
+.TP 0.2i
+\(bu
 \fIlm announce\fR
 .TP 0.2i
 \(bu
@ -906,55 +906,7 @@ each parameter for details. Note that some are synonyms.
 \fIsource environment\fR
 .TP 0.2i
 \(bu
-\fIssl\fR
-.TP 0.2i
-\(bu
-\fIssl CA certDir\fR
-.TP 0.2i
-\(bu
-\fIssl CA certFile\fR
-.TP 0.2i
-\(bu
-\fIssl ciphers\fR
-.TP 0.2i
-\(bu
-\fIssl client cert\fR
-.TP 0.2i
-\(bu
-\fIssl client key\fR
-.TP 0.2i
-\(bu
-\fIssl compatibility\fR
-.TP 0.2i
-\(bu
-\fIssl egd socket\fR
-.TP 0.2i
-\(bu
-\fIssl entropy bytes\fR
-.TP 0.2i
-\(bu
-\fIssl entropy file\fR
-.TP 0.2i
-\(bu
-\fIssl hosts\fR
-.TP 0.2i
-\(bu
-\fIssl hosts resign\fR
-.TP 0.2i
-\(bu
-\fIssl require clientcert\fR
-.TP 0.2i
-\(bu
-\fIssl require servercert\fR
-.TP 0.2i
-\(bu
-\fIssl server cert\fR
-.TP 0.2i
-\(bu
-\fIssl server key\fR
-.TP 0.2i
-\(bu
-\fIssl version\fR
+\fIuse spnego\fR
 .TP 0.2i
 \(bu
 \fIstat cache\fR
@ -1605,6 +1557,11 @@ Default: \fBadd user script = <empty string>
 \fR
 Example: \fBadd user script = /usr/local/samba/bin/add_user 
 %u\fR
+.TP
+\fBadd group script (G)\fR
+This is the full pathname to a script that will 
+be run \fBAS ROOT\fR by smbd(8) when a new group is requested. It will expand any \fI%g\fR to the group name passed. This script is only useful for installations using the Windows NT domain administration tools.
+
 .TP
 \fBadmin users (S)\fR
 This is a list of users who will be granted 
@ -2189,44 +2146,14 @@ Example: \fBdelete share command = /usr/local/bin/delshare\fR
 .TP
 \fBdelete user script (G)\fR
 This is the full pathname to a script that will 
-be run \fBAS ROOT\fR by  \fBsmbd(8)\fRunder special circumstances 
-described below.
+be run by \fBsmbd(8)\fR
+when managing user's with remote RPC (NT) tools.

-Normally, a Samba server requires that UNIX users are 
-created for all users accessing files on this server. For sites 
-that use Windows NT account databases as their primary user database 
-creating these users and keeping the user list in sync with the 
-Windows NT PDC is an onerous task. This option allows \fB smbd\fR to delete the required UNIX users \fBON 
-DEMAND\fR when a user accesses the Samba server and the 
-Windows NT user no longer exists.
+This script is called when a remote client removes a user
+from the server, normally using 'User Manager for Domains' or
+\fBrpcclient\fR.

-In order to use this option, \fBsmbd\fR must be 
-set to \fIsecurity = domain\fR or \fIsecurity =
-user\fR and \fIdelete user script\fR 
-must be set to a full pathname for a script 
-that will delete a UNIX user given one argument of \fI%u\fR, 
-which expands into the UNIX user name to delete.
-
-When the Windows user attempts to access the Samba server, 
-at \fBlogin\fR (session setup in the SMB protocol) 
-time, \fBsmbd\fR contacts the  \fIpassword server\fR and attempts to authenticate 
-the given user with the given password. If the authentication fails 
-with the specific Domain error code meaning that the user no longer 
-exists then \fBsmbd\fR attempts to find a UNIX user in 
-the UNIX password database that matches the Windows user account. If 
-this lookup succeeds, and \fIdelete user script\fR is 
-set then \fBsmbd\fR will all the specified script 
-\fBAS ROOT\fR, expanding any \fI%u\fR 
-argument to be the user name to delete.
-
-This script should delete the given UNIX username. In this way, 
-UNIX users are dynamically deleted to match existing Windows NT 
-accounts.
-
-See also security = domain,
-\fIpassword server\fR
-, \fIadd user script\fR
-\&.
+This script should delete the given UNIX username. 

 Default: \fBdelete user script = <empty string>
 \fR
@ -2744,7 +2671,7 @@ would force all created directories to have read and execute
 permissions set for 'group' and 'other' as well as the
 read/write/execute bits set for the 'user'.
 .TP
-\fBforce directory  security mode (S)\fR
+\fBforce directory\fR
 This parameter controls what UNIX permission bits 
 can be modified when a Windows NT client is manipulating the UNIX 
 permission on a directory using the native NT security dialog box.
@ -3302,14 +3229,9 @@ code paths.
 Default : \fBlarge readwrite = yes\fR
 .TP
 \fBldap admin dn (G)\fR
-This parameter is only available if Samba has been
-configure to include the \fB--with-ldapsam\fR option
-at compile time. This option should be considered experimental and
-under active development.
-
 The \fIldap admin dn\fR defines the Distinguished 
-Name (DN) name used by Samba to contact the ldap
-server when retreiving user account information. The \fIldap
+Name (DN) name used by Samba to contact the ldap server when retreiving 
+user account information. The \fIldap
 admin dn\fR is used in conjunction with the admin dn password
 stored in the \fIprivate/secrets.tdb\fR file. See the
 \fBsmbpasswd(8)\fRman
@ -3318,11 +3240,6 @@ page for more information on how to accmplish this.
 Default : \fBnone\fR
 .TP
 \fBldap filter (G)\fR
-This parameter is only available if Samba has been
-configure to include the \fB--with-ldapsam\fR option
-at compile time. This option should be considered experimental and
-under active development.
-
 This parameter specifies the RFC 2254 compliant LDAP search filter.
 The default is to match the login name with the uid 
 attribute for all entries matching the sambaAccount 
@ -3330,43 +3247,13 @@ objectclass. Note that this filter should only return one entry.

 Default : \fBldap filter = (&(uid=%u)(objectclass=sambaAccount))\fR
 .TP
-\fBldap port (G)\fR
-This parameter is only available if Samba has been
-configure to include the \fB--with-ldapsam\fR option
-at compile time. This option should be considered experimental and
-under active development.
-
-This option is used to control the tcp port number used to contact
-the \fIldap server\fR.
-The default is to use the stand LDAPS port 636.
-
-See Also: ldap ssl
-
-Default : \fBldap port = 636\fR
-.TP
-\fBldap server (G)\fR
-This parameter is only available if Samba has been
-configure to include the \fB--with-ldapsam\fR option
-at compile time. This option should be considered experimental and
-under active development.
-
-This parameter should contains the FQDN of the ldap directory 
-server which should be queried to locate user account information.
-
-Default : \fBldap server = localhost\fR
-.TP
 \fBldap ssl (G)\fR
-This parameter is only available if Samba has been
-configure to include the \fB--with-ldapsam\fR option
-at compile time. This option should be considered experimental and
-under active development.
-
 This option is used to define whether or not Samba should
-use SSL when connecting to the \fIldap
-server\fR. This is \fBNOT\fR related to
-Samba SSL support which is enabled by specifying the 
+use SSL when connecting to the ldap server
+This is \fBNOT\fR related to
+Samba's previous SSL support which was enabled by specifying the 
 \fB--with-ssl\fR option to the \fIconfigure\fR 
-script (see \fIssl\fR).
+script.

 The \fIldap ssl\fR can be set to one of three values:
 (a) on - Always use SSL when contacting the 
@ -3378,10 +3265,16 @@ Never use SSL when querying the directory, or (c) start_tls
 Default : \fBldap ssl = on\fR
 .TP
 \fBldap suffix (G)\fR
-This parameter is only available if Samba has been
-configure to include the \fB--with-ldapsam\fR option
-at compile time. This option should be considered experimental and
-under active development.
+Default : \fBnone\fR
+.TP
+\fBldap user suffix (G)\fR
+It specifies where users are added to the tree.
+
+Default : \fBnone\fR
+.TP
+\fBldap machine suffix (G)\fR
+It specifies where machines should be 
+added to the ldap tree.

 Default : \fBnone\fR
 .TP
@ -3546,16 +3439,18 @@ you to have separate log files for each user or machine.
 Example: \fBlog file = /usr/local/samba/var/log.%m
 \fR.TP
 \fBlog level (G)\fR
-The value of the parameter (an integer) allows 
+The value of the parameter (a astring) allows 
 the debug level (logging level) to be specified in the 
-\fIsmb.conf\fR file. This is to give greater 
+\fIsmb.conf\fR file. This parameter has been
+extended since 2.2.x series, now it allow to specify the debug
+level for multiple debug classes. This is to give greater 
 flexibility in the configuration of the system.

 The default will be the log level specified on 
 the command line or level zero if none was specified.

-Example: \fBlog level = 3\fR
-.TP
+Example: \fBlog level = 3 passdb:5 auth:10 winbind:2
+\fR.TP
 \fBlogon drive (G)\fR
 This parameter specifies the local path to 
 which the home directory will be connected (see \fIlogon home\fR) 
@ -4790,14 +4685,27 @@ arbitary passdb backend from the .so specified as a compulsary argument.

