2025-08-04 08:22:08 +03:00 · 2003-06-06 20:07:16 +00:00
parent bea0cf2c79
commit f7e07eafc8
79 changed files with 14344 additions and 63546 deletions
--- a/docs/Samba-Developers-Guide.pdf
+++ b/docs/Samba-Developers-Guide.pdf
--- a/docs/Samba-HOWTO-Collection.pdf
+++ b/docs/Samba-HOWTO-Collection.pdf
--- a/docs/docbook/Makefile.in
+++ b/docs/docbook/Makefile.in
@ -224,7 +224,7 @@ $(MANDIR)/%: $(MANPROJDOC)/%.xml
 clean: 
 	@rm -f $(MANPAGES) $(MANPAGES_HTML) $(HTMLDIR)/*.html $(HTMLDIR)/*.css $(TXTDIR)/*.txt $(PSDIR)/*.ps $(PDFDIR)/*.pdf 
-	@rm -f $(MANPROJDOC)/smb.conf.5.xml $(SMBDOTCONFDOC)/parameters.*.xml
+	@rm -f $(MANPROJDOC)/smb.conf.5.xml $(SMBDOTCONFDOC)/parameters.*.xml $(DVIDIR)/*.dvi
 	@rm -f samba-doc.* dev-doc.* $(PROJDOC)/attributions.xml
 	@rm -f $(IMAGEPROJDIR)/*.eps
--- a/docs/docbook/docbook.txt
+++ b/docs/docbook/docbook.txt
@ -1,72 +1,74 @@
 !==
-!== docbook.txt for Samba HEAD
+!== docbook.txt for Samba 3.0
 !==
 !== Author:	David Bannon, D.Bannon@latrobe.edu.au  November, 2000
 !== Updates:	Gerald (Jerry) Carter, jerry@samba.org, Feb. 2001
 !== Updates:	Jelmer Vernooij, jelmer@samba.org,		Aug, 2002
 !== Updates:	Jelmer Vernooij, jelmer@samba.org,		Jun, 2003
 What are DocBook documents doing in the Samba Distribution ?
 -----------------------------------------------------------
-We are planning to convert all of the samba docs to SGML/DocBook V4.1
+We have converted all samba docs to XML/DocBook V4.2
 in order to make them easier to maintain and produce a nicer looking
 product.
 This short note (strange isn't it how it always starts out as a short note
-and becomes a long one ?) will explain very briefly how and why we are
+and becomes a long one ?) will explain very briefly how and why we have
-doing this.
+done this.
 The format
 ----------
 If you are new to xml, regard an xml file as 'source code'. You don't
 read it directly, but use it to create other formats (like the txt and html
 included in ../txtdocs and ../htmldocs).
-If you are new to sgml, regard an sgml file as 'source code'. You don't
+Docbook is a particular XML style, particularly suited to producing
-read it directly, use it to create other formats (like the txt and html
+technical manuals. 
 included in ../txt and ../html).
 Docbook is a particular SGML style, particularly suited to producing
 technical manuals.  In the two documents I have produced so far I have used
 DocBook 4.1, it seems that products like RedHat Linux is still include only
 version 3.1, the differences are minor. The Linux Documentation Project is
 using a modified version of 3.1 but are really geared up to make multi
 paged documents, something we want to avoid for logistic reasons.
 For more information on DocBook tags and format, see "DocBook: The 
 Definitive Guide" by Walsh and Muellner, (c) O'Reilly Publishing.
-This book covers DocBook V3.1 and is available on-line
+This book covers DocBook V4.2 and is available on-line
 at http://www.docbook.org/
 The Output
 ----------
-
+The current Samba CVS tree contains the XML/DocBook source files as well 
 The current Samba CVS tree contains the SGML/DocBook source files as well 
 as the following autogenerated formats:
  * man pages
  * HTML
  * ASCII text (where appropriate)
  * PDF
 The following formats are not available in CVS but can be generated by 
 the build scripts:
  * PostScript
  * DVI
  * LaTeX
  * ASCII text
 The Tools
 ---------
 To generate the docs, you need to have the following packages installed:
-* docbook-utils
+ * docbook-utils
-* pdflatex
+ * xsltproc
 * pngtopnm and pnmtops (from the netpbm utilities)
 For generating PDF (thru LaTeX):
 * pdflatex
 For generating PostScript (thru LaTeX):
 * latex
 * dvips 
 For generating ASCII:
 * xmlto 
 This directory now contains a ./configure script and Makefile to 
 support the automated building of man pages (including HTML versions), and 
-the building of the Samba-HOWTO-Collection (HTML,PDF versions).
+the building of the Samba-HOWTO-Collection and the 
-
+Samba Developers Guide (HTML,DVI,TeX,PDF,PS,Text versions).
 In order to be able to build some other (more rarely used) formats, you need:
 - PostScript:
  * LaTeX
  * dvips
 - Text
  * xmlto
 Another good tool is 'xmllint' that can be used to check the syntax of 
 XML files.
--- a/docs/docbook/projdoc/CUPS-printing.xml
+++ b/docs/docbook/projdoc/CUPS-printing.xml
@ -3850,7 +3850,7 @@ An alternative command could be this:
        flags:[0x800000]
        name:[\\transmeta\ir85wm]
        description:[\\transmeta\ir85wm,ir85wm,DPD]
-        comment:[CUPS PostScript-Treiber f&uuml;r WinNT/2K/XP]
+        comment:[CUPS PostScript-Treiber for WinNT/2K/XP]
 </screen></para>
@ -4496,7 +4496,7 @@ data should look like and which printer commands to embed into the
 data stream.
 </para>
-<highlights><para>
+<para>
 You need:
 </para>
@ -4524,7 +4524,6 @@ the selected "driver" for your model (as shown by "gs
 produced for cupsomatic don't work with
 foomatic-rip).</para></listitem>
 </itemizedlist>
 </highlights>
 </sect2>
 </sect1>
--- a/docs/docbook/xslt/db2latex/docbook.xsl
+++ b/docs/docbook/xslt/db2latex/docbook.xsl
@ -101,9 +101,6 @@
 	<xsl:message> XSLT stylesheets DocBook - LaTeX 2e                                            </xsl:message>
 	<xsl:message> Reqs: LaTeX 2e installation common packages                                    </xsl:message>
 	<xsl:message>################################################################################</xsl:message>
 	<xsl:message> RELEASE : <xsl:value-of select="$VERSION"/>                                    </xsl:message>
 	<xsl:message> VERSION : <xsl:value-of select="$CVSVERSION"/>                                 </xsl:message>
 	<xsl:message>     TAG : <xsl:value-of select="$TAG"/>                                        </xsl:message>
 	<xsl:message>     WWW : http://db2latex.sourceforge.net                                      </xsl:message>
 	<xsl:message> SUMMARY : http://www.sourceforge.net/projects/db2latex                         </xsl:message>
 	<xsl:message>  AUTHOR : Ramon Casellas   casellas@infres.enst.fr                             </xsl:message>
--- a/docs/docbook/xslt/generate-attributions.xsl
+++ b/docs/docbook/xslt/generate-attributions.xsl
@ -45,6 +45,7 @@
 					<xsl:text> &lt;</xsl:text>
 					<xsl:element name="ulink">
 						<xsl:attribute name="url">
 							<xsl:text>mailto:</xsl:text>
 							<xsl:value-of select="affiliation/address/email"/>
 						</xsl:attribute>
 						<xsl:value-of select="affiliation/address/email"/>
--- a/docs/faq/samba-faq.html
+++ b/docs/faq/samba-faq.html
@ -1,350 +1,10 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Samba FAQ</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="samba-faq.html" title="Samba FAQ"><link rel="next" href="FAQ-general.html" title="Chapter<65>1.<2E>General Information"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Samba FAQ</th></tr><tr><td width="20%" align="left"><EFBFBD></td><th width="60%" align="center"><EFBFBD></th><td width="20%" align="right"><EFBFBD><a accesskey="n" href="FAQ-general.html">Next</a></td></tr></table><hr></div><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="Samba-FAQ"></a>Samba FAQ</h1></div><div><div class="author"><h3 class="author"><span class="surname">Samba Team</span></h3></div></div><div><p class="pubdate">October 2002</p></div></div><div></div><hr></div><div class="dedication" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="id2881798"></a>Dedication</h2></div></div><div></div></div><p>
-<HTML
+This is the Frequently Asked Questions (FAQ) document for
 ><HEAD
 ><TITLE
 >Samba FAQ</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
 "><LINK
 REL="NEXT"
 TITLE="General Information"
 HREF="general.html"></HEAD
 ><BODY
 CLASS="BOOK"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><DIV
 CLASS="BOOK"
 ><A
 NAME="SAMBA-FAQ"><DIV
 CLASS="TITLEPAGE"
 ><H1
 CLASS="TITLE"
 ><A
 NAME="SAMBA-FAQ">Samba FAQ</H1
 ><H3
 CLASS="AUTHOR"
 ><A
 NAME="AEN4">Samba Team</H3
 ><HR></DIV
 ><H1
 ><A
 NAME="AEN7">Dedication</H1
 ><P
 >This is the Frequently Asked Questions (FAQ) document for
 Samba, the free and very popular SMB server product. An SMB server
 allows file and printer connections from clients such as Windows,
 OS/2, Linux and others. Current to version 3.0. Please send any
 corrections to the samba documentation mailinglist at
-<A
+<a href="mailto:samba-doc@samba.org" target="_top">samba-doc@samba.org</a>. 
 HREF="mailto:samba-doc@samba.org"
 TARGET="_top"
 >samba-doc@samba.org</A
 >. 
 This FAQ was based on the old Samba FAQ by Dan Shearer and Paul Blackman, 
-and the old samba text documents which were mostly written by John Terpstra.</P
+and the old samba text documents which were mostly written by John Terpstra.
-><DIV
+</p></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt>1. <a href="FAQ-general.html">General Information</a></dt><dd><dl><dt><a href="FAQ-general.html#id2868206">Where can I get it?</a></dt><dt><a href="FAQ-general.html#id2868226">What do the version numbers mean?</a></dt><dt><a href="FAQ-general.html#id2812633">What platforms are supported?</a></dt><dt><a href="FAQ-general.html#id2816472">How do I subscribe to the Samba Mailing Lists?</a></dt></dl></dd><dt>2. <a href="FAQ-Install.html">Compiling and installing Samba on a Unix host</a></dt><dd><dl><dt><a href="FAQ-Install.html#id2814644">My client reports &quot;cannot locate specified share name&quot; or similar</a></dt><dt><a href="FAQ-Install.html#id2814696">Why are my file's timestamps off by an hour, or by a few hours?</a></dt></dl></dd><dt>3. <a href="FAQ-ClientApp.html">Specific client application problems</a></dt><dd><dl><dt><a href="FAQ-ClientApp.html#id2815240">MS Office Setup reports &quot;Cannot change properties of '\\MSOFFICE\\SETUP.INI'&quot;</a></dt><dt><a href="FAQ-ClientApp.html#id2814506">How to use a Samba share as an administrative share for MS Office, etc.</a></dt><dt><a href="FAQ-ClientApp.html#id2814601">Microsoft Access database opening errors</a></dt></dl></dd><dt>4. <a href="FAQ-errors.html">Common errors</a></dt><dd><dl><dt><a href="FAQ-errors.html#id2815193">Not listening for calling name</a></dt><dt><a href="FAQ-errors.html#id2815954">System Error 1240</a></dt><dt><a href="FAQ-errors.html#id2815994">smbclient ignores -N !</a></dt><dt><a href="FAQ-errors.html#id2816048">The data on the CD-Drive I've shared seems to be corrupted!</a></dt></dl></dd><dt>5. <a href="FAQ-features.html">Features</a></dt><dd><dl><dt><a href="FAQ-features.html#id2814469">How can I use samba as a fax server?</a></dt><dd><dl><dt><a href="FAQ-features.html#id2814427">Tools for printing faxes</a></dt><dt><a href="FAQ-features.html#id2882827">Making the fax-server</a></dt><dt><a href="FAQ-features.html#id2882919">Installing the client drivers</a></dt><dt><a href="FAQ-features.html#id2883004">Example smb.conf</a></dt></dl></dd><dt><a href="FAQ-features.html#id2883029">Samba doesn't work well together with DHCP!</a></dt><dt><a href="FAQ-features.html#id2883155">How can I assign NetBIOS names to clients with DHCP?</a></dt><dt><a href="FAQ-features.html#id2883203">How do I convert between unix and dos text formats?</a></dt><dt><a href="FAQ-features.html#id2883232">Does samba have wins replication support?</a></dt></dl></dd></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><EFBFBD></td><td width="20%" align="center"><EFBFBD></td><td width="40%" align="right"><EFBFBD><a accesskey="n" href="FAQ-general.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top"><EFBFBD></td><td width="20%" align="center"><EFBFBD></td><td width="40%" align="right" valign="top"><EFBFBD>Chapter<EFBFBD>1.<2E>General Information</td></tr></table></div></body></html>
 CLASS="TOC"
 ><DL
 ><DT
 ><B
 >Table of Contents</B
 ></DT
 ><DT
 >1. <A
 HREF="general.html"
 >General Information</A
 ></DT
 ><DD
 ><DL
 ><DT
 >1.1. <A
 HREF="general.html#AEN12"
 >Where can I get it?</A
 ></DT
 ><DT
 >1.2. <A
 HREF="general.html#AEN16"
 >What do the version numbers mean?</A
 ></DT
 ><DT
 >1.3. <A
 HREF="general.html#AEN28"
 >What platforms are supported?</A
 ></DT
 ><DT
 >1.4. <A
 HREF="general.html#AEN71"
 >How do I subscribe to the Samba Mailing Lists?</A
 ></DT
 ><DT
 >1.5. <A
 HREF="general.html#AEN75"
 >Pizza supply details</A
 ></DT
 ></DL
 ></DD
 ><DT
 >2. <A
 HREF="install.html"
 >Compiling and installing Samba on a Unix host</A
 ></DT
 ><DD
 ><DL
 ><DT
 >2.1. <A
 HREF="install.html#AEN84"
 >I can't see the Samba server in any browse lists!</A
 ></DT
 ><DT
 >2.2. <A
 HREF="install.html#AEN89"
 >Some files that I KNOW are on the server doesn't show up when I view the files from my client!</A
 ></DT
 ><DT
 >2.3. <A
 HREF="install.html#AEN92"
 >Some files on the server show up with really wierd filenames when I view the files from my client!</A
 ></DT
 ><DT
 >2.4. <A
 HREF="install.html#AEN96"
 >My client reports "cannot locate specified computer" or similar</A
 ></DT
 ><DT
 >2.5. <A
 HREF="install.html#AEN103"
 >My client reports "cannot locate specified share name" or similar</A
 ></DT
 ><DT
 >2.6. <A
 HREF="install.html#AEN112"
 >Printing doesn't work</A
 ></DT
 ><DT
 >2.7. <A
 HREF="install.html#AEN120"
 >My client reports "This server is not configured to list shared resources"</A
 ></DT
 ><DT
 >2.8. <A
 HREF="install.html#AEN124"
 >Log message "you appear to have a trapdoor uid system"</A
 ></DT
 ><DT
 >2.9. <A
 HREF="install.html#AEN132"
 >Why are my file's timestamps off by an hour, or by a few hours?</A
 ></DT
 ><DT
 >2.10. <A
 HREF="install.html#AEN155"
 >How do I set the printer driver name correctly?</A
 ></DT
 ></DL
 ></DD
 ><DT
 >3. <A
 HREF="config.html"
 >Configuration problems</A
 ></DT
 ><DD
 ><DL
 ><DT
 >3.1. <A
 HREF="config.html#AEN169"
 >I have set 'force user' and samba still makes 'root' the owner of all the files I touch!</A
 ></DT
 ></DL
 ></DD
 ><DT
 >4. <A
 HREF="clientapp.html"
 >Specific client application problems</A
 ></DT
 ><DD
 ><DL
 ><DT
 >4.1. <A
 HREF="clientapp.html#AEN174"
 >MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</A
 ></DT
 ><DT
 >4.2. <A
 HREF="clientapp.html#AEN179"
 >How to use a Samba share as an administrative share for MS Office, etc.</A
 ></DT
 ><DT
 >4.3. <A
 HREF="clientapp.html#AEN194"
 >Microsoft Access database opening errors</A
 ></DT
 ></DL
 ></DD
 ><DT
 >5. <A
 HREF="errors.html"
 >Common errors</A
 ></DT
 ><DD
 ><DL
 ><DT
 >5.1. <A
 HREF="errors.html#AEN205"
 >Not listening for calling name</A
 ></DT
 ><DT
 >5.2. <A
 HREF="errors.html#AEN212"
 >System Error 1240</A
 ></DT
 ><DT
 >5.3. <A
 HREF="errors.html#AEN219"
 >smbclient ignores -N !</A
 ></DT
 ><DT
 >5.4. <A
 HREF="errors.html#AEN228"
 >The data on the CD-Drive I've shared seems to be corrupted!</A
 ></DT
 ><DT
 >5.5. <A
 HREF="errors.html#AEN232"
 >Why can users access home directories of other users?</A
 ></DT
 ><DT
 >5.6. <A
 HREF="errors.html#AEN245"
 >Until a few minutes after samba has started, clients get the error "Domain Controller Unavailable"</A
 ></DT
 ><DT
 >5.7. <A
 HREF="errors.html#AEN248"
 >I'm getting "open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested" in the logs</A
 ></DT
 ></DL
 ></DD
 ><DT
 >6. <A
 HREF="features.html"
 >Features</A
 ></DT
 ><DD
 ><DL
 ><DT
 >6.1. <A
 HREF="features.html#AEN253"
 >How can I prevent my samba server from being used to distribute the Nimda worm?</A
 ></DT
 ><DT
 >6.2. <A
 HREF="features.html#AEN267"
 >How can I use samba as a fax server?</A
 ></DT
 ><DD
 ><DL
 ><DT
 >6.2.1. <A
 HREF="features.html#AEN278"
 >Tools for printing faxes</A
 ></DT
 ><DT
 >6.2.2. <A
 HREF="features.html#AEN288"
 >Making the fax-server</A
 ></DT
 ><DT
 >6.2.3. <A
 HREF="features.html#AEN304"
 >Installing the client drivers</A
 ></DT
 ><DT
 >6.2.4. <A
 HREF="features.html#AEN318"
 >Example smb.conf</A
 ></DT
 ></DL
 ></DD
 ><DT
 >6.3. <A
 HREF="features.html#AEN322"
 >Samba doesn't work well together with DHCP!</A
 ></DT
 ><DT
 >6.4. <A
 HREF="features.html#AEN335"
 >How can I assign NetBIOS names to clients with DHCP?</A
 ></DT
 ><DT
 >6.5. <A
 HREF="features.html#AEN342"
 >How do I convert between unix and dos text formats?</A
 ></DT
 ><DT
 >6.6. <A
 HREF="features.html#AEN347"
 >Does samba have wins replication support?</A
 ></DT
 ></DL
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="NAVFOOTER"
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"><TABLE
 SUMMARY="Footer navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 >&nbsp;</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 >&nbsp;</TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
 HREF="general.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 >&nbsp;</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 >&nbsp;</TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 >General Information</TD
 ></TR
 ></TABLE
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/Samba-Developers-Guide.html
+++ b/docs/htmldocs/Samba-Developers-Guide.html
--- a/docs/htmldocs/bugreport.html
+++ b/docs/htmldocs/bugreport.html
@ -1,352 +1,119 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter<EFBFBD>35.<2E>Reporting Bugs</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="troubleshooting.html" title="Part<72>V.<2E>Troubleshooting"><link rel="previous" href="problems.html" title="Chapter<65>34.<2E>Analysing and solving samba problems"><link rel="next" href="Appendixes.html" title="Part<72>VI.<2E>Appendixes"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter<EFBFBD>35.<2E>Reporting Bugs</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="problems.html">Prev</a><EFBFBD></td><th width="60%" align="center">Part<EFBFBD>V.<2E>Troubleshooting</th><td width="20%" align="right"><EFBFBD><a accesskey="n" href="Appendixes.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="bugreport"></a>Chapter<EFBFBD>35.<2E>Reporting Bugs</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="surname">Someone; Tridge or Karl Auer perhaps?</span></h3></div></div><div><p class="pubdate"> 27 June 1997 </p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="bugreport.html#id3011690">Introduction</a></dt><dt><a href="bugreport.html#id3011912">General info</a></dt><dt><a href="bugreport.html#id3011949">Debug levels</a></dt><dt><a href="bugreport.html#id3012091">Internal errors</a></dt><dt><a href="bugreport.html#id3012199">Attaching to a running process</a></dt><dt><a href="bugreport.html#id3012246">Patches</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3011690"></a>Introduction</h2></div></div><div></div></div><p>Please report bugs using
-<HTML
+	<a href="https://bugzilla.samba.org/" target="_top">bugzilla</a>.</p><p>
-><HEAD
+Please take the time to read this file before you submit a bug
 ><TITLE
 >Reporting Bugs</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
 "><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
 REL="UP"
 TITLE="Appendixes"
 HREF="appendixes.html"><LINK
 REL="PREVIOUS"
 TITLE="Samba and other CIFS clients"
 HREF="other-clients.html"><LINK
 REL="NEXT"
 TITLE="Diagnosing your samba server"
 HREF="diagnosis.html"></HEAD
 ><BODY
 CLASS="CHAPTER"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><DIV
 CLASS="NAVHEADER"
 ><TABLE
 SUMMARY="Header navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TH
 COLSPAN="3"
 ALIGN="center"
 >SAMBA Project Documentation</TH
 ></TR
 ><TR
 ><TD
 WIDTH="10%"
 ALIGN="left"
 VALIGN="bottom"
 ><A
 HREF="other-clients.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="80%"
 ALIGN="center"
 VALIGN="bottom"
 ></TD
 ><TD
 WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 ><A
 HREF="diagnosis.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ></TABLE
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"></DIV
 ><DIV
 CLASS="CHAPTER"
 ><H1
 ><A
 NAME="BUGREPORT">Chapter 25. Reporting Bugs</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN3309">25.1. Introduction</H1
 ><P
 >The email address for bug reports for stable releases is <A
 HREF="samba@samba.org"
 TARGET="_top"
 >samba@samba.org</A
 >. 
 Bug reports for alpha releases should go to <A
 HREF="mailto:samba-technical@samba.org"
 TARGET="_top"
 >samba-technical@samba.org</A
 >.</P
 ><P
 >Please take the time to read this file before you submit a bug
 report. Also, please see if it has changed between releases, as we
-may be changing the bug reporting mechanism at some time.</P
+may be changing the bug reporting mechanism at some time.
-><P
+</p><p>
->Please also do as much as you can yourself to help track down the
+Please also do as much as you can yourself to help track down the
 bug. Samba is maintained by a dedicated group of people who volunteer
 their time, skills and efforts. We receive far more mail about it than
 we can possibly answer, so you have a much higher chance of an answer
-and a fix if you send us a "developer friendly" bug report that lets
+and a fix if you send us a &quot;developer friendly&quot; bug report that lets
-us fix it fast. </P
+us fix it fast. 
-><P
+</p><p>
->Do not assume that if you post the bug to the comp.protocols.smb
+Do not assume that if you post the bug to the comp.protocols.smb
 newsgroup or the mailing list that we will read it. If you suspect that your 
 problem is not a bug but a configuration problem then it is better to send 
 it to the Samba mailing list, as there are (at last count) 5000 other users on
-that list that may be able to help you.</P
+that list that may be able to help you.
-><P
+</p><p>
->You may also like to look though the recent mailing list archives,
+You may also like to look though the recent mailing list archives,
 which are conveniently accessible on the Samba web pages
-at <A
+at <a href="http://samba.org/samba/" target="_top">http://samba.org/samba/</a>.
-HREF="http://samba.org/samba/"
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3011912"></a>General info</h2></div></div><div></div></div><p>
-TARGET="_top"
+Before submitting a bug report check your config for silly
 >http://samba.org/samba/</A
 >.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN3319">25.2. General info</H1
 ><P
 >Before submitting a bug report check your config for silly
 errors. Look in your log files for obvious messages that tell you that
 you've misconfigured something and run testparm to test your config
-file for correct syntax.</P
+file for correct syntax.
-><P
+</p><p>
->Have you run through the <A
+Have you run through the <a href="diagnosis.html" title="Chapter<65>33.<2E>The samba checklist">diagnosis</a>? 
-HREF="Diagnosis.html"
+This is very important.
-TARGET="_top"
+</p><p>
->diagnosis</A
+If you include part of a log file with your bug report then be sure to
 >? 
 This is very important.</P
 ><P
 >If you include part of a log file with your bug report then be sure to
 annotate it with exactly what you were doing on the client at the
-time, and exactly what the results were.</P
+time, and exactly what the results were.
-></DIV
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3011949"></a>Debug levels</h2></div></div><div></div></div><p>
-><DIV
+If the bug has anything to do with Samba behaving incorrectly as a
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN3325">25.3. Debug levels</H1
 ><P
 >If the bug has anything to do with Samba behaving incorrectly as a
 server (like refusing to open a file) then the log files will probably
 be very useful. Depending on the problem a log level of between 3 and
 10 showing the problem may be appropriate. A higher level givesmore
-detail, but may use too much disk space.</P
+detail, but may use too much disk space.
-><P
+</p><p>
->To set the debug level use <B
+To set the debug level use the <i class="parameter"><tt>log level</tt></i> in your 
-CLASS="COMMAND"
+<tt class="filename">smb.conf</tt>. You may also find it useful to set the log 
 >log level =</B
 > in your 
 <TT
 CLASS="FILENAME"
 >smb.conf</TT
 >. You may also find it useful to set the log 
 level higher for just one machine and keep separate logs for each machine. 
-To do this use:</P
+To do this use:
-><P
+</p><pre class="programlisting">
-><PRE
+log level = 10
 CLASS="PROGRAMLISTING"
 >log level = 10
 log file = /usr/local/samba/lib/log.%m
-include = /usr/local/samba/lib/smb.conf.%m</PRE
+include = /usr/local/samba/lib/smb.conf.%m
-></P
+</pre><p>
-><P
+then create a file 
->then create a file 
+<tt class="filename">/usr/local/samba/lib/smb.conf.<i class="replaceable"><tt>machine</tt></i></tt> where
-<TT
+<i class="replaceable"><tt>machine</tt></i> is the name of the client you wish to debug. In that file
-CLASS="FILENAME"
+put any <tt class="filename">smb.conf</tt> commands you want, for example 
->/usr/local/samba/lib/smb.conf.machine</TT
+<i class="parameter"><tt>log level</tt></i> may be useful. This also allows you to 
 > where
 "machine" is the name of the client you wish to debug. In that file
 put any smb.conf commands you want, for example 
 <B
 CLASS="COMMAND"
 >log level=</B
 > may be useful. This also allows you to 
 experiment with different security systems, protocol levels etc on just 
-one machine.</P
+one machine.
-><P
+</p><p>
->The <TT
+The <tt class="filename">smb.conf</tt> entry <i class="parameter"><tt>log level</tt></i> 
-CLASS="FILENAME"
+is synonymous with the parameter <i class="parameter"><tt>debuglevel</tt></i> that has
->smb.conf</TT
+been used in older versions of Samba and is being retained for backwards 
-> entry <B
+compatibility of <tt class="filename">smb.conf</tt> files.
-CLASS="COMMAND"
+</p><p>
->log level =</B
+As the <i class="parameter"><tt>log level</tt></i> value is increased you will record 
 > 
 is synonymous with the entry <B
 CLASS="COMMAND"
 >debuglevel =</B
 > that has been 
 used in older versions of Samba and is being retained for backwards 
 compatibility of smb.conf files.</P
 ><P
 >As the <B
 CLASS="COMMAND"
 >log level =</B
 > value is increased you will record 
 a significantly increasing level of debugging information. For most 
-debugging operations you may not need a setting higher than 3. Nearly 
+debugging operations you may not need a setting higher than 
-all bugs can be tracked at a setting of 10, but be prepared for a VERY 
+<tt class="constant">3</tt>. Nearly 
-large volume of log data.</P
+all bugs can be tracked at a setting of <tt class="constant">10</tt>, but be 
-></DIV
+prepared for a VERY large volume of log data.
-><DIV
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3012091"></a>Internal errors</h2></div></div><div></div></div><p>
-CLASS="SECT1"
+If you get a <span class="errorname">INTERNAL ERROR</span> message in your log files 
-><H1
+it means that Samba got an unexpected signal while running. It is probably a
 CLASS="SECT1"
 ><A
 NAME="AEN3342">25.4. Internal errors</H1
 ><P
 >If you get a "INTERNAL ERROR" message in your log files it means that
 Samba got an unexpected signal while running. It is probably a
 segmentation fault and almost certainly means a bug in Samba (unless
-you have faulty hardware or system software)</P
+you have faulty hardware or system software).
-><P
+</p><p>
->If the message came from smbd then it will probably be accompanied by
+If the message came from smbd then it will probably be accompanied by
 a message which details the last SMB message received by smbd. This
 info is often very useful in tracking down the problem so please
-include it in your bug report.</P
+include it in your bug report.
-><P
+</p><p>
->You should also detail how to reproduce the problem, if
+You should also detail how to reproduce the problem, if
-possible. Please make this reasonably detailed.</P
+possible. Please make this reasonably detailed.
-><P
+</p><p>
->You may also find that a core file appeared in a "corefiles"
+You may also find that a core file appeared in a <tt class="filename">corefiles</tt>
 subdirectory of the directory where you keep your samba log
 files. This file is the most useful tool for tracking down the bug. To
-use it you do this:</P
+use it you do this:
-><P
+</p><pre class="screen">
-><B
+	<tt class="prompt">$ </tt><b class="userinput"><tt>gdb smbd core</tt></b>
-CLASS="COMMAND"
+</pre><p>
->gdb smbd core</B
+adding appropriate paths to smbd and core so gdb can find them. If you
-></P
+don't have gdb then try <b class="userinput"><tt>dbx</tt></b>. Then within the debugger
-><P
+use the command <b class="command">where</b> to give a stack trace of where the
->adding appropriate paths to smbd and core so gdb can find them. If you
+problem occurred. Include this in your report.
-don't have gdb then try "dbx". Then within the debugger use the
+</p><p>
-command "where" to give a stack trace of where the problem
+If you know any assembly language then do a 
-occurred. Include this in your mail.</P
+<b class="command">disass</b> of the routine
 ><P
 >If you known any assembly language then do a "disass" of the routine
 where the problem occurred (if its in a library routine then
 disassemble the routine that called it) and try to work out exactly
 where the problem is by looking at the surrounding code. Even if you
 don't know assembly then incuding this info in the bug report can be
-useful. </P
+useful. 
-></DIV
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3012199"></a>Attaching to a running process</h2></div></div><div></div></div><p>
-><DIV
+Unfortunately some unixes (in particular some recent linux kernels)
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN3352">25.5. Attaching to a running process</H1
 ><P
 >Unfortunately some unixes (in particular some recent linux kernels)
 refuse to dump a core file if the task has changed uid (which smbd
 does often). To debug with this sort of system you could try to attach
-to the running process using "gdb smbd PID" where you get PID from
+to the running process using
-smbstatus. Then use "c" to continue and try to cause the core dump
+<b class="userinput"><tt>gdb smbd <i class="replaceable"><tt>PID</tt></i></tt></b> where you get
 <i class="replaceable"><tt>PID</tt></i> from <span class="application">smbstatus</span>.
 Then use <b class="command">c</b> to continue and try to cause the core dump
 using the client. The debugger should catch the fault and tell you
-where it occurred.</P
+where it occurred.
-></DIV
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3012246"></a>Patches</h2></div></div><div></div></div><p>
-><DIV
+The best sort of bug report is one that includes a fix! If you send us
-CLASS="SECT1"
+patches please use <b class="userinput"><tt>diff -u</tt></b> format if your version of 
-><H1
+diff supports it, otherwise use <b class="userinput"><tt>diff -c4</tt></b>. Make sure 
-CLASS="SECT1"
+you do the diff against a clean version of the source and let me know 
-><A
+exactly what version you used. 
-NAME="AEN3355">25.6. Patches</H1
+</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="problems.html">Prev</a><EFBFBD></td><td width="20%" align="center"><a accesskey="u" href="troubleshooting.html">Up</a></td><td width="40%" align="right"><EFBFBD><a accesskey="n" href="Appendixes.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter<EFBFBD>34.<2E>Analysing and solving samba problems<6D></td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"><EFBFBD>Part<EFBFBD>VI.<2E>Appendixes</td></tr></table></div></body></html>
 ><P
 >The best sort of bug report is one that includes a fix! If you send us
 patches please use <B
 CLASS="COMMAND"
 >diff -u</B
 > format if your version of 
 diff supports it, otherwise use <B
 CLASS="COMMAND"
 >diff -c4</B
 >. Make sure 
 your do the diff against a clean version of the source and let me know 
 exactly what version you used. </P
 ></DIV
 ></DIV
 ><DIV
 CLASS="NAVFOOTER"
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"><TABLE
 SUMMARY="Footer navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
 HREF="other-clients.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="samba-howto-collection.html"
 ACCESSKEY="H"
 >Home</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
 HREF="diagnosis.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 >Samba and other CIFS clients</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="appendixes.html"
 ACCESSKEY="U"
 >Up</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 >Diagnosing your samba server</TD
 ></TR
 ></TABLE
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/diagnosis.html
+++ b/docs/htmldocs/diagnosis.html
@ -1,627 +1,302 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter<EFBFBD>33.<2E>The samba checklist</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="troubleshooting.html" title="Part<72>V.<2E>Troubleshooting"><link rel="previous" href="troubleshooting.html" title="Part<72>V.<2E>Troubleshooting"><link rel="next" href="problems.html" title="Chapter<65>34.<2E>Analysing and solving samba problems"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter<EFBFBD>33.<2E>The samba checklist</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="troubleshooting.html">Prev</a><EFBFBD></td><th width="60%" align="center">Part<EFBFBD>V.<2E>Troubleshooting</th><td width="20%" align="right"><EFBFBD><a accesskey="n" href="problems.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="diagnosis"></a>Chapter<EFBFBD>33.<2E>The samba checklist</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Andrew</span> <span class="surname">Tridgell</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:tridge@samba.org">tridge@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><p class="pubdate">Wed Jan 15</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="diagnosis.html#id3005492">Introduction</a></dt><dt><a href="diagnosis.html#id3007352">Assumptions</a></dt><dt><a href="diagnosis.html#id3007529">The tests</a></dt><dt><a href="diagnosis.html#id3008704">Still having troubles?</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3005492"></a>Introduction</h2></div></div><div></div></div><p>
-<HTML
+This file contains a list of tests you can perform to validate your
 ><HEAD
 ><TITLE
 >Diagnosing your samba server</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
 "><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
 REL="UP"
 TITLE="Appendixes"
 HREF="appendixes.html"><LINK
 REL="PREVIOUS"
 TITLE="Reporting Bugs"
 HREF="bugreport.html"></HEAD
 ><BODY
 CLASS="CHAPTER"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><DIV
 CLASS="NAVHEADER"
 ><TABLE
 SUMMARY="Header navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TH
 COLSPAN="3"
 ALIGN="center"
 >SAMBA Project Documentation</TH
 ></TR
 ><TR
 ><TD
 WIDTH="10%"
 ALIGN="left"
 VALIGN="bottom"
 ><A
 HREF="bugreport.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="80%"
 ALIGN="center"
 VALIGN="bottom"
 ></TD
 ><TD
 WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 >&nbsp;</TD
 ></TR
 ></TABLE
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"></DIV
 ><DIV
 CLASS="CHAPTER"
 ><H1
 ><A
 NAME="DIAGNOSIS">Chapter 26. Diagnosing your samba server</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN3378">26.1. Introduction</H1
 ><P
 >This file contains a list of tests you can perform to validate your
 Samba server. It also tells you what the likely cause of the problem
 is if it fails any one of these steps. If it passes all these tests
-then it is probably working fine.</P
+then it is probably working fine.
-><P
+</p><p>
->You should do ALL the tests, in the order shown. We have tried to
+You should do ALL the tests, in the order shown. We have tried to
 carefully choose them so later tests only use capabilities verified in
-the earlier tests.</P
+the earlier tests.  However, do not stop at the first error as there
-><P
+have been some instances when continuing with the tests has helped
->If you send one of the samba mailing lists  an email saying "it doesn't work"
+to solve a problem.
 </p><p>
 If you send one of the samba mailing lists  an email saying &quot;it doesn't work&quot;
 and you have not followed this test procedure then you should not be surprised
-your email is ignored.</P
+if your email is ignored.
-></DIV
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3007352"></a>Assumptions</h2></div></div><div></div></div><p>
-><DIV
+In all of the tests it is assumed you have a Samba server called 
-CLASS="SECT1"
+BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.
-><H1
+</p><p>
-CLASS="SECT1"
+The procedure is similar for other types of clients.
-><A
+</p><p>
-NAME="AEN3383">26.2. Assumptions</H1
+It is also assumed you know the name of an available share in your
-><P
+<tt class="filename">smb.conf</tt>. I will assume this share is called <i class="replaceable"><tt>tmp</tt></i>.
->In all of the tests it is assumed you have a Samba server called 
+You can add a <i class="replaceable"><tt>tmp</tt></i> share like this by adding the
-BIGSERVER and a PC called ACLIENT both in workgroup TESTGROUP.</P
+following to <tt class="filename">smb.conf</tt>:
-><P
+</p><pre class="programlisting">
->The procedure is similar for other types of clients.</P
+
-><P
+[tmp]
 >It is also assumed you know the name of an available share in your
 smb.conf. I will assume this share is called "tmp". You can add a
 "tmp" share like by adding the following to smb.conf:</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 >&#13;[tmp]
 comment = temporary files 
 path = /tmp
- read only = yes&#13;</PRE
+ read only = yes
-></P
+
-><P
+</pre><p>
->THESE TESTS ASSUME VERSION 3.0.0 OR LATER OF THE SAMBA SUITE. SOME
+</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS</P
+These tests assume version 3.0 or later of the samba suite.
-><P
+Some commands shown did not exist in earlier versions. 
->Please pay attention to the error messages you receive. If any error message
+</p></div><p>
-reports that your server is being unfriendly you should first check that you
+Please pay attention to the error messages you receive. If any error message
-IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf
+reports that your server is being unfriendly you should first check that your
-file points to name servers that really do exist.</P
+IP name resolution is correctly set up. eg: Make sure your <tt class="filename">/etc/resolv.conf</tt>
-><P
+file points to name servers that really do exist.
->Also, if you do not have DNS server access for name resolution please check
+</p><p>
-that the settings for your smb.conf file results in "dns proxy = no". The
+Also, if you do not have DNS server access for name resolution please check
-best way to check this is with "testparm smb.conf"</P
+that the settings for your <tt class="filename">smb.conf</tt> file results in <b class="command">dns proxy = no</b>. The
-></DIV
+best way to check this is with <b class="userinput"><tt>testparm smb.conf</tt></b>.
-><DIV
+</p><p>
-CLASS="SECT1"
+It is helpful to monitor the log files during testing by using the
-><H1
+<b class="command">tail -F <i class="replaceable"><tt>log_file_name</tt></i></b> in a separate
-CLASS="SECT1"
+terminal console (use ctrl-alt-F1 through F6 or multiple terminals in X). 
-><A
+Relevant log files can be found (for default installations) in
-NAME="AEN3393">26.3. Tests</H1
+<tt class="filename">/usr/local/samba/var</tt>.  Also, connection logs from
-><DIV
+machines can be found here or possibly in <tt class="filename">/var/log/samba</tt>
-CLASS="SECT2"
+depending on how or if you specified logging in your <tt class="filename">smb.conf</tt> file.
-><H2
+</p><p>
-CLASS="SECT2"
+If you make changes to your <tt class="filename">smb.conf</tt> file while going through these test,
-><A
+don't forget to restart <span class="application">smbd</span> and <span class="application">nmbd</span>.
-NAME="AEN3395">26.3.1. Test 1</H2
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3007529"></a>The tests</h2></div></div><div></div></div><div class="procedure"><p class="title"><b>Procedure<EFBFBD>33.1.<2E>Diagnosing your samba server</b></p><ol type="1"><li><p>
-><P
+In the directory in which you store your <tt class="filename">smb.conf</tt> file, run the command
->In the directory in which you store your smb.conf file, run the command
+<b class="userinput"><tt>testparm smb.conf</tt></b>. If it reports any errors then your <tt class="filename">smb.conf</tt>
-"testparm smb.conf". If it reports any errors then your smb.conf
+configuration file is faulty.
-configuration file is faulty.</P
+</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-><P
+Your <tt class="filename">smb.conf</tt> file may be located in: <tt class="filename">/etc/samba</tt>
->Note:	Your smb.conf file may be located in: <TT
+Or in:   <tt class="filename">/usr/local/samba/lib</tt>
-CLASS="FILENAME"
+</p></div></li><li><p>
->/etc/samba</TT
+Run the command <b class="userinput"><tt>ping BIGSERVER</tt></b> from the PC and 
->
+<b class="userinput"><tt>ping ACLIENT</tt></b> from
 	Or in:   <TT
 CLASS="FILENAME"
 >/usr/local/samba/lib</TT
 ></P
 ></DIV
 ><DIV
 CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
 NAME="AEN3401">26.3.2. Test 2</H2
 ><P
 >Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
 the unix box. If you don't get a valid response then your TCP/IP
-software is not correctly installed. </P
+software is not correctly installed. 
-><P
+</p><p>
->Note that you will need to start a "dos prompt" window on the PC to
+Note that you will need to start a &quot;dos prompt&quot; window on the PC to
-run ping.</P
+run ping.
-><P
+</p><p>
->If you get a message saying "host not found" or similar then your DNS
+If you get a message saying <span class="errorname">host not found</span> or similar then your DNS
-software or /etc/hosts file is not correctly setup. It is possible to
+software or <tt class="filename">/etc/hosts</tt> file is not correctly setup.
 It is possible to
 run samba without DNS entries for the server and client, but I assume
-you do have correct entries for the remainder of these tests. </P
+you do have correct entries for the remainder of these tests. 
-><P
+</p><p>
->Another reason why ping might fail is if your host is running firewall 
+Another reason why ping might fail is if your host is running firewall 
 software. You will need to relax the rules to let in the workstation
 in question, perhaps by allowing access from another subnet (on Linux
-this is done via the ipfwadm program.)</P
+this is done via the <span class="application">ipfwadm</span> program.)
-></DIV
+</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-><DIV
+Modern Linux distributions install ipchains/iptables by default. 
-CLASS="SECT2"
+This is a common problem that is often overlooked.
-><H2
+</p></div></li><li><p>
-CLASS="SECT2"
+Run the command <b class="userinput"><tt>smbclient -L BIGSERVER</tt></b> on the unix box. You
-><A
+should get a list of available shares back. 
-NAME="AEN3407">26.3.3. Test 3</H2
+</p><p>
-><P
+If you get a error message containing the string &quot;Bad password&quot; then
->Run the command "smbclient -L BIGSERVER" on the unix box. You
+you probably have either an incorrect <b class="command">hosts allow</b>, 
-should get a list of available shares back. </P
+<b class="command">hosts deny</b> or <b class="command">valid users</b> line in your 
-><P
+<tt class="filename">smb.conf</tt>, or your guest account is not
->If you get a error message containing the string "Bad password" then
+valid. Check what your guest account is using <span class="application">testparm</span> and
-you probably have either an incorrect "hosts allow", "hosts deny" or
+temporarily remove any <b class="command">hosts allow</b>, <b class="command">hosts deny</b>, <b class="command">valid users</b> or <b class="command">invalid users</b> lines.
-"valid users" line in your smb.conf, or your guest account is not
+</p><p>
-valid. Check what your guest account is using "testparm" and
+If you get a <span class="errorname">connection refused</span> response then the smbd server may
 temporarily remove any "hosts allow", "hosts deny", "valid users" or
 "invalid users" lines.</P
 ><P
 >If you get a "connection refused" response then the smbd server may
 not be running. If you installed it in inetd.conf then you probably edited
 that file incorrectly. If you installed it as a daemon then check that
 it is running, and check that the netbios-ssn port is in a LISTEN
-state using "netstat -a".</P
+state using <b class="userinput"><tt>netstat -a</tt></b>.
-><P
+</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
->If you get a "session request failed" then the server refused the
+Some Unix / Linux systems use <b class="command">xinetd</b> in place of
-connection. If it says "Your server software is being unfriendly" then
+<b class="command">inetd</b>. Check your system documentation for the location
-its probably because you have invalid command line parameters to smbd,
+of the control file/s for your particular system implementation of
-or a similar fatal problem with the initial startup of smbd. Also
+this network super daemon.
-check your config file (smb.conf) for syntax errors with "testparm"
+</p></div><p>
 If you get a <span class="errorname">session request failed</span> then the server refused the
 connection. If it says &quot;Your server software is being unfriendly&quot; then
 its probably because you have invalid command line parameters to <span class="application">smbd</span>,
 or a similar fatal problem with the initial startup of <span class="application">smbd</span>. Also
 check your config file (<tt class="filename">smb.conf</tt>) for syntax errors with <span class="application">testparm</span>
 and that the various directories where samba keeps its log and lock
-files exist.</P
+files exist.
-><P
+</p><p>
->There are a number of reasons for which smbd may refuse or decline
+There are a number of reasons for which smbd may refuse or decline
 a session request. The most common of these involve one or more of
-the following smb.conf file entries:</P
+the following <tt class="filename">smb.conf</tt> file entries:
-><P
+</p><pre class="programlisting">
-><PRE
+	hosts deny = ALL
 CLASS="PROGRAMLISTING"
 >	hosts deny = ALL
 	hosts allow = xxx.xxx.xxx.xxx/yy
-	bind interfaces only = Yes</PRE
+	bind interfaces only = Yes
-></P
+</pre><p>
-><P
+In the above, no allowance has been made for any session requests that
 >In the above, no allowance has been made for any session requests that
 will automatically translate to the loopback adaptor address 127.0.0.1.
-To solve this problem change these lines to:</P
+To solve this problem change these lines to:
-><P
+</p><pre class="programlisting">
-><PRE
+	hosts deny = ALL
-CLASS="PROGRAMLISTING"
+	hosts allow = xxx.xxx.xxx.xxx/yy 127.
->	hosts deny = ALL
+</pre><p>
-	hosts allow = xxx.xxx.xxx.xxx/yy 127.</PRE
+Do <span class="emphasis"><em>not</em></span> use the <b class="command">bind interfaces only</b> parameter where you 
-></P
+may wish to
-><P
+use the samba password change facility, or where <span class="application">smbclient</span> may need to
->Do NOT use the "bind interfaces only" parameter where you may wish to
+access a local service for name resolution or for local resource
-use the samba password change facility, or where smbclient may need to
+connections. (Note: the <b class="command">bind interfaces only</b> parameter deficiency
 access local service for name resolution or for local resource
 connections. (Note: the "bind interfaces only" parameter deficiency
 where it will not allow connections to the loopback address will be
-fixed soon).</P
+fixed soon).
-><P
+</p><p>
->Another common cause of these two errors is having something already running 
+Another common cause of these two errors is having something already running 
-on port 139, such as Samba (ie: smbd is running from inetd already) or
+on port <tt class="constant">139</tt>, such as Samba 
-something like Digital's Pathworks. Check your inetd.conf file before trying
+(ie: <span class="application">smbd</span> is running from <span class="application">inetd</span> already) or
-to start smbd as a daemon, it can avoid a lot of frustration!</P
+something like Digital's Pathworks. Check your <tt class="filename">inetd.conf</tt> file before trying
-><P
+to start <span class="application">smbd</span> as a daemon, it can avoid a lot of frustration!