 Any characters after the (optional) second : are passed to the plugin
 for its own processing
+.TP 0.2i
+\(bu
+\fBunixsam\fR - Allows samba to map all (other) available unix users
+
+This backend uses the standard unix database for retrieving users. Users included 
+in this pdb are NOT listed in samba user listings and users included in this pdb won't be 
+able to login. The use of this backend is to always be able to display the owner of a file 
+on the samba server - even when the user doesn't have a 'real' samba account in one of the 
+other passdb backends.
+
+This backend should always be the last backend listed, since it contains all users in 
+the unix passdb and might 'override' mappings if specified earlier. It's meant to only return 
+accounts for users that aren't covered by the previous backends.
 .RE
 .PP

-Default: \fBpassdb backend = smbpasswd\fR
+Default: \fBpassdb backend = smbpasswd unixsam\fR

-Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd\fR
+Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd unixsam\fR

-Example: \fBpassdb backend = ldapsam_nua:ldaps://ldap.example.com\fR
+Example: \fBpassdb backend = ldapsam_nua:ldaps://ldap.example.com unixsam\fR

 Example: \fBpassdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb\fR
 .TP
@ -6278,246 +6186,10 @@ Examples: \fBsource environment = |/etc/smb.conf.sh
 Example: \fBsource environment = 
 /usr/local/smb_env_vars\fR
 .TP
-\fBssl (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
+\fBuse spnego (G)\fR
+This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller. It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.

-This variable enables or disables the entire SSL mode. If 
-it is set to no, the SSL-enabled Samba behaves 
-exactly like the non-SSL Samba. If set to yes, 
-it depends on the variables \fI ssl hosts\fR and  \fIssl hosts resign\fR whether an SSL 
-connection will be required.
-
-Default: \fBssl = no\fR
-.TP
-\fBssl CA certDir (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-This variable defines where to look up the Certification
-Authorities. The given directory should contain one file for 
-each CA that Samba will trust. The file name must be the hash 
-value over the "Distinguished Name" of the CA. How this directory 
-is set up is explained later in this document. All files within the 
-directory that don't fit into this naming scheme are ignored. You 
-don't need this variable if you don't verify client certificates.
-
-Default: \fBssl CA certDir = /usr/local/ssl/certs
-\fR.TP
-\fBssl CA certFile (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-This variable is a second way to define the trusted CAs. 
-The certificates of the trusted CAs are collected in one big 
-file and this variable points to the file. You will probably 
-only use one of the two ways to define your CAs. The first choice is 
-preferable if you have many CAs or want to be flexible, the second 
-is preferable if you only have one CA and want to keep things 
-simple (you won't need to create the hashed file names). You 
-don't need this variable if you don't verify client certificates.
-
-Default: \fBssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem
-\fR.TP
-\fBssl ciphers (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-This variable defines the ciphers that should be offered 
-during SSL negotiation. You should not set this variable unless 
-you know what you are doing.
-.TP
-\fBssl client cert (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-The certificate in this file is used by  \fBsmbclient(1)\fRif it exists. It's needed 
-if the server requires a client certificate.
-
-Default: \fBssl client cert = /usr/local/ssl/certs/smbclient.pem
-\fR.TP
-\fBssl client key (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-This is the private key for  \fBsmbclient(1)\fR. It's only needed if the 
-client should have a certificate. 
-
-Default: \fBssl client key = /usr/local/ssl/private/smbclient.pem
-\fR.TP
-\fBssl compatibility (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-This variable defines whether OpenSSL should be configured 
-for bug compatibility with other SSL implementations. This is 
-probably not desirable because currently no clients with SSL 
-implementations other than OpenSSL exist.
-
-Default: \fBssl compatibility = no\fR
-.TP
-\fBssl egd socket (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-This option is used to define the location of the communiation socket of 
-an EGD or PRNGD daemon, from which entropy can be retrieved. This option 
-can be used instead of or together with the \fIssl entropy file\fR 
-directive. 255 bytes of entropy will be retrieved from the daemon.
-
-Default: \fBnone\fR
-.TP
-\fBssl entropy bytes (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-This parameter is used to define the number of bytes which should 
-be read from the \fIssl entropy 
-file\fR If a -1 is specified, the entire file will
-be read.
-
-Default: \fBssl entropy bytes = 255\fR
-.TP
-\fBssl entropy file (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-This parameter is used to specify a file from which processes will 
-read "random bytes" on startup. In order to seed the internal pseudo 
-random number generator, entropy must be provided. On system with a 
-\fI/dev/urandom\fR device file, the processes
-will retrieve its entropy from the kernel. On systems without kernel
-entropy support, a file can be supplied that will be read on startup
-and that will be used to seed the PRNG.
-
-Default: \fBnone\fR
-.TP
-\fBssl hosts (G)\fR
-See \fI ssl hosts resign\fR.
-.TP
-\fBssl hosts resign (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-These two variables define whether Samba will go 
-into SSL mode or not. If none of them is defined, Samba will 
-allow only SSL connections. If the  \fIssl hosts\fR variable lists
-hosts (by IP-address, IP-address range, net group or name), 
-only these hosts will be forced into SSL mode. If the \fI ssl hosts resign\fR variable lists hosts, only these 
-hosts will \fBNOT\fR be forced into SSL mode. The syntax for these two 
-variables is the same as for the \fI hosts allow\fR and  \fIhosts deny\fR pair of variables, only 
-that the subject of the decision is different: It's not the access 
-right but whether SSL is used or not. 
-
-The example below requires SSL connections from all hosts
-outside the local net (which is 192.168.*.*).
-
-Default: \fBssl hosts = <empty string>\fR
-
-\fBssl hosts resign = <empty string>\fR
-
-Example: \fBssl hosts resign = 192.168.\fR
-.TP
-\fBssl require clientcert (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-If this variable is set to yes, the 
-server will not tolerate connections from clients that don't 
-have a valid certificate. The directory/file given in \fIssl CA certDir\fR
-and \fIssl CA certFile
-\fRwill be used to look up the CAs that issued 
-the client's certificate. If the certificate can't be verified 
-positively, the connection will be terminated. If this variable 
-is set to no, clients don't need certificates. 
-Contrary to web applications you really \fBshould\fR 
-require client certificates. In the web environment the client's 
-data is sensitive (credit card numbers) and the server must prove 
-to be trustworthy. In a file server environment the server's data 
-will be sensitive and the clients must prove to be trustworthy.
-
-Default: \fBssl require clientcert = no\fR
-.TP
-\fBssl require servercert (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-If this variable is set to yes, the 
-\fBsmbclient(1)\fR
-will request a certificate from the server. Same as 
-\fIssl require 
-clientcert\fR for the server.
-
-Default: \fBssl require servercert = no\fR
-.TP
-\fBssl server cert (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-This is the file containing the server's certificate. 
-The server \fBmust\fR have a certificate. The 
-file may also contain the server's private key. See later for 
-how certificates and private keys are created.
-
-Default: \fBssl server cert = <empty string>
-\fR.TP
-\fBssl server key (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-This file contains the private key of the server. If 
-this variable is not defined, the key is looked up in the 
-certificate file (it may be appended to the certificate). 
-The server \fBmust\fR have a private key
-and the certificate \fBmust\fR 
-match this private key.
-
-Default: \fBssl server key = <empty string>
-\fR.TP
-\fBssl version (G)\fR
-This variable is part of SSL-enabled Samba. This 
-is only available if the SSL libraries have been compiled on your 
-system and the configure option \fB--with-ssl\fR was 
-given at configure time.
-
-This enumeration variable defines the versions of the 
-SSL protocol that will be used. ssl2or3 allows 
-dynamic negotiation of SSL v2 or v3, ssl2 results 
-in SSL v2, ssl3 results in SSL v3 and
-tls1 results in TLS v1. TLS (Transport Layer 
-Security) is the new standard for SSL.
-
-Default: \fBssl version = "ssl2or3"\fR
+Default: \fBuse spnego = yes\fR
 .TP
 \fBstat cache (G)\fR
 This parameter determines if smbd(8)will use a cache in order to 
@ -6698,9 +6370,9 @@ Example: \fBtotal print jobs = 5000\fR
 .TP
 \fBunix extensions(G)\fR
 This boolean parameter controls whether Samba 
-implments the CIFS UNIX extensions, as defined by HP. These
-extensions enable CIFS to server UNIX clients to UNIX servers
-better, and allow such things as symbolic links, hard links etc.
+implments the CIFS UNIX extensions, as defined by HP. 
+These extensions enable Samba to better serve UNIX CIFS clients
+by supporting features such as symbolic links, hard links, etc...
 These extensions require a similarly enabled client, and are of
 no current use to Windows clients.

@ -6983,6 +6655,12 @@ to add utmp or utmpx records (depending on the UNIX system) whenever a
 connection is made to a Samba server. Sites may use this to record the
 user connecting to a Samba share.

+Due to the requirements of the utmp record, we
+are required to create a unique identifier for the
+incoming user. Enabling this option creates an n^2
+algorithm to find this number. This may impede
+performance on large installations. 
+
 See also the \fI utmp directory\fR parameter.

 Default: \fButmp = no\fR
--- a/docs/manpages/smbcontrol.1
+++ b/docs/manpages/smbcontrol.1
@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBCONTROL" "1" "08 May 2002" "" ""
+.TH "SMBCONTROL" "1" "15 August 2002" "" ""
 .SH NAME
 smbcontrol \- send messages to smbd, nmbd or winbindd processes
 .SH SYNOPSIS
@ -47,7 +47,7 @@ One of: close-share,
 debug, 
 force-election, ping
 , profile,  debuglevel, profilelevel, 
-or printer-notify.
+or printnotify.

 The close-share message-type sends a 
 message to smbd which will then close the client connections to
@ -90,11 +90,40 @@ a "request profile level" message. The current profile level
 setting is returned by a "profilelevel" message. This can be sent 
 to any smbd or nmbd destinations.

-The printer-notify message-type sends a 
+The printnotify message-type sends a 
 message to smbd which in turn sends a printer notify message to 
-any Windows NT clients connected to a printer. This message-type 
-takes an argument of the printer name to send notify messages to. 
-This message can only be sent to smbd.
+any Windows NT clients connected to a printer. This message-type
+takes the following arguments:
+.RS
+.TP
+\fBqueuepause printername\fR
+Send a queue pause change notify
+message to the printer specified.
+.TP
+\fBqueueresume printername\fR
+Send a queue resume change notify
+message for the printer specified.
+.TP
+\fBjobpause printername unixjobid\fR
+Send a job pause change notify
+message for the printer and unix jobid
+specified.
+.TP
+\fBjobresume printername unixjobid\fR
+Send a job resume change notify
+message for the printer and unix jobid
+specified.
+.TP
+\fBjobdelete printername unixjobid\fR
+Send a job delete change notify
+message for the printer and unix jobid
+specified.
+.RE
+.PP
+Note that this message only sends notification that an
+event has occured. It doesn't actually cause the
+event to happen.
+This message can only be sent to smbd. 
 .TP
 \fBparameters\fR
 any parameters required for the message-type
--- a/examples/LDAP/samba.schema
+++ b/examples/LDAP/samba.schema
@ -119,8 +119,20 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
 #        MUST ( uid $ uidNumber )
 #        MAY  ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))

-objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
-	DESC 'Samba Account'
+#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+#	DESC 'Samba Account'
+#	MUST ( uid $ rid ) 
+#	MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+#               logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ 
+#               displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+#               description $ userWorkstations $ primaryGroupID $ domain ))
+
+## The X.500 data model (and therefore LDAPv3) says that each entry can 
+## only have one structural objectclass.  OpenLDAP 2.0 does not enforce 
+## this currently but will in v2.1
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
+	DESC 'Samba Auxilary Account'
 	MUST ( uid $ rid ) 
 	MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
               logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ 
--- a/examples/VFS/audit.c
+++ b/examples/VFS/audit.c
@ -3,6 +3,7 @@
 * facility.
 *
 * Copyright (C) Tim Potter, 1999-2000
+ * Copyright (C) Alexander Bokovoy, 2002
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -47,134 +48,79 @@

 /* Function prototypes */

-int audit_connect(struct connection_struct *conn, const char *svc, const char *user);
-void audit_disconnect(struct connection_struct *conn);
-DIR *audit_opendir(struct connection_struct *conn, const char *fname);
-int audit_mkdir(struct connection_struct *conn, const char *path, mode_t mode);
-int audit_rmdir(struct connection_struct *conn, const char *path);
-int audit_open(struct connection_struct *conn, const char *fname, int flags, mode_t mode);
-int audit_close(struct files_struct *fsp, int fd);
-int audit_rename(struct connection_struct *conn, const char *old, const char *new);
-int audit_unlink(struct connection_struct *conn, const char *path);
-int audit_chmod(struct connection_struct *conn, const char *path, mode_t mode);
-int audit_chmod_acl(struct connection_struct *conn, const char *name, mode_t mode);
-int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode);
-int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode);
+static int audit_connect(struct connection_struct *conn, const char *svc, const char *user);
+static void audit_disconnect(struct connection_struct *conn);
+static DIR *audit_opendir(struct connection_struct *conn, const char *fname);
+static int audit_mkdir(struct connection_struct *conn, const char *path, mode_t mode);
+static int audit_rmdir(struct connection_struct *conn, const char *path);
+static int audit_open(struct connection_struct *conn, const char *fname, int flags, mode_t mode);
+static int audit_close(struct files_struct *fsp, int fd);
+static int audit_rename(struct connection_struct *conn, const char *old, const char *new);
+static int audit_unlink(struct connection_struct *conn, const char *path);
+static int audit_chmod(struct connection_struct *conn, const char *path, mode_t mode);
+static int audit_chmod_acl(struct connection_struct *conn, const char *name, mode_t mode);
+static int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode);
+static int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode);

 /* VFS operations */

-extern struct vfs_ops default_vfs_ops;   /* For passthrough operation */
+static struct vfs_ops default_vfs_ops;   /* For passthrough operation */
+static struct smb_vfs_handle_struct *audit_handle;

-struct vfs_ops audit_ops = {
+static vfs_op_tuple audit_ops[] = {
    
 	/* Disk operations */

-	audit_connect,
-	audit_disconnect,
-	NULL,                     /* disk free */
+	{audit_connect, 	SMB_VFS_OP_CONNECT, 	SMB_VFS_LAYER_LOGGER},
+	{audit_disconnect, 	SMB_VFS_OP_DISCONNECT, 	SMB_VFS_LAYER_LOGGER},

 	/* Directory operations */

-	audit_opendir,
-	NULL,                     /* readdir */
-	audit_mkdir,
-	audit_rmdir,
-	NULL,                     /* closedir */
+	{audit_opendir, 	SMB_VFS_OP_OPENDIR, 	SMB_VFS_LAYER_LOGGER},
+	{audit_mkdir, 		SMB_VFS_OP_MKDIR, 	SMB_VFS_LAYER_LOGGER},
+	{audit_rmdir, 		SMB_VFS_OP_RMDIR, 	SMB_VFS_LAYER_LOGGER},

 	/* File operations */

-	audit_open,
-	audit_close,
-	NULL,                     /* read  */
-	NULL,                     /* write */
-	NULL,                     /* lseek */
-	audit_rename,
-	NULL,                     /* fsync */
-	NULL,                     /* stat  */
-	NULL,                     /* fstat */
-	NULL,                     /* lstat */
-	audit_unlink,
-	audit_chmod,
-	audit_fchmod,
-	NULL,                     /* chown */
-	NULL,                     /* fchown */
-	NULL,                     /* chdir */
-	NULL,                     /* getwd */
-	NULL,                     /* utime */
-	NULL,                     /* ftruncate */
-	NULL,                     /* lock */
-	NULL,                     /* symlink */
-	NULL,                     /* readlink */
-	NULL,                     /* link */
-	NULL,                     /* mknod */
-	NULL,                     /* realpath */
-	NULL,                     /* fget_nt_acl */
-	NULL,                     /* get_nt_acl */
-	NULL,                     /* fset_nt_acl */
-	NULL,                      /* set_nt_acl */
-
-	audit_chmod_acl,		/* chmod_acl */
-	audit_fchmod_acl,		/* fchmod_acl */
-
-	NULL,			/* sys_acl_get_entry */
-	NULL,			/* sys_acl_get_tag_type */
-	NULL,			/* sys_acl_get_permset */
-	NULL,			/*sys_acl_get_qualifier */
-	NULL,			/* sys_acl_get_file */
-	NULL,			/* sys_acl_get_fd */
-	NULL,			/* sys_acl_clear_perms */
-	NULL,			/* sys_acl_add_perm */
-	NULL,			/* sys_acl_to_text */
-	NULL,			/* sys_acl_init */
-	NULL,			/* sys_acl_create_entry */
-	NULL,			/* sys_acl_set_tag_type */
-	NULL,			/* sys_acl_set_qualifier */
-	NULL,			/* sys_acl_set_permset */
-	NULL,			/* sys_acl_valid */
-	NULL,			/* sys_acl_set_file */
-	NULL,			/* sys_acl_set_fd */
-	NULL,			/* sys_acl_delete_def_file */
-	NULL,			/* sys_acl_get_perm */
-	NULL,			/* sys_acl_free_text */
-	NULL,			/* sys_acl_free_acl */
-	NULL			/* sys_acl_free_qualifier */
+	{audit_open, 		SMB_VFS_OP_OPEN, 	SMB_VFS_LAYER_LOGGER},
+	{audit_close, 		SMB_VFS_OP_CLOSE, 	SMB_VFS_LAYER_LOGGER},
+	{audit_rename, 		SMB_VFS_OP_RENAME, 	SMB_VFS_LAYER_LOGGER},
+	{audit_unlink, 		SMB_VFS_OP_UNLINK, 	SMB_VFS_LAYER_LOGGER},
+	{audit_chmod, 		SMB_VFS_OP_CHMOD, 	SMB_VFS_LAYER_LOGGER},
+	{audit_fchmod, 		SMB_VFS_OP_FCHMOD, 	SMB_VFS_LAYER_LOGGER},
+	{audit_chmod_acl, 	SMB_VFS_OP_CHMOD_ACL, 	SMB_VFS_LAYER_LOGGER},
+	{audit_fchmod_acl, 	SMB_VFS_OP_FCHMOD_ACL, 	SMB_VFS_LAYER_LOGGER},
+	
+	/* Finish VFS operations definition */
+	
+	{NULL, 			SMB_VFS_OP_NOOP, 	SMB_VFS_LAYER_NOOP}
 };

-/* VFS initialisation function.  Return initialised vfs_ops structure
-   back to SAMBA. */
+/* VFS initialisation function.  Return vfs_op_tuple array back to SAMBA. */

-struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops)
+vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops, 
+			struct smb_vfs_handle_struct *vfs_handle)
 {
-	struct vfs_ops tmp_ops;
-
 	*vfs_version = SMB_VFS_INTERFACE_VERSION;
-	memcpy(&tmp_ops, def_vfs_ops, sizeof(struct vfs_ops));
-
-	tmp_ops.connect = audit_connect;
-	tmp_ops.disconnect = audit_disconnect;
-	tmp_ops.opendir = audit_opendir;
-	tmp_ops.mkdir = audit_mkdir;
-	tmp_ops.rmdir = audit_rmdir;
-	tmp_ops.open = audit_open;
-	tmp_ops.close = audit_close;
-	tmp_ops.rename = audit_rename;
-	tmp_ops.unlink = audit_unlink;
-	tmp_ops.chmod = audit_chmod;
-	tmp_ops.chmod_acl = audit_chmod_acl;
-	tmp_ops.fchmod = audit_fchmod;
-	tmp_ops.fchmod_acl = audit_fchmod_acl;
-
-	memcpy(&audit_ops, &tmp_ops, sizeof(struct vfs_ops));
+	memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops));
+	
+	audit_handle = vfs_handle;

 	openlog("smbd_audit", LOG_PID, SYSLOG_FACILITY);
 	syslog(SYSLOG_PRIORITY, "VFS_INIT: vfs_ops loaded\n");
-	return &audit_ops;
+	return audit_ops;
+}
+
+/* VFS finalization function. */
+void vfs_done(connection_struct *conn)
+{
+	syslog(SYSLOG_PRIORITY, "VFS_DONE: vfs module unloaded\n");
 }

 /* Implementation of vfs_ops.  Pass everything on to the default
   operation but log event first. */

-int audit_connect(struct connection_struct *conn, const char *svc, const char *user)
+static int audit_connect(struct connection_struct *conn, const char *svc, const char *user)
 {
 	syslog(SYSLOG_PRIORITY, "connect to service %s by user %s\n", 
 	       svc, user);
@ -182,13 +128,13 @@ int audit_connect(struct connection_struct *conn, const char *svc, const char *u
 	return default_vfs_ops.connect(conn, svc, user);
 }

-void audit_disconnect(struct connection_struct *conn)
+static void audit_disconnect(struct connection_struct *conn)
 {
 	syslog(SYSLOG_PRIORITY, "disconnected\n");
 	default_vfs_ops.disconnect(conn);
 }

-DIR *audit_opendir(struct connection_struct *conn, const char *fname)
+static DIR *audit_opendir(struct connection_struct *conn, const char *fname)
 {
 	DIR *result = default_vfs_ops.opendir(conn, fname);

@ -200,7 +146,7 @@ DIR *audit_opendir(struct connection_struct *conn, const char *fname)
 	return result;
 }

-int audit_mkdir(struct connection_struct *conn, const char *path, mode_t mode)
+static int audit_mkdir(struct connection_struct *conn, const char *path, mode_t mode)
 {
 	int result = default_vfs_ops.mkdir(conn, path, mode);

@ -212,7 +158,7 @@ int audit_mkdir(struct connection_struct *conn, const char *path, mode_t mode)
 	return result;
 }

-int audit_rmdir(struct connection_struct *conn, const char *path)
+static int audit_rmdir(struct connection_struct *conn, const char *path)
 {
 	int result = default_vfs_ops.rmdir(conn, path);

@ -224,7 +170,7 @@ int audit_rmdir(struct connection_struct *conn, const char *path)
 	return result;
 }

-int audit_open(struct connection_struct *conn, const char *fname, int flags, mode_t mode)
+static int audit_open(struct connection_struct *conn, const char *fname, int flags, mode_t mode)
 {
 	int result = default_vfs_ops.open(conn, fname, flags, mode);

@ -237,7 +183,7 @@ int audit_open(struct connection_struct *conn, const char *fname, int flags, mod
 	return result;
 }

-int audit_close(struct files_struct *fsp, int fd)
+static int audit_close(struct files_struct *fsp, int fd)
 {
 	int result = default_vfs_ops.close(fsp, fd);

@ -249,7 +195,7 @@ int audit_close(struct files_struct *fsp, int fd)
 	return result;
 }

-int audit_rename(struct connection_struct *conn, const char *old, const char *new)
+static int audit_rename(struct connection_struct *conn, const char *old, const char *new)
 {
 	int result = default_vfs_ops.rename(conn, old, new);

@ -261,7 +207,7 @@ int audit_rename(struct connection_struct *conn, const char *old, const char *ne
 	return result;    
 }

-int audit_unlink(struct connection_struct *conn, const char *path)
+static int audit_unlink(struct connection_struct *conn, const char *path)
 {
 	int result = default_vfs_ops.unlink(conn, path);

@ -273,7 +219,7 @@ int audit_unlink(struct connection_struct *conn, const char *path)
 	return result;
 }

-int audit_chmod(struct connection_struct *conn, const char *path, mode_t mode)
+static int audit_chmod(struct connection_struct *conn, const char *path, mode_t mode)
 {
 	int result = default_vfs_ops.chmod(conn, path, mode);

@ -285,7 +231,7 @@ int audit_chmod(struct connection_struct *conn, const char *path, mode_t mode)
 	return result;
 }

-int audit_chmod_acl(struct connection_struct *conn, const char *path, mode_t mode)
+static int audit_chmod_acl(struct connection_struct *conn, const char *path, mode_t mode)
 {
 	int result = default_vfs_ops.chmod_acl(conn, path, mode);

@ -297,7 +243,7 @@ int audit_chmod_acl(struct connection_struct *conn, const char *path, mode_t mod
 	return result;
 }

-int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode)
+static int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode)
 {
 	int result = default_vfs_ops.fchmod(fsp, fd, mode);

@ -309,7 +255,7 @@ int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode)
 	return result;
 }

-int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode)
+static int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode)
 {
 	int result = default_vfs_ops.fchmod_acl(fsp, fd, mode);

--- a/examples/VFS/block/block.c
+++ b/examples/VFS/block/block.c
@ -3,6 +3,7 @@
 * Block access from links to dev mount points specified in PARAMCONF file
 *
 * Copyright (C) Ronald Kuetemeier, 2001
+ * Copyright (C) Alexander Bokovoy, 2002
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -47,93 +48,29 @@



-DIR *block_opendir(struct connection_struct *conn, char *fname);
-int block_connect(struct connection_struct *conn, const char *service, const char *user);    
-void block_disconnect(struct connection_struct *conn);    
+static DIR *block_opendir(connection_struct *conn, char *fname);
+static int block_connect(connection_struct *conn, const char *service, const char *user);    
+static void block_disconnect(connection_struct *conn);    

+static struct smb_vfs_handle_struct *block_handle;

 /* VFS operations */


-extern struct vfs_ops default_vfs_ops;   /* For passthrough operation */
+static struct vfs_ops default_vfs_ops;   /* For passthrough operation */

-struct vfs_ops execute_vfs_ops = {
+static vfs_op_tuple block_vfs_ops[] = {
    
 	/* Disk operations */

-	block_connect,
-	block_disconnect,
-	NULL,					/* disk free */
+	{block_connect,		SMB_VFS_OP_CONNECT,	SMB_VFS_LAYER_TRANSPARENT},
+	{block_disconnect,	SMB_VFS_OP_DISCONNECT,	SMB_VFS_LAYER_TRANSPARENT},

 	/* Directory operations */

-	block_opendir,
-	NULL,					/* readdir */
-	NULL,					/* mkdir */
-	NULL,					/* rmdir */
-	NULL,					/* closedir */
-
-	/* File operations */
-
-	NULL,					/* open */
-	NULL,					/* close */
-	NULL,					/* read  */
-	NULL,					/* write */
-	NULL,					/* lseek */
-	NULL,					/* rename */
-	NULL,					/* fsync */
-	NULL,					/* stat  */
-	NULL,					/* fstat */
-	NULL,					/* lstat */
-	NULL,					/* unlink */
-	NULL,					/* chmod */
-	NULL,					/* fchmod */
-	NULL,					/* chown */
-	NULL,					/* fchown */
-	NULL,					/* chdir */
-	NULL,					/* getwd */
-	NULL,					/* utime */
-	NULL,					/* ftruncate */
-	NULL,					/* lock */
-	NULL,					/* symlink */
-	NULL,					/* readlink */
-	NULL,					/* link */
-	NULL,					/* mknod */
-	NULL,					/* realpath */
-
-	/* NT ACL operations */
-
-	NULL,					/* fget_nt_acl */
-	NULL,					/* get_nt_acl */
-	NULL,					/* fset_nt_acl */
-	NULL,					/* set_nt_acl */
-
-	/* POSIX ACL operations. */
-
-	NULL,					/* chmod_acl */
-	NULL,					/* fchmod_acl */
-	NULL,					/* sys_acl_get_entry */
-	NULL,					/* sys_acl_get_tag_type */
-	NULL,					/* sys_acl_get_permset */
-	NULL,					/* sys_acl_get_qualifier */
-	NULL,					/* sys_acl_get_file */
-	NULL,					/* sys_acl_get_fd */
-	NULL,					/* sys_acl_clear_perms */
-	NULL,					/* sys_acl_add_perm */
-	NULL,					/* sys_acl_to_text */
-	NULL,					/* sys_acl_init */
-	NULL,					/* sys_acl_create_entry */
-	NULL,					/* sys_acl_set_tag_type */
-	NULL,					/* sys_acl_set_qualifier */
-	NULL,					/* sys_acl_set_permset */
-	NULL,					/* sys_acl_valid */
-	NULL,					/* sys_acl_set_file */
-	NULL,					/* sys_acl_set_fd */
-	NULL,					/* sys_acl_delete_def_file */
-	NULL,					/* sys_acl_get_perm */
-	NULL,					/* sys_acl_free_text */
-	NULL,					/* sys_acl_free_acl */
-	NULL					/* sys_acl_free_qualifier */
+	{block_opendir,		SMB_VFS_OP_OPENDIR,	SMB_VFS_LAYER_TRANSPARENT},
+	
+	{NULL,			SMB_VFS_OP_NOOP,	SMB_VFS_LAYER_NOOP}
 };