->And yet another possible cause for failure of TEST 3 is when the subnet mask
+</p><p>
 And yet another possible cause for failure of this test is when the subnet mask
 and / or broadcast address settings are incorrect. Please check that the
 network interface IP Address / Broadcast Address / Subnet Mask settings are
-correct and that Samba has correctly noted these in the log.nmb file.</P
+correct and that Samba has correctly noted these in the <tt class="filename">log.nmb</tt> file.
-></DIV
+</p></li><li><p>
-><DIV
+Run the command <b class="userinput"><tt>nmblookup -B BIGSERVER __SAMBA__</tt></b>. You should get the
-CLASS="SECT2"
+IP address of your Samba server back.
-><H2
+</p><p>
-CLASS="SECT2"
+If you don't then nmbd is incorrectly installed. Check your <tt class="filename">inetd.conf</tt>
 ><A
 NAME="AEN3422">26.3.4. Test 4</H2
 ><P
 >Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
 IP address of your Samba server back.</P
 ><P
 >If you don't then nmbd is incorrectly installed. Check your inetd.conf
 if you run it from there, or that the daemon is running and listening
-to udp port 137.</P
+to udp port 137.
-><P
+</p><p>
->One common problem is that many inetd implementations can't take many
+One common problem is that many inetd implementations can't take many
 parameters on the command line. If this is the case then create a
 one-line script that contains the right parameters and run that from
-inetd.</P
+inetd.
-></DIV
+</p></li><li><p>run the command <b class="userinput"><tt>nmblookup -B ACLIENT '*'</tt></b></p><p>
-><DIV
+You should get the PCs IP address back. If you don't then the client
 CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
 NAME="AEN3427">26.3.5. Test 5</H2
 ><P
 >run the command <B
 CLASS="COMMAND"
 >nmblookup -B ACLIENT '*'</B
 ></P
 ><P
 >You should get the PCs IP address back. If you don't then the client
 software on the PC isn't installed correctly, or isn't started, or you
-got the name of the PC wrong. </P
+got the name of the PC wrong. 
-><P
+</p><p>
->If ACLIENT doesn't resolve via DNS then use the IP address of the
+If ACLIENT doesn't resolve via DNS then use the IP address of the
-client in the above test.</P
+client in the above test.
-></DIV
+</p></li><li><p>
-><DIV
+Run the command <b class="userinput"><tt>nmblookup -d 2 '*'</tt></b>
-CLASS="SECT2"
+</p><p>
-><H2
+This time we are trying the same as the previous test but are trying
 CLASS="SECT2"
 ><A
 NAME="AEN3433">26.3.6. Test 6</H2
 ><P
 >Run the command <B
 CLASS="COMMAND"
 >nmblookup -d 2 '*'</B
 ></P
 ><P
 >This time we are trying the same as the previous test but are trying
 it via a broadcast to the default broadcast address. A number of
 Netbios/TCPIP hosts on the network should respond, although Samba may
 not catch all of the responses in the short time it listens. You
-should see "got a positive name query response" messages from several
+should see <span class="errorname">got a positive name query response</span>
-hosts.</P
+messages from several hosts.
-><P
+</p><p>
->If this doesn't give a similar result to the previous test then
+If this doesn't give a similar result to the previous test then
 nmblookup isn't correctly getting your broadcast address through its
-automatic mechanism. In this case you should experiment use the
+automatic mechanism. In this case you should experiment with the
-"interfaces" option in smb.conf to manually configure your IP
+<b class="command">interfaces</b> option in <tt class="filename">smb.conf</tt> to manually configure your IP
-address, broadcast and netmask. </P
+address, broadcast and netmask. 
-><P
+</p><p>
->If your PC and server aren't on the same subnet then you will need to
+If your PC and server aren't on the same subnet then you will need to
-use the -B option to set the broadcast address to the that of the PCs
+use the <i class="parameter"><tt>-B</tt></i> option to set the broadcast address to that of the PCs
-subnet.</P
+subnet.
-><P
+</p><p>
->This test will probably fail if your subnet mask and broadcast address are
+This test will probably fail if your subnet mask and broadcast address are
-not correct. (Refer to TEST 3 notes above).</P
+not correct. (Refer to TEST 3 notes above).
-></DIV
+</p></li><li><p>
-><DIV
+Run the command <b class="userinput"><tt>smbclient //BIGSERVER/TMP</tt></b>. You should 
 CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
 NAME="AEN3441">26.3.7. Test 7</H2
 ><P
 >Run the command <B
 CLASS="COMMAND"
 >smbclient //BIGSERVER/TMP</B
 >. You should 
 then be prompted for a password. You should use the password of the account
 you are logged into the unix box with. If you want to test with
-another account then add the -U &gt;accountname&lt; option to the end of
+another account then add the <i class="parameter"><tt>-U <i class="replaceable"><tt>accountname</tt></i></tt></i> option to the end of
 the command line.  eg: 
-<B
+<b class="userinput"><tt>smbclient //bigserver/tmp -Ujohndoe</tt></b>
-CLASS="COMMAND"
+</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
->smbclient //bigserver/tmp -Ujohndoe</B
+It is possible to specify the password along with the username
 ></P
 ><P
 >Note: It is possible to specify the password along with the username
 as follows:
-<B
+<b class="userinput"><tt>smbclient //bigserver/tmp -Ujohndoe%secret</tt></b>
-CLASS="COMMAND"
+</p></div><p>
->smbclient //bigserver/tmp -Ujohndoe%secret</B
+Once you enter the password you should get the <tt class="prompt">smb&gt;</tt> prompt. If you
-></P
+don't then look at the error message. If it says <span class="errorname">invalid network
-><P
+name</span> then the service <span class="emphasis"><em>&quot;tmp&quot;</em></span> is not correctly setup in your <tt class="filename">smb.conf</tt>.
->Once you enter the password you should get the "smb&#62;" prompt. If you
+</p><p>
-don't then look at the error message. If it says "invalid network
+If it says <span class="errorname">bad password</span> then the likely causes are:
-name" then the service "tmp" is not correctly setup in your smb.conf.</P
+</p><div class="orderedlist"><ol type="1"><li><p>
-><P
+	you have shadow passords (or some other password system) but didn't
->If it says "bad password" then the likely causes are:</P
+	compile in support for them in <span class="application">smbd</span>
-><P
+	</p></li><li><p>
-></P
+	your <b class="command">valid users</b> configuration is incorrect
-><OL
+	</p></li><li><p>
-TYPE="1"
+	you have a mixed case password and you haven't enabled the <b class="command">password
-><LI
+	level</b> option at a high enough level
-><P
+	</p></li><li><p>
->	you have shadow passords (or some other password system) but didn't
+	the <b class="command">path =</b> line in <tt class="filename">smb.conf</tt> is incorrect. Check it with <span class="application">testparm</span>
-	compile in support for them in smbd
+	</p></li><li><p>
-	</P
+	you enabled password encryption but didn't map unix to samba users
-></LI
+	</p></li></ol></div><p>
-><LI
+Once connected you should be able to use the commands 
-><P
+<b class="command">dir</b> <b class="command">get</b> <b class="command">put</b> etc. 
->	your "valid users" configuration is incorrect
+Type <b class="command">help <i class="replaceable"><tt>command</tt></i></b> for instructions. You should
 	</P
 ></LI
 ><LI
 ><P
 >	you have a mixed case password and you haven't enabled the "password
 	level" option at a high enough level
 	</P
 ></LI
 ><LI
 ><P
 >	the "path =" line in smb.conf is incorrect. Check it with testparm
 	</P
 ></LI
 ><LI
 ><P
 >	you enabled password encryption but didn't create the SMB encrypted
 	password file
 	</P
 ></LI
 ></OL
 ><P
 >Once connected you should be able to use the commands 
 <B
 CLASS="COMMAND"
 >dir</B
 > <B
 CLASS="COMMAND"
 >get</B
 > <B
 CLASS="COMMAND"
 >put</B
 > etc. 
 Type <B
 CLASS="COMMAND"
 >help &gt;command&lt;</B
 > for instructions. You should
 especially check that the amount of free disk space shown is correct
-when you type <B
+when you type <b class="command">dir</b>.
-CLASS="COMMAND"
+</p></li><li><p>
->dir</B
+On the PC, type the command <b class="userinput"><tt>net view \\BIGSERVER</tt></b>. You will 
->.</P
+need to do this from within a &quot;dos prompt&quot; window. You should get back a 
-></DIV
+list of available shares on the server.
-><DIV
+</p><p>
-CLASS="SECT2"
+If you get a <span class="errorname">network name not found</span> or similar error then netbios
 ><H2
 CLASS="SECT2"
 ><A
 NAME="AEN3467">26.3.8. Test 8</H2
 ><P
 >On the PC type the command <B
 CLASS="COMMAND"
 >net view \\BIGSERVER</B
 >. You will 
 need to do this from within a "dos prompt" window. You should get back a 
 list of available shares on the server.</P
 ><P
 >If you get a "network name not found" or similar error then netbios
 name resolution is not working. This is usually caused by a problem in
 nmbd. To overcome it you could do one of the following (you only need
-to choose one of them):</P
+to choose one of them):
-><P
+</p><div class="orderedlist"><ol type="1"><li><p>
-></P
+	fixup the <span class="application">nmbd</span> installation
-><OL
+</p></li><li><p>
-TYPE="1"
+	add the IP address of BIGSERVER to the <b class="command">wins server</b> box in the
-><LI
+	advanced tcp/ip setup on the PC.
-><P
+</p></li><li><p>
->	fixup the nmbd installation</P
+	enable windows name resolution via DNS in the advanced section of
-></LI
+	the tcp/ip setup
-><LI
+</p></li><li><p>
-><P
+	add BIGSERVER to your lmhosts file on the PC.
->	add the IP address of BIGSERVER to the "wins server" box in the
+</p></li></ol></div><p>
-	advanced tcp/ip setup on the PC.</P
+If you get a <span class="errorname">invalid network name</span> or <span class="errorname">bad password error</span> then the
-></LI
+same fixes apply as they did for the <b class="userinput"><tt>smbclient -L</tt></b> test above. In
-><LI
+particular, make sure your <b class="command">hosts allow</b> line is correct (see the man
-><P
+pages)
->	enable windows name resolution via DNS in the advanced section of
+</p><p>
-	the tcp/ip setup</P
+Also, do not overlook that fact that when the workstation requests the
 ></LI
 ><LI
 ><P
 >	add BIGSERVER to your lmhosts file on the PC.</P
 ></LI
 ></OL
 ><P
 >If you get a "invalid network name" or "bad password error" then the
 same fixes apply as they did for the "smbclient -L" test above. In
 particular, make sure your "hosts allow" line is correct (see the man
 pages)</P
 ><P
 >Also, do not overlook that fact that when the workstation requests the
 connection to the samba server it will attempt to connect using the 
 name with which you logged onto your Windows machine. You need to make
 sure that an account exists on your Samba server with that exact same
-name and password.</P
+name and password.
-><P
+</p><p>
->If you get "specified computer is not receiving requests" or similar
+If you get <span class="errorname">specified computer is not receiving requests</span> or similar
 it probably means that the host is not contactable via tcp services.
 Check to see if the host is running tcp wrappers, and if so add an entry in
-the hosts.allow file for your client (or subnet, etc.)</P
+the <tt class="filename">hosts.allow</tt> file for your client (or subnet, etc.)
-></DIV
+</p></li><li><p>
-><DIV
+Run the command <b class="userinput"><tt>net use x: \\BIGSERVER\TMP</tt></b>. You should 
-CLASS="SECT2"
+be prompted for a password then you should get a <tt class="computeroutput">command completed 
-><H2
+successfully</tt> message. If not then your PC software is incorrectly 
-CLASS="SECT2"
+installed or your smb.conf is incorrect. make sure your <b class="command">hosts allow</b>
-><A
+and other config lines in <tt class="filename">smb.conf</tt> are correct.
-NAME="AEN3484">26.3.9. Test 9</H2
+</p><p>
-><P
+It's also possible that the server can't work out what user name to
->Run the command <B
+connect you as. To see if this is the problem add the line <i class="parameter"><tt>user =
-CLASS="COMMAND"
+<i class="replaceable"><tt>username</tt></i></tt></i> to the <i class="parameter"><tt>[tmp]</tt></i> section of 
->net use x: \\BIGSERVER\TMP</B
+<tt class="filename">smb.conf</tt> where <i class="replaceable"><tt>username</tt></i> is the
 >. You should 
 be prompted for a password then you should get a "command completed 
 successfully" message. If not then your PC software is incorrectly 
 installed or your smb.conf is incorrect. make sure your "hosts allow" 
 and other config lines in smb.conf are correct.</P
 ><P
 >It's also possible that the server can't work out what user name to
 connect you as. To see if this is the problem add the line "user =
 USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the
 username corresponding to the password you typed. If you find this
-fixes things you may need the username mapping option. </P
+fixes things you may need the username mapping option. 
-><P
+</p><p>
->It might also be the case that your client only sends encrypted passwords 
+It might also be the case that your client only sends encrypted passwords 
-and you have <B
+and you have <i class="parameter"><tt>encrypt passwords = no</tt></i> in <tt class="filename">smb.conf</tt>
-CLASS="COMMAND"
+Turn it back on to fix.
->encrypt passwords = no</B
+</p></li><li><p>
-> in <TT
+Run the command <b class="userinput"><tt>nmblookup -M <i class="replaceable"><tt>testgroup</tt></i></tt></b> where 
-CLASS="FILENAME"
+<i class="replaceable"><tt>testgroup</tt></i> is the name of the workgroup that your Samba server and 
 >smb.conf</TT
 >.
 Turn it back on to fix.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
 NAME="AEN3492">26.3.10. Test 10</H2
 ><P
 >Run the command <B
 CLASS="COMMAND"
 >nmblookup -M TESTGROUP</B
 > where 
 TESTGROUP is the name of the workgroup that your Samba server and 
 Windows PCs belong to. You should get back the IP address of the 
-master browser for that workgroup.</P
+master browser for that workgroup.
-><P
+</p><p>
->If you don't then the election process has failed. Wait a minute to
+If you don't then the election process has failed. Wait a minute to
 see if it is just being slow then try again. If it still fails after
-that then look at the browsing options you have set in smb.conf. Make
+that then look at the browsing options you have set in <tt class="filename">smb.conf</tt>. Make
-sure you have <B
+sure you have <i class="parameter"><tt>preferred master = yes</tt></i> to ensure that 
-CLASS="COMMAND"
+an election is held at startup.
->preferred master = yes</B
+</p></li><li><p>
-> to ensure that 
+&gt;From file manager try to browse the server. Your samba server should
 an election is held at startup.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
 NAME="AEN3498">26.3.11. Test 11</H2
 ><P
 >From file manager try to browse the server. Your samba server should
 appear in the browse list of your local workgroup (or the one you
 specified in smb.conf). You should be able to double click on the name
-of the server and get a list of shares. If you get a "invalid
+of the server and get a list of shares. If you get a &quot;invalid
-password" error when you do then you are probably running WinNT and it
+password&quot; error when you do then you are probably running WinNT and it
 is refusing to browse a server that has no encrypted password
 capability and is in user level security mode. In this case either set
-<B
+<i class="parameter"><tt>security = server</tt></i> AND 
-CLASS="COMMAND"
+<i class="parameter"><tt>password server = Windows_NT_Machine</tt></i> in your
->security = server</B
+<tt class="filename">smb.conf</tt> file, or make sure <i class="parameter"><tt>encrypted passwords</tt></i> is
-> AND 
+set to &quot;yes&quot;.
-<B
+</p></li></ol></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3008704"></a>Still having troubles?</h2></div></div><div></div></div><p>Read the chapter on 
-CLASS="COMMAND"
+<a href="problems.html" title="Chapter<65>34.<2E>Analysing and solving samba problems">Analysing and Solving Problems</a>.
->password server = Windows_NT_Machine</B
+</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="troubleshooting.html">Prev</a><EFBFBD></td><td width="20%" align="center"><a accesskey="u" href="troubleshooting.html">Up</a></td><td width="40%" align="right"><EFBFBD><a accesskey="n" href="problems.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Part<EFBFBD>V.<2E>Troubleshooting<6E></td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"><EFBFBD>Chapter<EFBFBD>34.<2E>Analysing and solving samba problems</td></tr></table></div></body></html>
 > in your
 smb.conf file, or enable encrypted passwords AFTER compiling in support
 for encrypted passwords (refer to the Makefile).</P
 ></DIV
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN3503">26.4. Still having troubles?</H1
 ><P
 >Try the mailing list or newsgroup, or use the ethereal utility to
 sniff the problem. The official samba mailing list can be reached at
 <A
 HREF="mailto:samba@samba.org"
 TARGET="_top"
 >samba@samba.org</A
 >. To find 
 out more about samba and how to subscribe to the mailing list check 
 out the samba web page at 
 <A
 HREF="http://samba.org/samba"
 TARGET="_top"
 >http://samba.org/samba</A
 ></P
 ><P
 >Also look at the other docs in the Samba package!</P
 ></DIV
 ></DIV
 ><DIV
 CLASS="NAVFOOTER"
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"><TABLE
 SUMMARY="Footer navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
 HREF="bugreport.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="samba-howto-collection.html"
 ACCESSKEY="H"
 >Home</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 >&nbsp;</TD
 ></TR
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 >Reporting Bugs</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="appendixes.html"
 ACCESSKEY="U"
 >Up</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 >&nbsp;</TD
 ></TR
 ></TABLE
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/findsmb.1.html
+++ b/docs/htmldocs/findsmb.1.html
@ -1,214 +1,41 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>findsmb</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="findsmb.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>findsmb &#8212; list info about machines that respond to SMB 
-<HTML
+	name queries on a subnet</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">findsmb</tt>  [subnet broadcast address]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This perl script is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a>
-><HEAD
+	suite.</p><p><b class="command">findsmb</b> is a perl script that
 ><TITLE
 >findsmb</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
 "></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="FINDSMB">findsmb</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >findsmb&nbsp;--&nbsp;list info about machines that respond to SMB 
 	name queries on a subnet</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >findsmb</B
 > [subnet broadcast address]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN12"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This perl script is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >findsmb</B
 > is a perl script that
 	prints out several pieces of information about machines 
 	on a subnet that respond to SMB  name query requests.
-	It uses <A
+	It uses <a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>
-HREF="nmblookup.1.html"
+	and <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>
-TARGET="_top"
+	to obtain this information.
-><B
+	</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-r</span></dt><dd><p>Controls whether <b class="command">findsmb</b> takes
 CLASS="COMMAND"
 >	nmblookup(1)</B
 ></A
 > and <A
 HREF="smbclient.1.html"
 TARGET="_top"
 >	<B
 CLASS="COMMAND"
 >smbclient(1)</B
 ></A
 > to obtain this information.
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN22"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-r</DT
 ><DD
 ><P
 >Controls whether <B
 CLASS="COMMAND"
 >findsmb</B
 > takes
 		bugs in Windows95 into account when trying to find a Netbios name
 		registered of the remote machine. This option is disabled by default
 		because it is specific to Windows 95 and Windows 95 machines only. 
-		If set, <A
+		If set, <a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>
-HREF="nmblookup.1.html"
+		will be called with <tt class="constant">-B</tt> option.</p></dd><dt><span class="term">subnet broadcast address</span></dt><dd><p>Without this option, <b class="command">findsmb
-TARGET="_top"
+		</b> will probe the subnet of the machine where 
-><B
+		<a href="findsmb.1.html"><span class="citerefentry"><span class="refentrytitle">findsmb</span>(1)</span></a>
-CLASS="COMMAND"
+		is run. This value is passed to 
->nmblookup</B
+		<a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>
-></A
+		as part of the <tt class="constant">-B</tt> option.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>EXAMPLES</h2><p>The output of <b class="command">findsmb</b> lists the following 
 >
 		will be called with <TT
 CLASS="CONSTANT"
 >-B</TT
 > option.</P
 ></DD
 ><DT
 >subnet broadcast address</DT
 ><DD
 ><P
 >Without this option, <B
 CLASS="COMMAND"
 >findsmb
 		</B
 > will probe the subnet of the machine where 
 		<B
 CLASS="COMMAND"
 >findsmb</B
 > is run. This value is passed 
 		to <B
 CLASS="COMMAND"
 >nmblookup</B
 > as part of the 
 		<TT
 CLASS="CONSTANT"
 >-B</TT
 > option.</P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN41"
 ></A
 ><H2
 >EXAMPLES</H2
 ><P
 >The output of <B
 CLASS="COMMAND"
 >findsmb</B
 > lists the following 
 	information for all machines that respond to the initial 
-	<B
+	<b class="command">nmblookup</b> for any name: IP address, NetBIOS name, 
-CLASS="COMMAND"
+	Workgroup name, operating system, and SMB server version.</p><p>There will be a '+' in front of the workgroup name for 
 >nmblookup</B
 > for any name: IP address, NetBIOS name, 
 	Workgroup name, operating system, and SMB server version.</P
 ><P
 >There will be a '+' in front of the workgroup name for 
 	machines that are local master browsers for that workgroup. There 
 	will be an '*' in front of the workgroup name for 
 	machines that are the domain master browser for that workgroup. 
 	Machines that are running Windows, Windows 95 or Windows 98 will 
 	not show any information about the operating system or server 
-	version.</P
+	version.</p><p>The command with <tt class="constant">-r</tt> option
-><P
+	must be run on a system without <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>	running. 
->The command with <TT
+
-CLASS="CONSTANT"
+	If <b class="command">nmbd</b> is running on the system, you will 
 >-r</TT
 > option
 	must be run on a system without <A
 HREF="nmbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >nmbd</B
 ></A
 > running. 
 	If <B
 CLASS="COMMAND"
 >nmbd</B
 > is running on the system, you will 
 	only  get the IP address and the DNS name of the machine. To 
 	get proper responses  from Windows 95 and Windows 98 machines, 
-	the command must be run as root and with <TT
+	the command must be run as root and with <tt class="constant">-r</tt>
-CLASS="CONSTANT"
+	option on a machine without <b class="command">nmbd</b> running.</p><p>For example, running <b class="command">findsmb</b> 
->-r</TT
+	without <tt class="constant">-r</tt> option set would yield output similar
->
+	to the following</p><pre class="screen">
-	option on a machine without <B
+IP ADDR         NETBIOS NAME   WORKGROUP/OS/VERSION 
 CLASS="COMMAND"
 >nmbd</B
 > running.</P
 ><P
 >For example, running <B
 CLASS="COMMAND"
 >findsmb</B
 > without 
 	<TT
 CLASS="CONSTANT"
 >-r</TT
 > option set would yield output similar
 	to the following</P
 ><TABLE
 BORDER="0"
 BGCOLOR="#E0E0E0"
 WIDTH="100%"
 ><TR
 ><TD
 ><PRE
 CLASS="SCREEN"
 ><TT
 CLASS="COMPUTEROUTPUT"
 >IP ADDR         NETBIOS NAME   WORKGROUP/OS/VERSION 
 --------------------------------------------------------------------- 
 192.168.35.10   MINESET-TEST1  [DMVENGR]
 192.168.35.55   LINUXBOX      *[MYGROUP] [Unix] [Samba 2.0.6]
@ -220,81 +47,15 @@ CLASS="COMPUTEROUTPUT"
 192.168.35.88   SCNT2         +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
 192.168.35.93   FROGSTAR-PC    [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
 192.168.35.97   HERBNT1       *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
-	</TT
+</pre></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of 
-></PRE
+	the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>,
-></TD
+	<a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, and <a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a>
-></TR
+	</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 ></TABLE
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN59"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 3.0 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN62"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="nmbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >nmbd(8)</B
 ></A
 >, 
 	<A
 HREF="smbclient.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbclient(1)
 	</B
 ></A
 >, and	<A
 HREF="nmblookup.1.html"
 TARGET="_top"
 >	<B
 CLASS="COMMAND"
 >nmblookup(1)</B
 ></A
 >
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN71"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">ftp://ftp.icce.rug.nl/pub/unix/</a>) 
-	<A
+	and updated for the Samba 2.0 release by Jeremy Allison.  The conversion to DocBook for 
-HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook
-TARGET="_top"
+	XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
 	Samba 2.2 was done by Gerald Carter</P
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/groupmapping.html
+++ b/docs/htmldocs/groupmapping.html
@ -1,235 +1,177 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter<EFBFBD>12.<2E>Mapping MS Windows and Unix Groups</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part<72>III.<2E>Advanced Configuration"><link rel="previous" href="passdb.html" title="Chapter<65>11.<2E>Account Information Databases"><link rel="next" href="AccessControls.html" title="Chapter<65>13.<2E>File, Directory and Share Access Controls"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter<EFBFBD>12.<2E>Mapping MS Windows and Unix Groups</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="passdb.html">Prev</a><EFBFBD></td><th width="60%" align="center">Part<EFBFBD>III.<2E>Advanced Configuration</th><td width="20%" align="right"><EFBFBD><a accesskey="n" href="AccessControls.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="groupmapping"></a>Chapter<EFBFBD>12.<2E>Mapping MS Windows and Unix Groups</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Jean Fran<61>ois</span> <span class="surname">Micouleau</span></h3></div></div><div><div class="author"><h3 class="author"><span class="firstname">Gerald</span> <span class="othername">(Jerry)</span> <span class="surname">Carter</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jerry@samba.org">jerry@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="groupmapping.html#id2921059">Features and Benefits</a></dt><dt><a href="groupmapping.html#id2921161">Discussion</a></dt><dd><dl><dt><a href="groupmapping.html#id2921352">Example Configuration</a></dt></dl></dd><dt><a href="groupmapping.html#id2921416">Configuration Scripts</a></dt><dd><dl><dt><a href="groupmapping.html#id2921430">Sample smb.conf add group script</a></dt><dt><a href="groupmapping.html#id2921498">Script to configure Group Mapping</a></dt></dl></dd><dt><a href="groupmapping.html#id2921590">Common Errors</a></dt><dd><dl><dt><a href="groupmapping.html#id2921606">Adding Groups Fails</a></dt><dt><a href="groupmapping.html#id2921666">Adding MS Windows Groups to MS Windows Groups Fails</a></dt></dl></dd></dl></div><p>
-<HTML
+	Starting with Samba-3, new group mapping functionality is available to create associations
-><HEAD
+	between Windows group SIDs and UNIX groups. The <i class="parameter"><tt>groupmap</tt></i> subcommand
-><TITLE
+	included with the <span class="application">net</span> tool can be used to manage these associations.
->Group mapping HOWTO</TITLE
+	</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
-><META
+	The first immediate reason to use the group mapping on a Samba PDC, is that
-NAME="GENERATOR"
+	the <i class="parameter"><tt>domain admin group</tt></i> has been removed and should no longer
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
+	be specified in <tt class="filename">smb.conf</tt>. This parameter was used to give the listed users membership
-"><LINK
+	in the <tt class="constant">Domain Admins</tt> Windows group which gave local admin rights on their workstations
-REL="HOME"
+	(in default configurations).
-TITLE="SAMBA Project Documentation"
+	</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2921059"></a>Features and Benefits</h2></div></div><div></div></div><p>
-HREF="samba-howto-collection.html"><LINK
+	Samba allows the administrator to create MS Windows NT4 / 200x group accounts and to
-REL="UP"
+	arbitrarily associate them with Unix/Linux group accounts.
-TITLE="Optional configuration"
+	</p><p>
-HREF="optional.html"><LINK
+	Group accounts can be managed using the MS Windows NT4 or MS Windows 200x MMC tools
-REL="PREVIOUS"
+	so long as appropriate interface scripts have been provided to <tt class="filename">smb.conf</tt>
-TITLE="HOWTO Access Samba source code via CVS"
+	</p><p>
-HREF="cvs-access.html"><LINK
+	Administrators should be aware that where <tt class="filename">smb.conf</tt> group interface scripts make
-REL="NEXT"
+	direct calls to the Unix/Linux system tools (eg: the shadow utilities, <b class="command">groupadd</b>,
-TITLE="Samba performance issues"
+	<b class="command">groupdel</b>, <b class="command">groupmod</b>) then the resulting Unix/Linux group names will be subject
-HREF="speed.html"></HEAD
+	to any limits imposed by these tools. If the tool does NOT allow upper case characters
-><BODY
+	or space characters, then the creation of an MS Windows NT4 / 200x style group of
-CLASS="CHAPTER"
+	<i class="parameter"><tt>Engineering Managers</tt></i> will attempt to create an identically named
-BGCOLOR="#FFFFFF"
+	Unix/Linux group, an attempt that will of course fail!
-TEXT="#000000"
+	</p><p>
-LINK="#0000FF"
+	There are several possible work-arounds for the operating system tools limitation. One
-VLINK="#840084"
+	method is to use a script that generates a name for the Unix/Linux system group that
-ALINK="#0000FF"
+	fits the operating system limits, and that then just passes the Unix/Linux group id (GID)
-><DIV
+	back to the calling samba interface. This will provide a dynamic work-around solution.
-CLASS="NAVHEADER"
+	</p><p>
-><TABLE
+	Another work-around is to manually create a Unix/Linux group, then manually create the
-SUMMARY="Header navigation table"
+	MS Windows NT4 / 200x group on the Samba server and then use the <b class="command">net groupmap</b>
-WIDTH="100%"
+	tool to connect the two to each other.
-BORDER="0"
+	</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2921161"></a>Discussion</h2></div></div><div></div></div><p>
-CELLPADDING="0"
+	When installing <span class="application">MS Windows NT4 / 200x</span> on a computer, the installation
-CELLSPACING="0"
+	program creates default users and groups. Notably the <tt class="constant">Administrators</tt> group,
-><TR
+	and gives to that group privileges necessary privilidges to perform essential system tasks.
-><TH
+	eg: Ability to change the date and time or to kill any process (or close too) running on the
-COLSPAN="3"
+	local machine.
-ALIGN="center"
+	</p><p>
->SAMBA Project Documentation</TH
+	The 'Administrator' user is a member of the 'Administrators' group, and thus inherits
-></TR
+	'Administrators' group privileges. If a 'joe' user is created to be a member of the
-><TR
+	'Administrator' group, 'joe' has exactly the same rights as 'Administrator'.
-><TD
+	</p><p>
-WIDTH="10%"
+	When an MS Windows NT4 / W200x is made a domain member, the &quot;Domain Adminis&quot; group of the
-ALIGN="left"
+	PDC is added to the local 'Administrators' group of the workstation. Every member of the
-VALIGN="bottom"
+	'Domain Administrators' group inherits the rights of the local 'Administrators' group when
-><A
+	logging on the workstation.
-HREF="cvs-access.html"
+	</p><p>
-ACCESSKEY="P"
+	The following steps describe how to make samba PDC users members of the 'Domain Admins' group?
->Prev</A
+	</p><div class="orderedlist"><ol type="1"><li><p>
-></TD
+		create a unix group (usually in <tt class="filename">/etc/group</tt>), let's call it domadm
-><TD
+		</p></li><li><p>add to this group the users that must be Administrators. For example
-WIDTH="80%"
+		if you want joe,john and mary, your entry in <tt class="filename">/etc/group</tt> will
-ALIGN="center"
+		look like:
-VALIGN="bottom"
+		</p><pre class="programlisting">
-></TD
+		domadm:x:502:joe,john,mary
-><TD
+		</pre><p>
-WIDTH="10%"
+		</p></li><li><p>
-ALIGN="right"
+		Map this domadm group to the &quot;Domain Admins&quot; group by running the command:
-VALIGN="bottom"
+		</p><p>
-><A
+		</p><pre class="screen">
-HREF="speed.html"
+		<tt class="prompt">root# </tt><b class="userinput"><tt>net groupmap add ntgroup=&quot;Domain Admins&quot; unixgroup=domadm</tt></b>
-ACCESSKEY="N"
+		</pre><p>
->Next</A
+		</p><p>
-></TD
+		The quotes around &quot;Domain Admins&quot; are necessary due to the space in the group name.
-></TR
+		Also make sure to leave no whitespace surrounding the equal character (=).
-></TABLE
+		</p></li></ol></div><p>
-><HR
+	Now joe, john and mary are domain administrators!
-ALIGN="LEFT"
+	</p><p>
-WIDTH="100%"></DIV
+	It is possible to map any arbitrary UNIX group to any Windows NT4 / 200x group as well as
-><DIV
+	making any UNIX group a Windows domain group.  For example, if you wanted to include a
-CLASS="CHAPTER"
+	UNIX group (e.g. acct) in a ACL on a local file or printer on a domain member machine,
-><H1
+	you would flag that group as a domain group by running the following on the Samba PDC:
-><A
+	</p><p>
-NAME="GROUPMAPPING">Chapter 21. Group mapping HOWTO</H1
+	</p><pre class="screen">
-><P
+	<tt class="prompt">root# </tt><b class="userinput"><tt>net groupmap add rid=1000 ntgroup=&quot;Accounting&quot; unixgroup=acct</tt></b>
-> 
+	</pre><p>
-Starting with Samba 3.0 alpha 2, a new group mapping function is available. The
+	</p><p>
-current method (likely to change) to manage the groups is a new command called
+	Be aware that the RID parmeter is a unsigned 32 bit integer that should
-<B
+	normally start at 1000.  However, this rid must not overlap with any RID assigned
-CLASS="COMMAND"
+	to a user.  Verifying this is done differently depending on on the passdb backend 
->smbgroupedit</B
+	you are using.  Future versions of the tools may perform the verification automatically,
->.</P
+	but for now the burden is on you.
-><P
+	</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921352"></a>Example Configuration</h3></div></div><div></div></div><p>
->The first immediate reason to use the group mapping on a PDC, is that
+		You can list the various groups in the mapping database by executing 
-the <B
+		<b class="command">net groupmap list</b>.  Here is an example:
-CLASS="COMMAND"
+		</p><p>
->domain admin group</B
+		</p><pre class="screen">
-> of <TT
+		<tt class="prompt">root# </tt> <b class="userinput"><tt>net groupmap list</tt></b>
-CLASS="FILENAME"
+		System Administrators (S-1-5-21-2547222302-1596225915-2414751004-1002) -&gt; sysadmin
->smb.conf</TT
+		Domain Admins (S-1-5-21-2547222302-1596225915-2414751004-512) -&gt; domadmin
-> is 
+		Domain Users (S-1-5-21-2547222302-1596225915-2414751004-513) -&gt; domuser
-now gone. This parameter was used to give the listed users local admin rights 
+		Domain Guests (S-1-5-21-2547222302-1596225915-2414751004-514) -&gt; domguest
-on their workstations. It was some magic stuff that simply worked but didn't
+		</pre><p>
-scale very well for complex setups.</P
+		</p><p>
-><P
+		For complete details on <b class="command">net groupmap</b>, refer to the net(8) man page.
->Let me explain how it works on NT/W2K, to have this magic fade away.
+		</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2921416"></a>Configuration Scripts</h2></div></div><div></div></div><p>
-When installing NT/W2K on a computer, the installer program creates some users
+	Everyone needs tools. Some of us like to create our own, others prefer to use canned tools
-and groups. Notably the 'Administrators' group, and gives to that group some
+	(ie: prepared by someone else for general use). 
-privileges like the ability to change the date and time or to kill any process
+	</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921430"></a>Sample <tt class="filename">smb.conf</tt> add group script</h3></div></div><div></div></div><p>
-(or close too) running on the local machine. The 'Administrator' user is a
+		A script to great complying group names for use by the samba group interfaces:
-member of the 'Administrators' group, and thus 'inherit' the 'Administrators'
+		</p><p>
-group privileges. If a 'joe' user is created and become a member of the
+</p><div class="example"><a name="id2921453"></a><p class="title"><b>Example<EFBFBD>12.1.<2E>smbgrpadd.sh</b></p><pre class="programlisting">
-'Administrator' group, 'joe' has exactly the same rights as 'Administrator'.</P
+
-><P
+#!/bin/bash
->When a NT/W2K machine is joined to a domain, during that phase, the "Domain
+
-Administrators' group of the PDC is added to the 'Administrators' group of the
+# Add the group using normal system groupadd tool.
-workstation. Every members of the 'Domain Administrators' group 'inherit' the
+groupadd smbtmpgrp00
-rights of the 'Administrators' group when logging on the workstation.</P
+
-><P
+thegid=`cat /etc/group | grep smbtmpgrp00 | cut -d &quot;:&quot; -f3`
->You are now wondering how to make some of your samba PDC users members of the
+
-'Domain Administrators' ? That's really easy.</P
+# Now change the name to what we want for the MS Windows networking end
-><P
+cat /etc/group | sed s/smbtmpgrp00/$1/g &gt; /etc/group
-></P
+
-><OL
+# Now return the GID as would normally happen.
-TYPE="1"
+echo $thegid
-><LI
+exit 0
-><P
+</pre></div><p>
->create a unix group (usually in <TT
+</p><p>
-CLASS="FILENAME"
+		The <tt class="filename">smb.conf</tt> entry for the above script would look like:
->/etc/group</TT
+		</p><pre class="programlisting">
->), let's call it domadm</P
+		add group script = /path_to_tool/smbgrpadd.sh %g
-></LI
+		</pre><p>
-><LI
+		</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921498"></a>Script to configure Group Mapping</h3></div></div><div></div></div><p>
-><P
+	In our example we have created a Unix/Linux group called <i class="parameter"><tt>ntadmin</tt></i>.
->add to this group the users that must be Administrators. For example if you want joe,john and mary, your entry in <TT
+	Our script will create the additional groups <i class="parameter"><tt>Engineers, Marketoids, Gnomes</tt></i>:
-CLASS="FILENAME"
+	</p><p>
->/etc/group</TT
+</p><pre class="programlisting">
-> will look like:</P
+#!/bin/bash
-><P
+
-><PRE
+net groupmap modify ntgroup=&quot;Domain Admins&quot; unixgroup=ntadmin
-CLASS="PROGRAMLISTING"
+net groupmap modify ntgroup=&quot;Domain Users&quot; unixgroup=users
->domadm:x:502:joe,john,mary</PRE
+net groupmap modify ntgroup=&quot;Domain Guests&quot; unixgroup=nobody
-></P
+net groupmap modify ntgroup=&quot;Administrators&quot; unixgroup=root
-></LI
+net groupmap modify ntgroup=&quot;Users&quot; unixgroup=users
-><LI
+net groupmap modify ntgroup=&quot;Guests&quot; unixgroup=nobody
-><P
+net groupmap modify ntgroup=&quot;System Operators&quot; unixgroup=sys
->Map this domadm group to the <B
+net groupmap modify ntgroup=&quot;Account Operators&quot; unixgroup=root
-CLASS="COMMAND"
+net groupmap modify ntgroup=&quot;Backup Operators&quot; unixgroup=bin
->domain admins</B
+net groupmap modify ntgroup=&quot;Print Operators&quot; unixgroup=lp
-> group by running the command:</P
+net groupmap modify ntgroup=&quot;Replicators&quot; unixgroup=daemon
-><P
+net groupmap modify ntgroup=&quot;Power Users&quot; unixgroup=sys
-><B
+
-CLASS="COMMAND"
+#groupadd Engineers
->smbgroupedit -c "Domain Admins" -u domadm</B
+#groupadd Marketoids
-></P
+#groupadd Gnomes
-></LI
+
-></OL
+#net groupmap add ntgroup=&quot;Engineers&quot;  unixgroup=Engineers    type=d
-><P
+#net groupmap add ntgroup=&quot;Marketoids&quot; unixgroup=Marketoids   type=d
->You're set, joe, john and mary are domain administrators !</P
+#net groupmap add ntgroup=&quot;Gnomes&quot;     unixgroup=Gnomes       type=d
-><P
+</pre><p>
->Like the Domain Admins group, you can map any arbitrary Unix group to any NT
+</p><p>
-group. You can also make any Unix group a domain group. For example, on a domain
+	Of course it is expected that the admininstrator will modify this to suit local needs.
-member machine (an NT/W2K or a samba server running winbind), you would like to
+	For information regarding the use of the <b class="command">net groupmap</b> tool please
-give access to a certain directory to some users who are member of a group on
+	refer to the man page.
-your samba PDC. Flag that group as a domain group by running:</P
+	</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2921590"></a>Common Errors</h2></div></div><div></div></div><p>
-><P
+At this time there are many little surprises for the unwary administrator. In a real sense
-><B
+it is imperative that every step of automated control scripts must be carefully tested
-CLASS="COMMAND"
+manually before putting them into active service.
->smbgroupedit -a unixgroup -td</B
+</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921606"></a>Adding Groups Fails</h3></div></div><div></div></div><p>
-></P
+		This is a common problem when the <b class="command">groupadd</b> is called directly
-><P
+		by the samba interface script for the <i class="parameter"><tt>add group script</tt></i> in
->You can list the various groups in the mapping database like this</P
+		the <tt class="filename">smb.conf</tt> file.
-><P
+		</p><p>
-><B
+		The most common cause of failure is an attempt to add an MS Windows group acocunt
-CLASS="COMMAND"
+		that has either an upper case character and/or a space character in it.
->smbgroupedit -v</B
+		</p><p>
-></P
+		There are three possible work-arounds. Firstly, use only group names that comply
-></DIV
+		with the limitations of the Unix/Linux <b class="command">groupadd</b> system tool.
-><DIV
+		The second involves use of the script mentioned earlier in this chapter, and the
-CLASS="NAVFOOTER"
+		third option is to manually create a Unix/Linux group account that can substitute
-><HR
+		for the MS Windows group name, then use the procedure listed above to map that group
-ALIGN="LEFT"
+		to the MS Windows group.
-WIDTH="100%"><TABLE
+		</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2921666"></a>Adding MS Windows Groups to MS Windows Groups Fails</h3></div></div><div></div></div><p>
-SUMMARY="Footer navigation table"
+		Samba-3 does NOT support nested groups from the MS Windows control environment.
-WIDTH="100%"
+		</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="passdb.html">Prev</a><EFBFBD></td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"><EFBFBD><a accesskey="n" href="AccessControls.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter<EFBFBD>11.<2E>Account Information Databases<65></td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"><EFBFBD>Chapter<EFBFBD>13.<2E>File, Directory and Share Access Controls</td></tr></table></div></body></html>
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
 HREF="cvs-access.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="samba-howto-collection.html"
 ACCESSKEY="H"
 >Home</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
 HREF="speed.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 >HOWTO Access Samba source code via CVS</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="optional.html"
 ACCESSKEY="U"
 >Up</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 >Samba performance issues</TD
 ></TR
 ></TABLE
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/install.html
+++ b/docs/htmldocs/install.html
--- a/docs/htmldocs/integrate-ms-networks.html
+++ b/docs/htmldocs/integrate-ms-networks.html
--- a/docs/htmldocs/introduction.html
+++ b/docs/htmldocs/introduction.html
@ -1,421 +1,5 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part<EFBFBD>I.<2E>General Installation</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="index.html" title="SAMBA Project Documentation"><link rel="previous" href="index.html" title="SAMBA Project Documentation"><link rel="next" href="IntroSMB.html" title="Chapter<65>1.<2E>Introduction to Samba"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part<EFBFBD>I.<2E>General Installation</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="index.html">Prev</a><EFBFBD></td><th width="60%" align="center"><EFBFBD></th><td width="20%" align="right"><EFBFBD><a accesskey="n" href="IntroSMB.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="introduction"></a>General Installation</h1></div></div><div></div></div><div class="partintro" lang="en"><div><div><div><h1 class="title"><a name="id2884272"></a>Preparing Samba for Configuration</h1></div></div><div></div></div><p>This section of the Samba-HOWTO-Collection contains general info on how to install samba 
 <HTML
 ><HEAD
 ><TITLE
 >General installation</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
 "><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
 REL="PREVIOUS"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
 REL="NEXT"
 TITLE="How to Install and Test SAMBA"
 HREF="install.html"></HEAD
 ><BODY
 CLASS="PART"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><DIV
 CLASS="NAVHEADER"
 ><TABLE
 SUMMARY="Header navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TH
 COLSPAN="3"
 ALIGN="center"
 >SAMBA Project Documentation</TH
 ></TR
 ><TR
 ><TD
 WIDTH="10%"
 ALIGN="left"
 VALIGN="bottom"
 ><A
 HREF="samba-howto-collection.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="80%"
 ALIGN="center"
 VALIGN="bottom"
 ></TD
 ><TD
 WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 ><A
 HREF="install.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ></TABLE
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"></DIV
 ><DIV
 CLASS="PART"
 ><A
 NAME="INTRODUCTION"><DIV
 CLASS="TITLEPAGE"
 ><H1
 CLASS="TITLE"
 >I. General installation</H1
 ><DIV
 CLASS="PARTINTRO"
 ><A
 NAME="AEN21"><H1
 >Introduction</H1
 ><P
 >This part contains general info on how to install samba 
 and how to configure the parts of samba you will most likely need.
-PLEASE read this.</P
+PLEASE read this.</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt>1. <a href="IntroSMB.html">Introduction to Samba</a></dt><dd><dl><dt><a href="IntroSMB.html#id2885554">Background</a></dt><dt><a href="IntroSMB.html#id2885765">Terminology</a></dt><dt><a href="IntroSMB.html#id2885920">Related Projects</a></dt><dt><a href="IntroSMB.html#id2885988">SMB Methodology</a></dt><dt><a href="IntroSMB.html#id2886076">Epilogue</a></dt><dt><a href="IntroSMB.html#id2886150">Miscellaneous</a></dt></dl></dd><dt>2. <a href="install.html">How to Install and Test SAMBA</a></dt><dd><dl><dt><a href="install.html#id2886809">Obtaining and installing samba</a></dt><dt><a href="install.html#id2886850">Configuring samba (smb.conf)</a></dt><dd><dl><dt><a href="install.html#id2886887">Example Configuration</a></dt><dt><a href="install.html#id2887037">SWAT</a></dt></dl></dd><dt><a href="install.html#id2887081">Try listing the shares available on your 
-></DIV
+	server</a></dt><dt><a href="install.html#id2887132">Try connecting with the unix client</a></dt><dt><a href="install.html#id2887232">Try connecting from a DOS, WfWg, Win9x, WinNT, 
-><DIV
+	Win2k, OS/2, etc... client</a></dt><dt><a href="install.html#id2887296">What If Things Don't Work?</a></dt><dt><a href="install.html#id2887329">Common Errors</a></dt><dd><dl><dt><a href="install.html#id2887342">Why are so many smbd processes eating memory?</a></dt><dt><a href="install.html#id2887558">I'm getting &quot;open_oplock_ipc: Failed to get local UDP socket for address 100007f. Error was Cannot assign requested&quot; in the logs</a></dt></dl></dd></dl></dd><dt>3. <a href="FastStart.html">FastStart for the Impatient</a></dt><dd><dl><dt><a href="FastStart.html#id2886685">Note</a></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="index.html">Prev</a><EFBFBD></td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"><EFBFBD><a accesskey="n" href="IntroSMB.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">SAMBA Project Documentation<6F></td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"><EFBFBD>Chapter<EFBFBD>1.<2E>Introduction to Samba</td></tr></table></div></body></html>
 CLASS="TOC"
 ><DL
 ><DT
 ><B
 >Table of Contents</B
 ></DT
 ><DT
 >1. <A
 HREF="install.html"
 >How to Install and Test SAMBA</A
 ></DT
 ><DD
 ><DL
 ><DT
 >1.1. <A
 HREF="install.html#AEN26"
 >Read the man pages</A
 ></DT
 ><DT
 >1.2. <A
 HREF="install.html#AEN36"
 >Building the Binaries</A
 ></DT
 ><DT
 >1.3. <A
 HREF="install.html#AEN64"
 >The all important step</A
 ></DT
 ><DT
 >1.4. <A
 HREF="install.html#AEN68"
 >Create the smb configuration file.</A
 ></DT
 ><DT
 >1.5. <A
 HREF="install.html#AEN82"
 >Test your config file with 
 	<B
 CLASS="COMMAND"
 >testparm</B
 ></A
 ></DT
 ><DT
 >1.6. <A
 HREF="install.html#AEN90"
 >Starting the smbd and nmbd</A
 ></DT
 ><DD
 ><DL
 ><DT
 >1.6.1. <A
 HREF="install.html#AEN100"
 >Starting from inetd.conf</A
 ></DT
 ><DT
 >1.6.2. <A
 HREF="install.html#AEN129"
 >Alternative: starting it as a daemon</A
 ></DT
 ></DL
 ></DD
 ><DT
 >1.7. <A
 HREF="install.html#AEN145"
 >Try listing the shares available on your 
 	server</A
 ></DT
 ><DT
 >1.8. <A
 HREF="install.html#AEN154"
 >Try connecting with the unix client</A
 ></DT
 ><DT
 >1.9. <A
 HREF="install.html#AEN170"
 >Try connecting from a DOS, WfWg, Win9x, WinNT, 
 	Win2k, OS/2, etc... client</A
 ></DT
 ><DT
 >1.10. <A
 HREF="install.html#AEN184"
 >What If Things Don't Work?</A
 ></DT
 ><DD
 ><DL
 ><DT
 >1.10.1. <A
 HREF="install.html#AEN189"
 >Diagnosing Problems</A
 ></DT
 ><DT
 >1.10.2. <A
 HREF="install.html#AEN193"
 >Scope IDs</A
 ></DT
 ><DT
 >1.10.3. <A
 HREF="install.html#AEN196"
 >Choosing the Protocol Level</A
 ></DT
 ><DT
 >1.10.4. <A
 HREF="install.html#AEN205"
 >Printing from UNIX to a Client PC</A
 ></DT
 ><DT
 >1.10.5. <A
 HREF="install.html#AEN210"
 >Locking</A
 ></DT
 ><DT
 >1.10.6. <A
 HREF="install.html#AEN219"
 >Mapping Usernames</A
 ></DT
 ></DL
 ></DD
 ></DL
 ></DD
 ><DT
 >2. <A
 HREF="improved-browsing.html"
 >Improved browsing in samba</A
 ></DT
 ><DD
 ><DL
 ><DT
 >2.1. <A
 HREF="improved-browsing.html#AEN229"
 >Overview of browsing</A
 ></DT
 ><DT
 >2.2. <A
 HREF="improved-browsing.html#AEN233"
 >Browsing support in samba</A
 ></DT
 ><DT
 >2.3. <A
 HREF="improved-browsing.html#AEN242"
 >Problem resolution</A
 ></DT
 ><DT
 >2.4. <A
 HREF="improved-browsing.html#AEN249"
 >Browsing across subnets</A
 ></DT
 ><DD
 ><DL
 ><DT
 >2.4.1. <A
 HREF="improved-browsing.html#AEN254"
 >How does cross subnet browsing work ?</A
 ></DT
 ></DL
 ></DD
 ><DT
 >2.5. <A
 HREF="improved-browsing.html#AEN289"
 >Setting up a WINS server</A
 ></DT
 ><DT
 >2.6. <A
 HREF="improved-browsing.html#AEN308"
 >Setting up Browsing in a WORKGROUP</A
 ></DT
 ><DT
 >2.7. <A
 HREF="improved-browsing.html#AEN326"
 >Setting up Browsing in a DOMAIN</A
 ></DT
 ><DT
 >2.8. <A
 HREF="improved-browsing.html#AEN336"
 >Forcing samba to be the master</A
 ></DT
 ><DT
 >2.9. <A
 HREF="improved-browsing.html#AEN345"
 >Making samba the domain master</A
 ></DT
 ><DT
 >2.10. <A
 HREF="improved-browsing.html#AEN363"
 >Note about broadcast addresses</A
 ></DT
 ><DT
 >2.11. <A
 HREF="improved-browsing.html#AEN366"
 >Multiple interfaces</A
 ></DT
 ></DL
 ></DD
 ><DT
 >3. <A
 HREF="browsing-quick.html"
 >Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</A
 ></DT
 ><DD
 ><DL
 ><DT
 >3.1. <A
 HREF="browsing-quick.html#AEN377"
 >Discussion</A
 ></DT
 ><DT
 >3.2. <A
 HREF="browsing-quick.html#AEN385"
 >Use of the "Remote Announce" parameter</A
 ></DT
 ><DT
 >3.3. <A
 HREF="browsing-quick.html#AEN399"
 >Use of the "Remote Browse Sync" parameter</A
 ></DT
 ><DT
 >3.4. <A
 HREF="browsing-quick.html#AEN404"
 >Use of WINS</A
 ></DT
 ><DT
 >3.5. <A
 HREF="browsing-quick.html#AEN415"
 >Do NOT use more than one (1) protocol on MS Windows machines</A
 ></DT
 ><DT
 >3.6. <A
 HREF="browsing-quick.html#AEN421"
 >Name Resolution Order</A
 ></DT
 ></DL
 ></DD
 ><DT
 >4. <A
 HREF="pwencrypt.html"
 >LanMan and NT Password Encryption in Samba</A
 ></DT
 ><DD
 ><DL
 ><DT
 >4.1. <A
 HREF="pwencrypt.html#AEN457"
 >Introduction</A
 ></DT
 ><DT
 >4.2. <A
 HREF="pwencrypt.html#AEN462"
 >Important Notes About Security</A
 ></DT
 ><DD
 ><DL
 ><DT
 >4.2.1. <A
 HREF="pwencrypt.html#AEN481"
 >Advantages of SMB Encryption</A
 ></DT
 ><DT
 >4.2.2. <A
 HREF="pwencrypt.html#AEN488"
 >Advantages of non-encrypted passwords</A
 ></DT
 ></DL
 ></DD
 ><DT
 >4.3. <A
 HREF="pwencrypt.html#AEN497"
 >The smbpasswd Command</A
 ></DT
 ></DL
 ></DD
 ></DL
 ></DIV
 ></DIV
 ></DIV
 ><DIV
 CLASS="NAVFOOTER"
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"><TABLE
 SUMMARY="Footer navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
 HREF="samba-howto-collection.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="samba-howto-collection.html"
 ACCESSKEY="H"
 >Home</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
 HREF="install.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 >SAMBA Project Documentation</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 >&nbsp;</TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 >How to Install and Test SAMBA</TD
 ></TR
 ></TABLE
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/lmhosts.5.html
+++ b/docs/htmldocs/lmhosts.5.html
@ -1,210 +1,37 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>lmhosts</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="lmhosts.5"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>lmhosts &#8212; The Samba NetBIOS hosts file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><tt class="filename">lmhosts</tt> is the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> NetBIOS name to IP address mapping file.</p></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This file is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><tt class="filename">lmhosts</tt> is the <span class="emphasis"><em>Samba
-<HTML
+	</em></span> NetBIOS name to IP address mapping file.  It 
-><HEAD
+	is very similar to the <tt class="filename">/etc/hosts</tt> file 
 ><TITLE
 >lmhosts</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="LMHOSTS"
 ></A
 >lmhosts</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >lmhosts&nbsp;--&nbsp;The Samba NetBIOS hosts file</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><TT
 CLASS="FILENAME"
 >lmhosts</TT
 > is the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > NetBIOS name to IP address mapping file.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN12"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This file is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 ><TT
 CLASS="FILENAME"
 >lmhosts</TT
 > is the <SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >Samba
 	</I
 ></SPAN
 > NetBIOS name to IP address mapping file.  It 
 	is very similar to the <TT
 CLASS="FILENAME"
 >/etc/hosts</TT
 > file 
 	format, except that the hostname component must correspond 
-	to the NetBIOS naming format.</P
+	to the NetBIOS naming format.</p></div><div class="refsect1" lang="en"><h2>FILE FORMAT</h2><p>It is an ASCII file containing one line for NetBIOS name. 
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN20"
 ></A
 ><H2
 >FILE FORMAT</H2
 ><P
 >It is an ASCII file containing one line for NetBIOS name. 
 	The two fields on each line are separated from each other by 
 	white space. Any entry beginning with '#' is ignored. Each line 
-	in the lmhosts file contains the following information :</P
+	in the lmhosts file contains the following information:</p><div class="itemizedlist"><ul type="disc"><li><p>IP Address - in dotted decimal format.</p></li><li><p>NetBIOS Name - This name format is a 
 ><P
 ></P
 ><UL
 ><LI
 ><P
 >IP Address - in dotted decimal format.</P
 ></LI
 ><LI
 ><P
 >NetBIOS Name - This name format is a 
 		maximum fifteen character host name, with an optional 
 		trailing '#' character followed by the NetBIOS name type 
-		as two hexadecimal digits.</P
+		as two hexadecimal digits.</p><p>If the trailing '#' is omitted then the given IP 
 ><P
 >If the trailing '#' is omitted then the given IP 
 		address will be returned for all names that match the given 
-		name, whatever the NetBIOS name type in the lookup.</P
+		name, whatever the NetBIOS name type in the lookup.</p></li></ul></div><p>An example follows:</p><pre class="programlisting">
-></LI
+#
 ></UL
 ><P
 >An example follows :</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 >#
 # Sample Samba lmhosts file.
 #
 192.9.200.1	TESTPC
 192.9.200.20	NTSERVER#20
 192.9.200.21	SAMBASERVER
-	</PRE
+	</pre><p>Contains three IP to NetBIOS name mappings. The first 
-></P
+	and third will be returned for any queries for the names &quot;TESTPC&quot; 
-><P
+	and &quot;SAMBASERVER&quot; respectively, whatever the type component of 
->Contains three IP to NetBIOS name mappings. The first 
+	the NetBIOS name requested.</p><p>The second mapping will be returned only when the &quot;0x20&quot; name 
-	and third will be returned for any queries for the names "TESTPC" 
+	type for a name &quot;NTSERVER&quot; is queried. Any other name type will not 
-	and "SAMBASERVER" respectively, whatever the type component of 
+	be resolved.</p><p>The default location of the <tt class="filename">lmhosts</tt> file 
-	the NetBIOS name requested.</P
+	is in the same directory as the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, and <a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>
-><P
+	</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 >The second mapping will be returned only when the "0x20" name 
 	type for a name "NTSERVER" is queried. Any other name type will not 
 	be resolved.</P
 ><P
 >The default location of the <TT
 CLASS="FILENAME"
 >lmhosts</TT
 > file 
 	is in the same directory as the <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 > 		
 	smb.conf(5)&#62;</A
 > file.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN37"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 2.2 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN40"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="smbclient.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbclient(1)
 	</B
 ></A
 >, <A
 HREF="smb.conf.5.html#NAMERESOLVEORDER"
 TARGET="_top"
 >	smb.conf(5)</A
 >, and <A
 HREF="smbpasswd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >	smbpasswd(8)</B
 ></A
 >
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN48"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
 	excellent piece of Open Source software, available at
-	<A
+	<a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-HREF="ftp://ftp.icce.rug.nl/pub/unix/"
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook
-></DIV
+	XML 4.2 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/msdfs.html
+++ b/docs/htmldocs/msdfs.html
@ -1,321 +1,62 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter<EFBFBD>17.<2E>Hosting a Microsoft Distributed File System tree on Samba</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part<72>III.<2E>Advanced Configuration"><link rel="previous" href="InterdomainTrusts.html" title="Chapter<65>16.<2E>Interdomain Trust Relationships"><link rel="next" href="printing.html" title="Chapter<65>18.<2E>Classical Printing Support"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter<EFBFBD>17.<2E>Hosting a Microsoft Distributed File System tree on Samba</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="InterdomainTrusts.html">Prev</a><EFBFBD></td><th width="60%" align="center">Part<EFBFBD>III.<2E>Advanced Configuration</th><td width="20%" align="right"><EFBFBD><a accesskey="n" href="printing.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="msdfs"></a>Chapter<EFBFBD>17.<2E>Hosting a Microsoft Distributed File System tree on Samba</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Shirish</span> <span class="surname">Kalele</span></h3><div class="affiliation"><span class="orgname">Samba Team &amp; Veritas Software<br></span><div class="address"><p><br>
-<HTML
+				<tt class="email">&lt;<a href="mailto:samba@samba.org">samba@samba.org</a>&gt;</tt><br>
-><HEAD
+			</p></div></div></div></div><div><p class="pubdate">12 Jul 2000</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="msdfs.html#id2932887">Features and Benefits</a></dt><dt><a href="msdfs.html#id2934539">Common Errors</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2932887"></a>Features and Benefits</h2></div></div><div></div></div><p>
-><TITLE
+	The Distributed File System (or DFS) provides a means of separating the logical
->Hosting a Microsoft Distributed File System tree on Samba</TITLE
+	view of files and directories that users see from the actual physical locations
-><META
+	of these resources on the network. It allows for higher availability, smoother
-NAME="GENERATOR"
+	storage expansion, load balancing etc.
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
+	</p><p>
-"><LINK
+	For information about DFS, refer to
-REL="HOME"
+	<a href="http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp" target="_top">
-TITLE="SAMBA Project Documentation"
+	Microsoft documentation at http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp</a>.
-HREF="samba-howto-collection.html"><LINK
+	</p><p>
-REL="UP"
+	This document explains how to host a DFS tree on a Unix machine (for DFS-aware
-TITLE="Optional configuration"
+	clients to browse) using Samba.
-HREF="optional.html"><LINK
+	</p><p>
-REL="PREVIOUS"
+	To enable SMB-based DFS for Samba, configure it with the <i class="parameter"><tt>--with-msdfs</tt></i>
-TITLE="Configuring PAM for distributed but centrally 
+	option. Once built, a Samba server can be made a DFS server by setting the global 
-managed authentication"
+	boolean <a href="smb.conf.5.html#HOSTMSDFS" target="_top"><i class="parameter"><tt> host msdfs</tt></i></a>
-HREF="pam.html"><LINK
+	parameter in the <tt class="filename">smb.conf </tt> file. You designate a share as a DFS
-REL="NEXT"
+	root using the share level boolean <a href="smb.conf.5.html#MSDFSROOT" target="_top"><i class="parameter"><tt>
-TITLE="Printing Support"
+	msdfs root</tt></i></a> parameter. A DFS root directory on Samba hosts DFS
-HREF="printing.html"></HEAD
+	links in the form of symbolic links that point to other servers. For example, a symbolic link
-><BODY
+	<tt class="filename">junction-&gt;msdfs:storage1\share1</tt> in the share directory acts
-CLASS="CHAPTER"
+	as the DFS junction. When DFS-aware clients attempt to access the junction link,
-BGCOLOR="#FFFFFF"
+	they are redirected to the storage location (in this case, \\storage1\share1).
-TEXT="#000000"
+	</p><p>
-LINK="#0000FF"
+	DFS trees on Samba work with all DFS-aware clients ranging from Windows 95 to 200x.
-VLINK="#840084"
+	</p><p>
-ALINK="#0000FF"
+	Here's an example of setting up a DFS tree on a Samba server.
-><DIV
+	</p><pre class="programlisting">
-CLASS="NAVHEADER"
+# The smb.conf file:
 ><TABLE
 SUMMARY="Header navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TH
 COLSPAN="3"
 ALIGN="center"
 >SAMBA Project Documentation</TH
 ></TR
 ><TR
 ><TD
 WIDTH="10%"
 ALIGN="left"
 VALIGN="bottom"
 ><A
 HREF="pam.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="80%"
 ALIGN="center"
 VALIGN="bottom"
 ></TD
 ><TD
 WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 ><A
 HREF="printing.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ></TABLE
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"></DIV
 ><DIV
 CLASS="CHAPTER"
 ><H1
 ><A
 NAME="MSDFS">Chapter 13. Hosting a Microsoft Distributed File System tree on Samba</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN1859">13.1. Instructions</H1
 ><P
 >The Distributed File System (or Dfs) provides a means of 
 	separating the logical view of files and directories that users 
 	see from the actual physical locations of these resources on the 
 	network. It allows for higher availability, smoother storage expansion, 
 	load balancing etc. For more information about Dfs, refer to  <A
 HREF="http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp"
 TARGET="_top"
 >	Microsoft documentation</A
 >. </P
 ><P
 >This document explains how to host a Dfs tree on a Unix 
 	machine (for Dfs-aware clients to browse) using Samba.</P
 ><P
 >To enable SMB-based DFS for Samba, configure it with the 
 	<TT
 CLASS="PARAMETER"
 ><I
 >--with-msdfs</I
 ></TT
 > option. Once built, a 
 	Samba server can be made a Dfs server by setting the global 
 	boolean <A
 HREF="smb.conf.5.html#HOSTMSDFS"
 TARGET="_top"
 ><TT
 CLASS="PARAMETER"
 ><I
 >	host msdfs</I
 ></TT
 ></A
 > parameter in the <TT
 CLASS="FILENAME"
 >smb.conf
 	</TT
 > file. You designate a share as a Dfs root using the share 
 	level boolean <A
 HREF="smb.conf.5.html#MSDFSROOT"
 TARGET="_top"
 ><TT
 CLASS="PARAMETER"
 ><I
 >	msdfs root</I
 ></TT
 ></A
 > parameter. A Dfs root directory on 
 	Samba hosts Dfs links in the form of symbolic links that point 
 	to other servers. For example, a symbolic link
 	<TT
 CLASS="FILENAME"
 >junction-&gt;msdfs:storage1\share1</TT
 > in 
 	the share directory acts as the Dfs junction. When Dfs-aware 
 	clients attempt to access the junction link, they are redirected 
 	to the storage location (in this case, \\storage1\share1).</P
 ><P
 >Dfs trees on Samba work with all Dfs-aware clients ranging 
 	from Windows 95 to 2000.</P
 ><P
 >Here's an example of setting up a Dfs tree on a Samba 
 	server.</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 ># The smb.conf file:
 [global]
-	netbios name = SAMBA
+	netbios name = SMOKEY
 	host msdfs   = yes
 [dfs]
 	path = /export/dfsroot
 	msdfs root = yes
-	</PRE
+	</pre><p>In the /export/dfsroot directory we set up our dfs links to 
-></P
+	other servers on the network.</p><pre class="screen">
-><P
+	<tt class="prompt">root# </tt><b class="userinput"><tt>cd /export/dfsroot</tt></b>
->In the /export/dfsroot directory we set up our dfs links to 
+	<tt class="prompt">root# </tt><b class="userinput"><tt>chown root /export/dfsroot</tt></b>
-	other servers on the network.</P
+	<tt class="prompt">root# </tt><b class="userinput"><tt>chmod 755 /export/dfsroot</tt></b>
-><P
+	<tt class="prompt">root# </tt><b class="userinput"><tt>ln -s msdfs:storageA\\shareA linka</tt></b>
-><TT
+	<tt class="prompt">root# </tt><b class="userinput"><tt>ln -s msdfs:serverB\\share,serverC\\share linkb</tt></b>
-CLASS="PROMPT"
+	</pre><p>You should set up the permissions and ownership of 
->root# </TT
+	the directory acting as the DFS root such that only designated 
 ><TT
 CLASS="USERINPUT"
 ><B
 >cd /export/dfsroot</B
 ></TT
 ></P
 ><P
 ><TT
 CLASS="PROMPT"
 >root# </TT
 ><TT
 CLASS="USERINPUT"
 ><B
 >chown root /export/dfsroot</B
 ></TT
 ></P
 ><P
 ><TT
 CLASS="PROMPT"
 >root# </TT
 ><TT
 CLASS="USERINPUT"
 ><B
 >chmod 755 /export/dfsroot</B
 ></TT
 ></P
 ><P
 ><TT
 CLASS="PROMPT"
 >root# </TT
 ><TT
 CLASS="USERINPUT"
 ><B
 >ln -s msdfs:storageA\\shareA linka</B
 ></TT
 ></P
 ><P
 ><TT
 CLASS="PROMPT"
 >root# </TT
 ><TT
 CLASS="USERINPUT"
 ><B
 >ln -s msdfs:serverB\\share,serverC\\share linkb</B
 ></TT
 ></P
 ><P
 >You should set up the permissions and ownership of 
 	the directory acting as the Dfs root such that only designated 
 	users can create, delete or modify the msdfs links. Also note 
 	that symlink names should be all lowercase. This limitation exists 
 	to have Samba avoid trying all the case combinations to get at 
 	the link name. Finally set up the symbolic links to point to the 
-	network shares you want, and start Samba.</P
+	network shares you want, and start Samba.</p><p>Users on DFS-aware clients can now browse the DFS tree 
 ><P
 >Users on Dfs-aware clients can now browse the Dfs tree 
 	on the Samba server at \\samba\dfs. Accessing 
 	links linka or linkb (which appear as directories to the client) 
-	takes users directly to the appropriate shares on the network.</P
+	takes users directly to the appropriate shares on the network.</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2934539"></a>Common Errors</h2></div></div><div></div></div><div class="itemizedlist"><ul type="disc"><li><p>Windows clients need to be rebooted 
 ><DIV
 CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
 NAME="AEN1894">13.1.1. Notes</H2
 ><P
 ></P
 ><UL
 ><LI
 ><P
 >Windows clients need to be rebooted 
 		if a previously mounted non-dfs share is made a dfs 
 		root or vice versa. A better way is to introduce a 
-			new share and make it the dfs root.</P
+		new share and make it the dfs root.</p></li><li><p>Currently there's a restriction that msdfs 
-></LI
+		symlink names should all be lowercase.</p></li><li><p>For security purposes, the directory 
-><LI
+		acting as the root of the DFS tree should have ownership 
 ><P
 >Currently there's a restriction that msdfs 
 			symlink names should all be lowercase.</P
 ></LI
 ><LI
 ><P
 >For security purposes, the directory 
 			acting as the root of the Dfs tree should have ownership 
 		and permissions set so that only designated users can 
-			modify the symbolic links in the directory.</P
+		modify the symbolic links in the directory.</p></li></ul></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="InterdomainTrusts.html">Prev</a><EFBFBD></td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"><EFBFBD><a accesskey="n" href="printing.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter<EFBFBD>16.<2E>Interdomain Trust Relationships<70></td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"><EFBFBD>Chapter<EFBFBD>18.<2E>Classical Printing Support</td></tr></table></div></body></html>
 ></LI
 ></UL
 ></DIV
 ></DIV
 ></DIV
 ><DIV
 CLASS="NAVFOOTER"
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"><TABLE
 SUMMARY="Footer navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
 HREF="pam.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="samba-howto-collection.html"
 ACCESSKEY="H"
 >Home</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
 HREF="printing.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 >Configuring PAM for distributed but centrally 
 managed authentication</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="optional.html"
 ACCESSKEY="U"
 >Up</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 >Printing Support</TD
 ></TR
 ></TABLE
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/net.8.html
+++ b/docs/htmldocs/net.8.html
@ -1,403 +1,146 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>net</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="net.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>net &#8212; Tool for administration of Samba and remote
-<HTML
+	CIFS servers.
-><HEAD
+	</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">net</tt>  {&lt;ads|rap|rpc&gt;} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-l] [-P] [-D debuglevel]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>The samba net utility is meant to work just like the net utility 
-><TITLE
+	available for windows and DOS. The first argument should be used 
->net</TITLE
+	to specify the protocol to use when executing a certain command. 
-><META
+	ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) 
-NAME="GENERATOR"
+	clients and RPC can be used for NT4 and Windows 2000. If this 
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+	argument is omitted, net will try to determine it automatically. 
-><BODY
+	Not all commands are available on all protocols.
-CLASS="REFENTRY"
+	</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-BGCOLOR="#FFFFFF"
+</p></dd><dt><span class="term">-w target-workgroup</span></dt><dd><p>
-TEXT="#000000"
+		Sets target workgroup or domain. You have to specify 
-LINK="#0000FF"
+		either this option or the IP address or the name of a server.
-VLINK="#840084"
+		</p></dd><dt><span class="term">-W workgroup</span></dt><dd><p>
-ALINK="#0000FF"
+		Sets client workgroup or domain
-><H1
+		</p></dd><dt><span class="term">-U user</span></dt><dd><p>
-><A
+		User name to use
-NAME="NET"
+		</p></dd><dt><span class="term">-I ip-address</span></dt><dd><p>
-></A
+		IP address of target server to use. You have to
->net</H1
+		specify either this option or a target workgroup or
-><DIV
+		a target server.
-CLASS="REFNAMEDIV"
+		</p></dd><dt><span class="term">-p port</span></dt><dd><p>
-><A
+		Port on the target server to connect to (usually 139 or 445). 
-NAME="AEN5"
+		Defaults to trying 445 first, then 139.
-></A
+		</p></dd><dt><span class="term">-n &lt;primary NetBIOS name&gt;</span></dt><dd><p>This option allows you to override
-><H2
+the NetBIOS name that Samba uses for itself. This is identical
->Name</H2
+to setting the <a href="smb.conf.5.html#netbiosname" target="_top"><i class="parameter"><tt>NetBIOS
->net&nbsp;--&nbsp;Tool for administration of Samba and remote
+name</tt></i></a> parameter in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file.  However, a command
-	CIFS servers.</DIV
+line setting will take precedence over settings in
-><DIV
+<a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
-CLASS="REFSYNOPSISDIV"
+configuration details required by the server.  The 
-><A
+information in this file includes server-specific
-NAME="AEN8"
+information such as what printcap file to use, as well 
-></A
+as descriptions of all the services that the server is 
-><H2
+to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
->Synopsis</H2
+smb.conf(5)</tt></a> for more information.
-><P
+The default configuration file name is determined at 
-><B
+compile time.</p></dd><dt><span class="term">-S server</span></dt><dd><p>
-CLASS="COMMAND"
+		Name of target server. You should specify either 
->net</B
+		this option or a target workgroup or a target IP address.
->  {&lt;ads|rap|rpc&gt;} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address] [-p port] [-n myname] [-s conffile] [-S server] [-C comment] [-M maxusers] [-F flags] [-j jobid] [-l] [-r] [-f] [-t timeout] [-P] [-D debuglevel]</P
+		</p></dd><dt><span class="term">-l</span></dt><dd><p>
-></DIV
+		When listing data, give more information on each item.
-><DIV
+		</p></dd><dt><span class="term">-P</span></dt><dd><p>
-CLASS="REFSECT1"
+		Make queries to the external server using the machine account of the local server.
-><A
+		</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer 
-NAME="AEN31"
+from 0 to 10.  The default value if this parameter is 
-></A
+not specified is zero.</p><p>The higher this value, the more detail will be 
-><H2
+logged to the log files about the activities of the 
->DESCRIPTION</H2
+server. At level 0, only critical errors and serious 
-><P
+warnings will be logged. Level 1 is a reasonable level for
->This tool is part of the <A
+day to day running - it generates a small amount of 
-HREF="samba.7.html"
+information about operations carried out.</p><p>Levels above 1 will generate considerable 
-TARGET="_top"
+amounts of log data, and should only be used when 
->	Samba</A
+investigating a problem. Levels above 3 are designed for 
-> suite.</P
+use only by developers and generate HUGE amounts of log
-><P
+data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will 
->The samba net utility is meant to work just like the net utility 
+override the <a href="smb.conf.5.html#loglevel" target="_top">log
-	available for windows and DOS.</P
+level</a> parameter in the <a href="smb.conf.5.html" target="_top">
-></DIV
+<tt class="filename">smb.conf(5)</tt></a> file.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>COMMANDS</h2><div class="refsect2" lang="en"><h3>TIME</h3><p>The <b class="command">NET TIME</b> command allows you to view the time on a remote server
-><DIV
+	or synchronise the time on the local server with the time on the remote server.</p><div class="refsect3" lang="en"><h4>TIME</h4><p>Without any options, the <b class="command">NET TIME</b> command 
-CLASS="REFSECT1"
+displays the time on the remote server.
-><A
+</p></div><div class="refsect3" lang="en"><h4>TIME SYSTEM</h4><p> Displays the time on the remote server in a format ready for <b class="command">/bin/date</b></p></div><div class="refsect3" lang="en"><h4>TIME SET</h4><p>Tries to set the date and time of the local server to that on 
-NAME="AEN36"
+the remote server using <b class="command">/bin/date</b>. </p></div><div class="refsect3" lang="en"><h4>TIME ZONE</h4><p>Displays the timezone in hours from GMT on the remote computer.</p></div></div><div class="refsect2" lang="en"><h3>[RPC|ADS] JOIN [TYPE] [-U username[%password]] [options]</h3><p>
-></A
+Join a domain.  If the account already exists on the server, and 
-><H2
+[TYPE] is MEMBER, the machine will attempt to join automatically. 
->OPTIONS</H2
+(Assuming that the machine has been created in server manager)
-><P
+Otherwise, a password will be prompted for, and a new account may
-></P
+be created.</p><p>
-><DIV
+[TYPE] may be PDC, BDC or MEMBER to specify the type of server
-CLASS="VARIABLELIST"
+joining the domain.
-><DL
+</p></div><div class="refsect2" lang="en"><h3>[RPC] OLDJOIN [options]</h3><p>Join a domain. Use the OLDJOIN option to join the domain 
-><DT
+using the old style of domain joining - you need to create a trust 
->-h</DT
+account in server manager first.</p></div><div class="refsect2" lang="en"><h3>[RPC|ADS] USER</h3><div class="refsect3" lang="en"><h4>[RPC|ADS] USER DELETE <i class="replaceable"><tt>target</tt></i></h4><p>Delete specified user</p></div><div class="refsect3" lang="en"><h4>[RPC|ADS] USER LIST</h4><p>List all users</p></div><div class="refsect3" lang="en"><h4>[RPC|ADS] USER INFO <i class="replaceable"><tt>target</tt></i></h4><p>List the domain groups of a the specified user.</p></div><div class="refsect3" lang="en"><h4>[RPC|ADS] USER ADD <i class="replaceable"><tt>name</tt></i> [password] [-F user flags] [-C comment]</h4><p>Add specified user.</p></div></div><div class="refsect2" lang="en"><h3>[RPC|ADS] GROUP</h3><div class="refsect3" lang="en"><h4>[RPC|ADS] GROUP [misc options] [targets]</h4><p>List user groups.</p></div><div class="refsect3" lang="en"><h4>[RPC|ADS] GROUP DELETE <i class="replaceable"><tt>name</tt></i> [misc. options]</h4><p>Delete specified group.</p></div><div class="refsect3" lang="en"><h4>[RPC|ADS] GROUP ADD <i class="replaceable"><tt>name</tt></i> [-C comment]</h4><p>Create specified group.</p></div></div><div class="refsect2" lang="en"><h3>[RAP|RPC] SHARE</h3><div class="refsect3" lang="en"><h4>[RAP|RPC] SHARE [misc. options] [targets]</h4><p>Enumerates all exported resources (network shares) on target server.</p></div><div class="refsect3" lang="en"><h4>[RAP|RPC] SHARE ADD <i class="replaceable"><tt>name=serverpath</tt></i> [-C comment] [-M maxusers] [targets]</h4><p>Adds a share from a server (makes the export active). Maxusers 
-><DD
+specifies the number of users that can be connected to the 
-><P
+share simultaneously.</p></div><div class="refsect3" lang="en"><h4>SHARE DELETE <i class="replaceable"><tt>sharenam</tt></i></h4><p>Delete specified share.</p></div></div><div class="refsect2" lang="en"><h3>[RPC|RAP] FILE</h3><div class="refsect3" lang="en"><h4>[RPC|RAP] FILE</h4><p>List all open files on remote server.</p></div><div class="refsect3" lang="en"><h4>[RPC|RAP] FILE CLOSE <i class="replaceable"><tt>fileid</tt></i></h4><p>Close file with specified <i class="replaceable"><tt>fileid</tt></i> on 
->		Display summary of all available options.
+remote server.</p></div><div class="refsect3" lang="en"><h4>[RPC|RAP] FILE INFO <i class="replaceable"><tt>fileid</tt></i></h4><p>
 Print information on specified <i class="replaceable"><tt>fileid</tt></i>. 
 Currently listed are: file-id, username, locks, path, permissions.
 </p></div><div class="refsect3" lang="en"><h4>[RAP|RPC] FILE USER</h4><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div></div><div class="refsect2" lang="en"><h3>SESSION</h3><div class="refsect3" lang="en"><h4>RAP SESSION</h4><p>Without any other options, SESSION enumerates all active SMB/CIFS 
 sessions on the target server.</p></div><div class="refsect3" lang="en"><h4>RAP SESSION DELETE|CLOSE <i class="replaceable"><tt>CLIENT_NAME</tt></i></h4><p>Close the specified sessions.</p></div><div class="refsect3" lang="en"><h4>RAP SESSION INFO <i class="replaceable"><tt>CLIENT_NAME</tt></i></h4><p>Give a list with all the open files in specified session.</p></div></div><div class="refsect2" lang="en"><h3>RAP SERVER <i class="replaceable"><tt>DOMAIN</tt></i></h3><p>List all servers in specified domain or workgroup. Defaults
 to local domain.</p></div><div class="refsect2" lang="en"><h3>RAP DOMAIN</h3><p>Lists all domains and workgroups visible on the 
 current network.</p></div><div class="refsect2" lang="en"><h3>RAP PRINTQ</h3><div class="refsect3" lang="en"><h4>RAP PRINTQ LIST <i class="replaceable"><tt>QUEUE_NAME</tt></i></h4><p>Lists the specified print queue and print jobs on the server.
 If the <i class="replaceable"><tt>QUEUE_NAME</tt></i> is omitted, all 
 queues are listed.</p></div><div class="refsect3" lang="en"><h4>RAP PRINTQ DELETE <i class="replaceable"><tt>JOBID</tt></i></h4><p>Delete job with specified id.</p></div></div><div class="refsect2" lang="en"><h3>RAP VALIDATE <i class="replaceable"><tt>user</tt></i> [<i class="replaceable"><tt>password</tt></i>]</h3><p>
 Validate whether the specified user can log in to the 
 remote server. If the password is not specified on the commandline, it 
 will be prompted. 
 </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect2" lang="en"><h3>RAP GROUPMEMBER</h3><div class="refsect3" lang="en"><h4>RAP GROUPMEMBER LIST <i class="replaceable"><tt>GROUP</tt></i></h4><p>List all members of the specified group.</p></div><div class="refsect3" lang="en"><h4>RAP GROUPMEMBER DELETE <i class="replaceable"><tt>GROUP</tt></i> <i class="replaceable"><tt>USER</tt></i></h4><p>Delete member from group.</p></div><div class="refsect3" lang="en"><h4>RAP GROUPMEMBER ADD <i class="replaceable"><tt>GROUP</tt></i> <i class="replaceable"><tt>USER</tt></i></h4><p>Add member to group.</p></div></div><div class="refsect2" lang="en"><h3>RAP ADMIN <i class="replaceable"><tt>command</tt></i></h3><p>Execute the specified <i class="replaceable"><tt>command</tt></i> on 
 the remote server. Only works with OS/2 servers.
 </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect2" lang="en"><h3>RAP SERVICE</h3><div class="refsect3" lang="en"><h4>RAP SERVICE START <i class="replaceable"><tt>NAME</tt></i> [arguments...]</h4><p>Start the specified service on the remote server. Not implemented yet.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect3" lang="en"><h4>RAP SERVICE STOP</h4><p>Stop the specified service on the remote server.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div></div><div class="refsect2" lang="en"><h3>RAP PASSWORD <i class="replaceable"><tt>USER</tt></i> <i class="replaceable"><tt>OLDPASS</tt></i> <i class="replaceable"><tt>NEWPASS</tt></i></h3><p>
 Change password of <i class="replaceable"><tt>USER</tt></i> from <i class="replaceable"><tt>OLDPASS</tt></i> to <i class="replaceable"><tt>NEWPASS</tt></i>.
 </p></div><div class="refsect2" lang="en"><h3>LOOKUP</h3><div class="refsect3" lang="en"><h4>LOOKUP HOST <i class="replaceable"><tt>HOSTNAME</tt></i> [<i class="replaceable"><tt>TYPE</tt></i>]</h4><p>
 Lookup the IP address of the given host with the specified type (netbios suffix). 
 The type defaults to 0x20 (workstation).
 </p></div><div class="refsect3" lang="en"><h4>LOOKUP LDAP [<i class="replaceable"><tt>DOMAIN</tt></i></h4><p>Give IP address of LDAP server of specified <i class="replaceable"><tt>DOMAIN</tt></i>. Defaults to local domain.</p></div><div class="refsect3" lang="en"><h4>LOOKUP KDC [<i class="replaceable"><tt>REALM</tt></i>]</h4><p>Give IP address of KDC for the specified <i class="replaceable"><tt>REALM</tt></i>.
 Defaults to local realm.</p></div><div class="refsect3" lang="en"><h4>LOOKUP DC [<i class="replaceable"><tt>DOMAIN</tt></i>]</h4><p>Give IP's of Domain Controllers for specified <i class="replaceable"><tt>
 DOMAIN</tt></i>. Defaults to local domain.</p></div><div class="refsect3" lang="en"><h4>LOOKUP MASTER <i class="replaceable"><tt>DOMAIN</tt></i></h4><p>Give IP of master browser for specified <i class="replaceable"><tt>DOMAIN</tt></i>
 or workgroup. Defaults to local domain.</p></div></div><div class="refsect2" lang="en"><h3>CACHE</h3><p>Samba uses a general caching interface called 'gencache'. It 
 can be controlled using 'NET CACHE'.</p><p>All the timeout parameters support the suffixes:
-		</P
+</p><table class="simplelist" border="0" summary="Simple list"><tr><td>s - Seconds</td></tr><tr><td>m - Minutes</td></tr><tr><td>h - Hours</td></tr><tr><td>d - Days</td></tr><tr><td>w - Weeks</td></tr></table><p>
-></DD
+
-><DT
+</p><div class="refsect3" lang="en"><h4>CACHE ADD <i class="replaceable"><tt>key</tt></i> <i class="replaceable"><tt>data</tt></i> <i class="replaceable"><tt>time-out</tt></i></h4><p>Add specified key+data to the cache with the given timeout.</p></div><div class="refsect3" lang="en"><h4>CACHE DEL <i class="replaceable"><tt>key</tt></i></h4><p>Delete key from the cache.</p></div><div class="refsect3" lang="en"><h4>CACHE SET <i class="replaceable"><tt>key</tt></i> <i class="replaceable"><tt>data</tt></i> <i class="replaceable"><tt>time-out</tt></i></h4><p>Update data of existing cache entry.</p></div><div class="refsect3" lang="en"><h4>CACHE SEARCH <i class="replaceable"><tt>PATTERN</tt></i></h4><p>Search for the specified pattern in the cache data.</p></div><div class="refsect3" lang="en"><h4>CACHE LIST</h4><p>
->-w target-workgroup</DT
+List all current items in the cache.
-><DD
+</p></div><div class="refsect3" lang="en"><h4>CACHE FLUSH</h4><p>Remove all the current items from the cache.</p></div></div><div class="refsect2" lang="en"><h3>GETLOCALSID [DOMAIN]</h3><p>Print the SID of the specified domain, or if the parameter is
-><P
+omitted, the SID of the domain the local server is in.</p></div><div class="refsect2" lang="en"><h3>SETLOCALSID S-1-5-21-x-y-z</h3><p>Sets domain sid for the local server to the specified SID.</p></div><div class="refsect2" lang="en"><h3>GROUPMAP</h3><p>Manage the mappings between Windows group SIDs and UNIX groups.
->		Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server.
+Parameters take the for &quot;parameter=value&quot;.  Common options include:</p><div class="itemizedlist"><ul type="disc"><li><p>unixgroup - Name of the UNIX group</p></li><li><p>ntgroup - Name of the Windows NT group (must be
-		</P
+  resolvable to a SID</p></li><li><p>rid - Unsigned 32-bit integer</p></li><li><p>sid - Full SID in the form of &quot;S-1-...&quot;</p></li><li><p>type - Type of the group; either 'domain', 'local',
-></DD
+  or 'builtin'</p></li><li><p>comment - Freeform text description of the group</p></li></ul></div><div class="refsect3" lang="en"><h4>GROUPMAP ADD</h4><p>Add a new group mapping entry</p><p>net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local|builtin}] [ntgroup=string] [comment=string]</p></div><div class="refsect3" lang="en"><h4>GROUPMAP DELETE</h4><p>Delete a group mapping entry</p><p>net groupmap delete {ntgroup=string|sid=SID}</p></div><div class="refsect3" lang="en"><h4>GROUPMAP MODIFY</h4><p>Update en existing group entry</p><p>net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] [comment=string] [type={domain|local}</p></div><div class="refsect3" lang="en"><h4>GROUPMAP LIST</h4><p>List existing group mapping entries</p><p>net groupmap list [verbose] [ntgroup=string] [sid=SID]</p></div></div><div class="refsect2" lang="en"><h3>MAXRID</h3><p>Prints out the highest RID currently in use on the local
-><DT
+server (by the active 'passdb backend').
->-W workgroup</DT
+</p></div><div class="refsect2" lang="en"><h3>RPC INFO</h3><p>Print information about the domain of the remote server,
-><DD
+such as domain name, domain sid and number of users and groups.
-><P
+</p></div><div class="refsect2" lang="en"><h3>[RPC|ADS] TESTJOIN</h3><p>Check whether participation in a domain is still valid.</p></div><div class="refsect2" lang="en"><h3>[RPC|ADS] CHANGETRUSTPW</h3><p>Force change of domain trust password.</p></div><div class="refsect2" lang="en"><h3>RPC TRUSTDOM</h3><div class="refsect3" lang="en"><h4>RPC TRUSTDOM ADD <i class="replaceable"><tt>DOMAIN</tt></i></h4><p>Add a interdomain trust account for 
->		Sets client workgroup or domain
+<i class="replaceable"><tt>DOMAIN</tt></i> to the remote server. 
-		</P
+</p></div><div class="refsect3" lang="en"><h4>RPC TRUSTDOM DEL <i class="replaceable"><tt>DOMAIM</tt></i></h4><p>Remove interdomain trust account for 
-></DD
+<i class="replaceable"><tt>DOMAIN</tt></i> from the remote server. 
-><DT
+</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Currently NOT implemented.</p></div></div><div class="refsect3" lang="en"><h4>RPC TRUSTDOM ESTABLISH <i class="replaceable"><tt>DOMAIN</tt></i></h4><p>
->-U user</DT
+Establish a trust relationship to a trusting domain. 
-><DD
+Interdomain account must already be created on the remote PDC.
-><P
+</p></div><div class="refsect3" lang="en"><h4>RPC TRUSTDOM REVOKE <i class="replaceable"><tt>DOMAIN</tt></i></h4><p>Abandon relationship to trusted domain</p></div><div class="refsect3" lang="en"><h4>RPC TRUSTDOM LIST</h4><p>List all current interdomain trust relationships.</p></div></div><div class="refsect2" lang="en"><h3>RPC ABORTSHUTDOWN</h3><p>Abort the shutdown of a remote server.</p></div><div class="refsect2" lang="en"><h3>SHUTDOWN [-t timeout] [-r] [-f] [-C message]</h3><p>Shut down the remote server.</p><div class="variablelist"><dl><dt><span class="term">-r</span></dt><dd><p>
->		User name to use
+Reboot after shutdown.
-		</P
+</p></dd><dt><span class="term">-f</span></dt><dd><p>
-></DD
+Force shutting down all applications.
-><DT
+</p></dd><dt><span class="term">-t timeout</span></dt><dd><p>
->-I ip-address</DT
+Timeout before system will be shut down. An interactive 
-><DD
+user of the system can use this time to cancel the shutdown.
-><P
+</p></dd><dt><span class="term">-C message</span></dt><dd><p>Display the specified message on the screen to 
->		IP address of target server to use. You have to specify either this option or a target workgroup or a target server.
+announce the shutdown.</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>SAMDUMP</h3><p>Print out sam database of remote server. You need
-		</P
+to run this on either a BDC. </p></div><div class="refsect2" lang="en"><h3>VAMPIRE</h3><p>Export users, aliases and groups from remote server to 
-></DD
+local server. Can only be run an a BDC.
-><DT
+</p></div><div class="refsect2" lang="en"><h3>GETSID</h3><p>Fetch domain SID and store it in the local <tt class="filename">secrets.tdb</tt>. </p></div><div class="refsect2" lang="en"><h3>ADS LEAVE</h3><p>Make the remote host leave the domain it is part of. </p></div><div class="refsect2" lang="en"><h3>ADS STATUS</h3><p>Print out status of machine account of the local machine in ADS.
->-p port</DT
+Prints out quite some debug info. Aimed at developers, regular 
-><DD
+users should use <b class="command">NET ADS TESTJOIN</b>.</p></div><div class="refsect2" lang="en"><h3>ADS PRINTER</h3><div class="refsect3" lang="en"><h4>ADS PRINTER INFO [<i class="replaceable"><tt>PRINTER</tt></i>] [<i class="replaceable"><tt>SERVER</tt></i>]</h4><p>
-><P
+Lookup info for <i class="replaceable"><tt>PRINTER</tt></i> on <i class="replaceable"><tt>SERVER</tt></i>. The printer name defaults to &quot;*&quot;, the 
->		Port on the target server to connect to.
+server name defaults to the local host.</p></div><div class="refsect3" lang="en"><h4>ADS PRINTER PUBLISH <i class="replaceable"><tt>PRINTER</tt></i></h4><p>Publish specified printer using ADS.</p></div><div class="refsect3" lang="en"><h4>ADS PRINTER REMOVE <i class="replaceable"><tt>PRINTER</tt></i></h4><p>Remove specified printer from ADS directory.</p></div></div><div class="refsect2" lang="en"><h3>ADS SEARCH <i class="replaceable"><tt>EXPRESSION</tt></i> <i class="replaceable"><tt>ATTRIBUTES...</tt></i></h3><p>Perform a raw LDAP search on a ADS server and dump the results. The 
-		</P
+expression is a standard LDAP search expression, and the 
-></DD
+attributes are a list of LDAP fields to show in the results.</p><p>Example: <b class="userinput"><tt>net ads search '(objectCategory=group)' sAMAccountName</tt></b>
-><DT
+</p></div><div class="refsect2" lang="en"><h3>ADS DN <i class="replaceable"><tt>DN</tt></i> <i class="replaceable"><tt>(attributes)</tt></i></h3><p>
->-n myname</DT
+Perform a raw LDAP search on a ADS server and dump the results. The 
-><DD
+DN standard LDAP DN, and the attributes are a list of LDAP fields 
-><P
+to show in the result. 
->		Sets name of the client.
+</p><p>Example: <b class="userinput"><tt>net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName</tt></b></p></div><div class="refsect2" lang="en"><h3>WORKGROUP</h3><p>Print out workgroup name for specified kerberos realm.</p></div><div class="refsect2" lang="en"><h3>HELP [COMMAND]</h3><p>Gives usage information for the specified command.</p></div></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is complete for version 3.0 of the Samba 
-		</P
+	suite.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 ></DD
 ><DT
 >-s conffile</DT
 ><DD
 ><P
 >		Specify alternative configuration file that should be loaded.
 		</P
 ></DD
 ><DT
 >-S server</DT
 ><DD
 ><P
 >		Name of target server. You should specify either this option or a target workgroup or a target IP address.
 		</P
 ></DD
 ><DT
 >-C comment</DT
 ><DD
 ><P
 >		FIXME
 		</P
 ></DD
 ><DT
 >-M maxusers</DT
 ><DD
 ><P
 >		FIXME
 		</P
 ></DD
 ><DT
 >-F flags</DT
 ><DD
 ><P
 >		FIXME
 		</P
 ></DD
 ><DT
 >-j jobid</DT
 ><DD
 ><P
 >		FIXME
 		</P
 ></DD
 ><DT
 >-l</DT
 ><DD
 ><P
 >		FIXME
 		</P
 ></DD
 ><DT
 >-r</DT
 ><DD
 ><P
 >		FIXME
 		</P
 ></DD
 ><DT
 >-f</DT
 ><DD
 ><P
 >		FIXME
 		</P
 ></DD
 ><DT
 >-t timeout</DT
 ><DD
 ><P
 >		FIXME
 		</P
 ></DD
 ><DT
 >-P</DT
 ><DD
 ><P
 >		Make queries to the external server using the machine account of the local server.