@ -145,13 +82,13 @@ extern BOOL pm_process(char *FileName, BOOL (*sfunc)(char *), BOOL(*pfunc)(char

 //functions

-BOOL enter_pblock_mount(char *dir);
-BOOL get_section(char *sect);
-BOOL get_parameter_value(char *param, char *value);
-BOOL load_param(void);
-BOOL search(struct stat *stat_buf);
-BOOL dir_search(char *link, char *dir);
-BOOL enter_pblock_dir(char *dir);
+static BOOL enter_pblock_mount(char *dir);
+static BOOL get_section(char *sect);
+static BOOL get_parameter_value(char *param, char *value);
+static BOOL load_param(void);
+static BOOL search(struct stat *stat_buf);
+static BOOL dir_search(char *link, char *dir);
+static BOOL enter_pblock_dir(char *dir);



@ -176,7 +113,7 @@ static struct block_dir *pblock_dir = NULL;
 * Load the conf file into a table
 */

-BOOL load_param(void)
+static BOOL load_param(void)
 {

 	if ((pm_process(PARAMCONF,&get_section,&get_parameter_value)) == TRUE)
@ -194,7 +131,7 @@ BOOL load_param(void)
 * 
 */

-BOOL enter_pblock_mount(char *dir)
+static BOOL enter_pblock_mount(char *dir)
 {
 	struct stat stat_buf;
 	static struct block_dir *tmp_pblock;
@ -242,7 +179,7 @@ BOOL enter_pblock_mount(char *dir)
 * 
 */

-BOOL enter_pblock_dir(char *dir)
+static BOOL enter_pblock_dir(char *dir)
 {
 	static struct block_dir *tmp_pblock;
 	
@ -285,7 +222,7 @@ BOOL enter_pblock_dir(char *dir)
 * Function callback for config section names 
 */

-BOOL get_section(char *sect)
+static BOOL get_section(char *sect)
 {
 	return TRUE;	
 }
@ -297,7 +234,7 @@ BOOL get_section(char *sect)
 *
 */

-BOOL get_parameter_value(char *param, char *value)
+static BOOL get_parameter_value(char *param, char *value)
 {
 	int i = 0, maxargs = sizeof(params) / sizeof(char *);

@ -327,24 +264,25 @@ BOOL get_parameter_value(char *param, char *value)



-/* VFS initialisation function.  Return initialised vfs_ops structure
+/* VFS initialisation function.  Return initialised vfs_op_tuple array
   back to SAMBA. */

-struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops)
+vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops,
+			struct smb_vfs_handle_struct *vfs_handle)
 {
-	struct vfs_ops tmp_ops;
-
 	*vfs_version = SMB_VFS_INTERFACE_VERSION;
 	
-	memcpy(&tmp_ops, def_vfs_ops, sizeof(struct vfs_ops));
+	memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops));
+	
+	block_handle = vfs_handle;

-	/* Override the ones we want. */
-	tmp_ops.connect = block_connect;
-	tmp_ops.disconnect = block_disconnect;
-	tmp_ops.opendir = block_opendir;
+	return block_vfs_ops;
+}

-	memcpy(&execute_vfs_ops, &tmp_ops, sizeof(struct vfs_ops));
-	return(&execute_vfs_ops);
+
+/* VFS finalization function. */
+void vfs_done(connection_struct *conn)
+{
 }


@ -352,7 +290,7 @@ struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops)
 * VFS connect and param file loading
 */

-int block_connect(struct connection_struct *conn, char *service, char *user)
+static int block_connect(connection_struct *conn, const char *service, const char *user)
 {
 	if((load_param()) == FALSE)
 	{
@ -372,7 +310,7 @@ int block_connect(struct connection_struct *conn, char *service, char *user)
 */


-void block_disconnect(struct connection_struct *conn)
+static void block_disconnect(struct connection_struct *conn)
 {
 	
 	struct block_dir *tmp_pblock = (pblock_mountp == NULL ? pblock_dir : pblock_mountp);
@ -403,7 +341,7 @@ void block_disconnect(struct connection_struct *conn)
 * VFS opendir
 */

-DIR *block_opendir(struct connection_struct *conn, char *fname)
+static DIR *block_opendir(struct connection_struct *conn, char *fname)
 {

 	char *dir_name = NULL; 
@ -437,7 +375,7 @@ DIR *block_opendir(struct connection_struct *conn, char *fname)
 * Find mount point to block in list
 */

-BOOL search(struct stat *stat_buf)
+static BOOL search(struct stat *stat_buf)
 {
 	struct block_dir *tmp_pblock = pblock_mountp;

@ -459,7 +397,7 @@ BOOL search(struct stat *stat_buf)
 * Find dir in list to block id the starting point is link from a share
 */

-BOOL dir_search(char *link, char *dir)
+static BOOL dir_search(char *link, char *dir)
 {
 	char buf[PATH_MAX +1], *ext_path;
 	int len = 0;
--- a/examples/VFS/recycle.c
+++ b/examples/VFS/recycle.c
@ -4,6 +4,7 @@
 *
 * Copyright (C) 2001, Brandon Stone, Amherst College, <bbstone@amherst.edu>.
 * Copyright (C) 2002, Jeremy Allison - modified to make a VFS module.
+ * Copyright (C) 2002, Alexander Bokovoy - cascaded VFS adoption,
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -40,139 +41,67 @@
 
 /* VFS operations */

-extern struct vfs_ops default_vfs_ops;   /* For passthrough operation */
-
+static struct vfs_ops default_vfs_ops;   /* For passthrough operation */
+static struct smb_vfs_handle_struct *recycle_handle;
 static int recycle_unlink(connection_struct *, const char *);
 static int recycle_connect(struct connection_struct *conn, const char *service, const char *user);
 static void recycle_disconnect(struct connection_struct *conn);

-struct vfs_ops recycle_ops = {
-    
+static vfs_op_tuple recycle_ops[] = {
+
 	/* Disk operations */

-	recycle_connect,		/* connect */
-	recycle_disconnect,		/* disconnect */
-	NULL,				/* disk free */
-
-	/* Directory operations */
-
-	NULL,				/* opendir */
-	NULL,				/* readdir */
-	NULL,				/* mkdir */
-	NULL,				/* rmdir */
-	NULL,				/* closedir */
+	{recycle_connect,	SMB_VFS_OP_CONNECT,	SMB_VFS_LAYER_OPAQUE},
+	{recycle_disconnect,	SMB_VFS_OP_DISCONNECT,	SMB_VFS_LAYER_OPAQUE},

 	/* File operations */
-
-	NULL,				/* open */
-	NULL,				/* close */
-	NULL,				/* read  */
-	NULL,				/* write */
-	NULL,				/* lseek */
-	NULL,				/* rename */
-	NULL,				/* fsync */
-	NULL,				/* stat  */
-	NULL,				/* fstat */
-	NULL,				/* lstat */
-	recycle_unlink,
-	NULL,				/* chmod */
-	NULL,				/* fchmod */
-	NULL,				/* chown */
-	NULL,				/* fchown */
-	NULL,				/* chdir */
-	NULL,				/* getwd */
-	NULL,				/* utime */
-	NULL,				/* ftruncate */
-	NULL,				/* lock */
-	NULL,				/* symlink */
-	NULL,				/* readlink */
-	NULL,				/* link */
-	NULL,				/* mknod */
-	NULL,				/* realpath */
-	NULL,				/* fget_nt_acl */
-	NULL,				/* get_nt_acl */
-	NULL,				/* fset_nt_acl */
-	NULL,				/* set_nt_acl */
-
-	NULL,				/* chmod_acl */
-	NULL,				/* fchmod_acl */
-
-	NULL,				/* sys_acl_get_entry */
-	NULL,				/* sys_acl_get_tag_type */
-	NULL,				/* sys_acl_get_permset */
-	NULL,				/* sys_acl_get_qualifier */
-	NULL,				/* sys_acl_get_file */
-	NULL,				/* sys_acl_get_fd */
-	NULL,				/* sys_acl_clear_perms */
-	NULL,				/* sys_acl_add_perm */
-	NULL,				/* sys_acl_to_text */
-	NULL,				/* sys_acl_init */
-	NULL,				/* sys_acl_create_entry */
-	NULL,				/* sys_acl_set_tag_type */
-	NULL,				/* sys_acl_set_qualifier */
-	NULL,				/* sys_acl_set_permset */
-	NULL,				/* sys_acl_valid */
-	NULL,				/* sys_acl_set_file */
-	NULL,				/* sys_acl_set_fd */
-	NULL,				/* sys_acl_delete_def_file */
-	NULL,				/* sys_acl_get_perm */
-	NULL,				/* sys_acl_free_text */
-	NULL,				/* sys_acl_free_acl */
-	NULL				/* sys_acl_free_qualifier */
+	
+	{recycle_unlink,	SMB_VFS_OP_UNLINK,	SMB_VFS_LAYER_OPAQUE},
+	
+	{NULL,			SMB_VFS_OP_NOOP,	SMB_VFS_LAYER_NOOP}
 };

-/* VFS initialisation function.  Return initialised vfs_ops structure
-   back to SAMBA. */
+/* VFS initialisation function.  Return initialised vfs_op_tuple array back to SAMBA. */

-struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops)
+vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops,
+			struct smb_vfs_handle_struct *vfs_handle)
 {
-	struct vfs_ops tmp_ops;
-
 	*vfs_version = SMB_VFS_INTERFACE_VERSION;
-	memcpy(&tmp_ops, def_vfs_ops, sizeof(struct vfs_ops));
-	tmp_ops.unlink = recycle_unlink;
-	tmp_ops.connect = recycle_connect;
-	tmp_ops.disconnect = recycle_disconnect;
-	memcpy(&recycle_ops, &tmp_ops, sizeof(struct vfs_ops));
-	return &recycle_ops;
+	memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops));
+	
+	/* Remember vfs_id for storing private information at connect */
+	recycle_handle = vfs_handle;
+
+	return recycle_ops;
+}
+
+/* VFS finalization function. */
+void vfs_done(connection_struct *conn)
+{
+	DEBUG(3,("vfs_done_recycle: called for connection %p\n",conn));
 }

 static int recycle_connect(struct connection_struct *conn, const char *service, const char *user)
 {
-	pstring opts_str;
 	fstring recycle_bin;
-	char *p;

 	DEBUG(3,("recycle_connect: called for service %s as user %s\n", service, user));

-	pstrcpy(opts_str, (const char *)lp_vfs_options(SNUM(conn)));
-	if (!*opts_str) {
-		DEBUG(3,("recycle_connect: No options listed (%s).\n", lp_vfs_options(SNUM(conn)) ));
+	fstrcpy(recycle_bin, (const char *)lp_parm_string(lp_servicename(SNUM(conn)),"vfs","recycle bin"));
+	if (!*recycle_bin) {
+		DEBUG(3,("recycle_connect: No options listed (vfs:recycle bin).\n" ));
 		return 0; /* No options. */
 	}

-	p = opts_str;
-	if (next_token(&p,recycle_bin,"=",sizeof(recycle_bin))) {
-		if (!strequal("recycle", recycle_bin)) {
-			DEBUG(3,("recycle_connect: option %s is not recycle\n", recycle_bin ));
-			return -1;
-		}
-	}
+	DEBUG(3,("recycle_connect: recycle name is %s\n", recycle_bin ));

-	if (!next_token(&p,recycle_bin," \n",sizeof(recycle_bin))) {
-		DEBUG(3,("recycle_connect: no option after recycle=\n"));
-		return -1;
-	}
-
-	DEBUG(10,("recycle_connect: recycle name is %s\n", recycle_bin ));
-
-	conn->vfs_private = (void *)strdup(recycle_bin);
+	recycle_handle->data = (void *)strdup(recycle_bin);
 	return 0;
 }

 static void recycle_disconnect(struct connection_struct *conn)
 {
-	SAFE_FREE(conn->vfs_private);
+	SAFE_FREE(recycle_handle->data);
 }

 static BOOL recycle_XXX_exist(connection_struct *conn, const char *dname, BOOL isdir)
@ -225,8 +154,8 @@ static int recycle_unlink(connection_struct *conn, const char *inname)
 	*recycle_bin = '\0';
 	pstrcpy(fname, inname);

-	if (conn->vfs_private)
-		fstrcpy(recycle_bin, (const char *)conn->vfs_private);
+	if (recycle_handle->data)
+		fstrcpy(recycle_bin, (const char *)recycle_handle->data);

 	if(!*recycle_bin) {
 		DEBUG(3, ("recycle bin: share parameter not set, purging %s...\n", fname));
--- a/examples/VFS/skel.c
+++ b/examples/VFS/skel.c
@ -3,6 +3,7 @@
 * calls to disk functions.
 *
 * Copyright (C) Tim Potter, 1999-2000
+ * Copyright (C) Alexander Bokovoy, 2002
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -38,8 +39,8 @@
 #include <includes.h>
 #include <vfs.h>

-extern struct vfs_ops default_vfs_ops;   /* For passthrough operation */
-extern struct vfs_ops skel_ops;
+static struct vfs_ops default_vfs_ops;   /* For passthrough operation */
+static struct smb_vfs_handle_struct *skel_handle; /* use skel_handle->data for storing per-instance private data */

 static int skel_connect(struct connection_struct *conn, const char *service, const char *user)    
 {
@ -349,172 +350,110 @@ static int skel_sys_acl_free_qualifier(struct connection_struct *conn, void *qua
 	return default_vfs_ops.sys_acl_free_qualifier(conn, qualifier, tagtype);
 }

-/* VFS initialisation - return vfs_ops function pointer structure */
-
-struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops)
-{
-	struct vfs_ops tmp_ops;
-
-	DEBUG(3, ("Initialising default vfs hooks\n"));
-
-	*vfs_version = SMB_VFS_INTERFACE_VERSION;
-	memcpy(&tmp_ops, def_vfs_ops, sizeof(struct vfs_ops));
-
-	tmp_ops.connect = skel_connect;
-	tmp_ops.disconnect = skel_disconnect;
-	tmp_ops.disk_free = skel_disk_free;
-
-	/* Directory operations */
-
-	tmp_ops.opendir = skel_opendir;
-	tmp_ops.readdir = skel_readdir;
-	tmp_ops.mkdir = skel_mkdir;
-	tmp_ops.rmdir = skel_rmdir;
-	tmp_ops.closedir = skel_closedir;
-
-	/* File operations */
-
-	tmp_ops.open = skel_open;
-	tmp_ops.close = skel_close;
-	tmp_ops.read = skel_read;
-	tmp_ops.write = skel_write;
-	tmp_ops.lseek = skel_lseek;
-	tmp_ops.rename = skel_rename;
-	tmp_ops.fsync = skel_fsync;
-	tmp_ops.stat = skel_stat;
-	tmp_ops.fstat = skel_fstat;
-	tmp_ops.lstat = skel_lstat;
-	tmp_ops.unlink = skel_unlink;
-	tmp_ops.chmod = skel_chmod;
-	tmp_ops.fchmod = skel_fchmod;
-	tmp_ops.chown = skel_chown;
-	tmp_ops.fchown = skel_fchown;
-	tmp_ops.chdir = skel_chdir;
-	tmp_ops.getwd = skel_getwd;
-	tmp_ops.utime = skel_utime;
-	tmp_ops.ftruncate = skel_ftruncate;
-	tmp_ops.lock = skel_lock;
-	tmp_ops.symlink = skel_symlink;
-	tmp_ops.readlink = skel_readlink;
-	tmp_ops.link = skel_link;
-	tmp_ops.mknod = skel_mknod;
-	tmp_ops.realpath = skel_realpath;
-
-	tmp_ops.fget_nt_acl = skel_fget_nt_acl;
-	tmp_ops.get_nt_acl = skel_get_nt_acl;
-	tmp_ops.fset_nt_acl = skel_fset_nt_acl;
-	tmp_ops.set_nt_acl = skel_set_nt_acl;
-
-	/* POSIX ACL operations. */
-
-	tmp_ops.chmod_acl = skel_chmod_acl;
-	tmp_ops.fchmod_acl = skel_fchmod_acl;
-	tmp_ops.sys_acl_get_entry = skel_sys_acl_get_entry;
-	tmp_ops.sys_acl_get_tag_type = skel_sys_acl_get_tag_type;
-	tmp_ops.sys_acl_get_permset = skel_sys_acl_get_permset;
-	tmp_ops.sys_acl_get_qualifier = skel_sys_acl_get_qualifier;
-	tmp_ops.sys_acl_get_file = skel_sys_acl_get_file;
-	tmp_ops.sys_acl_get_fd = skel_sys_acl_get_fd;
-	tmp_ops.sys_acl_clear_perms = skel_sys_acl_clear_perms;
-	tmp_ops.sys_acl_add_perm = skel_sys_acl_add_perm;
-	tmp_ops.sys_acl_to_text = skel_sys_acl_to_text;
-	tmp_ops.sys_acl_init = skel_sys_acl_init;
-	tmp_ops.sys_acl_create_entry = skel_sys_acl_create_entry;
-	tmp_ops.sys_acl_set_tag_type = skel_sys_acl_set_tag_type;
-	tmp_ops.sys_acl_set_qualifier = skel_sys_acl_set_qualifier;
-	tmp_ops.sys_acl_set_permset = skel_sys_acl_set_permset;
-	tmp_ops.sys_acl_valid = skel_sys_acl_valid;
-	tmp_ops.sys_acl_set_file = skel_sys_acl_set_file;
-	tmp_ops.sys_acl_set_fd = skel_sys_acl_set_fd;
-	tmp_ops.sys_acl_delete_def_file = skel_sys_acl_delete_def_file;
-	tmp_ops.sys_acl_get_perm = skel_sys_acl_get_perm;
-	tmp_ops.sys_acl_free_text = skel_sys_acl_free_text;
-	tmp_ops.sys_acl_free_acl = skel_sys_acl_free_acl;
-	tmp_ops.sys_acl_free_qualifier = skel_sys_acl_free_qualifier;
-
-	memcpy(&skel_ops, &tmp_ops, sizeof(struct vfs_ops));
-
-	return &skel_ops;
-}

 /* VFS operations structure */

-struct vfs_ops skel_ops = {
+static vfs_op_tuple skel_ops[] = {

 	/* Disk operations */

-	skel_connect,
-	skel_disconnect,
-	skel_disk_free,
+	{skel_connect,			SMB_VFS_OP_CONNECT, 		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_disconnect,		SMB_VFS_OP_DISCONNECT,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_disk_free,		SMB_VFS_OP_DISK_FREE,		SMB_VFS_LAYER_TRANSPARENT},
 	
 	/* Directory operations */

-	skel_opendir,
-	skel_readdir,
-	skel_mkdir,
-	skel_rmdir,
-	skel_closedir,
+	{skel_opendir,			SMB_VFS_OP_OPENDIR,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_readdir,			SMB_VFS_OP_READDIR,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_mkdir,			SMB_VFS_OP_MKDIR,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_rmdir,			SMB_VFS_OP_RMDIR,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_closedir,			SMB_VFS_OP_CLOSEDIR,		SMB_VFS_LAYER_TRANSPARENT},