 		</P
 ></DD
 ><DT
 >-D debuglevel</DT
 ><DD
 ><P
 >set the debuglevel. Debug level 0 is the lowest
 		and 100 being the highest. This should be set to 100 if you are
 		planning on submitting a bug report to the Samba team (see
 		<TT
 CLASS="FILENAME"
 >BUGS.txt</TT
 >).
 		</P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN116"
 ></A
 ><H2
 >TIME</H2
 ><P
 >The <B
 CLASS="COMMAND"
 >NET TIME</B
 > command allows you to view the time on a remote server
 	or synchronise the time on the local server with the time on the remote server.</P
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 ></DT
 ><DD
 ><P
 >		Without any options, the <B
 CLASS="COMMAND"
 >NET TIME</B
 > command 
 		displays the time on the remote server.
 		</P
 ></DD
 ><DT
 >SYSTEM</DT
 ><DD
 ><P
 >		Displays the time on the remote server in a format ready for /bin/date
 		</P
 ></DD
 ><DT
 >SET</DT
 ><DD
 ><P
 >		Tries to set the date and time of the local server to that on 
 		the remote server using /bin/date.
 		</P
 ></DD
 ><DT
 >ZONE</DT
 ><DD
 ><P
 >		Displays the timezone in hours from GMT on the remote computer.
 		</P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN138"
 ></A
 ><H2
 >RPC</H2
 ><P
 >The <B
 CLASS="COMMAND"
 >NET RPC</B
 > command allows you to do various 
 	NT4 operations.</P
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >JOIN -U username[%password] [options]</DT
 ><DD
 ><P
 >		Join a domain with specified username and password. Password 
 		will be prompted if none is specified.</P
 ></DD
 ><DT
 >JOIN [options except -U]</DT
 ><DD
 ><P
 >		to join a domain created in server manager
 		</P
 ></DD
 ><DT
 >USER [misc. options] [targets]</DT
 ><DD
 ><P
 >		List users
 		</P
 ></DD
 ><DT
 >USER DELETE &lt;name&gt; [misc options]</DT
 ><DD
 ><P
 >		delete specified user
 		</P
 ></DD
 ><DT
 >USER INFO &lt;name&gt; [misc options]</DT
 ><DD
 ><P
 >		list the domain groups of the specified user
 		</P
 ></DD
 ><DT
 >USER ADD &lt;name&gt; [password] [-F user flags] [misc. options</DT
 ><DD
 ><P
 >		Add specified user
 		</P
 ></DD
 ><DT
 >GROUP [misc options] [targets]</DT
 ><DD
 ><P
 >		List user groups
 		</P
 ></DD
 ><DT
 >GROUP DELETE &lt;name&gt; [misc. options] [targets]</DT
 ><DD
 ><P
 >		Delete specified group
 		</P
 ></DD
 ><DT
 >GROUP ADD &lt;name&gt; [-C comment]</DT
 ><DD
 ><P
 >		Create specified group
 		</P
 ></DD
 ><DT
 >SHARE [misc. options] [targets]</DT
 ><DD
 ><P
 >		enumerates all exported resources (network shares) on target server
 		</P
 ></DD
 ><DT
 >SHARE ADD &lt;name=serverpath&gt; [misc. options] [targets]</DT
 ><DD
 ><P
 >		Adds a share from a server (makes the export active)
 		</P
 ></DD
 ><DT
 >SHARE DELETE &lt;sharenam</DT
 ><DD
 ><P
 ></P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN191"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is incomplete for version 3.0 of the Samba 
 	suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN194"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The net manpage was written by Jelmer Vernooij.</p></div></div></body></html>
 ><P
 >The original Samba man pages were written by Karl Auer.
 	The current set of manpages and documentation is maintained
 	by the Samba Team in the same fashion as the Samba source code.</P
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/nmbd.8.html
+++ b/docs/htmldocs/nmbd.8.html
@ -1,754 +1,153 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>nmbd</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="nmbd.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>nmbd &#8212; NetBIOS name server to provide NetBIOS 
-<HTML
+	over IP naming services to clients</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">nmbd</tt>  [-D] [-F] [-S] [-a] [-i] [-o] [-h] [-V] [-d &lt;debug level&gt;] [-H &lt;lmhosts file&gt;] [-l &lt;log directory&gt;] [-n &lt;primary netbios name&gt;] [-p &lt;port number&gt;] [-s &lt;configuration file&gt;]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This program is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">nmbd</b> is a server that understands 
 ><HEAD
 ><TITLE
 >nmbd</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
 "></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="NMBD">nmbd</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >nmbd&nbsp;--&nbsp;NetBIOS name server to provide NetBIOS 
 	over IP naming services to clients</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >nmbd</B
 > [-D] [-F] [-S] [-a] [-i] [-o] [-h] [-V] [-d &#60;debug level&#62;] [-H &#60;lmhosts file&#62;] [-l &#60;log directory&#62;] [-n &#60;primary netbios name&#62;] [-p &#60;port number&#62;] [-s &#60;configuration file&#62;]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN25"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This program is part of the Samba suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >nmbd</B
 > is a server that understands 
 	and can reply to NetBIOS over IP name service requests, like 
 	those produced by SMB/CIFS clients such as Windows 95/98/ME, 
 	Windows NT, Windows 2000, Windows XP and LanManager clients. It also
 	participates in the browsing protocols which make up the 
-	Windows "Network Neighborhood" view.</P
+	Windows &quot;Network Neighborhood&quot; view.</p><p>SMB/CIFS clients, when they start up, may wish to 
 ><P
 >SMB/CIFS clients, when they start up, may wish to 
 	locate an SMB/CIFS server. That is, they wish to know what 
-	IP number a specified host is using.</P
+	IP number a specified host is using.</p><p>Amongst other services, <b class="command">nmbd</b> will 
 ><P
 >Amongst other services, <B
 CLASS="COMMAND"
 >nmbd</B
 > will 
 	listen for such requests, and if its own NetBIOS name is 
 	specified it will respond with the IP number of the host it 
-	is running on.  Its "own NetBIOS name" is by
+	is running on.  Its &quot;own NetBIOS name&quot; is by
 	default the primary DNS name of the host it is running on, 
-	but this can be overridden with the <I
+	but this can be overridden with the <span class="emphasis"><em>-n</em></span> 
-CLASS="EMPHASIS"
+	option (see OPTIONS below). Thus <b class="command">nmbd</b> will 
 >-n</I
 > 
 	option (see OPTIONS below). Thus <B
 CLASS="COMMAND"
 >nmbd</B
 > will 
 	reply to broadcast queries for its own name(s). Additional
-	names for <B
+	names for <b class="command">nmbd</b> to respond on can be set 
-CLASS="COMMAND"
+	via parameters in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> configuration file.</p><p><b class="command">nmbd</b> can also be used as a WINS 
 >nmbd</B
 > to respond on can be set 
 	via parameters in the <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >	smb.conf(5)</TT
 ></A
 > configuration file.</P
 ><P
 ><B
 CLASS="COMMAND"
 >nmbd</B
 > can also be used as a WINS 
 	(Windows Internet Name Server) server. What this basically means 
 	is that it will act as a WINS database server, creating a 
 	database from name registration requests that it receives and 
-	replying to queries from clients for these names.</P
+	replying to queries from clients for these names.</p><p>In addition, <b class="command">nmbd</b> can act as a WINS 
 ><P
 >In addition, <B
 CLASS="COMMAND"
 >nmbd</B
 > can act as a WINS 
 	proxy, relaying broadcast queries from clients that do 
 	not understand how to talk the WINS protocol to a WINS 
-	server.</P
+	server.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-D</span></dt><dd><p>If specified, this parameter causes 
-></DIV
+		<b class="command">nmbd</b> to operate as a daemon. That is, 
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN42"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-D</DT
 ><DD
 ><P
 >If specified, this parameter causes 
 		<B
 CLASS="COMMAND"
 >nmbd</B
 > to operate as a daemon. That is, 
 		it detaches itself and runs in the background, fielding 
-		requests on the appropriate port. By default, <B
+		requests on the appropriate port. By default, <b class="command">nmbd</b> 
 CLASS="COMMAND"
 >nmbd</B
 > 
 		will operate as a daemon if launched from a command shell. 
-		nmbd can also be operated from the <B
+		nmbd can also be operated from the <b class="command">inetd</b> 
 CLASS="COMMAND"
 >inetd</B
 > 
 		meta-daemon, although this is not recommended.
-		</P
+		</p></dd><dt><span class="term">-F</span></dt><dd><p>If specified, this parameter causes
-></DD
+		the main <b class="command">nmbd</b> process to not daemonize,
 ><DT
 >-F</DT
 ><DD
 ><P
 >If specified, this parameter causes
 		the main <B
 CLASS="COMMAND"
 >nmbd</B
 > process to not daemonize,
 		i.e. double-fork and disassociate with the terminal.
 		Child processes are still created as normal to service
 		each connection request, but the main process does not
 		exit. This operation mode is suitable for running
-		<B
+		<b class="command">nmbd</b> under process supervisors such
-CLASS="COMMAND"
+		as <b class="command">supervise</b> and <b class="command">svscan</b>
->nmbd</B
+		from Daniel J. Bernstein's <b class="command">daemontools</b>
 > under process supervisors such
 		as <B
 CLASS="COMMAND"
 >supervise</B
 > and <B
 CLASS="COMMAND"
 >svscan</B
 >
 		from Daniel J. Bernstein's <B
 CLASS="COMMAND"
 >daemontools</B
 >
 		package, or the AIX process monitor.
-		</P
+		</p></dd><dt><span class="term">-S</span></dt><dd><p>If specified, this parameter causes
-></DD
+		<b class="command">nmbd</b> to log to standard output rather
-><DT
+		than a file.</p></dd><dt><span class="term">-i</span></dt><dd><p>If this parameter is specified it causes the
->-S</DT
+		server to run &quot;interactively&quot;, not as a daemon, even if the
 ><DD
 ><P
 >If specified, this parameter causes
 		<B
 CLASS="COMMAND"
 >nmbd</B
 > to log to standard output rather
 		than a file.</P
 ></DD
 ><DT
 >-a</DT
 ><DD
 ><P
 >If this parameter is specified, each new 
 		connection will append log messages to the log file.  
 		This is the default.</P
 ></DD
 ><DT
 >-i</DT
 ><DD
 ><P
 >If this parameter is specified it causes the
 		server to run "interactively", not as a daemon, even if the
 		server is executed on the command line of a shell. Setting this
 		parameter negates the implicit daemon mode when run from the
-		command line. <B
+		command line. <b class="command">nmbd</b> also logs to standard
-CLASS="COMMAND"
+		output, as if the <tt class="constant">-S</tt> parameter had been
->nmbd</B
+		given. </p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-> also logs to standard
+</p></dd><dt><span class="term">-H &lt;filename&gt;</span></dt><dd><p>NetBIOS lmhosts file.  The lmhosts 
 		output, as if the <B
 CLASS="COMMAND"
 >-S</B
 > parameter had been
 		given. </P
 ></DD
 ><DT
 >-o</DT
 ><DD
 ><P
 >If this parameter is specified, the 
 		log files will be overwritten when opened.  By default, 
 		<B
 CLASS="COMMAND"
 >smbd</B
 > will append entries to the log 
 		files.</P
 ></DD
 ><DT
 >-h</DT
 ><DD
 ><P
 >Prints the help information (usage) 
 		for <B
 CLASS="COMMAND"
 >nmbd</B
 >.</P
 ></DD
 ><DT
 >-H &#60;filename&#62;</DT
 ><DD
 ><P
 >NetBIOS lmhosts file.  The lmhosts 
 		file is a list of NetBIOS names to IP addresses that 
 		is loaded by the nmbd server and used via the name 
-		resolution mechanism <A
+		resolution mechanism <a href="smb.conf.5.html#nameresolveorder" target="_top"><i class="parameter"><tt>name resolve
-HREF="smb.conf.5.html#nameresolveorder"
+		order</tt></i></a> described in <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> to resolve any 
-TARGET="_top"
+		NetBIOS name queries needed by the server. Note 
->		name resolve order</A
+		that the contents of this file are <span class="emphasis"><em>NOT</em></span> 
-> described in <A
+		used by <b class="command">nmbd</b> to answer any name queries. 
 HREF="smb.conf.5.html"
 TARGET="_top"
 > <TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 ></A
 >
 		to resolve any NetBIOS name queries needed by the server. Note 
 		that the contents of this file are <I
 CLASS="EMPHASIS"
 >NOT</I
 > 
 		used by <B
 CLASS="COMMAND"
 >nmbd</B
 > to answer any name queries. 
 		Adding a line to this file affects name NetBIOS resolution 
-		from this host <I
+		from this host <span class="emphasis"><em>ONLY</em></span>.</p><p>The default path to this file is compiled into 
 CLASS="EMPHASIS"
 >ONLY</I
 >.</P
 ><P
 >The default path to this file is compiled into 
 		Samba as part of the build process. Common defaults 
-		are <TT
+		are <tt class="filename">/usr/local/samba/lib/lmhosts</tt>,
-CLASS="FILENAME"
+		<tt class="filename">/usr/samba/lib/lmhosts</tt> or
->/usr/local/samba/lib/lmhosts</TT
+		<tt class="filename">/etc/samba/lmhosts</tt>. See the <a href="lmhosts.5.html"><span class="citerefentry"><span class="refentrytitle">lmhosts</span>(5)</span></a> man page for details on the contents of this file.</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for 
->,
+<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
-		<TT
+configuration details required by the server.  The 
-CLASS="FILENAME"
+information in this file includes server-specific
->/usr/samba/lib/lmhosts</TT
+information such as what printcap file to use, as well 
-> or
+as descriptions of all the services that the server is 
-		<TT
+to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
-CLASS="FILENAME"
+smb.conf(5)</tt></a> for more information.
->/etc/lmhosts</TT
+The default configuration file name is determined at 
->. See the
+compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer 
-		<A
+from 0 to 10.  The default value if this parameter is 
-HREF="lmhosts.5.html"
+not specified is zero.</p><p>The higher this value, the more detail will be 
-TARGET="_top"
+logged to the log files about the activities of the 
-><TT
+server. At level 0, only critical errors and serious 
-CLASS="FILENAME"
+warnings will be logged. Level 1 is a reasonable level for
->lmhosts(5)</TT
+day to day running - it generates a small amount of 
-></A
+information about operations carried out.</p><p>Levels above 1 will generate considerable 
->
+amounts of log data, and should only be used when 
-		man page for details on the contents of this file.</P
+investigating a problem. Levels above 3 are designed for 
-></DD
+use only by developers and generate HUGE amounts of log
-><DT
+data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will 
->-V</DT
+override the <a href="smb.conf.5.html#loglevel" target="_top">log
-><DD
+level</a> parameter in the <a href="smb.conf.5.html" target="_top">
-><P
+<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
->Prints the version number for 
+<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
-		<B
+never removed by the client.
-CLASS="COMMAND"
+</p></dd><dt><span class="term">-p &lt;UDP port number&gt;</span></dt><dd><p>UDP port number is a positive integer value.
 >nmbd</B
 >.</P
 ></DD
 ><DT
 >-d &#60;debug level&#62;</DT
 ><DD
 ><P
 >debuglevel is an integer 
 		from 0 to 10.  The default value if this parameter is 
 		not specified is zero.</P
 ><P
 >The higher this value, the more detail will 
 		be logged to the log files about the activities of the 
 		server. At level 0, only critical errors and serious 
 		warnings will be logged. Level 1 is a reasonable level for
 		day to day running - it generates a small amount of 
 		information about operations carried out.</P
 ><P
 >Levels above 1 will generate considerable amounts 
 		of log data, and should only be used when investigating 
 		a problem. Levels above 3 are designed for use only by developers 
 		and generate HUGE amounts of log data, most of which is extremely 
 		cryptic.</P
 ><P
 >Note that specifying this parameter here will override 
 		the <A
 HREF="smb.conf.5.html#loglevel"
 TARGET="_top"
 >log level</A
 > 
 		parameter in the <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >		smb.conf(5)</TT
 ></A
 > file.</P
 ></DD
 ><DT
 >-l &#60;log directory&#62;</DT
 ><DD
 ><P
 >The -l parameter specifies a directory 
 		into which the "log.nmbd" log file will be created
 		for operational data from the running <B
 CLASS="COMMAND"
 >nmbd</B
 >
 		server. The default log directory is compiled into Samba
 		as part of the build process. Common defaults are <TT
 CLASS="FILENAME"
 >		/usr/local/samba/var/log.nmb</TT
 >, <TT
 CLASS="FILENAME"
 >		/usr/samba/var/log.nmb</TT
 > or
 		<TT
 CLASS="FILENAME"
 >/var/log/log.nmb</TT
 >.  <I
 CLASS="EMPHASIS"
 >Beware:</I
 >
                If the directory specified does not exist, <B
 CLASS="COMMAND"
 >nmbd</B
 >
                will log to the default debug log location defined at compile time.
 		</P
 ></DD
 ><DT
 >-n &#60;primary NetBIOS name&#62;</DT
 ><DD
 ><P
 >This option allows you to override
 		the NetBIOS name that Samba uses for itself. This is identical 
 		to setting the <A
 HREF="smb.conf.5.html#netbiosname"
 TARGET="_top"
 >		NetBIOS name</A
 > parameter in the <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 >	
 		<TT
 CLASS="FILENAME"
 >smb.conf</TT
 ></A
 > file.  However, a command
 		line setting will take precedence over settings in 
 		<TT
 CLASS="FILENAME"
 >smb.conf</TT
 >.</P
 ></DD
 ><DT
 >-p &#60;UDP port number&#62;</DT
 ><DD
 ><P
 >UDP port number is a positive integer value.
 		This option changes the default UDP port number (normally 137)
-		that <B
+		that <b class="command">nmbd</b> responds to name queries on. Don't
 CLASS="COMMAND"
 >nmbd</B
 > responds to name queries on. Don't
 		use this option unless you are an expert, in which case you
-		won't need help!</P
+		won't need help!</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><tt class="filename">/etc/inetd.conf</tt></span></dt><dd><p>If the server is to be run by the
-></DD
+		<b class="command">inetd</b> meta-daemon, this file
 ><DT
 >-s &#60;configuration file&#62;</DT
 ><DD
 ><P
 >The default configuration file name
 		is set at build time, typically as <TT
 CLASS="FILENAME"
 >		/usr/local/samba/lib/smb.conf</TT
 >, but
 		this may be changed when Samba is autoconfigured.</P
 ><P
 >The file specified contains the configuration details
 		required by the server. See <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 >		<TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 ></A
 > for more information.
 		</P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN148"
 ></A
 ><H2
 >FILES</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 ><TT
 CLASS="FILENAME"
 >/etc/inetd.conf</TT
 ></DT
 ><DD
 ><P
 >If the server is to be run by the
 		<B
 CLASS="COMMAND"
 >inetd</B
 > meta-daemon, this file
 		must contain suitable startup information for the
-		meta-daemon. See the <A
+		meta-daemon. See the <a href="install.html" target="_top">install</a> document
 HREF="UNIX_INSTALL.html"
 TARGET="_top"
 >UNIX_INSTALL.html</A
 > document
 		for details.
-		</P
+		</p></dd><dt><span class="term"><tt class="filename">/etc/rc</tt></span></dt><dd><p>or whatever initialization script your
-></DD
+		system uses).</p><p>If running the server as a daemon at startup,
 ><DT
 ><TT
 CLASS="FILENAME"
 >/etc/rc</TT
 ></DT
 ><DD
 ><P
 >or whatever initialization script your
 		system uses).</P
 ><P
 >If running the server as a daemon at startup,
 		this file will need to contain an appropriate startup
-		sequence for the server. See the <A
+		sequence for the server. See the <a href="install.html" target="_top">&quot;How to Install and Test SAMBA&quot;</a> document
-HREF="UNIX_INSTALL.html"
+		for details.</p></dd><dt><span class="term"><tt class="filename">/etc/services</tt></span></dt><dd><p>If running the server via the
-TARGET="_top"
+		meta-daemon <b class="command">inetd</b>, this file
 >UNIX_INSTALL.html</A
 > document
 		for details.</P
 ></DD
 ><DT
 ><TT
 CLASS="FILENAME"
 >/etc/services</TT
 ></DT
 ><DD
 ><P
 >If running the server via the
 		meta-daemon <B
 CLASS="COMMAND"
 >inetd</B
 >, this file
 		must contain a mapping of service name (e.g., netbios-ssn)
 		to service port (e.g., 139) and protocol type (e.g., tcp).
-		See the <A
+		See the <a href="install.html" target="_top">&quot;How to Install and Test SAMBA&quot;</a>
-HREF="UNIX_INSTALL.html"
+		document for details.</p></dd><dt><span class="term"><tt class="filename">/usr/local/samba/lib/smb.conf</tt></span></dt><dd><p>This is the default location of 
-TARGET="_top"
+		the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> server
->UNIX_INSTALL.html</A
+		configuration file. Other common places that systems
->
+		install this file are <tt class="filename">/usr/samba/lib/smb.conf</tt>
-		document for details.</P
+		and <tt class="filename">/etc/samba/smb.conf</tt>.</p><p>When run as a WINS server (see the
-></DD
+		<a href="smb.conf.5.html#WINSSUPPORT" target="_top"><tt class="constant">wins support</tt></a>
-><DT
+		parameter in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> man page),
-><TT
+		<b class="command">nmbd</b>
-CLASS="FILENAME"
+		will store the WINS database in the file <tt class="filename">wins.dat</tt>
->/usr/local/samba/lib/smb.conf</TT
+		in the <tt class="filename">var/locks</tt> directory configured under
-></DT
+		wherever Samba was configured to install itself.</p><p>If <b class="command">nmbd</b> is acting as a <span class="emphasis"><em>
-><DD
+		browse master</em></span> (see the <a href="smb.conf.5.html#LOCALMASTER" target="_top"><tt class="constant">local master</tt></a>
-><P
+		parameter in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> man page, <b class="command">nmbd</b>
->This is the default location of the
+		will store the browsing database in the file <tt class="filename">browse.dat
-		<A
+		</tt> in the <tt class="filename">var/locks</tt> directory
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf</TT
 ></A
 >
 		server configuration file. Other common places that systems
 		install this file are <TT
 CLASS="FILENAME"
 >/usr/samba/lib/smb.conf</TT
 >
 		and <TT
 CLASS="FILENAME"
 >/etc/smb.conf</TT
 >.</P
 ><P
 >When run as a WINS server (see the
 		<A
 HREF="smb.conf.5.html#WINSSUPPORT"
 TARGET="_top"
 >wins support</A
 >
 		parameter in the <TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 > man page),
 		<B
 CLASS="COMMAND"
 >nmbd</B
 >
 		will store the WINS database in the file <TT
 CLASS="FILENAME"
 >wins.dat</TT
 >
 		in the <TT
 CLASS="FILENAME"
 >var/locks</TT
 > directory configured under
 		wherever Samba was configured to install itself.</P
 ><P
 >If <B
 CLASS="COMMAND"
 >nmbd</B
 > is acting as a <I
 CLASS="EMPHASIS"
 >		browse master</I
 > (see the <A
 HREF="smb.conf.5.html#LOCALMASTER"
 TARGET="_top"
 >local master</A
 >
 		parameter in the <TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 > man page,
 		<B
 CLASS="COMMAND"
 >nmbd</B
 >
 		will store the browsing database in the file <TT
 CLASS="FILENAME"
 >browse.dat
 		</TT
 > in the <TT
 CLASS="FILENAME"
 >var/locks</TT
 > directory
 		configured under wherever Samba was configured to install itself.
-		</P
+		</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>SIGNALS</h2><p>To shut down an <b class="command">nmbd</b> process it is recommended
-></DD
+	that SIGKILL (-9) <span class="emphasis"><em>NOT</em></span> be used, except as a last
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN195"
 ></A
 ><H2
 >SIGNALS</H2
 ><P
 >To shut down an <B
 CLASS="COMMAND"
 >nmbd</B
 > process it is recommended
 	that SIGKILL (-9) <I
 CLASS="EMPHASIS"
 >NOT</I
 > be used, except as a last
 	resort, as this may leave the name database in an inconsistent state.
-	The correct way to terminate <B
+	The correct way to terminate <b class="command">nmbd</b> is to send it
-CLASS="COMMAND"
+	a SIGTERM (-15) signal and wait for it to die on its own.</p><p><b class="command">nmbd</b> will accept SIGHUP, which will cause
->nmbd</B
+	it to dump out its namelists into the file <tt class="filename">namelist.debug
-> is to send it
+	</tt> in the <tt class="filename">/usr/local/samba/var/locks</tt>
-	a SIGTERM (-15) signal and wait for it to die on its own.</P
+	directory (or the <tt class="filename">var/locks</tt> directory configured
 ><P
 ><B
 CLASS="COMMAND"
 >nmbd</B
 > will accept SIGHUP, which will cause
 	it to dump out its namelists into the file <TT
 CLASS="FILENAME"
 >namelist.debug
 	</TT
 > in the <TT
 CLASS="FILENAME"
 >/usr/local/samba/var/locks</TT
 >
 	directory (or the <TT
 CLASS="FILENAME"
 >var/locks</TT
 > directory configured
 	under wherever Samba was configured to install itself). This will also
-	cause <B
+	cause <b class="command">nmbd</b> to dump out its server database in
-CLASS="COMMAND"
+	the <tt class="filename">log.nmb</tt> file.</p><p>The debug log level of nmbd may be raised or lowered
->nmbd</B
+	using <a href="smbcontrol.1.html"><span class="citerefentry"><span class="refentrytitle">smbcontrol</span>(1)</span></a> (SIGUSR[1|2] signals
-> to dump out its server database in
+	are no longer used since Samba 2.2). This is to allow
-	the <TT
+	transient problems to be diagnosed, whilst still running 
-CLASS="FILENAME"
+	at a normally low log level.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of 
->log.nmb</TT
+	the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p>
-> file.</P
+	<a href="inetd.8.html"><span class="citerefentry"><span class="refentrytitle">inetd</span>(8)</span></a>, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>, and the Internet 
-><P
+	RFC's <tt class="filename">rfc1001.txt</tt>, <tt class="filename">rfc1002.txt</tt>. 
 >The debug log level of nmbd may be raised or lowered using
 	<A
 HREF="smbcontrol.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbcontrol(1)</B
 >
 	</A
 > (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is
 	to allow transient problems to be diagnosed, whilst still running
 	at a normally low log level.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN211"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 3.0 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN214"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><B
 CLASS="COMMAND"
 >inetd(8)</B
 >, <A
 HREF="smbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbd(8)</B
 ></A
 >, 
 	<A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 >
 	</A
 >, <A
 HREF="smbclient.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbclient(1)
 	</B
 ></A
 >, <A
 HREF="testparm.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >	testparm(1)</B
 ></A
 >, <A
 HREF="testprns.1.html"
 TARGET="_top"
 >	<B
 CLASS="COMMAND"
 >testprns(1)</B
 ></A
 >, and the Internet RFC's
 	<TT
 CLASS="FILENAME"
 >rfc1001.txt</TT
 >, <TT
 CLASS="FILENAME"
 >rfc1002.txt</TT
 >. 
 	In addition the CIFS (formerly SMB) specification is available 
-	as a link from the Web page <A
+	as a link from the Web page <a href="http://samba.org/cifs/" target="_top"> 
-HREF="http://samba.org/cifs/"
+	http://samba.org/cifs/</a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 TARGET="_top"
 > 
 	http://samba.org/cifs/</A
 >.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN231"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook
-></DIV
+	XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/nmblookup.1.html
+++ b/docs/htmldocs/nmblookup.1.html
@ -1,412 +1,107 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>nmblookup</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="nmblookup"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>nmblookup &#8212; NetBIOS over TCP/IP client used to lookup NetBIOS 
-<HTML
+	names</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">nmblookup</tt>  [-M] [-R] [-S] [-r] [-A] [-h] [-B &lt;broadcast address&gt;] [-U &lt;unicast address&gt;] [-d &lt;debug level&gt;] [-s &lt;smb config file&gt;] [-i &lt;NetBIOS scope&gt;] [-T] [-f] {name}</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">nmblookup</b> is used to query NetBIOS names 
 ><HEAD
 ><TITLE
 >nmblookup</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="NMBLOOKUP"
 ></A
 >nmblookup</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >nmblookup&nbsp;--&nbsp;NetBIOS over TCP/IP client used to lookup NetBIOS 
 	names</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >nmblookup</B
 >  [-M] [-R] [-S] [-r] [-A] [-h] [-B &lt;broadcast address&gt;] [-U &lt;unicast address&gt;] [-d &lt;debug level&gt;] [-s &lt;smb config file&gt;] [-i &lt;NetBIOS scope&gt;] [-T] [-f] {name}</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN25"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >nmblookup</B
 > is used to query NetBIOS names 
 	and map them to IP addresses in a network using NetBIOS over TCP/IP 
 	queries. The options allow the name queries to be directed at a 
 	particular IP broadcast area or to a particular machine. All queries 
-	are done over UDP.</P
+	are done over UDP.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-M</span></dt><dd><p>Searches for a master browser by looking 
-></DIV
+		up the  NetBIOS name <i class="replaceable"><tt>name</tt></i> with a 
-><DIV
+		type of <tt class="constant">0x1d</tt>. If <i class="replaceable"><tt>
-CLASS="REFSECT1"
+		name</tt></i> is &quot;-&quot; then it does a lookup on the special name 
-><A
+		<tt class="constant">__MSBROWSE__</tt>. Please note that in order to 
-NAME="AEN31"
+		use the name &quot;-&quot;, you need to make sure &quot;-&quot; isn't parsed as an 
-></A
+		argument, e.g. use : 
-><H2
+		<b class="userinput"><tt>nmblookup -M -- -</tt></b>.</p></dd><dt><span class="term">-R</span></dt><dd><p>Set the recursion desired bit in the packet 
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-M</DT
 ><DD
 ><P
 >Searches for a master browser by looking 
 		up the  NetBIOS name <TT
 CLASS="REPLACEABLE"
 ><I
 >name</I
 ></TT
 > with a 
 		type of <TT
 CLASS="CONSTANT"
 >0x1d</TT
 >. If <TT
 CLASS="REPLACEABLE"
 ><I
 >		name</I
 ></TT
 > is "-" then it does a lookup on the special name 
 		<TT
 CLASS="CONSTANT"
 >__MSBROWSE__</TT
 >.</P
 ></DD
 ><DT
 >-R</DT
 ><DD
 ><P
 >Set the recursion desired bit in the packet 
 		to do a recursive lookup. This is used when sending a name 
 		query to a machine running a WINS server and the user wishes 
 		to query the names in the WINS server.  If this bit is unset 
 		the normal (broadcast responding) NetBIOS processing code 
-		on a machine is used instead. See rfc1001, rfc1002 for details.
+		on a machine is used instead. See RFC1001, RFC1002 for details.
-		</P
+		</p></dd><dt><span class="term">-S</span></dt><dd><p>Once the name query has returned an IP 
 ></DD
 ><DT
 >-S</DT
 ><DD
 ><P
 >Once the name query has returned an IP 
 		address then do a node status query as well. A node status 
 		query returns the NetBIOS names registered by a host.
-		</P
+		</p></dd><dt><span class="term">-r</span></dt><dd><p>Try and bind to UDP port 137 to send and receive UDP
 ></DD
 ><DT
 >-r</DT
 ><DD
 ><P
 >Try and bind to UDP port 137 to send and receive UDP
 		datagrams. The reason for this option is a bug in Windows 95 
 		where it ignores the source port of the requesting packet 
 	 	and only replies to UDP port 137. Unfortunately, on most UNIX 
 		systems root privilege is needed to bind to this port, and 
-		in addition, if the <A
+		in addition, if the <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> daemon is running on this machine it also binds to this port.
-HREF="nmbd.8.html"
+		</p></dd><dt><span class="term">-A</span></dt><dd><p>Interpret <i class="replaceable"><tt>name</tt></i> as 
-TARGET="_top"
+		an IP Address and do a node status query on this address.</p></dd><dt><span class="term">-n &lt;primary NetBIOS name&gt;</span></dt><dd><p>This option allows you to override
->nmbd(8)</A
+the NetBIOS name that Samba uses for itself. This is identical
-> 
+to setting the <a href="smb.conf.5.html#netbiosname" target="_top"><i class="parameter"><tt>NetBIOS
-		daemon is running on this machine it also binds to this port.
+name</tt></i></a> parameter in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file.  However, a command
-		</P
+line setting will take precedence over settings in
-></DD
+<a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></dd><dt><span class="term">-i &lt;scope&gt;</span></dt><dd><p>This specifies a NetBIOS scope that
-><DT
+<b class="command">nmblookup</b> will use to communicate with when
->-A</DT
+generating NetBIOS names. For details on the use of NetBIOS
-><DD
+scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are
-><P
+<span class="emphasis"><em>very</em></span> rarely used, only set this parameter
->Interpret <TT
+if you are the system administrator in charge of all the
-CLASS="REPLACEABLE"
+NetBIOS systems you communicate with.</p></dd><dt><span class="term">-W|--workgroup=domain</span></dt><dd><p>Set the SMB domain of the username.   This
-><I
+overrides the default domain which is the domain defined in
->name</I
+smb.conf.  If the domain specified is the same as the servers 
-></TT
+NetBIOS name, it causes the client to log on using the servers local 
-> as 
+SAM (as opposed to the Domain SAM). </p></dd><dt><span class="term">-O socket options</span></dt><dd><p>TCP socket options to set on the client
-		an IP Address and do a node status query on this address.</P
+socket. See the socket options parameter in
-></DD
+the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> manual page for the list of valid
-><DT
+options. </p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
->-h</DT
+</p></dd><dt><span class="term">-B &lt;broadcast address&gt;</span></dt><dd><p>Send the query to the given broadcast address. Without 
 ><DD
 ><P
 >Print a help (usage) message.</P
 ></DD
 ><DT
 >-B &lt;broadcast address&gt;</DT
 ><DD
 ><P
 >Send the query to the given broadcast address. Without 
 		this option the default behavior of nmblookup is to send the 
 		query to the broadcast address of the network interfaces as 
-		either auto-detected or defined in the <A
+		either auto-detected or defined in the <a href="smb.conf.5.html#INTERFACES" target="_top"><i class="parameter"><tt>interfaces</tt></i>
-HREF="smb.conf.5.html#INTERFACES"
+		</a> parameter of the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file.
-TARGET="_top"
+		</p></dd><dt><span class="term">-U &lt;unicast address&gt;</span></dt><dd><p>Do a unicast query to the specified address or 
-><TT
+		host <i class="replaceable"><tt>unicast address</tt></i>. This option 
-CLASS="PARAMETER"
+		(along with the <i class="parameter"><tt>-R</tt></i> option) is needed to 
-><I
+		query a WINS server.</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for 
->interfaces</I
+<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
-></TT
+configuration details required by the server.  The 
->
+information in this file includes server-specific
-		</A
+information such as what printcap file to use, as well 
-> parameter of the  <TT
+as descriptions of all the services that the server is 
-CLASS="FILENAME"
+to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
->smb.conf (5)</TT
+smb.conf(5)</tt></a> for more information.
-> file.
+The default configuration file name is determined at 
-		</P
+compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer 
-></DD
+from 0 to 10.  The default value if this parameter is 
-><DT
+not specified is zero.</p><p>The higher this value, the more detail will be 
->-U &lt;unicast address&gt;</DT
+logged to the log files about the activities of the 
-><DD
+server. At level 0, only critical errors and serious 
-><P
+warnings will be logged. Level 1 is a reasonable level for
->Do a unicast query to the specified address or 
+day to day running - it generates a small amount of 
-		host <TT
+information about operations carried out.</p><p>Levels above 1 will generate considerable 
-CLASS="REPLACEABLE"
+amounts of log data, and should only be used when 
-><I
+investigating a problem. Levels above 3 are designed for 
->unicast address</I
+use only by developers and generate HUGE amounts of log
-></TT
+data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will 
->. This option 
+override the <a href="smb.conf.5.html#loglevel" target="_top">log
-		(along with the <TT
+level</a> parameter in the <a href="smb.conf.5.html" target="_top">
-CLASS="PARAMETER"
+<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
-><I
+<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
->-R</I
+never removed by the client.
-></TT
+</p></dd><dt><span class="term">-T</span></dt><dd><p>This causes any IP addresses found in the 
 > option) is needed to 
 		query a WINS server.</P
 ></DD
 ><DT
 >-d &lt;debuglevel&gt;</DT
 ><DD
 ><P
 >debuglevel is an integer from 0 to 10.</P
 ><P
 >The default value if this parameter is not specified 
 		is zero.</P
 ><P
 >The higher this value, the more detail will be logged 
 		about the activities of <B
 CLASS="COMMAND"
 >nmblookup</B
 >. At level 
 		0, only critical errors and serious warnings will be logged.</P
 ><P
 >Levels above 1 will generate considerable amounts of 
 		log data, and should only be used when investigating a problem. 
 		Levels above 3 are designed for use only by developers and 
 		generate HUGE amounts of data, most of which is extremely cryptic.</P
 ><P
 >Note that specifying this parameter here will override 
 		the <A
 HREF="smb.conf.5.html#LOGLEVEL"
 TARGET="_top"
 ><TT
 CLASS="PARAMETER"
 ><I
 >		log level</I
 ></TT
 ></A
 > parameter in the <TT
 CLASS="FILENAME"
 >		smb.conf(5)</TT
 > file.</P
 ></DD
 ><DT
 >-s &lt;smb.conf&gt;</DT
 ><DD
 ><P
 >This parameter specifies the pathname to 
 		the Samba configuration file, <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 >		smb.conf(5)</A
 >.  This file controls all aspects of
 		the Samba setup on the machine.</P
 ></DD
 ><DT
 >-i &lt;scope&gt;</DT
 ><DD
 ><P
 >This specifies a NetBIOS scope that
 		<B
 CLASS="COMMAND"
 >nmblookup</B
 > will use to communicate with when 
 		generating NetBIOS names. For details on the use of NetBIOS 
 		scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are 
 		<SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >very</I
 ></SPAN
 > rarely used, only set this parameter 
 		if you are the system administrator in charge of all the 
 		NetBIOS systems you communicate with.</P
 ></DD
 ><DT
 >-T</DT
 ><DD
 ><P
 >This causes any IP addresses found in the 
 		lookup to be looked up via a reverse DNS lookup into a 
-		DNS name, and printed out before each</P
+		DNS name, and printed out before each</p><p><span class="emphasis"><em>IP address .... NetBIOS name</em></span></p><p> pair that is the normal output.</p></dd><dt><span class="term">-f</span></dt><dd><p>
-><P
+		Show which flags apply to the name that has been looked up. Possible 
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >IP address .... NetBIOS name</I
 ></SPAN
 ></P
 ><P
 > pair that is the normal output.</P
 ></DD
 ><DT
 >-f</DT
 ><DD
 ><P
 >		Show which flags apply to the name that has been looked up. Possible 
 		answers are zero or more of: Response, Authoritative, 
 		Truncated, Recursion_Desired, Recursion_Available, Broadcast.
-		</P
+		</p></dd><dt><span class="term">name</span></dt><dd><p>This is the NetBIOS name being queried. Depending 
 ></DD
 ><DT
 >name</DT
 ><DD
 ><P
 >This is the NetBIOS name being queried. Depending 
 		upon the previous options this may be a NetBIOS name or IP address. 
 		If a NetBIOS name then the different name types may be specified 
 		by appending '#&lt;type&gt;' to the name. This name may also be
 		'*', which will return all registered names within a broadcast 
-		area.</P
+		area.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>EXAMPLES</h2><p><b class="command">nmblookup</b> can be used to query 
-></DD
+		a WINS server (in the same way <b class="command">nslookup</b> is 
-></DL
+		used to query DNS servers). To query a WINS server, <b class="command">nmblookup</b> 
-></DIV
+		must be called like this:</p><p><b class="command">nmblookup -U server -R 'name'</b></p><p>For example, running :</p><p><b class="command">nmblookup -U samba.org -R 'IRIX#1B'</b></p><p>would query the WINS server samba.org for the domain 
-></DIV
+		master browser (1B name type) for the IRIX workgroup.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of 
-><DIV
+	the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a>, and <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 CLASS="REFSECT1"
 ><A
 NAME="AEN115"
 ></A
 ><H2
 >EXAMPLES</H2
 ><P
 ><B
 CLASS="COMMAND"
 >nmblookup</B
 > can be used to query 
 		a WINS server (in the same way <B
 CLASS="COMMAND"
 >nslookup</B
 > is 
 		used to query DNS servers). To query a WINS server, 
 		<B
 CLASS="COMMAND"
 >nmblookup</B
 > must be called like this:</P
 ><P
 ><B
 CLASS="COMMAND"
 >nmblookup -U server -R 'name'</B
 ></P
 ><P
 >For example, running :</P
 ><P
 ><B
 CLASS="COMMAND"
 >nmblookup -U samba.org -R 'IRIX#1B'</B
 ></P
 ><P
 >would query the WINS server samba.org for the domain 
 		master browser (1B name type) for the IRIX workgroup.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN127"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 3.0 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN130"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="nmbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >nmbd(8)</B
 ></A
 >, 
 	<A
 HREF="samba.7.html"
 TARGET="_top"
 >samba(7)</A
 >, and	<A
 HREF="smb.conf.5.html"
 TARGET="_top"
 >smb.conf(5)</A
 >
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN137"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook
-></DIV
+	XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/optional.html
+++ b/docs/htmldocs/optional.html
--- a/docs/htmldocs/pam.html
+++ b/docs/htmldocs/pam.html
@ -1,137 +1,273 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter<EFBFBD>25.<2E>PAM based Distributed Authentication</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="optional.html" title="Part<72>III.<2E>Advanced Configuration"><link rel="previous" href="ProfileMgmt.html" title="Chapter<65>24.<2E>Desktop Profile Management"><link rel="next" href="integrate-ms-networks.html" title="Chapter<65>26.<2E>Integrating MS Windows networks with Samba"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter<EFBFBD>25.<2E>PAM based Distributed Authentication</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ProfileMgmt.html">Prev</a><EFBFBD></td><th width="60%" align="center">Part<EFBFBD>III.<2E>Advanced Configuration</th><td width="20%" align="right"><EFBFBD><a accesskey="n" href="integrate-ms-networks.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="pam"></a>Chapter<EFBFBD>25.<2E>PAM based Distributed Authentication</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Stephen</span> <span class="surname">Langasek</span></h3><div class="affiliation"><div class="address"><p><tt class="email">&lt;<a href="mailto:vorlon@netexpress.net">vorlon@netexpress.net</a>&gt;</tt></p></div></div></div></div><div><p class="pubdate">May 31, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="pam.html#id2995226">Features and Benefits</a></dt><dt><a href="pam.html#id2995494">Technical Discussion</a></dt><dd><dl><dt><a href="pam.html#id2995512">PAM Configuration Syntax</a></dt><dt><a href="pam.html#id2996183">Example System Configurations</a></dt><dt><a href="pam.html#id2996484">smb.conf PAM Configuration</a></dt><dt><a href="pam.html#id2996541">Remote CIFS Authentication using winbindd.so</a></dt><dt><a href="pam.html#id2996625">Password Synchronization using pam_smbpass.so</a></dt></dl></dd><dt><a href="pam.html#id2996992">Common Errors</a></dt><dd><dl><dt><a href="pam.html#id2997005">pam_winbind problem</a></dt></dl></dd></dl></div><p>
-<HTML
+This chapter you should help you to deploy winbind based authentication on any PAM enabled
-><HEAD
+Unix/Linux system. Winbind can be used to enable user level application access authentication
-><TITLE
+from any MS Windows NT Domain, MS Windows 200x Active Directory based domain, or any Samba
->Configuring PAM for distributed but centrally 
+based domain environment. It will also help you to configure PAM based local host access
-managed authentication</TITLE
+controls that are appropriate to your Samba configuration.
-><META
+</p><p>
-NAME="GENERATOR"
+In addition to knowing how to configure winbind into PAM, you will learn generic PAM managment
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
+possibilities and in particular how to deploy tools like pam_smbpass.so to your adavantage.
-"><LINK
+</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
-REL="HOME"
+The use of Winbind require more than PAM configuration alone. Please refer to <a href="winbind.html" title="Chapter<65>21.<2E>Integrated Logon Support using Winbind">the Winbind chapter</a>.
-TITLE="SAMBA Project Documentation"
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2995226"></a>Features and Benefits</h2></div></div><div></div></div><p>
-HREF="samba-howto-collection.html"><LINK
+A number of Unix systems (eg: Sun Solaris), as well as the xxxxBSD family and Linux,
-REL="UP"
+now utilize the Pluggable Authentication Modules (PAM) facility to provide all authentication, 
-TITLE="Optional configuration"
+authorization and resource control services. Prior to the introduction of PAM, a decision
-HREF="optional.html"><LINK
+to use an alternative to the system password database (<tt class="filename">/etc/passwd</tt>) 
-REL="PREVIOUS"
+would require the provision of alternatives for all programs that provide security services.
-TITLE="UNIX Permission Bits and Windows NT Access Control Lists"
+Such a choice would involve provision of alternatives to such programs as: <b class="command">login</b>, 
-HREF="unix-permissions.html"><LINK
+<b class="command">passwd</b>, <b class="command">chown</b>, etc.
-REL="NEXT"
+</p><p>
-TITLE="Hosting a Microsoft Distributed File System tree on Samba"
+PAM provides a mechanism that disconnects these security programs from the underlying
-HREF="msdfs.html"></HEAD
+authentication/authorization infrastructure.  PAM is configured either through one file
-><BODY
+<tt class="filename">/etc/pam.conf</tt> (Solaris), or by editing individual files that are
-CLASS="CHAPTER"
+located in <tt class="filename">/etc/pam.d</tt>.
-BGCOLOR="#FFFFFF"
+</p><p>
-TEXT="#000000"
+On PAM enabled Unix/Linux systems it is an easy matter to configure the system to use any
-LINK="#0000FF"
+authentication backend, so long as the appropriate dynamically loadable library modules
-VLINK="#840084"
+are available for it. The backend may be local to the system, or may be centralised on a
-ALINK="#0000FF"
+remote server.
-><DIV
+</p><p>
-CLASS="NAVHEADER"
+PAM support modules are available for:
-><TABLE
+</p><div class="variablelist"><dl><dt><span class="term"><tt class="filename">/etc/passwd</tt></span></dt><dd><p>-</p><p>
-SUMMARY="Header navigation table"
+		There are several PAM modules that interact with this standard Unix user
-WIDTH="100%"
+		database. The most common are called: pam_unix.so, pam_unix2.so, pam_pwdb.so
-BORDER="0"
+		and pam_userdb.so.
-CELLPADDING="0"
+		</p></dd><dt><span class="term">Kerberos</span></dt><dd><p>-</p><p>
-CELLSPACING="0"
+		The pam_krb5.so module allows the use of any Kerberos compliant server.
-><TR
+		This tool is used to access MIT Kerberos, Heimdal Kerberos, and potentially
-><TH
+		Microsoft Active Directory (if enabled).
-COLSPAN="3"
+		</p></dd><dt><span class="term">LDAP</span></dt><dd><p>-</p><p>
-ALIGN="center"
+		The pam_ldap.so module allows the use of any LDAP v2 or v3 compatible backend
->SAMBA Project Documentation</TH
+		server. Commonly used LDAP backend servers include: OpenLDAP v2.0 and v2.1,
-></TR
+		Sun ONE iDentity server, Novell eDirectory server, Microsoft Active Directory.
-><TR
+		</p></dd><dt><span class="term">NetWare Bindery</span></dt><dd><p>-</p><p>
-><TD
+		The pam_ncp_auth.so module allows authentication off any bindery enabled
-WIDTH="10%"
+		NetWare Core Protocol based server.
-ALIGN="left"
+		</p></dd><dt><span class="term">SMB Password</span></dt><dd><p>-</p><p>
-VALIGN="bottom"
+		This module, called pam_smbpass.so, will allow user authentication off
-><A
+		the passdb backend that is configured in the Samba <tt class="filename">smb.conf</tt> file.
-HREF="unix-permissions.html"
+		</p></dd><dt><span class="term">SMB Server</span></dt><dd><p>-</p><p>
-ACCESSKEY="P"
+		The pam_smb_auth.so module is the original MS Windows networking authentication
->Prev</A
+		tool. This module has been somewhat outdated by the Winbind module.
-></TD
+		</p></dd><dt><span class="term">Winbind</span></dt><dd><p>-</p><p>
-><TD
+		The pam_winbind.so module allows Samba to obtain authentication from any
-WIDTH="80%"
+		MS Windows Domain Controller. It can just as easily be used to authenticate
-ALIGN="center"
+		users for access to any PAM enabled application.
-VALIGN="bottom"
+		</p></dd><dt><span class="term">RADIUS</span></dt><dd><p>-</p><p>
-></TD
+		There is a PAM RADIUS (Remote Access Dial-In User Service) authentication
-><TD
+		module. In most cases the administrator will need to locate the source code
-WIDTH="10%"
+		for this tool and compile and install it themselves. RADIUS protocols are
-ALIGN="right"
+		used by many routers and terminal servers.
-VALIGN="bottom"
+		</p></dd></dl></div><p>
-><A
+Of the above, Samba provides the pam_smbpasswd.so and the pam_winbind.so modules alone.
-HREF="msdfs.html"
+</p><p>
-ACCESSKEY="N"
+Once configured, these permit a remarkable level of flexibility in the location and use
->Next</A
+of distributed samba domain controllers that can provide wide are network bandwidth
-></TD
+efficient authentication services for PAM capable systems. In effect, this allows the
-></TR
+deployment of centrally managed and maintained distributed authentication from a single
-></TABLE
+user account database.
-><HR
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2995494"></a>Technical Discussion</h2></div></div><div></div></div><p>
-ALIGN="LEFT"
+PAM is designed to provide the system administrator with a great deal of flexibility in
-WIDTH="100%"></DIV
+configuration of the privilege granting applications of their system. The local
-><DIV
+configuration of system security controlled by PAM is contained in one of two places:
-CLASS="CHAPTER"
+either the single system file, /etc/pam.conf; or the /etc/pam.d/ directory.
-><H1
+</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2995512"></a>PAM Configuration Syntax</h3></div></div><div></div></div><p>
-><A
+In this section we discuss the correct syntax of and generic options respected by entries to these files.
-NAME="PAM">Chapter 12. Configuring PAM for distributed but centrally 
+PAM specific tokens in the configuration file are case insensitive. The module paths, however, are case
-managed authentication</H1
+sensitive since they indicate a file's name and reflect the case dependence of typical file-systems.
-><DIV
+The case-sensitivity of the arguments to any given module is defined for each module in turn.
-CLASS="SECT1"
+</p><p>
-><H1
+In addition to the lines described below, there are two special characters provided for the convenience
-CLASS="SECT1"
+of the system administrator: comments are preceded by a `#' and extend to the next end-of-line; also,
-><A
+module specification lines may be extended with a `\' escaped newline. 
-NAME="AEN1788">12.1. Samba and PAM</H1
+</p><p>
-><P
+If the PAM authentication module (loadable link library file) is located in the
->A number of Unix systems (eg: Sun Solaris), as well as the 
+default location then it is not necessary to specify the path. In the case of
-xxxxBSD family and Linux, now utilize the Pluggable Authentication 
+Linux, the default location is <tt class="filename">/lib/security</tt>. If the module
-Modules (PAM) facility to provide all authentication, 
+is located outside the default then the path must be specified as:
-authorization and resource control services. Prior to the 
+</p><p>
-introduction of PAM, a decision to use an alternative to 
+</p><pre class="screen">
-the system password database (<TT
+auth  required  /other_path/pam_strange_module.so
-CLASS="FILENAME"
+</pre><p>
->/etc/passwd</TT
+</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2995568"></a>Anatomy of <tt class="filename">/etc/pam.d</tt> Entries</h4></div></div><div></div></div><p>
->) 
+The remaining information in this subsection was taken from the documentation of the Linux-PAM
-would require the provision of alternatives for all programs that provide 
+project. For more information on PAM, see 
-security services. Such a choice would involve provision of 
+<a href="http://ftp.kernel.org/pub/linux/libs/pam/" target="_top">
-alternatives to such programs as: <B
+http://ftp.kernel.org/pub/linux/libs/pam</a> The Official Linux-PAM home page.
-CLASS="COMMAND"
+</p><p>
->login</B
+A general configuration line of the /etc/pam.conf file has the following form:
->, 
+</p><p>
-<B
+</p><pre class="screen">
-CLASS="COMMAND"
+service-name   module-type   control-flag   module-path   args
->passwd</B
+</pre><p>
->, <B
+</p><p>
-CLASS="COMMAND"
+Below, we explain the meaning of each of these tokens. The second (and more recently adopted)
->chown</B
+way of configuring Linux-PAM is via the contents of the <tt class="filename">/etc/pam.d/</tt> directory.
->, etc.</P
+Once we have explained the meaning of the above tokens, we will describe this method.
-><P
+</p><div class="variablelist"><dl><dt><span class="term">service-name</span></dt><dd><p>-</p><p>
->PAM provides a mechanism that disconnects these security programs 
+		The name of the service associated with this entry. Frequently the service name is the conventional
-from the underlying authentication/authorization infrastructure.
+		name of the given application. For example, `ftpd', `rlogind' and `su', etc. .
-PAM is configured either through one file <TT
+		</p><p>
-CLASS="FILENAME"
+		There is a special service-name, reserved for defining a default authentication mechanism. It has
->/etc/pam.conf</TT
+		the name `OTHER' and may be specified in either lower or upper case characters. Note, when there
-> (Solaris), 
+		is a module specified for a named service, the `OTHER' entries are ignored.
-or by editing individual files that are located in <TT
+		</p></dd><dt><span class="term">module-type</span></dt><dd><p>-</p><p>
-CLASS="FILENAME"
+		One of (currently) four types of module. The four types are as follows:
->/etc/pam.d</TT
+		</p><div class="itemizedlist"><ul type="disc"><li><p>
->.</P
+			<span class="emphasis"><em>auth:</em></span> this module type provides two aspects of authenticating the user.
-><P
+			Firstly, it establishes that the user is who they claim to be, by instructing the application
->The following is an example <TT
+			to prompt the user for a password or other means of identification. Secondly, the module can
-CLASS="FILENAME"
+			grant group membership (independently of the <tt class="filename">/etc/groups</tt> file discussed
->/etc/pam.d/login</TT
+			above) or other privileges through its credential granting properties.
-> configuration file. 
+			</p></li><li><p>
 			<span class="emphasis"><em>account:</em></span> this module performs non-authentication based account management.
 			It is typically used to restrict/permit access to a service based on the time of day, currently
 		 	available system resources (maximum number of users) or perhaps the location of the applicant
 			user `root' login only on the console.
 			</p></li><li><p>
 			<span class="emphasis"><em>session:</em></span> primarily, this module is associated with doing things that need
 			to be done for the user before/after they can be given service. Such things include the loggin
 			of information concerning the opening/closing of some data exchange with a user, mountin
 			directories, etc.
 			</p></li><li><p>
 			<span class="emphasis"><em>password:</em></span> this last module type is required for updating the authentication
 			token associated with the user. Typically, there is one module for each `challenge/response'
 			based authentication (auth) module-type.
 			</p></li></ul></div></dd><dt><span class="term">control-flag</span></dt><dd><p>-</p><p>
 		The control-flag is used to indicate how the PAM library will react to the success or failure of the
 		module it is associated with. Since modules can be stacked (modules of the same type execute in series,
 		one after another), the control-flags determine the relative importance of each module. The application
 		is not made aware of the individual success or failure of modules listed in the
 		<tt class="filename">/etc/pam.conf</tt> file. Instead, it receives a summary success or fail response from
 		the Linux-PAM library. The order of execution of these modules is that of the entries in the
 		<tt class="filename">/etc/pam.conf</tt> file; earlier entries are executed before later ones.
 		As of Linux-PAM v0.60, this control-flag can be defined with one of two syntaxes.
 		</p><p>
 		The simpler (and historical) syntax for the control-flag is a single keyword defined to indicate the
 		severity of concern associated with the success or failure of a specific module. There are four such
 		<span class="emphasis"><em>keywords: required, requisite, sufficient and optional</em></span>.
 		</p><p>
 		The Linux-PAM library interprets these keywords in the following manner:
 		</p><div class="itemizedlist"><ul type="disc"><li><p>
 			<span class="emphasis"><em>required:</em></span> this indicates that the success of the module is required for the
 			module-type facility to succeed. Failure of this module will not be apparent to the user until all
 			of the remaining modules (of the same module-type) have been executed.
 			</p></li><li><p>
 			<span class="emphasis"><em>requisite:</em></span> like required, however, in the case that such a module returns a
 			failure, control is directly returned to the application. The return value is that associated with
 			the first required or requisite module to fail. Note, this flag can be used to protect against the
 			possibility of a user getting the opportunity to enter a password over an unsafe medium. It is
 			conceivable that such behavior might inform an attacker of valid accounts on a system. This
 			possibility should be weighed against the not insignificant concerns of exposing a sensitive
 			password in a hostile environment.
 			</p></li><li><p>
                        <span class="emphasis"><em>sufficient:</em></span> the success of this module is deemed `sufficient' to satisfy
 			the Linux-PAM library that this module-type has succeeded in its purpose. In the event that no
 			previous required module has failed, no more `stacked' modules of this type are invoked. (Note,
 			in this case subsequent required modules are not invoked.). A failure of this module is not deemed
 			as fatal to satisfying the application that this module-type has succeeded.
 			</p></li><li><p>
                        <span class="emphasis"><em>optional:</em></span> as its name suggests, this control-flag marks the module as not
 			being critical to the success or failure of the user's application for service. In general,
 			Linux-PAM ignores such a module when determining if the module stack will succeed or fail.
 			However, in the absence of any definite successes or failures of previous or subsequent stacked
 			modules this module will determine the nature of the response to the application. One example of
 			this latter case, is when the other modules return something like PAM_IGNORE.
 			</p></li></ul></div><p>
 		The more elaborate (newer) syntax is much more specific and gives the administrator a great deal of control
 		over how the user is authenticated. This form of the control flag is delimeted with square brackets and
 		consists of a series of value=action tokens:
 		</p><pre class="screen">
 		[value1=action1 value2=action2 ...]
 		</pre><p>
 		Here, valueI is one of the following return values: success; open_err; symbol_err; service_err;
 		system_err; buf_err; perm_denied; auth_err; cred_insufficient; authinfo_unavail; user_unknown; maxtries;
 		new_authtok_reqd; acct_expired; session_err; cred_unavail; cred_expired; cred_err; no_module_data; conv_err;
 		authtok_err; authtok_recover_err; authtok_lock_busy; authtok_disable_aging; try_again; ignore; abort;
 		authtok_expired; module_unknown; bad_item; and default. The last of these (default) can be used to set
 		the action for those return values that are not explicitly defined.
 		</p><p>
 		The actionI can be a positive integer or one of the following tokens: ignore; ok; done; bad; die; and reset.
 		A positive integer, J, when specified as the action, can be used to indicate that the next J modules of the
 		current module-type will be skipped. In this way, the administrator can develop a moderately sophisticated
 		stack of modules with a number of different paths of execution. Which path is taken can be determined by the
 		reactions of individual modules.
 		</p><div class="itemizedlist"><ul type="disc"><li><p>
 			<span class="emphasis"><em>ignore:</em></span> when used with a stack of modules, the module's return status will not
 			contribute to the return code the application obtains.
 			</p></li><li><p>
                        <span class="emphasis"><em>bad:</em></span> this action indicates that the return code should be thought of as indicative
 			of the module failing. If this module is the first in the stack to fail, its status value will be used
 			for that of the whole stack.
 			</p></li><li><p>
                        <span class="emphasis"><em>die:</em></span> equivalent to bad with the side effect of terminating the module stack and
 			PAM immediately returning to the application.
 			</p></li><li><p>
                        <span class="emphasis"><em>ok:</em></span> this tells PAM that the administrator thinks this return code should
 			contribute directly to the return code of the full stack of modules. In other words, if the former
 			state of the stack would lead to a return of PAM_SUCCESS, the module's return code will override
 			this value. Note, if the former state of the stack holds some value that is indicative of a modules
 			failure, this 'ok' value will not be used to override that value.
 			</p></li><li><p>
                        <span class="emphasis"><em>done:</em></span> equivalent to ok with the side effect of terminating the module stack and
 			PAM immediately returning to the application.
                        </p></li><li><p>
                        <span class="emphasis"><em>reset:</em></span> clear all memory of the state of the module stack and start again with
 			the next stacked module.
 			</p></li></ul></div><p>
 		Each of the four keywords: required; requisite; sufficient; and optional, have an equivalent expression in
 		terms of the [...] syntax. They are as follows:
 		</p><p>
 		</p><div class="itemizedlist"><ul type="disc"><li><p>
 			required is equivalent to [success=ok new_authtok_reqd=ok ignore=ignore default=bad]
 			</p></li><li><p>
 			requisite is equivalent to [success=ok new_authtok_reqd=ok ignore=ignore default=die]
 			</p></li><li><p>
 			sufficient is equivalent to [success=done new_authtok_reqd=done default=ignore]
 			</p></li><li><p>
 			optional is equivalent to [success=ok new_authtok_reqd=ok default=ignore]
 			</p></li></ul></div><p>
 		</p><p>
 		Just to get a feel for the power of this new syntax, here is a taste of what you can do with it. With Linux-PAM-0.63,
 		the notion of client plug-in agents was introduced. This is something that makes it possible for PAM to support
 		machine-machine authentication using the transport protocol inherent to the client/server application. With the
 		<span class="emphasis"><em>[ ... value=action ... ]</em></span> control syntax, it is possible for an application to be configured
 		to support binary prompts with compliant clients, but to gracefully fall over into an alternative authentication
 		mode for older, legacy, applications.
 		</p></dd><dt><span class="term">module-path</span></dt><dd><p>-</p><p>
 		The path-name of the dynamically loadable object file; the pluggable module itself. If the first character of the
 		module path is `/', it is assumed to be a complete path. If this is not the case, the given module path is appended
 		to the default module path: <tt class="filename">/lib/security</tt> (but see the notes above).
 		</p><p>
 		The args are a list of tokens that are passed to the module when it is invoked. Much like arguments to a typical
 		Linux shell command. Generally, valid arguments are optional and are specific to any given module. Invalid arguments
 		are ignored by a module, however, when encountering an invalid argument, the module is required to write an error
 		to syslog(3). For a list of generic options see the next section.
 		</p><p>
 		Note, if you wish to include spaces in an argument, you should surround that argument with square brackets. For example:
 		</p><pre class="screen">
 squid auth required pam_mysql.so user=passwd_query passwd=mada \
        db=eminence [query=select user_name from internet_service where \
                     user_name='%u' and password=PASSWORD('%p') and \
                     service='web_proxy']
 </pre><p>
 		Note, when using this convention, you can include `[' characters inside the string, and if you wish to include a `]'
 		character inside the string that will survive the argument parsing, you should use `\['. In other words:
 		</p><pre class="screen">
 [..[..\]..]    --&gt;   ..[..]..
 </pre><p>
 		Any line in (one of) the configuration file(s), that is not formatted correctly, will generally tend (erring on the
 		side of caution) to make the authentication process fail. A corresponding error is written to the system log files
 		with a call to syslog(3). 
 		</p></dd></dl></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996183"></a>Example System Configurations</h3></div></div><div></div></div><p>
 The following is an example <tt class="filename">/etc/pam.d/login</tt> configuration file. 
 This example had all options been uncommented is probably not usable 
 as it stacks many conditions before allowing successful completion 
 of the login process. Essentially all conditions can be disabled 
-by commenting them out except the calls to <TT
+by commenting them out except the calls to <tt class="filename">pam_pwdb.so</tt>.
-CLASS="FILENAME"
+</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996213"></a>PAM: original login config</h4></div></div><div></div></div><pre class="screen">
->pam_pwdb.so</TT
+#%PAM-1.0
 >.</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 >#%PAM-1.0
 # The PAM configuration file for the `login' service
 #
 auth         required    pam_securetty.so
@ -144,15 +280,11 @@ account		required	pam_pwdb.so
 session      required    pam_pwdb.so
 # session    optional    pam_lastlog.so
 # password   required    pam_cracklib.so retry=3
-password	required	pam_pwdb.so shadow md5</PRE
+password     required    pam_pwdb.so shadow md5
-></P
+</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996239"></a>PAM: login using pam_smbpass</h4></div></div><div></div></div><p>
-><P
+PAM allows use of replacable modules. Those available on a sample system include:
->PAM allows use of replacable modules. Those available on a 
+</p><p><tt class="prompt">$</tt><b class="userinput"><tt>/bin/ls /lib/security</tt></b>
-sample system include:</P
+</p><pre class="screen">
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 >$ /bin/ls /lib/security
 pam_access.so    pam_ftp.so          pam_limits.so     
 pam_ncp_auth.so  pam_rhosts_auth.so  pam_stress.so     
 pam_cracklib.so  pam_group.so        pam_listfile.so   
@ -164,262 +296,227 @@ pam_pwdb.so      pam_shells.so       pam_unix.so
 pam_env.so       pam_ldap.so         pam_motd.so       
 pam_radius.so    pam_smbpass.so      pam_unix_acct.so  
 pam_wheel.so     pam_unix_auth.so    pam_unix_passwd.so
-pam_userdb.so    pam_warn.so         pam_unix_session.so</PRE
+pam_userdb.so    pam_warn.so         pam_unix_session.so
-></P
+</pre><p>
-><P
+The following example for the login program replaces the use of 
->The following example for the login program replaces the use of 
+the <tt class="filename">pam_pwdb.so</tt> module which uses the system 
-the <TT
+password database (<tt class="filename">/etc/passwd</tt>,
-CLASS="FILENAME"
+<tt class="filename">/etc/shadow</tt>, <tt class="filename">/etc/group</tt>) with 
->pam_pwdb.so</TT
+the module <tt class="filename">pam_smbpass.so</tt> which uses the Samba 
 > module which uses the system 
 password database (<TT
 CLASS="FILENAME"
 >/etc/passwd</TT
 >,
 <TT
 CLASS="FILENAME"
 >/etc/shadow</TT
 >, <TT
 CLASS="FILENAME"
 >/etc/group</TT
 >) with 
 the module <TT
 CLASS="FILENAME"
 >pam_smbpass.so</TT
 > which uses the Samba 
 database which contains the Microsoft MD4 encrypted password 
 hashes. This database is stored in either 
-<TT
+<tt class="filename">/usr/local/samba/private/smbpasswd</tt>, 
-CLASS="FILENAME"
+<tt class="filename">/etc/samba/smbpasswd</tt>, or in 
->/usr/local/samba/private/smbpasswd</TT
+<tt class="filename">/etc/samba.d/smbpasswd</tt>, depending on the 
 >, 
 <TT
 CLASS="FILENAME"
 >/etc/samba/smbpasswd</TT
 >, or in 
 <TT
 CLASS="FILENAME"
 >/etc/samba.d/smbpasswd</TT
 >, depending on the 
 Samba implementation for your Unix/Linux system. The 
-<TT
+<tt class="filename">pam_smbpass.so</tt> module is provided by 
 CLASS="FILENAME"
 >pam_smbpass.so</TT
 > module is provided by 
 Samba version 2.2.1 or later. It can be compiled by specifying the 
-<B
+<tt class="option">--with-pam_smbpass</tt> options when running Samba's
-CLASS="COMMAND"
+<b class="command">configure</b> script.  For more information
->--with-pam_smbpass</B
+on the <tt class="filename">pam_smbpass</tt> module, see the documentation
-> options when running Samba's
+in the <tt class="filename">source/pam_smbpass</tt> directory of the Samba 
-<TT
+source distribution.
-CLASS="FILENAME"
+</p><pre class="screen">
->configure</TT
+#%PAM-1.0
 > script.  For more information
 on the <TT
 CLASS="FILENAME"
 >pam_smbpass</TT
 > module, see the documentation
 in the <TT
 CLASS="FILENAME"
 >source/pam_smbpass</TT
 > directory of the Samba 
 source distribution.</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 >#%PAM-1.0
 # The PAM configuration file for the `login' service
 #
 auth        required    pam_smbpass.so nodelay
 account     required    pam_smbpass.so nodelay
 session     required    pam_smbpass.so nodelay
-password	required	pam_smbpass.so nodelay</PRE
+password    required    pam_smbpass.so nodelay
-></P
+</pre><p>
-><P
+The following is the PAM configuration file for a particular 
->The following is the PAM configuration file for a particular 
+Linux system. The default condition uses <tt class="filename">pam_pwdb.so</tt>.
-Linux system. The default condition uses <TT
+</p><pre class="screen">
-CLASS="FILENAME"
+#%PAM-1.0
 >pam_pwdb.so</TT
 >.</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 >#%PAM-1.0
 # The PAM configuration file for the `samba' service
 #
-auth       required     /lib/security/pam_pwdb.so nullok nodelay shadow audit
+auth       required     pam_pwdb.so nullok nodelay shadow audit
-account    required     /lib/security/pam_pwdb.so audit nodelay
+account    required     pam_pwdb.so audit nodelay
-session    required     /lib/security/pam_pwdb.so nodelay
+session    required     pam_pwdb.so nodelay
-password   required     /lib/security/pam_pwdb.so shadow md5</PRE
+password   required     pam_pwdb.so shadow md5
-></P
+</pre><p>
-><P
+In the following example the decision has been made to use the 
 >In the following example the decision has been made to use the 
 smbpasswd database even for basic samba authentication. Such a 
 decision could also be made for the passwd program and would 
 thus allow the smbpasswd passwords to be changed using the passwd 
-program.</P
+program.
-><P
+</p><pre class="screen">
-><PRE
+#%PAM-1.0
 CLASS="PROGRAMLISTING"
 >#%PAM-1.0
 # The PAM configuration file for the `samba' service
 #
-auth       required     /lib/security/pam_smbpass.so nodelay
+auth       required     pam_smbpass.so nodelay
-account    required     /lib/security/pam_pwdb.so audit nodelay
+account    required     pam_pwdb.so audit nodelay
-session    required     /lib/security/pam_pwdb.so nodelay
+session    required     pam_pwdb.so nodelay
-password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf</PRE
+password   required     pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf
-></P
+</pre><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>PAM allows stacking of authentication mechanisms. It is 
 ><P
 >Note: PAM allows stacking of authentication mechanisms. It is 
 also possible to pass information obtained within one PAM module through 
 to the next module in the PAM stack. Please refer to the documentation for 
 your particular system implementation for details regarding the specific 
 capabilities of PAM in this environment. Some Linux implmentations also 
-provide the <TT
+provide the <tt class="filename">pam_stack.so</tt> module that allows all 
 CLASS="FILENAME"
 >pam_stack.so</TT
 > module that allows all 
 authentication to be configured in a single central file. The 
-<TT
+<tt class="filename">pam_stack.so</tt> method has some very devoted followers 
 CLASS="FILENAME"
 >pam_stack.so</TT
 > method has some very devoted followers 
 on the basis that it allows for easier administration. As with all issues in 
 life though, every decision makes trade-offs, so you may want examine the 
-PAM documentation for further helpful information.</P
+PAM documentation for further helpful information.
-></DIV
+</p></div></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996484"></a>smb.conf PAM Configuration</h3></div></div><div></div></div><p>
-><DIV
+There is an option in smb.conf called <a href="smb.conf.5.html#OBEYPAMRESTRICTIONS" target="_top">obey pam restrictions</a>. 
-CLASS="SECT1"
+The following is from the on-line help for this option in SWAT;
-><H1
+</p><p>
-CLASS="SECT1"
+When Samba-3 is configured to enable PAM support (i.e. 
-><A
+<tt class="option">--with-pam</tt>), this parameter will 
 NAME="AEN1832">12.2. Distributed Authentication</H1
 ><P
 >The astute administrator will realize from this that the 
 combination of <TT
 CLASS="FILENAME"
 >pam_smbpass.so</TT
 >, 
 <B
 CLASS="COMMAND"
 >winbindd</B
 >, and <B
 CLASS="COMMAND"
 >rsync</B
 > (see
 <A
 HREF="http://rsync.samba.org/"
 TARGET="_top"
 >http://rsync.samba.org/</A
 >)
 will allow the establishment of a centrally managed, distributed 
 user/password database that can also be used by all 
 PAM (eg: Linux) aware programs and applications. This arrangement 
 can have particularly potent advantages compared with the 
 use of Microsoft Active Directory Service (ADS) in so far as 
 reduction of wide area network authentication traffic.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN1839">12.3. PAM Configuration in smb.conf</H1
 ><P
 >There is an option in smb.conf called <A
 HREF="smb.conf.5.html#OBEYPAMRESTRICTIONS"
 TARGET="_top"
 >obey pam restrictions</A
 >. 
 The following is from the on-line help for this option in SWAT;</P
 ><P
 >When Samba 2.2 is configure to enable PAM support (i.e. 
 <TT
 CLASS="CONSTANT"
 >--with-pam</TT
 >), this parameter will 
 control whether or not Samba should obey PAM's account 
 and session management directives. The default behavior 
 is to use PAM for clear text authentication only and to 
 ignore any account or session management. Note that Samba always 
 ignores PAM for authentication in the case of 
-<A
+<a href="smb.conf.5.html#ENCRYPTPASSWORDS" target="_top">encrypt passwords = yes</a>. 
 HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
 TARGET="_top"
 >encrypt passwords = yes</A
 >. 
 The reason is that PAM modules cannot support the challenge/response 
 authentication mechanism needed in the presence of SMB 
-password encryption. </P
+password encryption. 
-><P
+</p><p>Default: <i class="parameter"><tt>obey pam restrictions = no</tt></i></p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996541"></a>Remote CIFS Authentication using winbindd.so</h3></div></div><div></div></div><p>
->Default: <B
+All operating systems depend on the provision of users credentials accecptable to the platform.
-CLASS="COMMAND"
+Unix requires the provision of a user identifier (UID) as well as a group identifier (GID).
->obey pam restrictions = no</B
+These are both simple integer type numbers that are obtained from a password backend such
-></P
+as <tt class="filename">/etc/passwd</tt>.
-></DIV
+</p><p>
-></DIV
+Users and groups on a Windows NT server are assigned a relative id (rid) which is unique for
-><DIV
+the domain when the user or group is created. To convert the Windows NT user or group into
-CLASS="NAVFOOTER"
+a  unix user or group, a mapping between rids and unix user and group ids is required. This
-><HR
+is one of the jobs that winbind performs.
-ALIGN="LEFT"
+</p><p>
-WIDTH="100%"><TABLE
+As winbind users and groups are resolved from a server, user and group ids are allocated
-SUMMARY="Footer navigation table"
+from a specified range. This is done on a first come, first served basis, although all
-WIDTH="100%"
+existing users and groups will be mapped as soon as a client performs a user or  group 
-BORDER="0"
+enumeration command.  The allocated unix ids are stored in a database file under the Samba
-CELLPADDING="0"
+lock directory and will be remembered.
-CELLSPACING="0"
+</p><p>
-><TR
+The astute administrator will realize from this that the combination of <tt class="filename">pam_smbpass.so</tt>, 
-><TD
+<b class="command">winbindd</b>, and a distributed passdb backend, such as ldap, will allow the establishment of a
-WIDTH="33%"
+centrally managed, distributed user/password database that can also be used by all PAM (eg: Linux) aware
-ALIGN="left"
+programs and applications. This arrangement can have particularly potent advantages compared with the use of
-VALIGN="top"
+Microsoft Active Directory Service (ADS) in so far as reduction of wide area network authentication traffic.
-><A
+</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
-HREF="unix-permissions.html"
+The rid to unix id database is the only location where the user and group  mappings are 
-ACCESSKEY="P"
+stored by winbindd.  If this file is deleted or corrupted, there is no way for winbindd
->Prev</A
+to determine which user and group ids correspond to Windows NT user and group rids.
-></TD
+</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2996625"></a>Password Synchronization using pam_smbpass.so</h3></div></div><div></div></div><p>
-><TD
+pam_smbpass is a PAM module which can be used on conforming systems to
-WIDTH="34%"
+keep the smbpasswd (Samba password) database in sync with the unix
-ALIGN="center"
+password file. PAM (Pluggable Authentication Modules) is an API supported
-VALIGN="top"
+under some Unices, such as Solaris, HPUX and Linux, that provides a
-><A
+generic interface to authentication mechanisms.
-HREF="samba-howto-collection.html"
+</p><p>
-ACCESSKEY="H"
+This module authenticates a local smbpasswd user database.  If you require
->Home</A
+support for authenticating against a remote SMB server, or if you're
-></TD
+concerned about the presence of suid root binaries on your system, it is
-><TD
+recommended that you use pam_winbind instead.
-WIDTH="33%"
+</p><p>
-ALIGN="right"
+Options recognized by this module are as follows:
-VALIGN="top"
+</p><div class="table"><a name="id2996658"></a><p class="title"><b>Table<EFBFBD>25.1.<2E>Options recognized by pam_smbpass</b></p><table summary="Options recognized by pam_smbpass" border="1"><colgroup><col><col></colgroup><tbody><tr><td align="left">debug</td><td align="left">log more debugging info</td></tr><tr><td align="left">audit</td><td align="left">like debug, but also logs unknown usernames</td></tr><tr><td align="left">use_first_pass</td><td align="left">don't prompt the user for passwords; take them from PAM_ items instead</td></tr><tr><td align="left">try_first_pass</td><td align="left">try to get the password from a previous PAM module, fall back to prompting the user</td></tr><tr><td align="left">use_authtok</td><td align="left">like try_first_pass, but *fail* if the new PAM_AUTHTOK has not been previously set. (intended for stacking password modules only)</td></tr><tr><td align="left">not_set_pass</td><td align="left">don't make passwords used by this module available to other modules.</td></tr><tr><td align="left">nodelay</td><td align="left">don't insert ~1 second delays on authentication failure.</td></tr><tr><td align="left">nullok</td><td align="left">null passwords are allowed.</td></tr><tr><td align="left">nonull</td><td align="left">null passwords are not allowed. Used to override the Samba configuration.</td></tr><tr><td align="left">migrate</td><td align="left">only meaningful in an &quot;auth&quot; context; used to update smbpasswd file with a password used for successful authentication.</td></tr><tr><td align="left">smbconf=<i class="replaceable"><tt>file</tt></i></td><td align="left">specify an alternate path to the <tt class="filename">smb.conf</tt> file.</td></tr></tbody></table></div><p>
-><A
+</p><p>
-HREF="msdfs.html"
+Thanks go to the following people:
-ACCESSKEY="N"
+</p><table class="simplelist" border="0" summary="Simple list"><tr><td><a href="mailto:morgan@transmeta.com" target="_top">Andrew Morgan</a>, for providing the Linux-PAM
->Next</A
+	framework, without which none of this would have happened</td></tr><tr><td><a href="gafton@redhat.com" target="_top">Christian Gafton</a> and Andrew Morgan again, for the
-></TD
+	pam_pwdb module upon which pam_smbpass was originally based</td></tr><tr><td><a href="lkcl@switchboard.net" target="_top">Luke Leighton</a> for being receptive to the idea,
-></TR
+	and for the occasional good-natured complaint about the project's status
-><TR
+	that keep me working on it :)</td></tr></table><p>.
-><TD
+</p><p>
-WIDTH="33%"
+The following are examples of the use of pam_smbpass.so in the format of Linux
-ALIGN="left"
+<tt class="filename">/etc/pam.d/</tt> files structure. Those wishing to implement this
-VALIGN="top"
+tool on other platforms will need to adapt this appropriately.
->UNIX Permission Bits and Windows NT Access Control Lists</TD
+</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996858"></a>Password Synchronisation Configuration</h4></div></div><div></div></div><p>
-><TD
+A sample PAM configuration that shows the use of pam_smbpass to make
-WIDTH="34%"
+sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow)
-ALIGN="center"
+is changed.  Useful when an expired password might be changed by an
-VALIGN="top"
+application (such as ssh).
-><A
+</p><pre class="screen">
-HREF="optional.html"
+#%PAM-1.0
-ACCESSKEY="U"
+# password-sync
->Up</A
+#
-></TD
+auth       requisite    pam_nologin.so
-><TD
+auth       required     pam_unix.so
-WIDTH="33%"
+account    required     pam_unix.so
-ALIGN="right"
+password   requisite    pam_cracklib.so retry=3
-VALIGN="top"
+password   requisite    pam_unix.so shadow md5 use_authtok try_first_pass
->Hosting a Microsoft Distributed File System tree on Samba</TD
+password   required     pam_smbpass.so nullok use_authtok try_first_pass
-></TR
+session    required     pam_unix.so
-></TABLE
+</pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996891"></a>Password Migration Configuration</h4></div></div><div></div></div><p>
-></DIV
+A sample PAM configuration that shows the use of pam_smbpass to migrate
-></BODY
+from plaintext to encrypted passwords for Samba.  Unlike other methods,
-></HTML
+this can be used for users who have never connected to Samba shares:
->
+password migration takes place when users ftp in, login using ssh, pop
 their mail, etc.
 </p><pre class="screen">
 #%PAM-1.0
 # password-migration
 #
 auth       requisite   pam_nologin.so
 # pam_smbpass is called IF pam_unix succeeds.
 auth       requisite   pam_unix.so
 auth       optional    pam_smbpass.so migrate
 account    required    pam_unix.so
 password   requisite   pam_cracklib.so retry=3
 password   requisite   pam_unix.so shadow md5 use_authtok try_first_pass
 password   optional    pam_smbpass.so nullok use_authtok try_first_pass
 session    required    pam_unix.so
 </pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996926"></a>Mature Password Configuration</h4></div></div><div></div></div><p>
 A sample PAM configuration for a 'mature' smbpasswd installation.
 private/smbpasswd is fully populated, and we consider it an error if
 the smbpasswd doesn't exist or doesn't match the Unix password.
 </p><pre class="screen">
 #%PAM-1.0
 # password-mature
 #
 auth       requisite    pam_nologin.so
 auth       required     pam_unix.so
 account    required     pam_unix.so
 password   requisite    pam_cracklib.so retry=3
 password   requisite    pam_unix.so shadow md5 use_authtok try_first_pass
 password   required     pam_smbpass.so use_authtok use_first_pass
 session    required     pam_unix.so
 </pre></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2996958"></a>Kerberos Password Integration Configuration</h4></div></div><div></div></div><p>
 A sample PAM configuration that shows pam_smbpass used together with
 pam_krb5.  This could be useful on a Samba PDC that is also a member of
 a Kerberos realm.
 </p><pre class="screen">
 #%PAM-1.0
 # kdc-pdc
 #
 auth       requisite   pam_nologin.so
 auth       requisite   pam_krb5.so
 auth       optional    pam_smbpass.so migrate
 account    required    pam_krb5.so
 password   requisite   pam_cracklib.so retry=3
 password   optional    pam_smbpass.so nullok use_authtok try_first_pass
 password   required    pam_krb5.so use_authtok try_first_pass
 session    required    pam_krb5.so
 </pre></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2996992"></a>Common Errors</h2></div></div><div></div></div><p>
 PAM can be a very fickle and sensitive to configuration glitches. Here we look at a few cases from
 the Samba mailing list.
 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2997005"></a>pam_winbind problem</h3></div></div><div></div></div><p>
 	I have the following PAM configuration:
 	</p><p>
 </p><pre class="screen">
 auth required /lib/security/pam_securetty.so
 auth sufficient /lib/security/pam_winbind.so
 auth sufficient /lib/security/pam_unix.so use_first_pass nullok
 auth required /lib/security/pam_stack.so service=system-auth
 auth required /lib/security/pam_nologin.so
 account required /lib/security/pam_stack.so service=system-auth
 account required /lib/security/pam_winbind.so
 password required /lib/security/pam_stack.so service=system-auth
 </pre><p>
 </p><p>
 	When I open a new console with [ctrl][alt][F1], then I cant log in with my user &quot;pitie&quot;.
 	I've tried with user &quot;scienceu+pitie&quot; also.
 	</p><p>
 	Answer: The problem may lie with your inclusion of <i class="parameter"><tt>pam_stack.so
 	service=system-auth</tt></i>. That file often contains a lot of stuff that may
 	duplicate what you're already doing. Try commenting out the pam_stack lines
 	for auth and account and see if things work. If they do, look at
 	<tt class="filename">/etc/pam.d/system-auth</tt> and copy only what you need from it into your
 	<tt class="filename">/etc/pam.d/login</tt> file.  Alternatively, if you want all services to use
 	winbind, you can put the winbind-specific stuff in <tt class="filename">/etc/pam.d/system-auth</tt>.
 	</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ProfileMgmt.html">Prev</a><EFBFBD></td><td width="20%" align="center"><a accesskey="u" href="optional.html">Up</a></td><td width="40%" align="right"><EFBFBD><a accesskey="n" href="integrate-ms-networks.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter<EFBFBD>24.<2E>Desktop Profile Management<6E></td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"><EFBFBD>Chapter<EFBFBD>26.<2E>Integrating MS Windows networks with Samba</td></tr></table></div></body></html>
--- a/docs/htmldocs/pdbedit.8.html
+++ b/docs/htmldocs/pdbedit.8.html
@ -1,606 +1,136 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>pdbedit</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="pdbedit.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>pdbedit &#8212; manage the SAM database</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">pdbedit</tt>  [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy] [-C value]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>The pdbedit program is used to manage the users accounts
-<HTML
+	stored in the sam database and can only be run by root.</p><p>The pdbedit tool uses the passdb modular interface and is
 ><HEAD
 ><TITLE
 >pdbedit</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
 "></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="PDBEDIT">pdbedit</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >pdbedit&nbsp;--&nbsp;manage the SAM database</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >pdbedit</B
 > [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-g] [-b passdb-backend] [-d debuglevel] [-s configfile] [-P account-policy] [-V value]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN31"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 >The pdbedit program is used to manage the users accounts
 	stored in the sam database and can only be run by root.</P
 ><P
 >The pdbedit tool uses the passdb modular interface and is
 	independent from the kind of users database used (currently there
 	are smbpasswd, ldap, nis+ and tdb based and more can be added
-	without changing the tool).</P
+	without changing the tool).</p><p>There are five main ways to use pdbedit: adding a user account,
 ><P
 >There are five main ways to use pdbedit: adding a user account,
 	removing a user account, modifing a user account, listing user
-	accounts, importing users accounts.</P
+	accounts, importing users accounts.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-L</span></dt><dd><p>This option lists all the user accounts
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN38"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-l</DT
 ><DD
 ><P
 >This option lists all the user accounts
 		present in the users database.
 		This option prints a list of user/uid pairs separated by
-		the ':' character.</P
+		the ':' character.</p><p>Example: <b class="command">pdbedit -L</b></p><pre class="screen">
-><P
+sorce:500:Simo Sorce
->Example: <B
+samba:45:Test User
-CLASS="COMMAND"
+</pre></dd><dt><span class="term">-v</span></dt><dd><p>This option enables the verbose listing format.
 >pdbedit -l</B
 ></P
 ><P
 ><TABLE
 BORDER="0"
 BGCOLOR="#E0E0E0"
 WIDTH="90%"
 ><TR
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >		sorce:500:Simo Sorce
 		samba:45:Test User
 		</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ></DD
 ><DT
 >-v</DT
 ><DD
 ><P
 >This option enables the verbose listing format.
 		It causes pdbedit to list the users in the database, printing
-		out the account fields in a descriptive format.</P
+		out the account fields in a descriptive format.</p><p>Example: <b class="command">pdbedit -l -v</b></p><pre class="screen">
-><P
+---------------
->Example: <B
+username:       sorce
-CLASS="COMMAND"
+user ID/Group:  500/500
->pdbedit -l -v</B
+user RID/GRID:  2000/2001
-></P
+Full Name:      Simo Sorce
-><P
+Home Directory: \\BERSERKER\sorce
-><TABLE
+HomeDir Drive:  H:
-BORDER="0"
+Logon Script:   \\BERSERKER\netlogon\sorce.bat
-BGCOLOR="#E0E0E0"
+Profile Path:   \\BERSERKER\profile
-WIDTH="90%"
+---------------
-><TR
+username:       samba
-><TD
+user ID/Group:  45/45
-><PRE
+user RID/GRID:  1090/1091
-CLASS="PROGRAMLISTING"
+Full Name:      Test User
->		---------------
+Home Directory: \\BERSERKER\samba
-		username:       sorce
+HomeDir Drive:  
-		user ID/Group:  500/500
+Logon Script:   
-		user RID/GRID:  2000/2001
+Profile Path:   \\BERSERKER\profile
-		Full Name:      Simo Sorce
+</pre></dd><dt><span class="term">-w</span></dt><dd><p>This option sets the &quot;smbpasswd&quot; listing format.
 		Home Directory: \\BERSERKER\sorce
 		HomeDir Drive:  H:
 		Logon Script:   \\BERSERKER\netlogon\sorce.bat
 		Profile Path:   \\BERSERKER\profile
 		---------------
 		username:       samba
 		user ID/Group:  45/45
 		user RID/GRID:  1090/1091
 		Full Name:      Test User
 		Home Directory: \\BERSERKER\samba
 		HomeDir Drive:  
 		Logon Script:   
 		Profile Path:   \\BERSERKER\profile
 		</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ></DD
 ><DT
 >-w</DT
 ><DD
 ><P
 >This option sets the "smbpasswd" listing format.
 		It will make pdbedit list the users in the database, printing
 		out the account fields in a format compatible with the
-		<TT
+		<tt class="filename">smbpasswd</tt> file format. (see the
-CLASS="FILENAME"
+		<a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> for details)</p><p>Example: <b class="command">pdbedit -L -w</b></p><pre class="screen">
->smbpasswd</TT
+sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
-> file format. (see the <A
+samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:
-HREF="smbpasswd.5.html"
+</pre></dd><dt><span class="term">-u username</span></dt><dd><p>This option specifies the username to be
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smbpasswd(5)</TT
 ></A
 > for details)</P
 ><P
 >Example: <B
 CLASS="COMMAND"
 >pdbedit -l -w</B
 ></P
 ><P
 ><TABLE
 BORDER="0"
 BGCOLOR="#E0E0E0"
 WIDTH="90%"
 ><TR
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >		sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
 		samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:
 		</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ></DD
 ><DT
 >-u username</DT
 ><DD
 ><P
 >This option specifies the username to be
 		used for the operation requested (listing, adding, removing).
-		It is <I
+		It is <span class="emphasis"><em>required</em></span> in add, remove and modify
-CLASS="EMPHASIS"
+		operations and <span class="emphasis"><em>optional</em></span> in list
->required</I
+		operations.</p></dd><dt><span class="term">-f fullname</span></dt><dd><p>This option can be used while adding or
 > in add, remove and modify
 		operations and <I
 CLASS="EMPHASIS"
 >optional</I
 > in list
 		operations.</P
 ></DD
 ><DT
 >-f fullname</DT
 ><DD
 ><P
 >This option can be used while adding or
 		modifing a user account. It will specify the user's full
-		name. </P
+		name. </p><p>Example: <b class="command">-f &quot;Simo Sorce&quot;</b></p></dd><dt><span class="term">-h homedir</span></dt><dd><p>This option can be used while adding or
 ><P
 >Example: <B
 CLASS="COMMAND"
 >-f "Simo Sorce"</B
 ></P
 ></DD
 ><DT
 >-h homedir</DT
 ><DD
 ><P
 >This option can be used while adding or
 		modifing a user account. It will specify the user's home
-		directory network path.</P
+		directory network path.</p><p>Example: <b class="command">-h &quot;\\\\BERSERKER\\sorce&quot;</b>
-><P
+		</p></dd><dt><span class="term">-D drive</span></dt><dd><p>This option can be used while adding or
 >Example: <B
 CLASS="COMMAND"
 >-h "\\\\BERSERKER\\sorce"</B
 >
 		</P
 ></DD
 ><DT
 >-D drive</DT
 ><DD
 ><P
 >This option can be used while adding or
 		modifing a user account. It will specify the windows drive
-		letter to be used to map the home directory.</P
+		letter to be used to map the home directory.</p><p>Example: <b class="command">-d &quot;H:&quot;</b>
-><P
+		</p></dd><dt><span class="term">-S script</span></dt><dd><p>This option can be used while adding or
 >Example: <B
 CLASS="COMMAND"
 >-d "H:"</B
 >
 		</P
 ></DD
 ><DT
 >-S script</DT
 ><DD
 ><P
 >This option can be used while adding or
 		modifing a user account. It will specify the user's logon
-		script path.</P
+		script path.</p><p>Example: <b class="command">-s &quot;\\\\BERSERKER\\netlogon\\sorce.bat&quot;</b>
-><P
+		</p></dd><dt><span class="term">-p profile</span></dt><dd><p>This option can be used while adding or
 >Example: <B
 CLASS="COMMAND"
 >-s "\\\\BERSERKER\\netlogon\\sorce.bat"</B
 >
 		</P
 ></DD
 ><DT
 >-p profile</DT
 ><DD
 ><P
 >This option can be used while adding or
 		modifing a user account. It will specify the user's profile
-		directory.</P
+		directory.</p><p>Example: <b class="command">-p &quot;\\\\BERSERKER\\netlogon&quot;</b>
-><P
+		</p></dd><dt><span class="term">-G SID|rid</span></dt><dd><p>
->Example: <B
+		This option can be used while adding or modifying a user account. It 
-CLASS="COMMAND"
+		will specify the users' new primary group SID (Security Identifier) or 
->-p "\\\\BERSERKER\\netlogon"</B
+		rid. </p><p>Example: <b class="command">-G S-1-5-21-2447931902-1787058256-3961074038-1201</b></p></dd><dt><span class="term">-U SID|rid</span></dt><dd><p>
->
+		This option can be used while adding or modifying a user account. It 
-		</P
+		will specify the users' new SID (Security Identifier) or 
-></DD
+		rid. </p><p>Example: <b class="command">-U S-1-5-21-2447931902-1787058256-3961074038-5004</b></p></dd><dt><span class="term">-c account-control</span></dt><dd><p>This option can be used while adding or modifying a user
-><DT
+		account. It will specify the users' account control property. Possible
->-a</DT
+		flags that can be set are: N, D, H, L, X.				