 	/* File operations */

-	skel_open,
-	skel_close,
-	skel_read,
-	skel_write,
-	skel_lseek,
-	skel_rename,
-	skel_fsync,
-	skel_stat,
-	skel_fstat,
-	skel_lstat,
-	skel_unlink,
-	skel_chmod,
-	skel_fchmod,
-	skel_chown,
-	skel_fchown,
-	skel_chdir,
-	skel_getwd,
-	skel_utime,
-	skel_ftruncate,
-	skel_lock,
-	skel_symlink,
-	skel_readlink,
-	skel_link,
-	skel_mknod,
-	skel_realpath,
+	{skel_open,			SMB_VFS_OP_OPEN,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_close,			SMB_VFS_OP_CLOSE,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_read,			SMB_VFS_OP_READ,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_write,			SMB_VFS_OP_WRITE,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_lseek,			SMB_VFS_OP_LSEEK,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_rename,			SMB_VFS_OP_RENAME,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_fsync,			SMB_VFS_OP_FSYNC,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_stat,			SMB_VFS_OP_STAT,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_fstat,			SMB_VFS_OP_FSTAT,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_lstat,			SMB_VFS_OP_LSTAT,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_unlink,			SMB_VFS_OP_UNLINK,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_chmod,			SMB_VFS_OP_CHMOD,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_fchmod,			SMB_VFS_OP_FCHMOD,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_chown,			SMB_VFS_OP_CHOWN,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_fchown,			SMB_VFS_OP_FCHOWN,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_chdir,			SMB_VFS_OP_CHDIR,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_getwd,			SMB_VFS_OP_GETWD,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_utime,			SMB_VFS_OP_UTIME,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_ftruncate,		SMB_VFS_OP_FTRUNCATE,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_lock,			SMB_VFS_OP_LOCK,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_symlink,			SMB_VFS_OP_SYMLINK,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_readlink,			SMB_VFS_OP_READLINK,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_link,			SMB_VFS_OP_LINK,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_mknod,			SMB_VFS_OP_MKNOD,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_realpath,			SMB_VFS_OP_REALPATH,		SMB_VFS_LAYER_TRANSPARENT},

 	/* NT File ACL operations */

-	skel_fget_nt_acl,
-	skel_get_nt_acl,
-	skel_fset_nt_acl,
-	skel_set_nt_acl,
+	{skel_fget_nt_acl,		SMB_VFS_OP_FGET_NT_ACL,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_get_nt_acl,		SMB_VFS_OP_GET_NT_ACL,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_fset_nt_acl,		SMB_VFS_OP_FSET_NT_ACL,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_set_nt_acl,		SMB_VFS_OP_SET_NT_ACL,		SMB_VFS_LAYER_TRANSPARENT},

 	/* POSIX ACL operations */

-	skel_chmod_acl,
-	skel_fchmod_acl,
+	{skel_chmod_acl,		SMB_VFS_OP_CHMOD_ACL,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_fchmod_acl,		SMB_VFS_OP_FCHMOD_ACL,		SMB_VFS_LAYER_TRANSPARENT},

-	skel_sys_acl_get_entry,
-	skel_sys_acl_get_tag_type,
-	skel_sys_acl_get_permset,
-	skel_sys_acl_get_qualifier,
-	skel_sys_acl_get_file,
-	skel_sys_acl_get_fd,
-	skel_sys_acl_clear_perms,
-	skel_sys_acl_add_perm,
-	skel_sys_acl_to_text,
-	skel_sys_acl_init,
-	skel_sys_acl_create_entry,
-	skel_sys_acl_set_tag_type,
-	skel_sys_acl_set_qualifier,
-	skel_sys_acl_set_permset,
-	skel_sys_acl_valid,
-	skel_sys_acl_set_file,
-	skel_sys_acl_set_fd,
-	skel_sys_acl_delete_def_file,
-	skel_sys_acl_get_perm,
-	skel_sys_acl_free_text,
-	skel_sys_acl_free_acl,
-	skel_sys_acl_free_qualifier
+	{skel_sys_acl_get_entry,	SMB_VFS_OP_SYS_ACL_GET_ENTRY,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_get_tag_type,	SMB_VFS_OP_SYS_ACL_GET_TAG_TYPE,	SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_get_permset,	SMB_VFS_OP_SYS_ACL_GET_PERMSET,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_get_qualifier,	SMB_VFS_OP_SYS_ACL_GET_QUALIFIER,	SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_get_file,		SMB_VFS_OP_SYS_ACL_GET_FILE,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_get_fd,		SMB_VFS_OP_SYS_ACL_GET_FD,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_clear_perms,	SMB_VFS_OP_SYS_ACL_CLEAR_PERMS,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_add_perm,		SMB_VFS_OP_SYS_ACL_ADD_PERM,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_to_text,		SMB_VFS_OP_SYS_ACL_TO_TEXT,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_init,		SMB_VFS_OP_SYS_ACL_INIT,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_create_entry,	SMB_VFS_OP_SYS_ACL_CREATE_ENTRY,	SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_set_tag_type,	SMB_VFS_OP_SYS_ACL_SET_TAG_TYPE,	SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_set_qualifier,	SMB_VFS_OP_SYS_ACL_SET_QUALIFIER,	SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_set_permset,	SMB_VFS_OP_SYS_ACL_SET_PERMSET,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_valid,		SMB_VFS_OP_SYS_ACL_VALID,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_set_file,		SMB_VFS_OP_SYS_ACL_SET_FILE,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_set_fd,		SMB_VFS_OP_SYS_ACL_SET_FD,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_delete_def_file,	SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,	SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_get_perm,		SMB_VFS_OP_SYS_ACL_GET_PERM,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_free_text,	SMB_VFS_OP_SYS_ACL_FREE_TEXT,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_free_acl,		SMB_VFS_OP_SYS_ACL_FREE_ACL,		SMB_VFS_LAYER_TRANSPARENT},
+	{skel_sys_acl_free_qualifier,	SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,	SMB_VFS_LAYER_TRANSPARENT},
+	
+	{NULL,	SMB_VFS_OP_NOOP,	SMB_VFS_LAYER_NOOP}
 };
+
+/* VFS initialisation - return initialized vfs_op_tuple array back to Samba */
+
+vfs_op_tuple *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops,
+			struct smb_vfs_handle_struct *vfs_handle)
+{
+	DEBUG(3, ("Initialising default vfs hooks\n"));
+
+	*vfs_version = SMB_VFS_INTERFACE_VERSION;
+	memcpy(&default_vfs_ops, def_vfs_ops, sizeof(struct vfs_ops));
+	
+	/* Remember vfs_handle for further allocation and referencing of private
+	   information in vfs_handle->data
+	*/
+	skel_handle = vfs_handle;
+	return skel_ops;
+}
+
+/* VFS finalization function */
+void vfs_done(connection_struct *conn)
+{
+	DEBUG(3, ("Finalizing default vfs hooks\n"));
+}
--- a/examples/pdb/README
+++ b/examples/pdb/README
@ -1,5 +1,9 @@
 README for Samba Password Database (PDB) examples
 ====================================================
+8-8-2002 Jelmer Vernooij <jelmer@samba.org>
+
+Added mysql and xml modules. See README in xml/ and mysql/ for details.
+
 21-6-2002 Stefan (metze) Metzmacher <metze@metzemix.de>

 I have added an interface versioning.
--- a/examples/pdb/pdb_test.c
+++ b/examples/pdb/pdb_test.c
@ -71,7 +71,7 @@ static BOOL testsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user,
 Search by sid
 **************************************************************************/

-static BOOL testsam_getsampwsid (struct pdb_methods *methods, SAM_ACCOUNT *user, DOM_SID sid)
+static BOOL testsam_getsampwsid (struct pdb_methods *methods, SAM_ACCOUNT *user, const DOM_SID *sid)
 {
 	DEBUG(10, ("testsam_getsampwsid called\n"));
 	return False;
@ -81,7 +81,7 @@ static BOOL testsam_getsampwsid (struct pdb_methods *methods, SAM_ACCOUNT *user,
 Delete a SAM_ACCOUNT
 ****************************************************************************/

-static BOOL testsam_delete_sam_account(struct pdb_methods *methods, const SAM_ACCOUNT *sam_pass)
+static BOOL testsam_delete_sam_account(struct pdb_methods *methods, SAM_ACCOUNT *sam_pass)
 {
 	DEBUG(10, ("testsam_delete_sam_account called\n"));
 	return False;
@ -91,7 +91,7 @@ static BOOL testsam_delete_sam_account(struct pdb_methods *methods, const SAM_AC
 Modifies an existing SAM_ACCOUNT
 ****************************************************************************/

-static BOOL testsam_update_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd)
+static BOOL testsam_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
 {
 	DEBUG(10, ("testsam_update_sam_account called\n"));
 	return False;
@ -101,7 +101,7 @@ static BOOL testsam_update_sam_account (struct pdb_methods *methods, const SAM_A
 Adds an existing SAM_ACCOUNT
 ****************************************************************************/

-static BOOL testsam_add_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd)
+static BOOL testsam_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
 {
 	DEBUG(10, ("testsam_add_sam_account called\n"));
 	return False;
--- a/packaging/Caldera/OpenLinux/samba3.spec.tmpl
+++ b/packaging/Caldera/OpenLinux/samba3.spec.tmpl
@ -254,15 +254,15 @@ CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" ./configure \
 make all nsswitch/libnss_wins.so nsswitch/libnss_winbind.so torture nsswitch/pam_winbind.so everything
 (cd tdb; make tdbdump tdbtest tdbtorture tdbtool)