-><DD
+		</p><p>Example: <b class="command">-c &quot;[X          ]&quot;</b></p></dd><dt><span class="term">-a</span></dt><dd><p>This option is used to add a user into the
 ><P
 >This option is used to add a user into the
 		database. This command needs a user name specified with
 		the -u switch. When adding a new user, pdbedit will also
-		ask for the password to be used.</P
+		ask for the password to be used.</p><p>Example: <b class="command">pdbedit -a -u sorce</b>
-><P
+</p><pre class="programlisting">new password:
->Example: <B
+retype new password
-CLASS="COMMAND"
+</pre><p>
->pdbedit -a -u sorce</B
+</p></dd><dt><span class="term">-r</span></dt><dd><p>This option is used to modify an existing user 
->
+		in the database. This command needs a user name specified with the -u 
-		<TABLE
+		switch. Other options can be specified to modify the properties of 
-BORDER="0"
+		the specified user. This flag is kept for backwards compatibility, but 
-BGCOLOR="#E0E0E0"
+		it is no longer necessary to specify it.
-WIDTH="90%"
+		</p></dd><dt><span class="term">-m</span></dt><dd><p>This option may only be used in conjunction 
-><TR
+		with the <i class="parameter"><tt>-a</tt></i> option. It will make
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >new password:
 		retype new password</PRE
 ></TD
 ></TR
 ></TABLE
 >
                </P
 ></DD
 ><DT
 >-m</DT
 ><DD
 ><P
 >This option may only be used in conjunction 
 		with the <TT
 CLASS="PARAMETER"
 ><I
 >-a</I
 ></TT
 > option. It will make
 		pdbedit to add a machine trust account instead of a user
-		account (-u username will provide the machine name).</P
+		account (-u username will provide the machine name).</p><p>Example: <b class="command">pdbedit -a -m -u w2k-wks</b>
-><P
+		</p></dd><dt><span class="term">-x</span></dt><dd><p>This option causes pdbedit to delete an account
 >Example: <B
 CLASS="COMMAND"
 >pdbedit -a -m -u w2k-wks</B
 >
 		</P
 ></DD
 ><DT
 >-x</DT
 ><DD
 ><P
 >This option causes pdbedit to delete an account
 		from the database. It needs a username specified with the
-		-u switch.</P
+		-u switch.</p><p>Example: <b class="command">pdbedit -x -u bob</b></p></dd><dt><span class="term">-i passdb-backend</span></dt><dd><p>Use a different passdb backend to retrieve users
 ><P
 >Example: <B
 CLASS="COMMAND"
 >pdbedit -x -u bob</B
 ></P
 ></DD
 ><DT
 >-i passdb-backend</DT
 ><DD
 ><P
 >Use a different passdb backend to retrieve users
                than the one specified in smb.conf. Can be used to import data into
-                your local user database.</P
+                your local user database.</p><p>This option will ease migration from one passdb backend to
-><P
+		another.</p><p>Example: <b class="command">pdbedit -i smbpasswd:/etc/smbpasswd.old
->This option will ease migration from one passdb backend to
+                </b></p></dd><dt><span class="term">-e passdb-backend</span></dt><dd><p>Exports all currently available users to the
-		another.</P
+		specified password database backend.</p><p>This option will ease migration from one passdb backend to
-><P
+		another and will ease backing up.</p><p>Example: <b class="command">pdbedit -e smbpasswd:/root/samba-users.backup</b></p></dd><dt><span class="term">-g</span></dt><dd><p>If you specify <i class="parameter"><tt>-g</tt></i>,
->Example: <B
+		then <i class="parameter"><tt>-i in-backend -e out-backend</tt></i>
-CLASS="COMMAND"
+		applies to the group mapping instead of the user database.</p><p>This option will ease migration from one passdb backend to
->pdbedit -i smbpasswd:/etc/smbpasswd.old
+		another and will ease backing up.</p></dd><dt><span class="term">-b passdb-backend</span></dt><dd><p>Use a different default passdb backend. </p><p>Example: <b class="command">pdbedit -b xml:/root/pdb-backup.xml -l</b></p></dd><dt><span class="term">-P account-policy</span></dt><dd><p>Display an account policy</p><p>Valid policies are: minimum password age, reset count minutes, disconnect time,
                </B
 ></P
 ></DD
 ><DT
 >-e passdb-backend</DT
 ><DD
 ><P
 >Exports all currently available users to the
 		specified password database backend.</P
 ><P
 >This option will ease migration from one passdb backend to
 		another and will ease backing up.</P
 ><P
 >Example: <B
 CLASS="COMMAND"
 >pdbedit -e smbpasswd:/root/samba-users.backup</B
 ></P
 ></DD
 ><DT
 >-g</DT
 ><DD
 ><P
 >If you specify <TT
 CLASS="PARAMETER"
 ><I
 >-g</I
 ></TT
 >,
 		then <TT
 CLASS="PARAMETER"
 ><I
 >-i in-backend -e out-backend</I
 ></TT
 >
 		applies to the group mapping instead of the user database.
 		</P
 ><P
 >This option will ease migration from one passdb backend to
 		another and will ease backing up.</P
 ></DD
 ><DT
 >-b passdb-backend</DT
 ><DD
 ><P
 >Use a different default passdb backend. </P
 ><P
 >Example: <B
 CLASS="COMMAND"
 >pdbedit -b xml:/root/pdb-backup.xml -l</B
 ></P
 ></DD
 ><DT
 >-P account-policy</DT
 ><DD
 ><P
 >Display an account policy</P
 ><P
 >Valid policies are: minimum password age, reset count minutes, disconnect time,
 		user must logon to change password, password history, lockout duration, min password length,
-		maximum password age and bad lockout attempt.</P
+		maximum password age and bad lockout attempt.</p><p>Example: <b class="command">pdbedit -P &quot;bad lockout attempt&quot;</b></p><pre class="programlisting">
-><P
+account policy value for bad lockout attempt is 0
->Example: <B
+</pre></dd><dt><span class="term">-C account-policy-value</span></dt><dd><p>Sets an account policy to a specified value. 
 CLASS="COMMAND"
 >pdbedit -P "bad lockout attempt"</B
 ></P
 ><P
 ><TABLE
 BORDER="0"
 BGCOLOR="#E0E0E0"
 WIDTH="90%"
 ><TR
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >		account policy value for bad lockout attempt is 0
 		</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ></DD
 ><DT
 >-V account-policy-value</DT
 ><DD
 ><P
 >Sets an account policy to a specified value. 
 		This option may only be used in conjunction
-		with the <TT
+		with the <i class="parameter"><tt>-P</tt></i> option.
-CLASS="PARAMETER"
+		</p><p>Example: <b class="command">pdbedit -P &quot;bad lockout attempt&quot; -C 3</b></p><pre class="programlisting">
-><I
+account policy value for bad lockout attempt was 0
->-P</I
+account policy value for bad lockout attempt is now 3
-></TT
+</pre></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-> option.
+</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for 
-		</P
+<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
 ><P
 >Example: <B
 CLASS="COMMAND"
 >pdbedit -P "bad lockout attempt" -V 3</B
 ></P
 ><P
 ><TABLE
 BORDER="0"
 BGCOLOR="#E0E0E0"
 WIDTH="90%"
 ><TR
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >		account policy value for bad lockout attempt was 0
 		account policy value for bad lockout attempt is now 3
 		</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ></DD
 ><DT
 >-d|--debug=debuglevel</DT
 ><DD
 ><P
 ><TT
 CLASS="REPLACEABLE"
 ><I
 >debuglevel</I
 ></TT
 > is an integer 
 from 0 to 10.  The default value if this parameter is 
 not specified is zero.</P
 ><P
 >The higher this value, the more detail will be 
 logged to the log files about the activities of the 
 server. At level 0, only critical errors and serious 
 warnings will be logged. Level 1 is a reasonable level for
 day to day running - it generates a small amount of 
 information about operations carried out.</P
 ><P
 >Levels above 1 will generate considerable 
 amounts of log data, and should only be used when 
 investigating a problem. Levels above 3 are designed for 
 use only by developers and generate HUGE amounts of log
 data, most of which is extremely cryptic.</P
 ><P
 >Note that specifying this parameter here will 
 override the <A
 HREF="smb.conf.5.html#loglevel"
 TARGET="_top"
 >log
 level</A
 > parameter in the <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 ></A
 > file.</P
 ></DD
 ><DT
 >-h|--help</DT
 ><DD
 ><P
 >Print a summary of command line options.</P
 ></DD
 ><DT
 >-s &#60;configuration file&#62;</DT
 ><DD
 ><P
 >The file specified contains the 
 configuration details required by the server.  The 
 information in this file includes server-specific
 information such as what printcap file to use, as well 
 as descriptions of all the services that the server is 
-to provide. See <A
+to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
-HREF="smb.conf.5.html"
+smb.conf(5)</tt></a> for more information.
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 ></A
 > for more information.
 The default configuration file name is determined at 
-compile time.</P
+compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer 
-></DD
+from 0 to 10.  The default value if this parameter is 
-></DL
+not specified is zero.</p><p>The higher this value, the more detail will be 
-></DIV
+logged to the log files about the activities of the 
-></DIV
+server. At level 0, only critical errors and serious 
-><DIV
+warnings will be logged. Level 1 is a reasonable level for
-CLASS="REFSECT1"
+day to day running - it generates a small amount of 
-><A
+information about operations carried out.</p><p>Levels above 1 will generate considerable 
-NAME="AEN190"
+amounts of log data, and should only be used when 
-></A
+investigating a problem. Levels above 3 are designed for 
-><H2
+use only by developers and generate HUGE amounts of log
->NOTES</H2
+data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will 
-><P
+override the <a href="smb.conf.5.html#loglevel" target="_top">log
->This command may be used only by root.</P
+level</a> parameter in the <a href="smb.conf.5.html" target="_top">
-></DIV
+<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
-><DIV
+<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
-CLASS="REFSECT1"
+never removed by the client.
-><A
+</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>NOTES</h2><p>This command may be used only by root.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of 
-NAME="AEN193"
+	the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>, <a href="samba.7.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(7)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 2.2 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN196"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="smbpasswd.8.html"
 TARGET="_top"
 >smbpasswd(8)</A
 >, 
 	<A
 HREF="samba.7.html"
 TARGET="_top"
 >samba(7)</A
 >
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN201"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p></div></div></body></html>
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
 	excellent piece of Open Source software, available at
 	<A
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
 	Samba 2.2 was done by Gerald Carter</P
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/printing.html
+++ b/docs/htmldocs/printing.html
--- a/docs/htmldocs/rpcclient.1.html
+++ b/docs/htmldocs/rpcclient.1.html
@ -1,781 +1,198 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>rpcclient</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="rpcclient.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>rpcclient &#8212; tool for executing client side 
-<HTML
+	MS-RPC functions</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">rpcclient</tt>  [-A authfile] [-c &lt;command string&gt;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &lt;smb config file&gt;] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">rpcclient</b> is a utility initially developed
 ><HEAD
 ><TITLE
 >rpcclient</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="RPCCLIENT"
 ></A
 >rpcclient</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >rpcclient&nbsp;--&nbsp;tool for executing client side 
 	MS-RPC functions</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >rpcclient</B
 >  [-A authfile] [-c &lt;command string&gt;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &lt;smb config file&gt;] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN23"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >rpcclient</B
 > is a utility initially developed
 	to test MS-RPC functionality in Samba itself.  It has undergone 
 	several stages of development and stability.  Many system administrators
 	have now written scripts around it to manage Windows NT clients from 
-	their UNIX workstation. </P
+	their UNIX workstation. </p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">server</span></dt><dd><p>NetBIOS name of Server to which to connect. 
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN29"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >server</DT
 ><DD
 ><P
 >NetBIOS name of Server to which to connect. 
 		The server can be  any SMB/CIFS server.  The name is 
-		resolved using the <A
+		resolved using the <a href="smb.conf.5.html#NAMERESOLVEORDER" target="_top">
-HREF="smb.conf.5.html#NAMERESOLVEORDER"
+		<i class="parameter"><tt>name resolve order</tt></i></a> line from <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></dd><dt><span class="term">-c|--command='command string'</span></dt><dd><p>execute semicolon separated commands (listed 
-TARGET="_top"
+		below)) </p></dd><dt><span class="term">-I IP-address</span></dt><dd><p><i class="replaceable"><tt>IP address</tt></i> is the address of the server to connect to. 
->		<TT
+		It should be specified in standard &quot;a.b.c.d&quot; notation. </p><p>Normally the client would attempt to locate a named 
-CLASS="PARAMETER"
+		SMB/CIFS server by looking it up via the NetBIOS name resolution 
-><I
+		mechanism described above in the <i class="parameter"><tt>name resolve order</tt></i> 
->name resolve order</I
+		parameter above. Using this parameter will force the client
-></TT
+		to assume that the server is on the machine with the specified IP 
-></A
+		address and the NetBIOS name component of the resource being 
-> line from 
+		connected to will be ignored. </p><p>There is no default for this parameter. If not supplied, 
-		<TT
+		it will be determined automatically by the client as described 
-CLASS="FILENAME"
+		above. </p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for 
->smb.conf(5)</TT
+<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
->.</P
+configuration details required by the server.  The 
-></DD
+information in this file includes server-specific
-><DT
+information such as what printcap file to use, as well 
->-A|--authfile=filename</DT
+as descriptions of all the services that the server is 
-><DD
+to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
-><P
+smb.conf(5)</tt></a> for more information.
->This option allows 
+The default configuration file name is determined at 
-		you to specify a file from which to read the username and 
+compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer 
 		password used in the connection.  The format of the file is 
 		</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 >		username = &lt;value&gt; 
 		password = &lt;value&gt;
 		domain   = &lt;value&gt;
 		</PRE
 ></P
 ><P
 >Make certain that the permissions on the file restrict 
 		access from unwanted users. </P
 ></DD
 ><DT
 >-c|--command='command string'</DT
 ><DD
 ><P
 >execute semicolon separated commands (listed 
 		below)) </P
 ></DD
 ><DT
 >-d|--debug=debuglevel</DT
 ><DD
 ><P
 ><TT
 CLASS="REPLACEABLE"
 ><I
 >debuglevel</I
 ></TT
 > is an integer 
 from 0 to 10.  The default value if this parameter is 
-not specified is zero.</P
+not specified is zero.</p><p>The higher this value, the more detail will be 
 ><P
 >The higher this value, the more detail will be 
 logged to the log files about the activities of the 
 server. At level 0, only critical errors and serious 
 warnings will be logged. Level 1 is a reasonable level for
 day to day running - it generates a small amount of 
-information about operations carried out.</P
+information about operations carried out.</p><p>Levels above 1 will generate considerable 
 ><P
 >Levels above 1 will generate considerable 
 amounts of log data, and should only be used when 
 investigating a problem. Levels above 3 are designed for 
 use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic.</P
+data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will 
-><P
+override the <a href="smb.conf.5.html#loglevel" target="_top">log
->Note that specifying this parameter here will 
+level</a> parameter in the <a href="smb.conf.5.html" target="_top">
-override the <A
+<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
-HREF="smb.conf.5.html#loglevel"
+<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
-TARGET="_top"
+never removed by the client.
->log
+</p></dd><dt><span class="term">-N</span></dt><dd><p>If specified, this parameter suppresses the normal
-level</A
+password prompt from the client to the user. This is useful when
-> parameter in the <A
+accessing a service that does not require a password. </p><p>Unless a password is specified on the command line or
-HREF="smb.conf.5.html"
+this parameter is specified, the client will request a
-TARGET="_top"
+password.</p></dd><dt><span class="term">-k</span></dt><dd><p>
-><TT
+Try to authenticate with kerberos. Only useful in
-CLASS="FILENAME"
+an Active Directory environment.
->smb.conf(5)</TT
+</p></dd><dt><span class="term">-A|--authfile=filename</span></dt><dd><p>This option allows
-></A
+you to specify a file from which to read the username and
-> file.</P
+password used in the connection.  The format of the file is
-></DD
+</p><pre class="programlisting">
-><DT
+username = &lt;value&gt;
->-h|--help</DT
+password = &lt;value&gt;
-><DD
+domain   = &lt;value&gt;
-><P
+</pre><p>Make certain that the permissions on the file restrict 
->Print a summary of command line options.</P
+access from unwanted users. </p></dd><dt><span class="term">-U|--user=username[%password]</span></dt><dd><p>Sets the SMB username or username and password. </p><p>If %password is not specified, the user will be prompted. The
-></DD
+client will first check the <tt class="envar">USER</tt> environment variable, then the
-><DT
+<tt class="envar">LOGNAME</tt> variable and if either exists, the
->-I IP-address</DT
+string is uppercased. If these environmental variables are not
-><DD
+found, the username <tt class="constant">GUEST</tt> is used. </p><p>A third option is to use a credentials file which
-><P
+contains the plaintext of the username and password.  This
-><TT
+option is mainly provided for scripts where the admin does not
-CLASS="REPLACEABLE"
+wish to pass the credentials on the command line or via environment
-><I
+variables. If this method is used, make certain that the permissions
->IP address</I
+on the file restrict access from unwanted users.  See the
-></TT
+<i class="parameter"><tt>-A</tt></i> for more details. </p><p>Be cautious about including passwords in scripts. Also, on
-> is the address of the server to connect to. 
+many systems the command line of a running process may be seen
-		It should be specified in standard "a.b.c.d" notation. </P
+via the <b class="command">ps</b> command.  To be safe always allow
-><P
+<b class="command">rpcclient</b> to prompt for a password and type
->Normally the client would attempt to locate a named 
+it in directly. </p></dd><dt><span class="term">-n &lt;primary NetBIOS name&gt;</span></dt><dd><p>This option allows you to override
-		SMB/CIFS server by looking it up via the NetBIOS name resolution 
+the NetBIOS name that Samba uses for itself. This is identical
-		mechanism described above in the <TT
+to setting the <a href="smb.conf.5.html#netbiosname" target="_top"><i class="parameter"><tt>NetBIOS
-CLASS="PARAMETER"
+name</tt></i></a> parameter in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file.  However, a command
-><I
+line setting will take precedence over settings in
->name resolve order</I
+<a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></dd><dt><span class="term">-i &lt;scope&gt;</span></dt><dd><p>This specifies a NetBIOS scope that
-></TT
+<b class="command">nmblookup</b> will use to communicate with when
-> 
+generating NetBIOS names. For details on the use of NetBIOS
-		parameter above. Using this parameter will force the client
+scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are
-		to assume that the server is on the machine with the specified IP 
+<span class="emphasis"><em>very</em></span> rarely used, only set this parameter
-		address and the NetBIOS name component of the resource being 
+if you are the system administrator in charge of all the
-		connected to will be ignored. </P
+NetBIOS systems you communicate with.</p></dd><dt><span class="term">-W|--workgroup=domain</span></dt><dd><p>Set the SMB domain of the username.   This
-><P
+overrides the default domain which is the domain defined in
->There is no default for this parameter. If not supplied, 
+smb.conf.  If the domain specified is the same as the servers 
-		it will be determined automatically by the client as described 
+NetBIOS name, it causes the client to log on using the servers local 
-		above. </P
+SAM (as opposed to the Domain SAM). </p></dd><dt><span class="term">-O socket options</span></dt><dd><p>TCP socket options to set on the client
-></DD
+socket. See the socket options parameter in
-><DT
+the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> manual page for the list of valid
->-l|--logfile=logbasename</DT
+options. </p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-><DD
+</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>COMMANDS</h2><div class="refsect2" lang="en"><h3>LSARPC</h3><div class="variablelist"><dl><dt><span class="term">lsaquery</span></dt><dd><p>Query info policy</p></dd><dt><span class="term">lookupsids</span></dt><dd><p>Resolve a list 
 ><P
 >File name for log/debug files. The extension 
 		<TT
 CLASS="CONSTANT"
 >'.client'</TT
 > will be appended. The log file is
 		never removed by the client.
 		</P
 ></DD
 ><DT
 >-N|--nopass</DT
 ><DD
 ><P
 >instruct <B
 CLASS="COMMAND"
 >rpcclient</B
 > not to ask 
 		for a password.   By default, <B
 CLASS="COMMAND"
 >rpcclient</B
 > will
 		prompt for a password.  See also the <TT
 CLASS="PARAMETER"
 ><I
 >-U</I
 ></TT
 >
 		option.</P
 ></DD
 ><DT
 >-s|--conf=smb.conf</DT
 ><DD
 ><P
 >Specifies the location of the all-important 
 		<TT
 CLASS="FILENAME"
 >smb.conf</TT
 > file. </P
 ></DD
 ><DT
 >-U|--user=username[%password]</DT
 ><DD
 ><P
 >Sets the SMB username or username and password. </P
 ><P
 >If %password is not specified, the user will be prompted. The 
 		client will first check the <TT
 CLASS="ENVAR"
 >USER</TT
 > environment variable, then the 
 		<TT
 CLASS="ENVAR"
 >LOGNAME</TT
 > variable and if either exists, the 
 		string is uppercased. If these environmental variables are not 
 		found, the username <TT
 CLASS="CONSTANT"
 >GUEST</TT
 > is used. </P
 ><P
 >A third option is to use a credentials file which 
 		contains the plaintext of the username and password.  This 
 		option is mainly provided for scripts where the admin does not 
 		wish to pass the credentials on the command line or via environment 
 		variables. If this method is used, make certain that the permissions 
 		on the file restrict access from unwanted users.  See the 
 		<TT
 CLASS="PARAMETER"
 ><I
 >-A</I
 ></TT
 > for more details. </P
 ><P
 >Be cautious about including passwords in scripts. Also, on 
 		many systems the command line of a running process may be seen 
 		via the <B
 CLASS="COMMAND"
 >ps</B
 > command.  To be safe always allow 
 		<B
 CLASS="COMMAND"
 >rpcclient</B
 > to prompt for a password and type 
 		it in directly. </P
 ></DD
 ><DT
 >-W|--workgroup=domain</DT
 ><DD
 ><P
 >Set the SMB domain of the username.   This 
 		overrides the default domain which is the domain defined in 
 		smb.conf.  If the domain specified is the same as the server's NetBIOS name, 
 		it causes the client to log on using the  server's local SAM (as 
 		opposed to the Domain SAM). </P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN107"
 ></A
 ><H2
 >COMMANDS</H2
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >LSARPC</I
 ></SPAN
 ></P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >lsaquery</B
 ></P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >lookupsids</B
 > - Resolve a list 
 		of SIDs to usernames.
-		</P
+		</p></dd><dt><span class="term">lookupnames</span></dt><dd><p>Resolve a list 
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >lookupnames</B
 > - Resolve a list 
 		of usernames to SIDs.
-		</P
+		</p></dd><dt><span class="term">enumtrusts</span></dt><dd><p>Enumerate trusted domains</p></dd><dt><span class="term">enumprivs</span></dt><dd><p>Enumerate privileges</p></dd><dt><span class="term">getdispname</span></dt><dd><p>Get the privilege name</p></dd><dt><span class="term">lsaenumsid</span></dt><dd><p>Enumerate the LSA SIDS</p></dd><dt><span class="term">lsaenumprivsaccount</span></dt><dd><p>Enumerate the privileges of an SID</p></dd><dt><span class="term">lsaenumacctrights</span></dt><dd><p>Enumerate the rights of an SID</p></dd><dt><span class="term">lsaenumacctwithright</span></dt><dd><p>Enumerate accounts with a right</p></dd><dt><span class="term">lsaaddacctrights</span></dt><dd><p>Add rights to an account</p></dd><dt><span class="term">lsaremoveacctrights</span></dt><dd><p>Remove rights from an account</p></dd><dt><span class="term">lsalookupprivvalue</span></dt><dd><p>Get a privilege value given its name</p></dd><dt><span class="term">lsaquerysecobj</span></dt><dd><p>Query LSA security object</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>LSARPC-DS</h3><div class="variablelist"><dl><dt><span class="term">dsroledominfo</span></dt><dd><p>Get Primary Domain Information</p></dd></dl></div><p> </p><p><span class="emphasis"><em>DFS</em></span></p><div class="variablelist"><dl><dt><span class="term">dfsexist</span></dt><dd><p>Query DFS support</p></dd><dt><span class="term">dfsadd</span></dt><dd><p>Add a DFS share</p></dd><dt><span class="term">dfsremove</span></dt><dd><p>Remove a DFS share</p></dd><dt><span class="term">dfsgetinfo</span></dt><dd><p>Query DFS share info</p></dd><dt><span class="term">dfsenum</span></dt><dd><p>Enumerate dfs shares</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>REG</h3><div class="variablelist"><dl><dt><span class="term">shutdown</span></dt><dd><p>Remote Shutdown</p></dd><dt><span class="term">abortshutdown</span></dt><dd><p>Abort Shutdown</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>SRVSVC</h3><div class="variablelist"><dl><dt><span class="term">srvinfo</span></dt><dd><p>Server query info</p></dd><dt><span class="term">netshareenum</span></dt><dd><p>Enumerate shares</p></dd><dt><span class="term">netfileenum</span></dt><dd><p>Enumerate open files</p></dd><dt><span class="term">netremotetod</span></dt><dd><p>Fetch remote time of day</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>SAMR</h3><div class="variablelist"><dl><dt><span class="term">queryuser</span></dt><dd><p>Query user info</p></dd><dt><span class="term">querygroup</span></dt><dd><p>Query group info</p></dd><dt><span class="term">queryusergroups</span></dt><dd><p>Query user groups</p></dd><dt><span class="term">querygroupmem</span></dt><dd><p>Query group membership</p></dd><dt><span class="term">queryaliasmem</span></dt><dd><p>Query alias membership</p></dd><dt><span class="term">querydispinfo</span></dt><dd><p>Query display info</p></dd><dt><span class="term">querydominfo</span></dt><dd><p>Query domain info</p></dd><dt><span class="term">enumdomusers</span></dt><dd><p>Enumerate domain users</p></dd><dt><span class="term">enumdomgroups</span></dt><dd><p>Enumerate domain groups</p></dd><dt><span class="term">enumalsgroups</span></dt><dd><p>Enumerate alias groups</p></dd><dt><span class="term">createdomuser</span></dt><dd><p>Create domain user</p></dd><dt><span class="term">samlookupnames</span></dt><dd><p>Look up names</p></dd><dt><span class="term">samlookuprids</span></dt><dd><p>Look up names</p></dd><dt><span class="term">deletedomuser</span></dt><dd><p>Delete domain user</p></dd><dt><span class="term">samquerysecobj</span></dt><dd><p>Query SAMR security object</p></dd><dt><span class="term">getdompwinfo</span></dt><dd><p>Retrieve domain password info</p></dd><dt><span class="term">lookupdomain</span></dt><dd><p>Look up domain</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>SPOOLSS</h3><div class="variablelist"><dl><dt><span class="term">adddriver &lt;arch&gt; &lt;config&gt;</span></dt><dd><p>
-></LI
+		Execute an AddPrinterDriver() RPC to install the printer driver 
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >enumtrusts</B
 ></P
 ></LI
 ></UL
 ><P
 > </P
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >SAMR</I
 ></SPAN
 ></P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >queryuser</B
 ></P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >querygroup</B
 ></P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >queryusergroups</B
 ></P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >querygroupmem</B
 ></P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >queryaliasmem</B
 ></P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >querydispinfo</B
 ></P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >querydominfo</B
 ></P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >enumdomgroups</B
 ></P
 ></LI
 ></UL
 ><P
 > </P
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >SPOOLSS</I
 ></SPAN
 ></P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >adddriver &lt;arch&gt; &lt;config&gt;</B
 > 
 		- Execute an AddPrinterDriver() RPC to install the printer driver 
 		information on the server.  Note that the driver files should 
 		already exist in the directory returned by  
-		<B
+		<b class="command">getdriverdir</b>.  Possible values for 
-CLASS="COMMAND"
+		<i class="parameter"><tt>arch</tt></i> are the same as those for 
->getdriverdir</B
+		the <b class="command">getdriverdir</b> command.
->.  Possible values for 
+		The <i class="parameter"><tt>config</tt></i> parameter is defined as 
-		<TT
+		follows: </p><pre class="programlisting">
-CLASS="PARAMETER"
+Long Printer Name:\
-><I
+Driver File Name:\
->arch</I
+Data File Name:\
-></TT
+Config File Name:\
-> are the same as those for 
+Help File Name:\
-		the <B
+Language Monitor Name:\
-CLASS="COMMAND"
+Default Data Type:\
->getdriverdir</B
+Comma Separated list of Files
-> command.
+</pre><p>Any empty fields should be enter as the string &quot;NULL&quot;. </p><p>Samba does not need to support the concept of Print Monitors
 		The <TT
 CLASS="PARAMETER"
 ><I
 >config</I
 ></TT
 > parameter is defined as 
 		follows: </P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 >		Long Printer Name:\
 		Driver File Name:\
 		Data File Name:\
 		Config File Name:\
 		Help File Name:\
 		Language Monitor Name:\
 		Default Data Type:\
 		Comma Separated list of Files
 		</PRE
 ></P
 ><P
 >Any empty fields should be enter as the string "NULL". </P
 ><P
 >Samba does not need to support the concept of Print Monitors
 		since these only apply to local printers whose driver can make
 		use of a bi-directional link for communication.  This field should 
-		be "NULL".   On a remote NT print server, the Print Monitor for a 
+		be &quot;NULL&quot;.   On a remote NT print server, the Print Monitor for a 
 		driver must already be installed prior to adding the driver or 
-		else the RPC will fail. </P
+		else the RPC will fail. </p></dd><dt><span class="term">addprinter &lt;printername&gt; 
-></LI
+		&lt;sharename&gt; &lt;drivername&gt; &lt;port&gt;</span></dt><dd><p>
-><LI
+		Add a printer on the remote server.  This printer 
 ><P
 ><B
 CLASS="COMMAND"
 >addprinter &lt;printername&gt; 
 		&lt;sharename&gt; &lt;drivername&gt; &lt;port&gt;</B
 > 
 		- Add a printer on the remote server.  This printer 
 		will be automatically shared.  Be aware that the printer driver 
-		must already be installed on the server (see <B
+		must already be installed on the server (see <b class="command">adddriver</b>) 
-CLASS="COMMAND"
+		and the <i class="parameter"><tt>port</tt></i>must be a valid port name (see
->adddriver</B
+		<b class="command">enumports</b>.</p></dd><dt><span class="term">deldriver</span></dt><dd><p>Delete the 
 >) 
 		and the <TT
 CLASS="PARAMETER"
 ><I
 >port</I
 ></TT
 >must be a valid port name (see
 		<B
 CLASS="COMMAND"
 >enumports</B
 >.</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >deldriver</B
 > - Delete the 
 		specified printer driver for all architectures.  This
 		does not delete the actual driver files from the server,
 		only the entry from the server's list of drivers.
-		</P
+		</p></dd><dt><span class="term">enumdata</span></dt><dd><p>Enumerate all 
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >enumdata</B
 > - Enumerate all 
 		printer setting data stored on the server. On Windows NT  clients, 
 		these values are stored  in the registry, while Samba servers 
 		store them in the printers TDB.  This command corresponds
 		to the MS Platform SDK GetPrinterData() function (* This
-		command is currently unimplemented).</P
+		command is currently unimplemented).</p></dd><dt><span class="term">enumdataex</span></dt><dd><p>Enumerate printer data for a key</p></dd><dt><span class="term">enumjobs &lt;printer&gt;</span></dt><dd><p>List the jobs and status of a given printer. 
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >enumjobs &lt;printer&gt;</B
 > 
 		- List the jobs and status of a given printer. 
 		This command corresponds to the MS Platform SDK EnumJobs() 
-		function (* This command is currently unimplemented).</P
+		function</p></dd><dt><span class="term">enumkey</span></dt><dd><p>Enumerate
-></LI
+		printer keys</p></dd><dt><span class="term">enumports [level]</span></dt><dd><p>
-><LI
+		Executes an EnumPorts() call using the specified 
 ><P
 ><B
 CLASS="COMMAND"
 >enumports [level]</B
 > 
 		- Executes an EnumPorts() call using the specified 
 		info level. Currently only info levels 1 and 2 are supported. 
-		</P
+		</p></dd><dt><span class="term">enumdrivers [level]</span></dt><dd><p>
-></LI
+		Execute an EnumPrinterDrivers() call.  This lists the various installed 
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >enumdrivers [level]</B
 > 
 		- Execute an EnumPrinterDrivers() call.  This lists the various installed 
 		printer drivers for all architectures.  Refer to the MS Platform SDK 
 		documentation for more details of the various flags and calling 
-		options. Currently supported info levels are 1, 2, and 3.</P
+		options. Currently supported info levels are 1, 2, and 3.</p></dd><dt><span class="term">enumprinters [level]</span></dt><dd><p>Execute an EnumPrinters() call.  This lists the various installed 
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >enumprinters [level]</B
 > 
 		- Execute an EnumPrinters() call.  This lists the various installed 
 		and share printers.  Refer to the MS Platform SDK documentation for 
 		more details of the various flags and calling options. Currently
-		supported info levels are 0, 1, and 2.</P
+		supported info levels are 1, 2 and 5.</p></dd><dt><span class="term">getdata &lt;printername&gt; &lt;valuename;&gt;</span></dt><dd><p>Retrieve the data for a given printer setting.  See 
-></LI
+		the  <b class="command">enumdata</b> command for more information.  
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >getdata &lt;printername&gt;</B
 > 
 		- Retrieve the data for a given printer setting.  See 
 		the  <B
 CLASS="COMMAND"
 >enumdata</B
 > command for more information.  
 		This command corresponds to the GetPrinterData() MS Platform 
-		SDK function (* This command is currently unimplemented). </P
+		SDK function. </p></dd><dt><span class="term">getdataex</span></dt><dd><p>Get
-></LI
+		printer driver data with
-><LI
+		keyname</p></dd><dt><span class="term">getdriver &lt;printername&gt;</span></dt><dd><p>
-><P
+		Retrieve the printer driver information (such as driver file, 
 ><B
 CLASS="COMMAND"
 >getdriver &lt;printername&gt;</B
 > 
 		- Retrieve the printer driver information (such as driver file, 
 		config file, dependent files, etc...) for 
 		the given printer. This command corresponds to the GetPrinterDriver()
 		MS Platform  SDK function. Currently info level 1, 2, and 3 are supported.
-		</P
+		</p></dd><dt><span class="term">getdriverdir &lt;arch&gt;</span></dt><dd><p>
-></LI
+		Execute a GetPrinterDriverDirectory()
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >getdriverdir &lt;arch&gt;</B
 > 
 		- Execute a GetPrinterDriverDirectory()
 		RPC to retrieve the SMB share name and subdirectory for 
 		storing printer driver files for a given architecture.  Possible 
-		values for <TT
+		values for <i class="parameter"><tt>arch</tt></i> are &quot;Windows 4.0&quot; 
-CLASS="PARAMETER"
+		(for Windows 95/98), &quot;Windows NT x86&quot;, &quot;Windows NT PowerPC&quot;, &quot;Windows
-><I
+		Alpha_AXP&quot;, and &quot;Windows NT R4000&quot;. </p></dd><dt><span class="term">getprinter &lt;printername&gt;</span></dt><dd><p>Retrieve the current printer information.  This command 
 >arch</I
 ></TT
 > are "Windows 4.0" 
 		(for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows
 		Alpha_AXP", and "Windows NT R4000". </P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >getprinter &lt;printername&gt;</B
 > 
 		- Retrieve the current printer information.  This command 
 		corresponds to the GetPrinter() MS Platform SDK function. 
-		</P
+		</p></dd><dt><span class="term">getprintprocdir</span></dt><dd><p>Get
-></LI
+		print processor
-><LI
+		directory</p></dd><dt><span class="term">openprinter &lt;printername&gt;</span></dt><dd><p>Execute an OpenPrinterEx() and ClosePrinter() RPC 
-><P
+		against a given printer. </p></dd><dt><span class="term">setdriver &lt;printername&gt;
-><B
+		&lt;drivername&gt;</span></dt><dd><p>Execute a SetPrinter() command to update the printer driver
 CLASS="COMMAND"
 >openprinter &lt;printername&gt;</B
 > 
 		- Execute an OpenPrinterEx() and ClosePrinter() RPC 
 		against a given printer. </P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >setdriver &lt;printername&gt;
 		&lt;drivername&gt;</B
 >
 		- Execute a SetPrinter() command to update the printer driver
 		associated with an installed printer.  The printer driver must
-		already be correctly installed on the print server.  </P
+		already be correctly installed on the print server.  </p><p>See also the <b class="command">enumprinters</b> and 
-><P
+		<b class="command">enumdrivers</b> commands for obtaining a list of
->See also the <B
+		of installed printers and drivers.</p></dd><dt><span class="term">addform</span></dt><dd><p>Add form</p></dd><dt><span class="term">setform</span></dt><dd><p>Set form</p></dd><dt><span class="term">getform</span></dt><dd><p>Get form</p></dd><dt><span class="term">deleteform</span></dt><dd><p>Delete form</p></dd><dt><span class="term">enumforms</span></dt><dd><p>Enumerate form</p></dd><dt><span class="term">setprinter</span></dt><dd><p>Set printer comment</p></dd><dt><span class="term">setprinterdata</span></dt><dd><p>Set REG_SZ printer data</p></dd><dt><span class="term">rffpcnex</span></dt><dd><p>Rffpcnex test</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>NETLOGON</h3><div class="variablelist"><dl><dt><span class="term">logonctrl2</span></dt><dd><p>Logon Control 2</p></dd><dt><span class="term">logonctrl</span></dt><dd><p>Logon Control</p></dd><dt><span class="term">samsync</span></dt><dd><p>Sam Synchronisation</p></dd><dt><span class="term">samdeltas</span></dt><dd><p>Query Sam Deltas</p></dd><dt><span class="term">samlogon</span></dt><dd><p>Sam Logon</p></dd></dl></div></div><div class="refsect2" lang="en"><h3>GENERAL COMMANDS</h3><div class="variablelist"><dl><dt><span class="term">debuglevel</span></dt><dd><p>Set the current
-CLASS="COMMAND"
+		debug level used to log information.</p></dd><dt><span class="term">help (?)</span></dt><dd><p>Print a listing of all 
 >enumprinters</B
 > and 
 		<B
 CLASS="COMMAND"
 >enumdrivers</B
 > commands for obtaining a list of
 		of installed printers and drivers.</P
 ></LI
 ></UL
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >GENERAL OPTIONS</I
 ></SPAN
 ></P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >debuglevel</B
 > - Set the current
 		debug level used to log information.</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >help (?)</B
 > - Print a listing of all 
 		known commands or extended help  on a particular command. 
-		</P
+		</p></dd><dt><span class="term">quit (exit)</span></dt><dd><p>Exit <b class="command">rpcclient
-></LI
+		</b>.</p></dd></dl></div></div></div><div class="refsect1" lang="en"><h2>BUGS</h2><p><b class="command">rpcclient</b> is designed as a developer testing tool 
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >quit (exit)</B
 > - Exit <B
 CLASS="COMMAND"
 >rpcclient
 		</B
 >.</P
 ></LI
 ></UL
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN227"
 ></A
 ><H2
 >BUGS</H2
 ><P
 ><B
 CLASS="COMMAND"
 >rpcclient</B
 > is designed as a developer testing tool 
 	and may not be robust in certain areas (such as command line parsing).  
 	It has been known to  generate a core dump upon failures when invalid 
-	parameters where passed to the interpreter. </P
+	parameters where passed to the interpreter. </p><p>From Luke Leighton's original rpcclient man page:</p><p><span class="emphasis"><em>WARNING!</em></span> The MSRPC over SMB code has 
 ><P
 >From Luke Leighton's original rpcclient man page:</P
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >"WARNING!</I
 ></SPAN
 > The MSRPC over SMB code has 
 	been developed from examining  Network traces. No documentation is 
 	available from the original creators  (Microsoft) on how MSRPC over 
 	SMB works, or how the individual MSRPC services  work. Microsoft's 
 	implementation of these services has been demonstrated  (and reported) 
-	to be... a bit flaky in places. </P
+	to be... a bit flaky in places. </p><p>The development of Samba's implementation is also a bit rough, 
 ><P
 >The development of Samba's implementation is also a bit rough, 
 	and as more of the services are understood, it can even result in 
-	versions of  <B
+	versions of <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and <a href="rpcclient.1.html"><span class="citerefentry"><span class="refentrytitle">rpcclient</span>(1)</span></a> that are incompatible for some commands or  services. Additionally, 
 CLASS="COMMAND"
 >smbd(8)</B
 > and <B
 CLASS="COMMAND"
 >rpcclient(1)</B
 > 
 	that are incompatible for some commands or  services. Additionally, 
 	the developers are sending reports to Microsoft,  and problems found 
 	or reported to Microsoft are fixed in Service Packs,  which may 
-	result in incompatibilities." </P
+	result in incompatibilities.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba 
-></DIV
+	suite.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN237"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 3.0 of the Samba 
 	suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN240"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original rpcclient man page was written by Matthew 
 ><P
 >The original rpcclient man page was written by Matthew 
 	Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.  
 	The conversion to DocBook for Samba 2.2 was done by Gerald 
-	Carter.</P
+	Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was
-></DIV
+	done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/samba-bdc.html
+++ b/docs/htmldocs/samba-bdc.html
@ -1,348 +1,246 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter<EFBFBD>6.<2E>Backup Domain Control</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="type.html" title="Part<72>II.<2E>Server Configuration Basics"><link rel="previous" href="samba-pdc.html" title="Chapter<65>5.<2E>Domain Control"><link rel="next" href="domain-member.html" title="Chapter<65>7.<2E>Domain Membership"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter<EFBFBD>6.<2E>Backup Domain Control</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="samba-pdc.html">Prev</a><EFBFBD></td><th width="60%" align="center">Part<EFBFBD>II.<2E>Server Configuration Basics</th><td width="20%" align="right"><EFBFBD><a accesskey="n" href="domain-member.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="samba-bdc"></a>Chapter<EFBFBD>6.<2E>Backup Domain Control</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Volker</span> <span class="surname">Lendecke</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:Volker.Lendecke@SerNet.DE">Volker.Lendecke@SerNet.DE</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="samba-bdc.html#id2895956">Features And Benefits</a></dt><dt><a href="samba-bdc.html#id2896128">Essential Background Information</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896156">MS Windows NT4 Style Domain Control</a></dt><dt><a href="samba-bdc.html#id2896368">Active Directory Domain Control</a></dt><dt><a href="samba-bdc.html#id2896390">What qualifies a Domain Controller on the network?</a></dt><dt><a href="samba-bdc.html#id2896416">How does a Workstation find its domain controller?</a></dt></dl></dd><dt><a href="samba-bdc.html#id2896462">Backup Domain Controller Configuration</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896532">Example Configuration</a></dt></dl></dd><dt><a href="samba-bdc.html#id2896591">Common Errors</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896605">Machine Accounts keep expiring, what can I do?</a></dt><dt><a href="samba-bdc.html#id2896630">Can Samba be a Backup Domain Controller to an NT4 PDC?</a></dt><dt><a href="samba-bdc.html#id2896663">How do I replicate the smbpasswd file?</a></dt><dt><a href="samba-bdc.html#id2896692">Can I do this all with LDAP?</a></dt></dl></dd></dl></div><p>
-<HTML
+Before you continue reading in this section, please make sure that you are comfortable
-><HEAD
+with configuring a Samba Domain Controller as described in the
-><TITLE
+<a href="Samba-PDC-HOWTO.html" target="_top">Domain Control Chapter</a>.
->How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</TITLE
+</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2895956"></a>Features And Benefits</h2></div></div><div></div></div><p>
-><META
+This is one of the most difficult chapters to summarise. It matters not what we say here
-NAME="GENERATOR"
+for someone will still draw conclusions and / or approach the Samba-Team with expectations
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
+that are either not yet capable of being delivered, or that can be achieved for more
-"><LINK
+effectively using a totally different approach. Since this HOWTO is already so large and
-REL="HOME"
+extensive, we have taken the decision to provide sufficient (but not comprehensive)
-TITLE="SAMBA Project Documentation"
+information regarding Backup Domain Control. In the event that you should have a persistent
-HREF="samba-howto-collection.html"><LINK
+concern that is not addressed in this HOWTO document then please email 
-REL="UP"
+<a href="mailto:jht@samba.org" target="_top">John H Terpstra</a> clearly setting out your requirements
-TITLE="Type of installation"
+and / or question and we will do our best to provide a solution.
-HREF="type.html"><LINK
+</p><p>
-REL="PREVIOUS"
+Samba-3 is capable of acting as a Backup Domain Controller to another Samba Primary Domain
-TITLE="How to Configure Samba as a NT4 Primary Domain Controller"
+Controller. A Samba-3 PDC can operate with an LDAP Account backend. The Samba-3 BDC can
-HREF="samba-pdc.html"><LINK
+operate with a slave LDAP server for the Account backend. This effectively gives samba a high
-REL="NEXT"
+degree of scalability. This is a very sweet (nice) solution for large organisations.
-TITLE="Samba as a ADS domain member"
+</p><p>
-HREF="ads.html"></HEAD
+While it is possible to run a Samba-3 BDC with non-LDAP backend, the administrator will
-><BODY
+need to figure out precisely what is the best way to replicate (copy / distribute) the
-CLASS="CHAPTER"
+user and machine Accounts backend.
-BGCOLOR="#FFFFFF"
+</p><p>
-TEXT="#000000"
+The use of a non-LDAP backend SAM database is particularly problematic because Domain member
-LINK="#0000FF"
+servers and workstations periodically change the machine trust account password. The new
-VLINK="#840084"
+password is then stored only locally. This means that in the absence of a centrally stored
-ALINK="#0000FF"
+accounts database (such as that provided with an LDAP based solution) if Samba-3 is running
-><DIV
+as a BDC, the PDC instance of the Domain member trust account password will not reach the
-CLASS="NAVHEADER"
+PDC (master) copy of the SAM. If the PDC SAM is then replicated to BDCs this results in 
-><TABLE
+overwriting of the SAM that contains the updated (changed) trust account password with resulting
-SUMMARY="Header navigation table"
+breakage of the domain trust.
-WIDTH="100%"
+</p><p>
-BORDER="0"
+Considering the number of comments and questions raised concerning how to configure a BDC
-CELLPADDING="0"
+lets consider each possible option and look at the pro's and con's for each theoretical solution:
-CELLSPACING="0"
+</p><div class="itemizedlist"><p class="title"><b>Backup Domain Backend Account Distribution Options</b></p><ul type="disc"><li><p>
-><TR
+	Solution: Passwd Backend is LDAP based, BDCs use a slave LDAP server
-><TH
+	</p><p>
-COLSPAN="3"
+	Arguments For: This is a neat and manageable solution. The LDAP based SAM (ldapsam)
-ALIGN="center"
+	is constantly kept up to date.
->SAMBA Project Documentation</TH
+	</p><p>
-></TR
+	Arguments Against: Complexity
-><TR
+	</p></li><li><p>
-><TD
+	Passdb Backend is tdbsam based, BDCs use cron based &quot;net rcp vampire&quot; to
-WIDTH="10%"
+	suck down the Accounts database from the PDC
-ALIGN="left"
+	</p><p>
-VALIGN="bottom"
+	Arguments For: It would be a nice solution
-><A
+	</p><p>
-HREF="samba-pdc.html"
+	Arguments Against: It does not work because Samba-3 does not support the required
-ACCESSKEY="P"
+	protocols. This may become a later feature but is not available today.
->Prev</A
+	</p></li><li><p>
-></TD
+	Make use of rsync to replicate (pull down) copies of the essential account files
-><TD
+	</p><p>
-WIDTH="80%"
+	Arguments For: It is a simple solution, easy to set up as a scheduled job
-ALIGN="center"
+	</p><p>
-VALIGN="bottom"
+	Arguments Against: This will over-write the locally changed machine trust account
-></TD
+	passwords. This is a broken and flawed solution. Do NOT do this.
-><TD
+	</p></li><li><p>
-WIDTH="10%"
+	Operate with an entirely local accounts database (not recommended)
-ALIGN="right"
+	</p><p>
-VALIGN="bottom"
+	Arguments For: Simple, easy to maintain
-><A
+	</p><p>
-HREF="ads.html"
+	Arguments Against: All machine trust accounts and user accounts will be locally
-ACCESSKEY="N"
+	maintained. Domain users will NOT be able to roam from office to office. This is
->Next</A
+	a broken and flawed solution. Do NOT do this.
-></TD
+	</p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2896128"></a>Essential Background Information</h2></div></div><div></div></div><p>
-></TR
+A Domain Controller is a machine that is able to answer logon requests from network
-></TABLE
+workstations. Microsoft LanManager and IBM LanServer were two early products that
-><HR
+provided this capability. The technology has become known as the LanMan Netlogon service.
-ALIGN="LEFT"
+</p><p>
-WIDTH="100%"></DIV
+When MS Windows NT3.10 was first released it supported an new style of Domain Control
-><DIV
+and with it a new form of the network logon service that has extended functionality.
-CLASS="CHAPTER"
+This service became known as the NT NetLogon Service. The nature of this service has
-><H1
+changed with the evolution of MS Windows NT and today provides a very complex array of
-><A
+services that are implemented over a complex spectrum of technologies.
-NAME="SAMBA-BDC">Chapter 7. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</H1
+</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896156"></a>MS Windows NT4 Style Domain Control</h3></div></div><div></div></div><p>
-><DIV
+Whenever a user logs into a Windows NT4 / 200x / XP Profresional Workstation,
-CLASS="SECT1"
+the workstation connects to a Domain Controller (authentication server) to validate
-><H1
+the username and password that the user entered are valid. If the information entered
-CLASS="SECT1"
+does not validate against the account information that has been stored in the Domain
-><A
+Control database (the SAM, or Security Accounts Manager database) then a set of error
-NAME="AEN1127">7.1. Prerequisite Reading</H1
+codes is returned to the workstation that has made the authentication request.
-><P
+</p><p>
->Before you continue reading in this chapter, please make sure
+When the username / password pair has been validated, the Domain Controller
-that you are comfortable with configuring a Samba PDC
+(authentication server) will respond with full enumeration of the account information
-as described in the <A
+that has been stored regarding that user in the User and Machine Accounts database
-HREF="Samba-PDC-HOWTO.html"
+for that Domain. This information contains a complete network access profile for
-TARGET="_top"
+the user but excludes any information that is particular to the user's desktop profile,
->Samba-PDC-HOWTO</A
+or for that matter it excludes all desktop profiles for groups that the user may
->.</P
+belong to. It does include password time limits, password uniqueness controls,
-></DIV
+network access time limits, account validity information, machine names from which the
-><DIV
+user may access the network, and much more. All this information was stored in the SAM
-CLASS="SECT1"
+in all versions of MS Windows NT (3.10, 3.50, 3.51, 4.0).
-><H1
+</p><p>
-CLASS="SECT1"
+The account information (user and machine) on Domain Controllers is stored in two files,
-><A
+one containing the Security information and the other the SAM. These are stored in files
-NAME="AEN1131">7.2. Background</H1
+by the same name in the <tt class="filename">C:\WinNT\System32\config</tt> directory. These
-><P
+are the files that are involved in replication of the SAM database where Backup Domain
->What is a Domain Controller? It is a machine that is able to answer
+Controllers are present on the network.
-logon requests from workstations in a Windows NT Domain. Whenever a
+</p><p>
-user logs into a Windows NT Workstation, the workstation connects to a
+There are two situations in which it is desirable to install Backup Domain Controllers:
-Domain Controller and asks him whether the username and password the
+</p><div class="itemizedlist"><ul type="disc"><li><p>
-user typed in is correct.  The Domain Controller replies with a lot of
+	On the local network that the Primary Domain Controller is on if there are many
-information about the user, for example the place where the users
+	workstations and/or where the PDC is generally very busy. In this case the BDCs
-profile is stored, the users full name of the user. All this
+	will pick up network logon requests and help to add robustness to network services.
-information is stored in the NT user database, the so-called SAM.</P
+	</p></li><li><p>
-><P
+	At each remote site, to reduce wide area network traffic and to add stability to
->There are two kinds of Domain Controller in a NT 4 compatible Domain:
+	remote network operations. The design of the network, the strategic placement of
-A Primary Domain Controller (PDC) and one or more Backup Domain
+	Backup Domain Controllers, together with an implementation that localises as much
-Controllers (BDC). The PDC contains the master copy of the
+	of network to client interchange as possible will help to minimise wide area network
-SAM. Whenever the SAM has to change, for example when a user changes
+	bandwidth needs (and thus costs).
-his password, this change has to be done on the PDC. A Backup Domain
+	</p></li></ul></div><p>
-Controller is a machine that maintains a read-only copy of the
+The PDC contains the master copy of the SAM. In the event that an administrator makes a
-SAM. This way it is able to reply to logon requests and authenticate
+change to the user account database while physically present on the local network that
-users in case the PDC is not available. During this time no changes to
+has the PDC, the change will likely be made directly to the PDC instance of the master
-the SAM are possible. Whenever changes to the SAM are done on the PDC,
+copy of the SAM. In the event that this update may be performed in a branch office the
-all BDC receive the changes from the PDC.</P
+change will likely be stored in a delta file on the local BDC. The BDC will then send
-><P
+a trigger to the PDC to commence the process of SAM synchronisation. The PDC will then
->Since version 2.2 Samba officially supports domain logons for all
+request the delta from the BDC and apply it to the master SAM. THe PDC will then contact
-current Windows Clients, including Windows 2000 and XP. This text
+all the BDCs in the Domain and trigger them to obtain the update and then apply that to
-assumes the domain to be named SAMBA. To be able to act as a PDC, some
+their own copy of the SAM.
-parameters in the [global]-section of the smb.conf have to be set:</P
+</p><p>
-><P
+Thus the BDC is said to hold a <span class="emphasis"><em>read-only</em></span> of the SAM from which
-><PRE
+it is able to process network logon requests and to authenticate users. The BDC can
-CLASS="PROGRAMLISTING"
+continue to provide this service, particularly while, for example, the wide area
->workgroup = SAMBA
+network link to the PDC is down. Thus a BDC plays a very important role in both
-domain master = yes
+maintenance of Domain security as well as in network integrity.
-domain logons = yes</PRE
+</p><p>
-></P
+In the event that the PDC should need to be taken out of service, or if it dies, then
-><P
+one of the BDCs can be promoted to a PDC. If this happens while the original PDC is on
->Several other things like a [homes] and a [netlogon] share also may be
+line then it is automatically demoted to a BDC. This is an important aspect of Domain
-set along with settings for the profile path, the users home drive and
+Controller management. The tool that is used to affect a promotion or a demotion is the
-others. This will not be covered in this document.</P
+Server Manager for Domains.
-></DIV
+</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2896305"></a>Example PDC Configuration</h4></div></div><div></div></div><p>
-><DIV
+Since version 2.2 Samba officially supports domain logons for all current Windows Clients,
-CLASS="SECT1"
+including Windows NT4, 2003 and XP Professional. For samba to be enabled as a PDC some
-><H1
+parameters in the <i class="parameter"><tt>[global]</tt></i>-section of the <tt class="filename">smb.conf</tt> have to be set:
-CLASS="SECT1"
+</p><pre class="programlisting">
-><A
+	workgroup = SAMBA
-NAME="AEN1139">7.3. What qualifies a Domain Controller on the network?</H1
+	domain master = yes
-><P
+	domain logons = yes
->Every machine that is a Domain Controller for the domain SAMBA has to
+</pre><p>
-register the NetBIOS group name SAMBA#1c with the WINS server and/or
+Several other things like a <i class="parameter"><tt>[homes]</tt></i> and a <i class="parameter"><tt>[netlogon]</tt></i> share also need to be set along with
-by broadcast on the local network. The PDC also registers the unique
+settings for the profile path, the users home drive, etc.. This will not be covered in this
-NetBIOS name SAMBA#1b with the WINS server. The name type #1b is
+chapter, for more information please refer to the chapter on Domain Control.
-normally reserved for the domain master browser, a role that has
+</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896368"></a>Active Directory Domain Control</h3></div></div><div></div></div><p>
-nothing to do with anything related to authentication, but the
+As of the release of MS Windows 2000 and Active Directory, this information is now stored
-Microsoft Domain implementation requires the domain master browser to
+in a directory that can be replicated and for which partial or full administrative control
-be on the same machine as the PDC.</P
+can be delegated. Samba-3 is NOT able to be a Domain Controller within an Active Directory
-><DIV
+tree, and it can not be an Active Directory server. This means that Samba-3 also can NOT
-CLASS="SECT2"
+act as a Backup Domain Contoller to an Active Directory Domain Controller.
-><H2
+</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896390"></a>What qualifies a Domain Controller on the network?</h3></div></div><div></div></div><p>
-CLASS="SECT2"
+Every machine that is a Domain Controller for the domain SAMBA has to register the NetBIOS
-><A
+group name SAMBA&lt;#1c&gt; with the WINS server and/or by broadcast on the local network.
-NAME="AEN1142">7.3.1. How does a Workstation find its domain controller?</H2
+The PDC also registers the unique NetBIOS name SAMBA&lt;#1b&gt; with the WINS server.
-><P
+The name type &lt;#1b&gt; name is normally reserved for the Domain Master Browser, a role
->A NT workstation in the domain SAMBA that wants a local user to be
+that has nothing to do with anything related to authentication, but the Microsoft Domain
-authenticated has to find the domain controller for SAMBA. It does
+implementation requires the domain master browser to be on the same machine as the PDC.
-this by doing a NetBIOS name query for the group name SAMBA#1c. It
+</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896416"></a>How does a Workstation find its domain controller?</h3></div></div><div></div></div><p>
-assumes that each of the machines it gets back from the queries is a
+An MS Windows NT4 / 200x / XP Professional workstation in the domain SAMBA that wants a
-domain controller and can answer logon requests. To not open security
+local user to be authenticated has to find the domain controller for SAMBA. It does this
-holes both the workstation and the selected (TODO: How is the DC
+by doing a NetBIOS name query for the group name SAMBA&lt;#1c&gt;. It assumes that each
-chosen) domain controller authenticate each other. After that the
+of the machines it gets back from the queries is a domain controller and can answer logon
-workstation sends the user's credentials (his name and password) to
+requests. To not open security holes both the workstation and the selected domain controller
-the domain controller, asking for approval.</P
+authenticate each other. After that the workstation sends the user's credentials (name and
-></DIV
+password) to the local Domain Controller, for valdation.
-><DIV
+</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2896462"></a>Backup Domain Controller Configuration</h2></div></div><div></div></div><p>
-CLASS="SECT2"
+Several things have to be done:
-><H2
+</p><div class="itemizedlist"><ul type="disc"><li><p>
-CLASS="SECT2"
+	The domain SID has to be the same on the PDC and the BDC. This used to
-><A
+	be stored in the file private/MACHINE.SID. This file is not created
-NAME="AEN1145">7.3.2. When is the PDC needed?</H2
+	anymore since Samba 2.2.5 or even earlier. Nowadays the domain SID is
-><P
+	stored in the file private/secrets.tdb. Simply copying the secrets.tdb
->Whenever a user wants to change his password, this has to be done on
+	from the PDC to the BDC does not work, as the BDC would
-the PDC. To find the PDC, the workstation does a NetBIOS name query
+	generate a new SID for itself and override the domain SID with this
-for SAMBA#1b, assuming this machine maintains the master copy of the
+	new BDC SID.</p><p>
-SAM. The workstation contacts the PDC, both mutually authenticate and
+	To retrieve the domain SID from the PDC or an existing BDC and store it in the
-the password change is done.</P
+	secrets.tdb, execute 'net rpc getsid' on the BDC.
-></DIV
+	</p></li><li><p>
-></DIV
+	The Unix user database has to be synchronized from the PDC to the
-><DIV
+	BDC. This means that both the /etc/passwd and /etc/group have to be
-CLASS="SECT1"
+	replicated from the PDC to the BDC. This can be done manually
-><H1
+	whenever changes are made, or the PDC is set up as a NIS master
-CLASS="SECT1"
+	server and the BDC as a NIS slave server. To set up the BDC as a
-><A
+	mere NIS client would not be enough, as the BDC would not be able to
-NAME="AEN1148">7.4. Can Samba be a Backup Domain Controller?</H1
+	access its user database in case of a PDC failure.
-><P
+	</p></li><li><p>
->With version 2.2, no. The native NT SAM replication protocols have
+	The Samba password database in the file private/smbpasswd has to be
-not yet been fully implemented. The Samba Team is working on
+	replicated from the PDC to the BDC. This is a bit tricky, see the
-understanding and implementing the protocols, but this work has not
+	next section.
-been finished for version 2.2.</P
+	</p></li><li><p>
-><P
+	Any netlogon share has to be replicated from the PDC to the
->Can I get the benefits of a BDC with Samba?  Yes. The main reason for
+	BDC. This can be done manually whenever login scripts are changed,
-implementing a BDC is availability. If the PDC is a Samba machine,
+	or it can be done automatically together with the smbpasswd
-a second Samba machine can be set up to
+	synchronization.
-service logon requests whenever the PDC is down.</P
+	</p></li></ul></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896532"></a>Example Configuration</h3></div></div><div></div></div><p>
-></DIV
+Finally, the BDC has to be found by the workstations. This can be done by setting:
-><DIV
+</p><pre class="programlisting">
-CLASS="SECT1"
+	workgroup = SAMBA
-><H1
+	domain master = no
-CLASS="SECT1"
+	domain logons = yes
-><A
+</pre><p>
-NAME="AEN1152">7.5. How do I set up a Samba BDC?</H1
+in the <i class="parameter"><tt>[global]</tt></i>-section of the <tt class="filename">smb.conf</tt> of the BDC. This makes the BDC
-><P
+only register the name SAMBA&lt;#1c&gt; with the WINS server. This is no
->Several things have to be done:</P
+problem as the name SAMBA&lt;#1c&gt; is a NetBIOS group name that is meant to
 ><P
 ></P
 ><UL
 ><LI
 ><P
 >The domain SID has to be the same on the PDC and the BDC. This used to
 be stored in the file private/MACHINE.SID. This file is not created
 anymore since Samba 2.2.5 or even earlier. Nowadays the domain SID is
 stored in the file private/secrets.tdb. Simply copying the secrets.tdb
 from the PDC to the BDC does not work, as the BDC would
 generate a new SID for itself and override the domain SID with this
 new BDC SID.</P
 ><P
 >To retrieve the domain SID from the PDC or an existing BDC and store it in the
 secrets.tdb, execute 'net rpc getsid' on the BDC.</P
 ></LI
 ><LI
 ><P
 >The Unix user database has to be synchronized from the PDC to the
 BDC. This means that both the /etc/passwd and /etc/group have to be
 replicated from the PDC to the BDC. This can be done manually
 whenever changes are made, or the PDC is set up as a NIS master
 server and the BDC as a NIS slave server. To set up the BDC as a
 mere NIS client would not be enough, as the BDC would not be able to
 access its user database in case of a PDC failure.</P
 ></LI
 ><LI
 ><P
 >The Samba password database in the file private/smbpasswd has to be
 replicated from the PDC to the BDC. This is a bit tricky, see the
 next section.</P
 ></LI
 ><LI
 ><P
 >Any netlogon share has to be replicated from the PDC to the
 BDC. This can be done manually whenever login scripts are changed,
 or it can be done automatically together with the smbpasswd
 synchronization.</P
 ></LI
 ></UL
 ><P
 >Finally, the BDC has to be found by the workstations. This can be done
 by setting</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 >workgroup = samba
 domain master = no
 domain logons = yes</PRE
 ></P
 ><P
 >in the [global]-section of the smb.conf of the BDC. This makes the BDC
 only register the name SAMBA#1c with the WINS server. This is no
 problem as the name SAMBA#1c is a NetBIOS group name that is meant to
 be registered by more than one machine. The parameter 'domain master =
-no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS
+no' forces the BDC not to register SAMBA&lt;#1b&gt; which as a unique NetBIOS
-name is reserved for the Primary Domain Controller.</P
+name is reserved for the Primary Domain Controller.
-><DIV
+</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2896591"></a>Common Errors</h2></div></div><div></div></div><p>
-CLASS="SECT2"
+As this is a rather new area for Samba there are not many examples that we may refer to. Keep
-><H2
+watching for updates to this section.
-CLASS="SECT2"
+</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896605"></a>Machine Accounts keep expiring, what can I do?</h3></div></div><div></div></div><p>
-><A
+This problem will occur when occur when the passdb (SAM) files are copied  from a central
-NAME="AEN1169">7.5.1. How do I replicate the smbpasswd file?</H2
+server but the local Backup Domain Controllers.  Local machine trust account password updates
-><P
+are not copied back to the central server. The newer machine account password is then over
->Replication of the smbpasswd file is sensitive. It has to be done
+written when the SAM is copied from the PDC. The result is that the Domain member machine
-whenever changes to the SAM are made. Every user's password change is
+on start up will find that it's passwords does not match the one now in the database and
-done in the smbpasswd file and has to be replicated to the BDC. So
+since the startup security check will now fail, this machine will not allow logon attempts
-replicating the smbpasswd file very often is necessary.</P
+to procede and the account expiry error will be reported.
-><P
+</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896630"></a>Can Samba be a Backup Domain Controller to an NT4 PDC?</h3></div></div><div></div></div><p>
->As the smbpasswd file contains plain text password equivalents, it
+With version 2.2, no. The native NT4 SAM replication protocols have not yet been fully
-must not be sent unencrypted over the wire. The best way to set up
+implemented. The Samba Team is working on understanding and implementing the protocols,
-smbpasswd replication from the PDC to the BDC is to use the utility
+but this work has not been finished for version 2.2.
-rsync. rsync can use ssh as a transport. ssh itself can be set up to
+</p><p>
-accept *only* rsync transfer without requiring the user to type a
+With version 3.0, the work on both the replication protocols and a suitable storage
-password.</P
+mechanism has progressed, and some form of NT4 BDC support is expected soon.
-></DIV
+</p><p>
-></DIV
+Can I get the benefits of a BDC with Samba?  Yes. The main reason for implementing a
-></DIV
+BDC is availability. If the PDC is a Samba machine, a second Samba machine can be set up to
-><DIV
+service logon requests whenever the PDC is down.
-CLASS="NAVFOOTER"
+</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896663"></a>How do I replicate the smbpasswd file?</h3></div></div><div></div></div><p>
-><HR
+Replication of the smbpasswd file is sensitive. It has to be done whenever changes
-ALIGN="LEFT"
+to the SAM are made. Every user's password change is done in the smbpasswd file and
-WIDTH="100%"><TABLE
+has to be replicated to the BDC. So replicating the smbpasswd file very often is necessary.
-SUMMARY="Footer navigation table"
+</p><p>
-WIDTH="100%"
+As the smbpasswd file contains plain text password equivalents, it must not be
-BORDER="0"
+sent unencrypted over the wire. The best way to set up smbpasswd replication from
-CELLPADDING="0"
+the PDC to the BDC is to use the utility rsync. rsync can use ssh as a transport.
-CELLSPACING="0"
+Ssh itself can be set up to accept *only* rsync transfer without requiring the user
-><TR
+to type a password.
-><TD
+</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2896692"></a>Can I do this all with LDAP?</h3></div></div><div></div></div><p>
-WIDTH="33%"
+The simple answer is YES.  Samba's pdb_ldap code supports binding to a replica
-ALIGN="left"
+LDAP server, and will also follow referrals and rebind to the master if it ever
-VALIGN="top"
+needs to make a modification to the database. (Normally BDCs are read only, so
-><A
+this will not occur often).
-HREF="samba-pdc.html"
+</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="samba-pdc.html">Prev</a><EFBFBD></td><td width="20%" align="center"><a accesskey="u" href="type.html">Up</a></td><td width="40%" align="right"><EFBFBD><a accesskey="n" href="domain-member.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter<EFBFBD>5.<2E>Domain Control<6F></td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"><EFBFBD>Chapter<EFBFBD>7.<2E>Domain Membership</td></tr></table></div></body></html>
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="samba-howto-collection.html"
 ACCESSKEY="H"
 >Home</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
 HREF="ads.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 >How to Configure Samba as a NT4 Primary Domain Controller</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="type.html"
 ACCESSKEY="U"
 >Up</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 >Samba as a ADS domain member</TD
 ></TR
 ></TABLE
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/samba-pdc.html
+++ b/docs/htmldocs/samba-pdc.html
--- a/docs/htmldocs/samba.7.html
+++ b/docs/htmldocs/samba.7.html
@ -1,384 +1,113 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>samba</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="samba.7"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>Samba &#8212; A Windows SMB/CIFS fileserver for UNIX</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">Samba</tt> </p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>The Samba software suite is a collection of programs 
 <HTML
 ><HEAD
 ><TITLE
 >samba</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SAMBA"
 ></A
 >samba</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >SAMBA&nbsp;--&nbsp;A Windows SMB/CIFS fileserver for UNIX</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >Samba</B
 > </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN11"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >The Samba software suite is a collection of programs 
 	that implements the Server Message Block (commonly abbreviated 
 	as SMB) protocol for UNIX systems. This protocol is sometimes 
 	also referred to as the Common Internet File System (CIFS). For a
-	more thorough description, see <A
+	more thorough description, see <a href="http://www.ubiqx.org/cifs/" target="_top">
-HREF="http://www.ubiqx.org/cifs/"
+	http://www.ubiqx.org/cifs/</a>. Samba also implements the NetBIOS
-TARGET="_top"
+	protocol in nmbd.</p><div class="variablelist"><dl><dt><span class="term"><a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a></span></dt><dd><p>The <b class="command">smbd</b> daemon provides the file and print services to 
 >	http://www.ubiqx.org/cifs/</A
 >. Samba also implements the NetBIOS
 	protocol in nmbd.</P
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 ><B
 CLASS="COMMAND"
 >smbd</B
 ></DT
 ><DD
 ><P
 >The <B
 CLASS="COMMAND"
 >smbd </B
 >
 		daemon provides the file and print services to 
 		SMB clients, such as Windows 95/98, Windows NT, Windows 
 		for Workgroups or LanManager. The configuration file 
-		for this daemon is described in <TT
+		for this daemon is described in <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>
-CLASS="FILENAME"
+		</p></dd><dt><span class="term"><a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a></span></dt><dd><p>The <b class="command">nmbd</b>
 >smb.conf</TT
 >
 		</P
 ></DD
 ><DT
 ><B
 CLASS="COMMAND"
 >nmbd</B
 ></DT
 ><DD
 ><P
 >The <B
 CLASS="COMMAND"
 >nmbd</B
 >
 		daemon provides NetBIOS nameservice and browsing
 		support. The configuration file for this daemon 
-		is described in <TT
+		is described in <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a></p></dd><dt><span class="term"><a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a></span></dt><dd><p>The <b class="command">smbclient</b>
 CLASS="FILENAME"
 >smb.conf</TT
 ></P
 ></DD
 ><DT
 ><B
 CLASS="COMMAND"
 >smbclient</B
 ></DT
 ><DD
 ><P
 >The <B
 CLASS="COMMAND"
 >smbclient</B
 >
 		program implements a simple ftp-like client. This 
 		is useful for accessing SMB shares on other compatible
 		servers (such as Windows NT), and can also be used 
 		to allow a UNIX box to print to a printer attached to 
-		any SMB server (such as a PC running Windows NT).</P
+		any SMB server (such as a PC running Windows NT).</p></dd><dt><span class="term"><a href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a></span></dt><dd><p>The <b class="command">testparm</b>
-></DD
+		utility is a simple syntax checker for Samba's <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> configuration file.</p></dd><dt><span class="term"><a href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a></span></dt><dd><p>The <b class="command">testprns</b>
 ><DT
 ><B
 CLASS="COMMAND"
 >testparm</B
 ></DT
 ><DD
 ><P
 >The <B
 CLASS="COMMAND"
 >testparm</B
 >
 		utility is a simple syntax checker for Samba's
 		<TT
 CLASS="FILENAME"
 >smb.conf</TT
 >configuration file.</P
 ></DD
 ><DT
 ><B
 CLASS="COMMAND"
 >testprns</B
 ></DT
 ><DD
 ><P
 >The <B
 CLASS="COMMAND"
 >testprns</B
 >
 		utility supports testing printer names defined 
-		in your <TT
+		in your <tt class="filename">printcap</tt> file used 
-CLASS="FILENAME"
+		by Samba.</p></dd><dt><span class="term"><a href="smbstatus.1.html"><span class="citerefentry"><span class="refentrytitle">smbstatus</span>(1)</span></a></span></dt><dd><p>The <b class="command">smbstatus</b>
 >printcap</TT
 > file used 
 		by Samba.</P
 ></DD
 ><DT
 ><B
 CLASS="COMMAND"
 >smbstatus</B
 ></DT
 ><DD
 ><P
 >The <B
 CLASS="COMMAND"
 >smbstatus</B
 >
 		tool provides access to information about the 
-		current connections to <B
+		current connections to <b class="command">smbd</b>.</p></dd><dt><span class="term"><a href="nmblookup.1.html"><span class="citerefentry"><span class="refentrytitle">nmblookup</span>(1)</span></a></span></dt><dd><p>The <b class="command">nmblookup</b>
 CLASS="COMMAND"
 >smbd</B
 >.</P
 ></DD
 ><DT
 ><B
 CLASS="COMMAND"
 >nmblookup</B
 ></DT
 ><DD
 ><P
 >The <B
 CLASS="COMMAND"
 >nmblookup</B
 >
 		tools allows NetBIOS name queries to be made 
-		from a UNIX host.</P
+		from a UNIX host.</p></dd><dt><span class="term"><a href="smbgroupedit.8.html"><span class="citerefentry"><span class="refentrytitle">smbgroupedit</span>(8)</span></a></span></dt><dd><p>The <b class="command">smbgroupedit</b>
-></DD
+		tool allows for mapping unix groups to NT Builtin,
-><DT
+		Domain, or Local groups. Also it allows setting
-><B
+		priviledges for that group, such as saAddUser, etc.</p></dd><dt><span class="term"><a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a></span></dt><dd><p>The <b class="command">smbpasswd</b>
 CLASS="COMMAND"
 >make_smbcodepage</B
 ></DT
 ><DD
 ><P
 >The <B
 CLASS="COMMAND"
 >make_smbcodepage</B
 >
 		utility provides a means of creating SMB code page 
 		definition files for your <B
 CLASS="COMMAND"
 >smbd</B
 > server.</P
 ></DD
 ><DT
 ><B
 CLASS="COMMAND"
 >smbpasswd</B
 ></DT
 ><DD
 ><P
 >The <B
 CLASS="COMMAND"
 >smbpasswd</B
 >
 		command is a tool for changing LanMan and Windows NT 
-		password hashes on Samba and Windows NT servers.</P
+		password hashes on Samba and Windows NT servers.</p></dd><dt><span class="term"><a href="smbcacls.1.html"><span class="citerefentry"><span class="refentrytitle">smbcacls</span>(1)</span></a></span></dt><dd><p>The <b class="command">smbcacls</b> command is 
-></DD
+		a tool to set ACL's on remote CIFS servers. </p></dd><dt><span class="term"><a href="smbsh.1.html"><span class="citerefentry"><span class="refentrytitle">smbsh</span>(1)</span></a></span></dt><dd><p>The <b class="command">smbsh</b> command is 
-></DL
+		a program that allows you to run a unix shell with 
-></DIV
+		with an overloaded VFS.</p></dd><dt><span class="term"><a href="smbtree.1.html"><span class="citerefentry"><span class="refentrytitle">smbtree</span>(1)</span></a></span></dt><dd><p>The <b class="command">smbtree</b> command 
-></DIV
+		is a text-based network neighborhood tool.</p></dd><dt><span class="term"><a href="smbtar.1.html"><span class="citerefentry"><span class="refentrytitle">smbtar</span>(1)</span></a></span></dt><dd><p>The <b class="command">smbtar</b> can make 
-><DIV
+		backups of data on CIFS/SMB servers.</p></dd><dt><span class="term"><a href="smbspool.8.html"><span class="citerefentry"><span class="refentrytitle">smbspool</span>(8)</span></a></span></dt><dd><p><b class="command">smbspool</b> is a 
-CLASS="REFSECT1"
+		helper utility for printing on printers connected 
-><A
+		to CIFS servers. </p></dd><dt><span class="term"><a href="smbcontrol.1.html"><span class="citerefentry"><span class="refentrytitle">smbcontrol</span>(1)</span></a></span></dt><dd><p><b class="command">smbcontrol</b> is a utility
-NAME="AEN76"
+		that can change the behaviour of running samba daemons.
-></A
+		</p></dd><dt><span class="term"><a href="rpcclient.1.html"><span class="citerefentry"><span class="refentrytitle">rpcclient</span>(1)</span></a></span></dt><dd><p><b class="command">rpcclient</b> is a utility
-><H2
+		that can be used to execute RPC commands on remote 
->COMPONENTS</H2
+		CIFS servers.</p></dd><dt><span class="term"><a href="pdbedit.8.html"><span class="citerefentry"><span class="refentrytitle">pdbedit</span>(8)</span></a></span></dt><dd><p>The <b class="command">pdbedit</b> command 
-><P
+		can be used to maintain the local user database on 
->The Samba suite is made up of several components. Each 
+		a samba server.</p></dd><dt><span class="term"><a href="findsmb.1.html"><span class="citerefentry"><span class="refentrytitle">findsmb</span>(1)</span></a></span></dt><dd><p>The <b class="command">findsmb</b> command 
 		can be used to find SMB servers on the local network.
 		</p></dd><dt><span class="term"><a href="net.8.html"><span class="citerefentry"><span class="refentrytitle">net</span>(8)</span></a></span></dt><dd><p>The <b class="command">net</b> command 
 		is supposed to work similar to the DOS/Windows
 		NET.EXE command.</p></dd><dt><span class="term"><a href="swat.8.html"><span class="citerefentry"><span class="refentrytitle">swat</span>(8)</span></a></span></dt><dd><p><b class="command">swat</b> is a web-based
 		interface to configuring <tt class="filename">smb.conf</tt>.
 		</p></dd><dt><span class="term"><a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a></span></dt><dd><p><b class="command">winbindd</b> is a daemon 
 		that is used for integrating authentication and 
 		the user database into unix.</p></dd><dt><span class="term"><a href="wbinfo.1.html"><span class="citerefentry"><span class="refentrytitle">wbinfo</span>(1)</span></a></span></dt><dd><p><b class="command">wbinfo</b> is a utility 
 		that retrieves and stores information related to winbind.
 		</p></dd><dt><span class="term"><a href="editreg.1.html"><span class="citerefentry"><span class="refentrytitle">editreg</span>(1)</span></a></span></dt><dd><p><b class="command">editreg</b> is a command-line
 		utility that can edit windows registry files.
 		</p></dd><dt><span class="term"><a href="profiles.1.html"><span class="citerefentry"><span class="refentrytitle">profiles</span>(1)</span></a></span></dt><dd><p><b class="command">profiles</b> is a command-line
 		utility that can be used to replace all occurences of 
 		a certain SID with another SID.
 		</p></dd><dt><span class="term"><a href="vfstest.1.html"><span class="citerefentry"><span class="refentrytitle">vfstest</span>(1)</span></a></span></dt><dd><p><b class="command">vfstest</b> is a utility
 		that can be used to test vfs modules.</p></dd><dt><span class="term"><a href="ntlm_auth.1.html"><span class="citerefentry"><span class="refentrytitle">ntlm_auth</span>(1)</span></a></span></dt><dd><p><b class="command">ntlm_auth</b> is a helper-utility
 		for external programs wanting to do NTLM-authentication.
 		</p></dd><dt><span class="term"><a href="smbmount.8.html"><span class="citerefentry"><span class="refentrytitle">smbmount</span>(8)</span></a>, <a href="smbumount.8.html"><span class="citerefentry"><span class="refentrytitle">smbumount</span>(8)</span></a>, <a href="smbmount.8.html"><span class="citerefentry"><span class="refentrytitle">smbmount</span>(8)</span></a></span></dt><dd><p><b class="command">smbmount</b>,<b class="command">smbmnt</b> and <b class="command">smbmnt</b> are commands that can be used to 
 		mount CIFS/SMB shares on Linux.
 		</p></dd><dt><span class="term"><a href="smbcquotas.1.html"><span class="citerefentry"><span class="refentrytitle">smbcquotas</span>(1)</span></a></span></dt><dd><p><b class="command">smbcquotas</b> is a tool that 
 		can set remote QUOTA's on server with NTFS 5. </p></dd></dl></div></div><div class="refsect1" lang="en"><h2>COMPONENTS</h2><p>The Samba suite is made up of several components. Each 
 	component is described in a separate manual page. It is strongly 
 	recommended that you read the documentation that comes with Samba 
 	and the manual pages of those components that you use. If the 
 	manual pages and documents aren't clear enough then please visit
-	<A
+	<a href="http://devel.samba.org/" target="_top">http://devel.samba.org</a>
-HREF="http://devel.samba.org/"
+	for information on how to file a bug report or submit a patch.</p><p>If you require help, visit the Samba webpage at
-TARGET="_top"
+	<a href="http://samba.org/" target="_top">http://www.samba.org/</a> and
 >http://devel.samba.org</A
 >
 	for information on how to file a bug report or submit a patch.</P
 ><P
 >If you require help, visit the Samba webpage at
 	<A
 HREF="http://samba.org/"
 TARGET="_top"
 >http://www.samba.org/</A
 > and
 	explore the many option available to you.
-	</P
+	</p></div><div class="refsect1" lang="en"><h2>AVAILABILITY</h2><p>The Samba software suite is licensed under the 
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN82"
 ></A
 ><H2
 >AVAILABILITY</H2
 ><P
 >The Samba software suite is licensed under the 
 	GNU Public License(GPL). A copy of that license should 
 	have come with the package in the file COPYING. You are 
 	encouraged to distribute copies of the Samba suite, but 
-	please obey the terms of this license.</P
+	please obey the terms of this license.</p><p>The latest version of the Samba suite can be 
 ><P
 >The latest version of the Samba suite can be 
 	obtained via anonymous ftp from samba.org in the
 	directory pub/samba/. It is also available on several 
-	mirror sites worldwide.</P
+	mirror sites worldwide.</p><p>You may also find useful information about Samba 
-><P
+	on the newsgroup <a href="news:comp.protocols.smb" target="_top">
->You may also find useful information about Samba 
+	comp.protocol.smb</a> and the Samba mailing 
 	on the newsgroup <A
 HREF="news:comp.protocols.smb"
 TARGET="_top"
 >	comp.protocol.smb</A
 > and the Samba mailing 
 	list. Details on how to join the mailing list are given in 
-	the README file that comes with Samba.</P
+	the README file that comes with Samba.</p><p>If you have access to a WWW viewer (such as Mozilla
-><P
+	or Konqueror) then you will also find lots of useful information, 
 >If you have access to a WWW viewer (such as Netscape 
 	or Mosaic) then you will also find lots of useful information, 
 	including back issues of the Samba mailing list, at
-	<A
+	<a href="http://lists.samba.org/" target="_top">http://lists.samba.org</a>.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the 
-HREF="http://lists.samba.org/"
+	Samba suite. </p></div><div class="refsect1" lang="en"><h2>CONTRIBUTIONS</h2><p>If you wish to contribute to the Samba project, 
 TARGET="_top"
 >http://lists.samba.org</A
 >.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN90"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 2.2 of the 
 	Samba suite. </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN93"
 ></A
 ><H2
 >CONTRIBUTIONS</H2
 ><P
 >If you wish to contribute to the Samba project, 
 	then I suggest you join the Samba mailing list at 
-	<A
+	<a href="http://lists.samba.org/" target="_top">http://lists.samba.org</a>.
-HREF="http://lists.samba.org/"
+	</p><p>If you have patches to submit, visit
-TARGET="_top"
+	<a href="http://devel.samba.org/" target="_top">http://devel.samba.org/</a>
->http://lists.samba.org</A
+	for information on how to do it properly. We prefer patches 
->.
+	in <b class="command">diff -u</b> format.</p></div><div class="refsect1" lang="en"><h2>CONTRIBUTORS</h2><p>Contributors to the project are now too numerous 
 	</P
 ><P
 >If you have patches to submit, visit
 	<A
 HREF="http://devel.samba.org/"
 TARGET="_top"
 >http://devel.samba.org/</A
 >
 	for information on how to do it properly. We prefer patches in
 	<B
 CLASS="COMMAND"
 >diff -u</B
 > format.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN100"
 ></A
 ><H2
 >CONTRIBUTORS</H2
 ><P
 >Contributors to the project are now too numerous 
 	to mention here but all deserve the thanks of all Samba 
-	users. To see a full list, look at <A
+	users. To see a full list, look at the
-HREF="ftp://samba.org/pub/samba/alpha/change-log"
+	<tt class="filename">change-log</tt> in the source package 
-TARGET="_top"
+	for the pre-CVS changes and at <a href="http://cvs.samba.org/" target="_top">
->	ftp://samba.org/pub/samba/alpha/change-log</A
+	http://cvs.samba.org/</a>
 >
 	for the pre-CVS changes and at <A
 HREF="ftp://samba.org/pub/samba/alpha/cvs.log"
 TARGET="_top"
 >	ftp://samba.org/pub/samba/alpha/cvs.log</A
 >
 	for the contributors to Samba post-CVS. CVS is the Open Source 
 	source code control system used by the Samba Team to develop 
-	Samba. The project would have been unmanageable without it.</P
+	Samba. The project would have been unmanageable without it.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 ><P
 >In addition, several commercial organizations now help 
 	fund the Samba Team with money and equipment. For details see 
 	the Samba Web pages at <A
 HREF="http://samba.org/samba/samba-thanks.html"
 TARGET="_top"
 >	http://samba.org/samba/samba-thanks.html</A
 >.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN107"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML
-></DIV
+	4.2 for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/smb.conf.5.html
+++ b/docs/htmldocs/smb.conf.5.html
--- a/docs/htmldocs/smbcacls.1.html
+++ b/docs/htmldocs/smbcacls.1.html
@ -1,415 +1,95 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbcacls</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbcacls.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbcacls &#8212; Set or get ACLs on an NT file or directory names</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbcacls</tt>  {//server/share} {filename} [-D acls] [-M acls] [-A acls] [-S acls] [-C name] [-G name] [-n] [-t] [-U username] [-h] [-d]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>The <b class="command">smbcacls</b> program manipulates NT Access Control
-<HTML
+	Lists (ACLs) on SMB file shares. </p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><p>The following options are available to the <b class="command">smbcacls</b> program.  
-><HEAD
+	The format of ACLs is described in the section ACL FORMAT </p><div class="variablelist"><dl><dt><span class="term">-A acls</span></dt><dd><p>Add the ACLs specified to the ACL list.  Existing 
-><TITLE
+		access control entries are unchanged. </p></dd><dt><span class="term">-M acls</span></dt><dd><p>Modify the mask value (permissions) for the ACLs 
 >smbcacls</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SMBCACLS"
 ></A
 >smbcacls</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >smbcacls&nbsp;--&nbsp;Set or get ACLs on an NT file or directory names</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbcacls</B
 >  {//server/share} {filename} [-U username] [-A acls] [-M acls] [-D acls] [-S acls] [-C name] [-G name] [-n] [-h]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN22"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 >The <B
 CLASS="COMMAND"
 >smbcacls</B
 > program manipulates NT Access Control
 	Lists (ACLs) on SMB file shares. </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN28"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 >The following options are available to the <B
 CLASS="COMMAND"
 >smbcacls</B
 > program.  
 	The format of ACLs is described in the section ACL FORMAT </P
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-A acls</DT
 ><DD
 ><P
 >Add the ACLs specified to the ACL list.  Existing 
 		access control entries are unchanged. </P
 ></DD
 ><DT
 >-M acls</DT
 ><DD
 ><P
 >Modify the mask value (permissions) for the ACLs 
 		specified on the command line.  An error will be printed for each 
 		ACL specified that was not already present in the ACL list
-		</P
+		</p></dd><dt><span class="term">-D acls</span></dt><dd><p>Delete any ACLs specified on the command line.  
 ></DD
 ><DT
 >-D acls</DT
 ><DD
 ><P
 >Delete any ACLs specified on the command line.  
 		An error will be printed for each ACL specified that was not 
-		already present in the ACL list. </P
+		already present in the ACL list. </p></dd><dt><span class="term">-S acls</span></dt><dd><p>This command sets the ACLs on the file with 
 ></DD
 ><DT
 >-S acls</DT
 ><DD
 ><P
 >This command sets the ACLs on the file with 
 		only the ones specified on the command line.  All other ACLs are 
 		erased. Note that the ACL specified must contain at least a revision,
-		type, owner and group for the call to succeed. </P
+		type, owner and group for the call to succeed. </p></dd><dt><span class="term">-U username</span></dt><dd><p>Specifies a username used to connect to the 
-></DD
+		specified service.  The username may be of the form &quot;username&quot; in 
 ><DT
 >-U username</DT
 ><DD
 ><P
 >Specifies a username used to connect to the 
 		specified service.  The username may be of the form "username" in 
 		which case the user is prompted to enter in a password and the 
-		workgroup specified in the <TT
+		workgroup specified in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file is 
-CLASS="FILENAME"
+		used, or &quot;username%password&quot;  or &quot;DOMAIN\username%password&quot; and the 
->smb.conf</TT
+		password and workgroup names are used as provided. </p></dd><dt><span class="term">-C name</span></dt><dd><p>The owner of a file or directory can be changed 
-> file is 
+		to the name given using the <i class="parameter"><tt>-C</tt></i> option.  
 		used, or "username%password"  or "DOMAIN\username%password" and the 
 		password and workgroup names are used as provided. </P
 ></DD
 ><DT
 >-C name</DT
 ><DD
 ><P
 >The owner of a file or directory can be changed 
 		to the name given using the <TT
 CLASS="PARAMETER"
 ><I
 >-C</I
 ></TT
 > option.  
 		The name can be a sid in the form S-1-x-y-z or a name resolved 
-		against the server specified in the first argument. </P
+		against the server specified in the first argument. </p><p>This command is a shortcut for -M OWNER:name. 
-><P
+		</p></dd><dt><span class="term">-G name</span></dt><dd><p>The group owner of a file or directory can 
->This command is a shortcut for -M OWNER:name. 
+		be changed to the name given using the <i class="parameter"><tt>-G</tt></i> 
 		</P
 ></DD
 ><DT
 >-G name</DT
 ><DD
 ><P
 >The group owner of a file or directory can 
 		be changed to the name given using the <TT
 CLASS="PARAMETER"
 ><I
 >-G</I
 ></TT
 > 
 		option.  The name can be a sid in the form S-1-x-y-z or a name 
 		resolved against the server specified n the first argument.
-		</P
+		</p><p>This command is a shortcut for -M GROUP:name.</p></dd><dt><span class="term">-n</span></dt><dd><p>This option displays all ACL information in numeric 
 ><P
 >This command is a shortcut for -M GROUP:name.</P
 ></DD
 ><DT
 >-n</DT
 ><DD
 ><P
 >This option displays all ACL information in numeric 
 		format.  The default is to convert SIDs to names and ACE types 
-		and masks to a readable string format.  </P
+		and masks to a readable string format.  </p></dd><dt><span class="term">-t</span></dt><dd><p>
-></DD
+		Don't actually do anything, only validate the correctness of 
-><DT
+		the arguments.
->-h</DT
+		</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-><DD
+</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for 
-><P
+<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
->Print usage information on the <B
+configuration details required by the server.  The 
-CLASS="COMMAND"
+information in this file includes server-specific
->smbcacls
+information such as what printcap file to use, as well 
-		</B
+as descriptions of all the services that the server is 
-> program.</P
+to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
-></DD
+smb.conf(5)</tt></a> for more information.
-></DL
+The default configuration file name is determined at 
-></DIV
+compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer 
-></DIV
+from 0 to 10.  The default value if this parameter is 
-><DIV
+not specified is zero.</p><p>The higher this value, the more detail will be 
-CLASS="REFSECT1"
+logged to the log files about the activities of the 
-><A
+server. At level 0, only critical errors and serious 
-NAME="AEN75"
+warnings will be logged. Level 1 is a reasonable level for
-></A
+day to day running - it generates a small amount of 
-><H2
+information about operations carried out.</p><p>Levels above 1 will generate considerable 
->ACL FORMAT</H2
+amounts of log data, and should only be used when 
-><P
+investigating a problem. Levels above 3 are designed for 
->The format of an ACL is one or more ACL entries separated by 
+use only by developers and generate HUGE amounts of log
-	either commas or newlines.  An ACL entry is one of the following: </P
+data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will 
-><P
+override the <a href="smb.conf.5.html#loglevel" target="_top">log
-><PRE
+level</a> parameter in the <a href="smb.conf.5.html" target="_top">
-CLASS="PROGRAMLISTING"
+<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
-> 
+<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
 never removed by the client.
 </p></dd></dl></div></div><div class="refsect1" lang="en"><h2>ACL FORMAT</h2><p>The format of an ACL is one or more ACL entries separated by 
 	either commas or newlines.  An ACL entry is one of the following: </p><pre class="programlisting"> 
 REVISION:&lt;revision number&gt;
 OWNER:&lt;sid or name&gt;
 GROUP:&lt;sid or name&gt;
 ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;
-	</PRE
+</pre><p>The revision of the ACL specifies the internal Windows 
 ></P
 ><P
 >The revision of the ACL specifies the internal Windows 
 	NT ACL revision for the security descriptor.  