-cd ../examples/VFS
-CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" ./configure \
-        --prefix='$(DESTDIR)/usr' \
-        --localstatedir='$(DESTDIR)/var' \
-        --libdir='$(DESTDIR)%{EtcSamba}' \
-        --sbindir='$(DESTDIR)/usr/sbin'
-make
-cd block
-make
+#cd ../examples/VFS
+#CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" ./configure \
+#        --prefix='$(DESTDIR)/usr' \
+#        --localstatedir='$(DESTDIR)/var' \
+#        --libdir='$(DESTDIR)%{EtcSamba}' \
+#        --sbindir='$(DESTDIR)/usr/sbin'
+#make
+#cd block
+#make

 %Install
 %{mkDESTDIR}
@ -305,10 +305,10 @@ do
 	install -m 755 source/tdb/$i $DESTDIR/usr/sbin
 done
 # Add VFS Modules
-for i in audit.so recycle.so block/block.so
-do
-	install -m755 $i $DESTDIR/lib/samba
-done
+#for i in audit.so recycle.so block/block.so
+#do
+#	install -m755 $i $DESTDIR/lib/samba
+#done

 #mv $DESTDIR/usr/bin/{make,add,conv}* $DESTDIR/usr/sbin

--- a/source/CodingSuggestions
+++ b/source/CodingSuggestions
@ -25,7 +25,11 @@ documents are:
   http://www.fsf.org/prep/standards_toc.html

 but note that coding style in Samba varies due to the many different
-programmers who have contributed.
+programmers who have contributed. 
+
+The indent utility can be used to format C files in the general 
+samba coding style. The arguments you should give to indent are:
+-bad -bap -br -ce -cdw -nbc -brs -bbb -nbc -npsl

 Following are some considerations you should use when adding new code to
 Samba.  First and foremost remember that:
@ -137,12 +141,20 @@ Here are some other suggestions:
    to and maintain your code. If it would be hard for someone else to
    maintain then do it another way. 

+26) Always keep the declaration of a function on one line. The autoprototyper 
+    doesn't catch declarations spread over multiple lines. 
+    Use:
+static char foo(int bar)
+    and not:
+static char
+foo(int bar)
+
 The suggestions above are simply that, suggestions, but the information may
 help in reducing the routine rework done on new code.  The preceeding list
 is expected to change routinely as new support routines and macros are
 added.

 Written by Steve French, with contributions from Simo Sorce, Andrew
-Bartlett, Tim Potter and Martin Pool.
+Bartlett, Tim Potter, Martin Pool and Jelmer Vernooij.

 **/
--- a/source/Makefile.in
+++ b/source/Makefile.in
@ -1,4 +1,4 @@
-##########################################################################
+#########################################################################
 # Makefile.in for Samba - rewritten for autoconf support
 # Copyright Andrew Tridgell 1992-1998
 # Copyright (C) 2001 by Martin Pool <mbp@samba.org>
@ -52,7 +52,7 @@ INSTALLPERMS = 0755
 # set these to where to find various files
 # These can be overridden by command line switches (see smbd(8))
 # or in smb.conf (see smb.conf(5))
-LOGFILEBASE = $(VARDIR)
+LOGFILEBASE = @logfilebase@
 CONFIGFILE = $(LIBDIR)/smb.conf
 LMHOSTSFILE = $(LIBDIR)/lmhosts
 DRIVERFILE = $(LIBDIR)/printers.def
@ -110,7 +110,7 @@ TORTURE_PROGS = bin/smbtorture bin/msgtest bin/masktest bin/locktest \
 SHLIBS = @LIBSMBCLIENT@

 SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd \
-	  $(srcdir)/script/findsmb
+	  $(builddir)/script/findsmb

 QUOTAOBJS=@QUOTAOBJS@

@ -129,7 +129,7 @@ LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \
 	  lib/util_getent.o lib/util_pw.o lib/access.o lib/smbrun.o \
 	  lib/bitmap.o lib/crc32.o lib/snprintf.o lib/dprintf.o \
 	  lib/xfile.o lib/wins_srv.o \
-	  lib/util_str.o lib/util_sid.o \
+	  lib/util_str.o lib/util_sid.o lib/util_uuid.o \
 	  lib/util_unistr.o lib/util_file.o lib/data_blob.o \
 	  lib/util.o lib/util_sock.o lib/util_sec.o \
 	  lib/talloc.o lib/hash.o lib/substitute.o lib/fsusage.o \
@ -138,7 +138,9 @@ LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \
 	  lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \
 	  nsswitch/wb_client.o nsswitch/wb_common.o \
 	  lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
-	  $(TDB_OBJ) 
+	  lib/adt_tree.o lib/popt_common.o $(TDB_OBJ) 
+
+LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o

 READLINE_OBJ = lib/readline.o

@ -166,17 +168,21 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
             libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
 	     libsmb/clioplock.o libsmb/errormap.o libsmb/clirap2.o \
 	     libsmb/passchange.o libsmb/unexpected.o libsmb/doserr.o \
-	     $(RPC_PARSE_OBJ1)
+	     libsmb/namecache.o $(RPC_PARSE_OBJ1)

-LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o \
-	       libsmb/cli_netlogon.o libsmb/cli_srvsvc.o libsmb/cli_wkssvc.o \
-	       libsmb/cli_dfs.o libsmb/cli_reg.o \
-	       rpc_client/cli_pipe.o libsmb/cli_spoolss.o libsmb/cli_spoolss_notify.o 
+LIBMSRPC_OBJ = rpc_client/cli_lsarpc.o rpc_client/cli_samr.o \
+	       rpc_client/cli_netlogon.o rpc_client/cli_srvsvc.o \
+	       rpc_client/cli_wkssvc.o rpc_client/cli_dfs.o \
+	       rpc_client/cli_reg.o rpc_client/cli_pipe.o \
+	       rpc_client/cli_spoolss.o rpc_client/cli_spoolss_notify.o 

 LIBMSRPC_SERVER_OBJ = libsmb/trust_passwd.o

 LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po)

+REGISTRY_OBJ = registry/reg_frontend.o registry/reg_cachehook.o registry/reg_printing.o \
+               registry/reg_db.o
+
 RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \
                 rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o rpc_server/srv_netlog_nt.o \
                 rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o rpc_server/srv_reg_nt.o \
@ -184,7 +190,7 @@ RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \
 		 rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \
                 rpc_server/srv_util.o rpc_server/srv_wkssvc.o rpc_server/srv_wkssvc_nt.o \
                 rpc_server/srv_pipe.o rpc_server/srv_dfs.o rpc_server/srv_dfs_nt.o \
-                 rpc_server/srv_spoolss.o rpc_server/srv_spoolss_nt.o
+                 rpc_server/srv_spoolss.o rpc_server/srv_spoolss_nt.o $(REGISTRY_OBJ)

 # this includes only the low level parse code, not stuff
 # that requires knowledge of security contexts
@ -261,7 +267,8 @@ SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
 	   $(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \
 	   $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \
 	   $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
-	   $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
+	   $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
+	   $(LIB_SMBD_OBJ)


 NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
@ -278,7 +285,7 @@ NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
            nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o

 NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
-           $(PROFILE_OBJ) $(LIB_OBJ)
+           $(PROFILE_OBJ) $(LIB_OBJ) $(SECRETS_OBJ)

 WREPL_OBJ1 = wrepld/server.o wrepld/process.o wrepld/parser.o wrepld/socket.o \
             wrepld/partners.o
@ -438,7 +445,8 @@ PROTO_OBJ = $(SMBD_OBJ1) $(NMBD_OBJ1) $(SWAT_OBJ1) $(LIB_OBJ) $(LIBSMB_OBJ) \
 	    $(AUTH_OBJ) $(PARAM_OBJ) $(LOCKING_OBJ) $(SECRETS_OBJ) \
 	    $(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \
 	    $(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \
-	    $(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
+	    $(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
+	    $(LIB_SMBD_OBJ) 

 NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \
 	    $(LIB_OBJ) $(NSSWINS_OBJ)
@ -451,16 +459,9 @@ LIBSMBCLIENT_PICOBJS = $(LIBSMBCLIENT_OBJ:.o=.po)

 PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
               pam_smbpass/pam_smb_acct.o pam_smbpass/support.o \
-               lib/debug.o lib/util_sid.o lib/messages.o lib/util_str.o \
-               lib/wins_srv.o lib/substitute.o lib/select.o lib/util.o \
-               nsswitch/wb_client.o nsswitch/wb_common.o \
-               lib/system.o lib/util_file.o \
-               lib/genrand.o lib/username.o lib/util_getent.o lib/charcnv.o lib/time.o \
-               lib/md4.o lib/util_unistr.o lib/signal.o lib/talloc.o \
-               lib/ms_fnmatch.o lib/util_sock.o lib/smbrun.o \
-               lib/util_sec.o lib/snprintf.o \
-               ubiqx/ubi_sLinkList.o libsmb/smbencrypt.o libsmb/smbdes.o \
-               $(PARAM_OBJ) $(TDB_OBJ) $(PASSDB_OBJ)
+               libsmb/smbencrypt.o libsmb/smbdes.o libsmb/nterr.o \
+               $(PARAM_OBJ) $(LIB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
+               $(SECRETS_OBJ) $(UBIQX_OBJ)

 PAM_SMBPASS_PICOOBJ = $(PAM_SMBPASS_OBJ_0:.o=.po)

--- a/source/acconfig.h
+++ b/source/acconfig.h
@ -218,3 +218,6 @@
 #ifndef _GNU_SOURCE
 #undef _GNU_SOURCE
 #endif
+
+#undef LDAP_SET_REBIND_PROC_ARGS
+