 	If not specified it defaults to 1.  Using values other than 1 may 
-	cause strange behaviour. </P
+	cause strange behaviour. </p><p>The owner and group specify the owner and group sids for the 
 ><P
 >The owner and group specify the owner and group sids for the 
 	object.  If a SID in the format CWS-1-x-y-z is specified this is used, 
 	otherwise the name specified is resolved using the server on which 
-	the file or directory resides. </P
+	the file or directory resides. </p><p>ACLs specify permissions granted to the SID.  This SID again 
 ><P
 >ACLs specify permissions granted to the SID.  This SID again 
 	can be specified in CWS-1-x-y-z format or as a name in which case 
 	it is resolved against the server on which the file or directory 
 	resides.  The type, flags and mask values determine the type of 
-		access granted to the SID. </P
+	access granted to the SID. </p><p>The type can be either 0 or 1 corresponding to ALLOWED or 
 ><P
 >The type can be either 0 or 1 corresponding to ALLOWED or 
 	DENIED access to the SID.  The flags values are generally
 	zero for file ACLs and either 9 or 2 for directory ACLs.  Some 
-		common flags are: </P
+	common flags are: </p><div class="itemizedlist"><ul type="disc"><li><p><tt class="constant">#define SEC_ACE_FLAG_OBJECT_INHERIT     	0x1</tt></p></li><li><p><tt class="constant">#define SEC_ACE_FLAG_CONTAINER_INHERIT  	0x2</tt></p></li><li><p><tt class="constant">#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT     0x4</tt></p></li><li><p><tt class="constant">#define SEC_ACE_FLAG_INHERIT_ONLY       	0x8</tt></p></li></ul></div><p>At present flags can only be specified as decimal or 
-><P
+	hexadecimal values.</p><p>The mask is a value which expresses the access right 
 ></P
 ><UL
 ><LI
 ><P
 >#define SEC_ACE_FLAG_OBJECT_INHERIT     	0x1</P
 ></LI
 ><LI
 ><P
 >#define SEC_ACE_FLAG_CONTAINER_INHERIT  	0x2</P
 ></LI
 ><LI
 ><P
 >#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT       0x4
 			</P
 ></LI
 ><LI
 ><P
 >#define SEC_ACE_FLAG_INHERIT_ONLY       	0x8</P
 ></LI
 ></UL
 ><P
 >At present flags can only be specified as decimal or 
 	hexadecimal values.</P
 ><P
 >The mask is a value which expresses the access right 
 	granted to the SID. It can be given as a decimal or hexadecimal value, 
 	or by using one of the following text strings which map to the NT 
-	file permissions of the same name. </P
+	file permissions of the same name. </p><div class="itemizedlist"><ul type="disc"><li><p><span class="emphasis"><em>R</em></span> - Allow read access </p></li><li><p><span class="emphasis"><em>W</em></span> - Allow write access</p></li><li><p><span class="emphasis"><em>X</em></span> - Execute permission on the object</p></li><li><p><span class="emphasis"><em>D</em></span> - Delete the object</p></li><li><p><span class="emphasis"><em>P</em></span> - Change permissions</p></li><li><p><span class="emphasis"><em>O</em></span> - Take ownership</p></li></ul></div><p>The following combined permissions can be specified:</p><div class="itemizedlist"><ul type="disc"><li><p><span class="emphasis"><em>READ</em></span> -  Equivalent to 'RX'
-><P
+		permissions</p></li><li><p><span class="emphasis"><em>CHANGE</em></span> - Equivalent to 'RXWD' permissions
-></P
+		</p></li><li><p><span class="emphasis"><em>FULL</em></span> - Equivalent to 'RWXDPO' 
-><UL
+		permissions</p></li></ul></div></div><div class="refsect1" lang="en"><h2>EXIT STATUS</h2><p>The <b class="command">smbcacls</b> program sets the exit status 
 ><LI
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >R</I
 ></SPAN
 > - Allow read access </P
 ></LI
 ><LI
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >W</I
 ></SPAN
 > - Allow write access</P
 ></LI
 ><LI
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >X</I
 ></SPAN
 > - Execute permission on the object</P
 ></LI
 ><LI
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >D</I
 ></SPAN
 > - Delete the object</P
 ></LI
 ><LI
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >P</I
 ></SPAN
 > - Change permissions</P
 ></LI
 ><LI
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >O</I
 ></SPAN
 > - Take ownership</P
 ></LI
 ></UL
 ><P
 >The following combined permissions can be specified:</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >READ</I
 ></SPAN
 > -  Equivalent to 'RX'
 		permissions</P
 ></LI
 ><LI
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >CHANGE</I
 ></SPAN
 > - Equivalent to 'RXWD' permissions
 		</P
 ></LI
 ><LI
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >FULL</I
 ></SPAN
 > - Equivalent to 'RWXDPO' 
 		permissions</P
 ></LI
 ></UL
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN125"
 ></A
 ><H2
 >EXIT STATUS</H2
 ><P
 >The <B
 CLASS="COMMAND"
 >smbcacls</B
 > program sets the exit status 
 	depending on the success or otherwise of the operations performed.  
-	The exit status may be one of the following values. </P
+	The exit status may be one of the following values. </p><p>If the operation succeeded, smbcacls returns and exit 
-><P
+	status of 0.  If <b class="command">smbcacls</b> couldn't connect to the specified server, 
 >If the operation succeeded, smbcacls returns and exit 
 	status of 0.  If <B
 CLASS="COMMAND"
 >smbcacls</B
 > couldn't connect to the specified server, 
 	or there was an error getting or setting the ACLs, an exit status 
 	of 1 is returned.  If there was an error parsing any command line 
-	arguments, an exit status of 2 is returned. </P
+	arguments, an exit status of 2 is returned. </p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN131"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 2.2 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN134"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p><b class="command">smbcacls</b> was written by Andrew Tridgell 
-><P
+	and Tim Potter.</p><p>The conversion to DocBook for Samba 2.2 was done 
-><B
+	by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done
-CLASS="COMMAND"
+	by Alexander Bokovoy.</p></div></div></body></html>
 >smbcacls</B
 > was written by Andrew Tridgell 
 	and Tim Potter.</P
 ><P
 >The conversion to DocBook for Samba 2.2 was done 
 	by Gerald Carter</P
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/smbclient.1.html
+++ b/docs/htmldocs/smbclient.1.html
--- a/docs/htmldocs/smbcontrol.1.html
+++ b/docs/htmldocs/smbcontrol.1.html
@ -1,385 +1,71 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbcontrol</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbcontrol.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbcontrol &#8212; send messages to smbd, nmbd or winbindd processes</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbcontrol</tt>  [-i] [-s]</p></div><div class="cmdsynopsis"><p><tt class="command">smbcontrol</tt>  [destination] [message-type] [parameter]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">smbcontrol</b> is a very small program, which 
-<HTML
+	sends messages to a <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, a <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, or a <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon running on the system.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-><HEAD
+</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
-><TITLE
+configuration details required by the server.  The 
->smbcontrol</TITLE
+information in this file includes server-specific
-><META
+information such as what printcap file to use, as well 
-NAME="GENERATOR"
+as descriptions of all the services that the server is 
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
-><BODY
+smb.conf(5)</tt></a> for more information.
-CLASS="REFENTRY"
+The default configuration file name is determined at 
-BGCOLOR="#FFFFFF"
+compile time.</p></dd><dt><span class="term">-i</span></dt><dd><p>Run interactively. Individual commands 
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SMBCONTROL"
 ></A
 >smbcontrol</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >smbcontrol&nbsp;--&nbsp;send messages to smbd, nmbd or winbindd processes</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbcontrol</B
 >  [-i]</P
 ><P
 ><B
 CLASS="COMMAND"
 >smbcontrol</B
 >  [destination] [message-type] [parameter]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN17"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >smbcontrol</B
 > is a very small program, which 
 	sends messages to an <A
 HREF="smbd.8.html"
 TARGET="_top"
 >smbd(8)</A
 >, 
 	an <A
 HREF="nmbd.8.html"
 TARGET="_top"
 >nmbd(8)</A
 >
 	or a <A
 HREF="winbindd.8.html"
 TARGET="_top"
 >winbindd(8)</A
 > 
 	daemon running on the system.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN26"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-i</DT
 ><DD
 ><P
 >Run interactively. Individual commands 
 		of the form destination message-type parameters can be entered 
-		on STDIN. An empty command line or a "q" will quit the 
+		on STDIN. An empty command line or a &quot;q&quot; will quit the 
-		program.</P
+		program.</p></dd><dt><span class="term">destination</span></dt><dd><p>One of <i class="parameter"><tt>nmbd</tt></i>, <i class="parameter"><tt>smbd</tt></i> or a process ID.</p><p>The <i class="parameter"><tt>smbd</tt></i> destination causes the 
-></DD
+		message to &quot;broadcast&quot; to all smbd daemons.</p><p>The <i class="parameter"><tt>nmbd</tt></i> destination causes the 
 ><DT
 >destination</DT
 ><DD
 ><P
 >One of <TT
 CLASS="PARAMETER"
 ><I
 >nmbd</I
 ></TT
 >
 		<TT
 CLASS="PARAMETER"
 ><I
 >smbd</I
 ></TT
 > or a process ID.</P
 ><P
 >The <TT
 CLASS="PARAMETER"
 ><I
 >smbd</I
 ></TT
 > destination causes the 
 		message to "broadcast" to all smbd daemons.</P
 ><P
 >The <TT
 CLASS="PARAMETER"
 ><I
 >nmbd</I
 ></TT
 > destination causes the 
 		message to be sent to the nmbd daemon specified in the 
-		<TT
+		<tt class="filename">nmbd.pid</tt> file.</p><p>If a single process ID is given, the message is sent 
-CLASS="FILENAME"
+		to only that process.</p></dd><dt><span class="term">message-type</span></dt><dd><p>Type of message to send. See 
->nmbd.pid</TT
+		the section <tt class="constant">MESSAGE-TYPES</tt> for details.
-> file.</P
+		</p></dd><dt><span class="term">parameters</span></dt><dd><p>any parameters required for the message-type</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>MESSAGE-TYPES</h2><p>Available message types are:</p><div class="variablelist"><dl><dt><span class="term">close-share</span></dt><dd><p>Order smbd to close the client 
-><P
+	connections to the named share. Note that this doesn't affect client 
->If a single process ID is given, the message is sent 
+	connections to any other shares. This message-type takes an argument of the
 		to only that process.</P
 ></DD
 ><DT
 >message-type</DT
 ><DD
 ><P
 >One of: <TT
 CLASS="CONSTANT"
 >close-share</TT
 >,
 		<TT
 CLASS="CONSTANT"
 >debug</TT
 >, 
 		<TT
 CLASS="CONSTANT"
 >force-election</TT
 >, <TT
 CLASS="CONSTANT"
 >ping
 		</TT
 >, <TT
 CLASS="CONSTANT"
 >profile</TT
 >, <TT
 CLASS="CONSTANT"
 >		debuglevel</TT
 >, <TT
 CLASS="CONSTANT"
 >profilelevel</TT
 >, 
 		or <TT
 CLASS="CONSTANT"
 >printnotify</TT
 >.</P
 ><P
 >The <TT
 CLASS="CONSTANT"
 >close-share</TT
 > message-type sends a 
 		message to smbd which will then close the client connections to
 		the named share. Note that this doesn't affect client connections
 		to any other shares. This message-type takes an argument of the
 	share name for which client connections will be closed, or the
-		"*" character which will close all currently open shares.
+	&quot;*&quot; character which will close all currently open shares.
 	This may be useful if you made changes to the access controls on the share.
-		This message can only be sent to <TT
+	This message can only be sent to <tt class="constant">smbd</tt>.</p></dd><dt><span class="term">debug</span></dt><dd><p>Set debug level to the value specified by the 
-CLASS="CONSTANT"
+	parameter. This can be sent to any of the destinations.</p></dd><dt><span class="term">force-election</span></dt><dd><p>This message causes the <b class="command">nmbd</b> daemon to 
->smbd</TT
+	force a new browse master election. </p></dd><dt><span class="term">ping</span></dt><dd><p>
->.</P
+	Send specified number of &quot;ping&quot; messages and 
-><P
+	wait for the same number of  reply &quot;pong&quot; messages. This can be sent to 
->The <TT
+	any of the destinations.</p></dd><dt><span class="term">profile</span></dt><dd><p>Change profile settings of a daemon, based on the 
-CLASS="CONSTANT"
+	parameter. The parameter can be &quot;on&quot; to turn on profile stats 
->debug</TT
+	collection, &quot;off&quot; to turn off profile stats collection, &quot;count&quot;
 > message-type allows 
 		the debug level to be set to the value specified by the 
 		parameter. This can be sent to any of the destinations.</P
 ><P
 >The <TT
 CLASS="CONSTANT"
 >force-election</TT
 > message-type can only be 
 		sent to the <TT
 CLASS="CONSTANT"
 >nmbd</TT
 > destination. This message 
 		causes the <B
 CLASS="COMMAND"
 >nmbd</B
 > daemon to force a new browse
 		master election.</P
 ><P
 >The <TT
 CLASS="CONSTANT"
 >ping</TT
 > message-type sends the 
 		number of "ping" messages specified by the parameter and waits 
 		for the same number of  reply "pong" messages. This can be sent to 
 		any of the destinations.</P
 ><P
 >The <TT
 CLASS="CONSTANT"
 >profile</TT
 > message-type sends a 
 		message to an smbd to change the profile settings based on the 
 		parameter. The parameter can be "on" to turn on profile stats 
 		collection, "off" to turn off profile stats collection, "count"
 	to enable only collection of count stats (time stats are 
-		disabled), and "flush" to zero the current profile stats. This can 
+	disabled), and &quot;flush&quot; to zero the current profile stats. This can 
-		be sent to any smbd or nmbd destinations.</P
+	be sent to any smbd or nmbd destinations.</p></dd><dt><span class="term">debuglevel</span></dt><dd><p>
-><P
+	Request debuglevel of a certain daemon and write it to stdout. This 
->The <TT
+	can be sent to any of the destinations.</p></dd><dt><span class="term">profilelevel</span></dt><dd><p>
-CLASS="CONSTANT"
+	Request profilelevel of a certain daemon and write it to stdout. 
->debuglevel</TT
+	This can be sent to any smbd or nmbd destinations.</p></dd><dt><span class="term">printnotify</span></dt><dd><p>
-> message-type sends 
+	Order smbd to send a printer notify message to any Windows NT clients 
-		a "request debug level" message. The current debug level setting 
+	connected to a printer. This message-type takes the following arguments:
-		is returned by a  "debuglevel" message. This can be 
+	</p><div class="variablelist"><dl><dt><span class="term">queuepause printername</span></dt><dd><p>Send a queue pause change notify
-		sent to any of the destinations.</P
+	    message to the printer specified.</p></dd><dt><span class="term">queueresume printername</span></dt><dd><p>Send a queue resume change notify
-><P
+	    message for the printer specified.</p></dd><dt><span class="term">jobpause printername unixjobid</span></dt><dd><p>Send a job pause change notify
 >The <TT
 CLASS="CONSTANT"
 >profilelevel</TT
 > message-type sends 
 		a "request profile level" message.  The current profile level 
 		setting is returned by a  "profilelevel" message. This can be sent 
 		to any smbd or nmbd destinations.</P
 ><P
 >The <TT
 CLASS="CONSTANT"
 >printnotify</TT
 > message-type sends a 
 		message to smbd which in turn sends a printer notify message to 
 		any Windows NT clients connected to a printer. This message-type
 		takes the following arguments:
 		<P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >queuepause printername</DT
 ><DD
 ><P
 >Send a queue pause change notify
 		    message to the printer specified.</P
 ></DD
 ><DT
 >queueresume printername</DT
 ><DD
 ><P
 >Send a queue resume change notify
 		    message for the printer specified.</P
 ></DD
 ><DT
 >jobpause printername unixjobid</DT
 ><DD
 ><P
 >Send a job pause change notify
 	    message for the printer and unix jobid
-		    specified.</P
+	    specified.</p></dd><dt><span class="term">jobresume printername unixjobid</span></dt><dd><p>Send a job resume change notify
 ></DD
 ><DT
 >jobresume printername unixjobid</DT
 ><DD
 ><P
 >Send a job resume change notify
 	    message for the printer and unix jobid
-		    specified.</P
+	    specified.</p></dd><dt><span class="term">jobdelete printername unixjobid</span></dt><dd><p>Send a job delete change notify
 ></DD
 ><DT
 >jobdelete printername unixjobid</DT
 ><DD
 ><P
 >Send a job delete change notify
 	    message for the printer and unix jobid
-		    specified.</P
+	    specified.</p></dd></dl></div><p>
 ></DD
 ></DL
 ></DIV
 >
 	Note that this message only sends notification that an
 	event has occured.  It doesn't actually cause the
 	event to happen.
-
+	</p><p>This message can only be sent to <tt class="constant">smbd</tt>. </p></dd><dt><span class="term">samsync</span></dt><dd><p>Order smbd to synchronise sam database from PDC (being BDC). Can only be sent to <tt class="constant">smbd</tt>. </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>Not working at the moment</p></div></dd><dt><span class="term">samrepl</span></dt><dd><p>Send sam replication message, with specified serial. Can only be sent to <tt class="constant">smbd</tt>. Should not be used manually.</p></dd><dt><span class="term">dmalloc-mark</span></dt><dd><p>Set a mark for dmalloc. Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </p></dd><dt><span class="term">dmalloc-log-changed</span></dt><dd><p>
-		This message can only be sent to <TT
+	Dump the pointers that have changed since the mark set by dmalloc-mark. 
-CLASS="CONSTANT"
+	Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </p></dd><dt><span class="term">shutdown</span></dt><dd><p>Shut down specified daemon. Can be sent to both smbd and nmbd.</p></dd><dt><span class="term">pool-usage</span></dt><dd><p>Print a human-readable description of all 
->smbd</TT
+	talloc(pool) memory usage by the specified daemon/process. Available 
->. 
+	for both smbd and nmbd.</p></dd><dt><span class="term">drvupgrade</span></dt><dd><p>Force clients of printers using specified driver 
-		</P
+	to update their local version of the driver. Can only be 
-></DD
+	sent to smbd.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of 
-><DT
+	the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a> and <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 >parameters</DT
 ><DD
 ><P
 >any parameters required for the message-type</P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN102"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 2.2 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN105"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="nmbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >nmbd(8)</B
 ></A
 >, 
 	and <A
 HREF="smbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbd(8)</B
 ></A
 >.
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN112"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
-></DIV
+	Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/smbd.8.html
+++ b/docs/htmldocs/smbd.8.html
@ -1,780 +1,183 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbd</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbd.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbd &#8212; server to provide SMB/CIFS services to clients</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbd</tt>  [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d &lt;debug level&gt;] [-l &lt;log directory&gt;] [-p &lt;port number&gt;] [-O &lt;socket option&gt;] [-s &lt;configuration file&gt;]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This program is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">smbd</b> is the server daemon that 
 <HTML
 ><HEAD
 ><TITLE
 >smbd</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
 "></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SMBD">smbd</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >smbd&nbsp;--&nbsp;server to provide SMB/CIFS services to clients</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbd</B
 > [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d &#60;debug level&#62;] [-l &#60;log directory&#62;] [-p &#60;port number&#62;] [-O &#60;socket option&#62;] [-s &#60;configuration file&#62;]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN23"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This program is part of the Samba suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >smbd</B
 > is the server daemon that 
 	provides filesharing and printing services to Windows clients. 
 	The server provides filespace and printer services to
 	clients using the SMB (or CIFS) protocol. This is compatible 
 	with the LanManager protocol, and can service LanManager 
 	clients.  These include MSCLIENT 3.0 for DOS, Windows for 
 	Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, 
-	OS/2, DAVE for Macintosh, and smbfs for Linux.</P
+	OS/2, DAVE for Macintosh, and smbfs for Linux.</p><p>An extensive description of the services that the 
 ><P
 >An extensive description of the services that the 
 	server can provide is given in the man page for the 
 	configuration file controlling the attributes of those 
-	services (see <A
+	services (see <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.  This man page will not describe the 
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf(5)
 	</TT
 ></A
 >.  This man page will not describe the 
 	services, but will concentrate on the administrative aspects 
-	of running the server.</P
+	of running the server.</p><p>Please note that there are significant security 
-><P
+	implications to running this server, and the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> manual page should be regarded as mandatory reading before 
->Please note that there are significant security 
+	proceeding with installation.</p><p>A session is created whenever a client requests one. 
 	implications to running this server, and the <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 ></A
 > 
 	manpage should be regarded as mandatory reading before 
 	proceeding with installation.</P
 ><P
 >A session is created whenever a client requests one. 
 	Each client gets a copy of the server for each session. This 
 	copy then services all connections made by the client during 
 	that session. When all connections from its client are closed, 
-	the copy of the server for that client terminates.</P
+	the copy of the server for that client terminates.</p><p>The configuration file, and any files that it includes, 
 ><P
 >The configuration file, and any files that it includes, 
 	are automatically reloaded every minute, if they change.  You 
 	can force a reload by sending a SIGHUP to the server.  Reloading 
 	the configuration file will not affect connections to any service 
 	that is already established.  Either the user will have to 
-	disconnect from the service, or <B
+	disconnect from the service, or <b class="command">smbd</b> killed and restarted.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-D</span></dt><dd><p>If specified, this parameter causes 
 CLASS="COMMAND"
 >smbd</B
 > killed and restarted.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN37"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-D</DT
 ><DD
 ><P
 >If specified, this parameter causes 
 		the server to operate as a daemon. That is, it detaches 
 		itself and runs in the background, fielding requests 
 		on the appropriate port. Operating the server as a
-		daemon is the recommended way of running <B
+		daemon is the recommended way of running <b class="command">smbd</b> for 
 CLASS="COMMAND"
 >smbd</B
 > for 
 		servers that provide more than casual use file and 
-		print services.  This switch is assumed if <B
+		print services.  This switch is assumed if <b class="command">smbd
-CLASS="COMMAND"
+		</b> is executed on the command line of a shell.
->smbd
+		</p></dd><dt><span class="term">-F</span></dt><dd><p>If specified, this parameter causes
-		</B
+		the main <b class="command">smbd</b> process to not daemonize,
 > is executed on the command line of a shell.
 		</P
 ></DD
 ><DT
 >-F</DT
 ><DD
 ><P
 >If specified, this parameter causes
 		the main <B
 CLASS="COMMAND"
 >smbd</B
 > process to not daemonize,
 		i.e. double-fork and disassociate with the terminal.
 		Child processes are still created as normal to service
 		each connection request, but the main process does not
 		exit. This operation mode is suitable for running
-		<B
+		<b class="command">smbd</b> under process supervisors such
-CLASS="COMMAND"
+		as <b class="command">supervise</b> and <b class="command">svscan</b>
->smbd</B
+		from Daniel J. Bernstein's <b class="command">daemontools</b>
 > under process supervisors such
 		as <B
 CLASS="COMMAND"
 >supervise</B
 > and <B
 CLASS="COMMAND"
 >svscan</B
 >
 		from Daniel J. Bernstein's <B
 CLASS="COMMAND"
 >daemontools</B
 >
 		package, or the AIX process monitor.
-		</P
+		</p></dd><dt><span class="term">-S</span></dt><dd><p>If specified, this parameter causes
-></DD
+		<b class="command">smbd</b> to log to standard output rather
-><DT
+		than a file.</p></dd><dt><span class="term">-i</span></dt><dd><p>If this parameter is specified it causes the
->-S</DT
+		server to run &quot;interactively&quot;, not as a daemon, even if the
 ><DD
 ><P
 >If specified, this parameter causes
 		<B
 CLASS="COMMAND"
 >smbd</B
 > to log to standard output rather
 		than a file.</P
 ></DD
 ><DT
 >-i</DT
 ><DD
 ><P
 >If this parameter is specified it causes the
 		server to run "interactively", not as a daemon, even if the
 		server is executed on the command line of a shell. Setting this
 		parameter negates the implicit deamon mode when run from the
-		command line. <B
+		command line. <b class="command">smbd</b> also logs to standard
-CLASS="COMMAND"
+		output, as if the <b class="command">-S</b> parameter had been
 >smbd</B
 > also logs to standard
 		output, as if the <B
 CLASS="COMMAND"
 >-S</B
 > parameter had been
 		given.
-		</P
+		</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for 
-></DD
+<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
-><DT
+configuration details required by the server.  The 
->-h</DT
+information in this file includes server-specific
-><DD
+information such as what printcap file to use, as well 
-><P
+as descriptions of all the services that the server is 
->Prints the help information (usage) 
+to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
-		for <B
+smb.conf(5)</tt></a> for more information.
-CLASS="COMMAND"
+The default configuration file name is determined at 
->smbd</B
+compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer 
->.</P
+from 0 to 10.  The default value if this parameter is 
-></DD
+not specified is zero.</p><p>The higher this value, the more detail will be 
-><DT
+logged to the log files about the activities of the 
->-V</DT
+server. At level 0, only critical errors and serious 
-><DD
+warnings will be logged. Level 1 is a reasonable level for
-><P
+day to day running - it generates a small amount of 
->Prints the version number for 
+information about operations carried out.</p><p>Levels above 1 will generate considerable 
-		<B
+amounts of log data, and should only be used when 
-CLASS="COMMAND"
+investigating a problem. Levels above 3 are designed for 
->smbd</B
+use only by developers and generate HUGE amounts of log
->.</P
+data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will 
-></DD
+override the <a href="smb.conf.5.html#loglevel" target="_top">log
-><DT
+level</a> parameter in the <a href="smb.conf.5.html" target="_top">
->-b</DT
+<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
-><DD
+<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
-><P
+never removed by the client.
->Prints information about how 
+</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-		Samba was built.</P
+</p></dd><dt><span class="term">-b</span></dt><dd><p>Prints information about how 
-></DD
+		Samba was built.</p></dd><dt><span class="term">-l &lt;log directory&gt;</span></dt><dd><p>If specified,
-><DT
+		<i class="replaceable"><tt>log directory</tt></i> 
->-d &#60;debug level&#62;</DT
+		specifies a log directory into which the &quot;log.smbd&quot; log
 ><DD
 ><P
 ><TT
 CLASS="REPLACEABLE"
 ><I
 >debuglevel</I
 ></TT
 > is an integer 
 		from 0 to 10.  The default value if this parameter is 
 		not specified is zero.</P
 ><P
 >The higher this value, the more detail will be 
 		logged to the log files about the activities of the 
 		server. At level 0, only critical errors and serious 
 		warnings will be logged. Level 1 is a reasonable level for
 		day to day running - it generates a small amount of 
 		information about operations carried out.</P
 ><P
 >Levels above 1 will generate considerable 
 		amounts of log data, and should only be used when 
 		investigating a problem. Levels above 3 are designed for 
 		use only by developers and generate HUGE amounts of log
 		data, most of which is extremely cryptic.</P
 ><P
 >Note that specifying this parameter here will 
 		override the <A
 HREF="smb.conf.5.html#loglevel"
 TARGET="_top"
 >log
 		level</A
 > parameter in the <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 >		<TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 ></A
 > file.</P
 ></DD
 ><DT
 >-l &#60;log directory&#62;</DT
 ><DD
 ><P
 >If specified,
 		<TT
 CLASS="REPLACEABLE"
 ><I
 >log directory</I
 ></TT
 > 
 		specifies a log directory into which the "log.smbd" log
 		file will be created for informational and debug 
 		messages from the running server. The log 
 		file generated is never removed by the server although 
-		its size may be controlled by the <A
+		its size may be controlled by the <a href="smb.conf.5.html#maxlogsize" target="_top"><i class="parameter"><tt>max log size</tt></i></a>
-HREF="smb.conf.5.html#maxlogsize"
+		option in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file. <span class="emphasis"><em>Beware:</em></span>
-TARGET="_top"
+		If the directory specified does not exist, <b class="command">smbd</b>
 >max log size</A
 >
 		option in the <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >		smb.conf(5)</TT
 ></A
 > file. <I
 CLASS="EMPHASIS"
 >Beware:</I
 >
 		If the directory specified does not exist, <B
 CLASS="COMMAND"
 >smbd</B
 >
 		will log to the default debug log location defined at compile time.
-		</P
+		</p><p>The default log directory is specified at
-><P
+		compile time.</p></dd><dt><span class="term">-p &lt;port number&gt;</span></dt><dd><p><i class="replaceable"><tt>port number</tt></i> is a positive integer 
 >The default log directory is specified at
 		compile time.</P
 ></DD
 ><DT
 >-O &#60;socket options&#62;</DT
 ><DD
 ><P
 >See the <A
 HREF="smb.conf.5.html#socketoptions"
 TARGET="_top"
 >socket options</A
 > 
 		parameter in the <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf(5)
 		</TT
 ></A
 > file for details.</P
 ></DD
 ><DT
 >-p &#60;port number&#62;</DT
 ><DD
 ><P
 ><TT
 CLASS="REPLACEABLE"
 ><I
 >port number</I
 ></TT
 > is a positive integer 
 		value.  The default value if this parameter is not 
-		specified is 139.</P
+		specified is 139.</p><p>This number is the port number that will be 
 ><P
 >This number is the port number that will be 
 		used when making connections to the server from client 
 		software. The standard (well-known) port number for the 
 		SMB over TCP is 139, hence the default. If you wish to 
 		run the server as an ordinary user rather than
 		as root, most systems will require you to use a port 
 		number greater than 1024 - ask your system administrator 
-		for help if you are in this situation.</P
+		for help if you are in this situation.</p><p>In order for the server to be useful by most 
 ><P
 >In order for the server to be useful by most 
 		clients, should you configure it on a port other 
 		than 139, you will require port redirection services 
 		on port 139, details of which are outlined in rfc1002.txt 
-		section 4.3.5.</P
+		section 4.3.5.</p><p>This parameter is not normally specified except 
-><P
+		in the above situation.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><tt class="filename">/etc/inetd.conf</tt></span></dt><dd><p>If the server is to be run by the 
->This parameter is not normally specified except 
+		<b class="command">inetd</b> meta-daemon, this file 
 		in the above situation.</P
 ></DD
 ><DT
 >-s &#60;configuration file&#62;</DT
 ><DD
 ><P
 >The file specified contains the 
 		configuration details required by the server.  The 
 		information in this file includes server-specific
 		information such as what printcap file to use, as well 
 		as descriptions of all the services that the server is 
 		to provide. See <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >		smb.conf(5)</TT
 ></A
 > for more information.
 		The default configuration file name is determined at 
 		compile time.</P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN123"
 ></A
 ><H2
 >FILES</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 ><TT
 CLASS="FILENAME"
 >/etc/inetd.conf</TT
 ></DT
 ><DD
 ><P
 >If the server is to be run by the 
 		<B
 CLASS="COMMAND"
 >inetd</B
 > meta-daemon, this file 
 		must contain suitable startup information for the 
-		meta-daemon. See the <A
+		meta-daemon. See the <a href="install.html" target="_top">&quot;How to Install and Test SAMBA&quot;</a>
 HREF="UNIX_INSTALL.html"
 TARGET="_top"
 >UNIX_INSTALL.html</A
 >
 		document for details.
-		</P
+		</p></dd><dt><span class="term"><tt class="filename">/etc/rc</tt></span></dt><dd><p>or whatever initialization script your 
-></DD
+		system uses).</p><p>If running the server as a daemon at startup, 
 ><DT
 ><TT
 CLASS="FILENAME"
 >/etc/rc</TT
 ></DT
 ><DD
 ><P
 >or whatever initialization script your 
 		system uses).</P
 ><P
 >If running the server as a daemon at startup, 
 		this file will need to contain an appropriate startup 
-		sequence for the server. See the <A
+		sequence for the server. See the <a href="install.html" target="_top">&quot;How to Install and Test SAMBA&quot;</a>
-HREF="UNIX_INSTALL.html"
+		document for details.</p></dd><dt><span class="term"><tt class="filename">/etc/services</tt></span></dt><dd><p>If running the server via the 
-TARGET="_top"
+		meta-daemon <b class="command">inetd</b>, this file 
 >UNIX_INSTALL.html</A
 >
 		document for details.</P
 ></DD
 ><DT
 ><TT
 CLASS="FILENAME"
 >/etc/services</TT
 ></DT
 ><DD
 ><P
 >If running the server via the 
 		meta-daemon <B
 CLASS="COMMAND"
 >inetd</B
 >, this file 
 		must contain a mapping of service name (e.g., netbios-ssn) 
 		to service port (e.g., 139) and protocol type (e.g., tcp). 
-		See the <A
+		See the <a href="install.html" target="_top">&quot;How to Install and Test SAMBA&quot;</a>
-HREF="UNIX_INSTALL.html"
+		document for details.</p></dd><dt><span class="term"><tt class="filename">/usr/local/samba/lib/smb.conf</tt></span></dt><dd><p>This is the default location of the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> server configuration file. Other common places that systems 
-TARGET="_top"
+		install this file are <tt class="filename">/usr/samba/lib/smb.conf</tt> 
->UNIX_INSTALL.html</A
+		and <tt class="filename">/etc/samba/smb.conf</tt>.</p><p>This file describes all the services the server 
->
+		is to make available to clients. See <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> for more information.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>LIMITATIONS</h2><p>On some systems <b class="command">smbd</b> cannot change uid back 
 		document for details.</P
 ></DD
 ><DT
 ><TT
 CLASS="FILENAME"
 >/usr/local/samba/lib/smb.conf</TT
 ></DT
 ><DD
 ><P
 >This is the default location of the 
 		<A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf</TT
 ></A
 >
 		server configuration file. Other common places that systems 
 		install this file are <TT
 CLASS="FILENAME"
 >/usr/samba/lib/smb.conf</TT
 > 
 		and <TT
 CLASS="FILENAME"
 >/etc/smb.conf</TT
 >.</P
 ><P
 >This file describes all the services the server 
 		is to make available to clients. See <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 >		<TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 ></A
 >  for more information.</P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN159"
 ></A
 ><H2
 >LIMITATIONS</H2
 ><P
 >On some systems <B
 CLASS="COMMAND"
 >smbd</B
 > cannot change uid back 
 	to root after a setuid() call.  Such systems are called 
 	trapdoor uid systems. If you have such a system, 
 	you will be unable to connect from a client (such as a PC) as 
 	two different users at once. Attempts to connect the
 	second user will result in access denied or 
-	similar.</P
+	similar.</p></div><div class="refsect1" lang="en"><h2>ENVIRONMENT VARIABLES</h2><div class="variablelist"><dl><dt><span class="term"><tt class="envar">PRINTER</tt></span></dt><dd><p>If no printer name is specified to 
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN163"
 ></A
 ><H2
 >ENVIRONMENT VARIABLES</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 ><TT
 CLASS="ENVAR"
 >PRINTER</TT
 ></DT
 ><DD
 ><P
 >If no printer name is specified to 
 		printable services, most systems will use the value of 
-		this variable (or <TT
+		this variable (or <tt class="constant">lp</tt> if this variable is 
 CLASS="CONSTANT"
 >lp</TT
 > if this variable is 
 		not defined) as the name of the printer to use. This 
-		is not specific to the server, however.</P
+		is not specific to the server, however.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>PAM INTERACTION</h2><p>Samba uses PAM for authentication (when presented with a plaintext 
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN172"
 ></A
 ><H2
 >PAM INTERACTION</H2
 ><P
 >Samba uses PAM for authentication (when presented with a plaintext 
 	password), for account checking (is this account disabled?) and for
 	session management.  The degree too which samba supports PAM is restricted
-	by the limitations of the SMB protocol and the 
+	by the limitations of the SMB protocol and the <a href="smb.conf.5.html#OBEYPAMRESRICTIONS" target="_top"><i class="parameter"><tt>obey 
-	<A
+	pam restricions</tt></i></a> <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> paramater.  When this is set, the following restrictions apply:
-HREF="smb.conf.5.html#OBEYPAMRESRICTIONS"
+	</p><div class="itemizedlist"><ul type="disc"><li><p><span class="emphasis"><em>Account Validation</em></span>:  All accesses to a 
 TARGET="_top"
 >obey pam restricions</A
 >
 	smb.conf paramater.  When this is set, the following restrictions apply:
 	</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 ><I
 CLASS="EMPHASIS"
 >Account Validation</I
 >:  All accesses to a 
 	samba server are checked 
 	against PAM to see if the account is vaild, not disabled and is permitted to 
 	login at this time.  This also applies to encrypted logins.
-	</P
+	</p></li><li><p><span class="emphasis"><em>Session Management</em></span>:  When not using share 
 ></LI
 ><LI
 ><P
 ><I
 CLASS="EMPHASIS"
 >Session Management</I
 >:  When not using share 
 	level secuirty, users must pass PAM's session checks before access 
 	is granted.  Note however, that this is bypassed in share level secuirty.  
 	Note also that some older pam configuration files may need a line 
 	added for session support. 
-	</P
+	</p></li></ul></div></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of 
-></LI
+	the Samba suite.</p></div><div class="refsect1" lang="en"><h2>DIAGNOSTICS</h2><p>Most diagnostics issued by the server are logged 
 ></UL
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN183"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 3.0 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN186"
 ></A
 ><H2
 >DIAGNOSTICS</H2
 ><P
 >Most diagnostics issued by the server are logged 
 	in a specified log file. The log file name is specified 
-	at compile time, but may be overridden on the command line.</P
+	at compile time, but may be overridden on the command line.</p><p>The number and nature of diagnostics available depends 
 ><P
 >The number and nature of diagnostics available depends 
 	on the debug level used by the server. If you have problems, set 
-	the debug level to 3 and peruse the log files.</P
+	the debug level to 3 and peruse the log files.</p><p>Most messages are reasonably self-explanatory. Unfortunately, 
 ><P
 >Most messages are reasonably self-explanatory. Unfortunately, 
 	at the time this man page was created, there are too many diagnostics 
 	available in the source code to warrant describing each and every 
 	diagnostic. At this stage your best bet is still to grep the 
 	source code and inspect the conditions that gave rise to the 
-	diagnostics you are seeing.</P
+	diagnostics you are seeing.</p></div><div class="refsect1" lang="en"><h2>SIGNALS</h2><p>Sending the <b class="command">smbd</b> a SIGHUP will cause it to 
-></DIV
+	reload its <tt class="filename">smb.conf</tt> configuration 
-><DIV
+	file within a short period of time.</p><p>To shut down a user's <b class="command">smbd</b> process it is recommended 
-CLASS="REFSECT1"
+	that <b class="command">SIGKILL (-9)</b> <span class="emphasis"><em>NOT</em></span> 
 ><A
 NAME="AEN191"
 ></A
 ><H2
 >SIGNALS</H2
 ><P
 >Sending the <B
 CLASS="COMMAND"
 >smbd</B
 > a SIGHUP will cause it to 
 	reload its <TT
 CLASS="FILENAME"
 >smb.conf</TT
 > configuration 
 	file within a short period of time.</P
 ><P
 >To shut down a user's <B
 CLASS="COMMAND"
 >smbd</B
 > process it is recommended 
 	that <B
 CLASS="COMMAND"
 >SIGKILL (-9)</B
 > <I
 CLASS="EMPHASIS"
 >NOT</I
 > 
 	be used, except as a last resort, as this may leave the shared
 	memory area in an inconsistent state. The safe way to terminate 
-	an <B
+	an <b class="command">smbd</b> is to send it a SIGTERM (-15) signal and wait for 
-CLASS="COMMAND"
+	it to die on its own.</p><p>The debug log level of <b class="command">smbd</b> may be raised
->smbd</B
+	or lowered using <a href="smbcontrol.1.html"><span class="citerefentry"><span class="refentrytitle">smbcontrol</span>(1)</span></a> program (SIGUSR[1|2] signals are no longer 
-> is to send it a SIGTERM (-15) signal and wait for 
+	used since Samba 2.2). This is to allow transient problems to be diagnosed, 
-	it to die on its own.</P
+	whilst still running at a normally low log level.</p><p>Note that as the signal handlers send a debug write, 
-><P
+	they are not re-entrant in <b class="command">smbd</b>. This you should wait until 
->The debug log level of <B
+	<b class="command">smbd</b> is in a state of waiting for an incoming SMB before 
 CLASS="COMMAND"
 >smbd</B
 > may be raised
 	or lowered using <A
 HREF="smbcontrol.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbcontrol(1)
 	</B
 ></A
 > program (SIGUSR[1|2] signals are no longer used in
 	Samba 2.2). This is to allow transient problems to be diagnosed, 
 	whilst still running at a normally low log level.</P
 ><P
 >Note that as the signal handlers send a debug write, 
 	they are not re-entrant in <B
 CLASS="COMMAND"
 >smbd</B
 >. This you should wait until 
 	<B
 CLASS="COMMAND"
 >smbd</B
 > is in a state of waiting for an incoming SMB before 
 	issuing them. It is possible to make the signal handlers safe 
 	by un-blocking the signals before the select call and re-blocking 
-	them after, however this would affect performance.</P
+	them after, however this would affect performance.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="hosts_access.5.html"><span class="citerefentry"><span class="refentrytitle">hosts_access</span>(5)</span></a>, <a href="inetd.8.html"><span class="citerefentry"><span class="refentrytitle">inetd</span>(8)</span></a>, <a href="nmbd.8.html"><span class="citerefentry"><span class="refentrytitle">nmbd</span>(8)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a href="testparm.1.html"><span class="citerefentry"><span class="refentrytitle">testparm</span>(1)</span></a>, <a href="testprns.1.html"><span class="citerefentry"><span class="refentrytitle">testprns</span>(1)</span></a>, and the 
-></DIV
+	Internet RFC's	<tt class="filename">rfc1001.txt</tt>, <tt class="filename">rfc1002.txt</tt>. 
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN208"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 >hosts_access(5), <B
 CLASS="COMMAND"
 >inetd(8)</B
 >, 
 	<A
 HREF="nmbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >nmbd(8)</B
 ></A
 >, 
 	<A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 >
 	</A
 >, <A
 HREF="smbclient.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbclient(1)
 	</B
 ></A
 >, <A
 HREF="testparm.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >	testparm(1)</B
 ></A
 >, <A
 HREF="testprns.1.html"
 TARGET="_top"
 >	<B
 CLASS="COMMAND"
 >testprns(1)</B
 ></A
 >, and the Internet RFC's
 	<TT
 CLASS="FILENAME"
 >rfc1001.txt</TT
 >, <TT
 CLASS="FILENAME"
 >rfc1002.txt</TT
 >. 
 	In addition the CIFS (formerly SMB) specification is available 
-	as a link from the Web page <A
+	as a link from the Web page <a href="http://samba.org/cifs/" target="_top"> 
-HREF="http://samba.org/cifs/"
+	http://samba.org/cifs/</a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 TARGET="_top"
 > 
 	http://samba.org/cifs/</A
 >.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN225"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
-></DIV
+	Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/smbmnt.8.html
+++ b/docs/htmldocs/smbmnt.8.html
@ -1,179 +1,24 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbmnt</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbmnt.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbmnt &#8212; helper utility for mounting SMB filesystems</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbmnt</tt>  {mount-point} [-s &lt;share&gt;] [-r] [-u &lt;uid&gt;] [-g &lt;gid&gt;] [-f &lt;mask&gt;] [-d &lt;mask&gt;] [-o &lt;options&gt;] [-h]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p><b class="command">smbmnt</b> is a helper application used 
 <HTML
 ><HEAD
 ><TITLE
 >smbmnt</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SMBMNT"
 ></A
 >smbmnt</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >smbmnt&nbsp;--&nbsp;helper utility for mounting SMB filesystems</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbmnt</B
 >  {mount-point} [-s &lt;share&gt;] [-r] [-u &lt;uid&gt;] [-g &lt;gid&gt;] [-f &lt;mask&gt;] [-d &lt;mask&gt;] [-o &lt;options&gt;]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN19"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbmnt</B
 > is a helper application used 
 	by the smbmount program to do the actual mounting of SMB shares. 
-	<B
+	<b class="command">smbmnt</b> can be installed setuid root if you want
-CLASS="COMMAND"
+	normal users to be able to mount their SMB shares.</p><p>A setuid smbmnt will only allow mounts on directories owned
->smbmnt</B
+	by the user, and that the user has write permission on.</p><p>The <b class="command">smbmnt</b> program is normally invoked 
-> can be installed setuid root if you want
+	by <a href="smbmount.8.html"><span class="citerefentry"><span class="refentrytitle">smbmount</span>(8)</span></a>. It should not be invoked directly by users. </p><p>smbmount searches the normal PATH for smbmnt. You must ensure
-	normal users to be able to mount their SMB shares.</P
+	that the smbmnt version in your path matches the smbmount used.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-r</span></dt><dd><p>mount the filesystem read-only 
-><P
+		</p></dd><dt><span class="term">-u uid</span></dt><dd><p>specify the uid that the files will 
->A setuid smbmnt will only allow mounts on directories owned
+		be owned by </p></dd><dt><span class="term">-g gid</span></dt><dd><p>specify the gid that the files will be 
-	by the user, and that the user has write permission on.</P
+		owned by </p></dd><dt><span class="term">-f mask</span></dt><dd><p>specify the octal file mask applied
-><P
+		</p></dd><dt><span class="term">-d mask</span></dt><dd><p>specify the octal directory mask 
->The <B
+		applied  </p></dd><dt><span class="term">-o options</span></dt><dd><p>
-CLASS="COMMAND"
+		list of options that are passed as-is to smbfs, if this
 >smbmnt</B
 > program is normally invoked 
 	by <A
 HREF="smbmount.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbmount(8)</B
 >
 	</A
 >. It should not be invoked directly by users. </P
 ><P
 >smbmount searches the normal PATH for smbmnt. You must ensure
 	that the smbmnt version in your path matches the smbmount used.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN30"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-r</DT
 ><DD
 ><P
 >mount the filesystem read-only 
 		</P
 ></DD
 ><DT
 >-u uid</DT
 ><DD
 ><P
 >specify the uid that the files will 
 		be owned by </P
 ></DD
 ><DT
 >-g gid</DT
 ><DD
 ><P
 >specify the gid that the files will be 
 		owned by </P
 ></DD
 ><DT
 >-f mask</DT
 ><DD
 ><P
 >specify the octal file mask applied
 		</P
 ></DD
 ><DT
 >-d mask</DT
 ><DD
 ><P
 >specify the octal directory mask 
 		applied  </P
 ></DD
 ><DT
 >-o options</DT
 ><DD
 ><P
 >		list of options that are passed as-is to smbfs, if this
 		command is run on a 2.4 or higher Linux kernel.
-		</P
+		</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-></DD
+</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
-></DL
+	and others.</p><p>The current maintainer of smbfs and the userspace
-></DIV
+	tools <b class="command">smbmount</b>, <b class="command">smbumount</b>,
-></DIV
+	and <b class="command">smbmnt</b> is <a href="mailto:urban@teststation.com" target="_top">Urban Widmark</a>.
-><DIV
+	The <a href="mailto:samba@samba.org" target="_top">SAMBA Mailing list</a>
 CLASS="REFSECT1"
 ><A
 NAME="AEN57"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
 	and others.</P
 ><P
 >The current maintainer of smbfs and the userspace
 	tools <B
 CLASS="COMMAND"
 >smbmount</B
 >, <B
 CLASS="COMMAND"
 >smbumount</B
 >,
 	and <B
 CLASS="COMMAND"
 >smbmnt</B
 > is <A
 HREF="mailto:urban@teststation.com"
 TARGET="_top"
 >Urban Widmark</A
 >.
 	The <A
 HREF="mailto:samba@samba.org"
 TARGET="_top"
 >SAMBA Mailing list</A
 >
 	is the preferred place to ask questions regarding these programs.
-	</P
+	</p><p>The conversion of this manpage for Samba 2.2 was performed 
-><P
+	by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
->The conversion of this manpage for Samba 2.2 was performed 
+	was done by Alexander Bokovoy.</p></div></div></body></html>
 	by Gerald Carter</P
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/smbmount.8.html
+++ b/docs/htmldocs/smbmount.8.html
@ -1,321 +1,72 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbmount</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbmount.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbmount &#8212; mount an smbfs filesystem</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbmount</tt>  {service} {mount-point} [-o options]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p><b class="command">smbmount</b> mounts a Linux SMB filesystem. It 
-<HTML
+	is usually invoked as <b class="command">mount.smbfs</b> by
-><HEAD
+	the <a href="mount.8.html"><span class="citerefentry"><span class="refentrytitle">mount</span>(8)</span></a> command when using the 
-><TITLE
+	&quot;-t smbfs&quot; option. This command only works in Linux, and the kernel must
->smbmount</TITLE
+	support the smbfs filesystem. </p><p>Options to <b class="command">smbmount</b> are specified as a comma-separated
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SMBMOUNT"
 ></A
 >smbmount</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >smbmount&nbsp;--&nbsp;mount an smbfs filesystem</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbmount</B
 >  {service} {mount-point} [-o options]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN14"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbmount</B
 > mounts a Linux SMB filesystem. It 
 	is usually invoked as <B
 CLASS="COMMAND"
 >mount.smbfs</B
 > by
 	the <B
 CLASS="COMMAND"
 >mount(8)</B
 > command when using the 
 	"-t smbfs" option. This command only works in Linux, and the kernel must
 	support the smbfs filesystem. </P
 ><P
 >Options to <B
 CLASS="COMMAND"
 >smbmount</B
 > are specified as a comma-separated
 	list of key=value pairs. It is possible to send options other
 	than those listed here, assuming that smbfs supports them. If
 	you get mount failures, check your kernel log for errors on
-	unknown options.</P
+	unknown options.</p><p><b class="command">smbmount</b> is a daemon. After mounting it keeps running until
 ><P
 ><B
 CLASS="COMMAND"
 >smbmount</B
 > is a daemon. After mounting it keeps running until
 	the mounted smbfs is umounted. It will log things that happen
-	when in daemon mode using the "machine name" smbmount, so
+	when in daemon mode using the &quot;machine name&quot; smbmount, so
-	typically this output will end up in <TT
+	typically this output will end up in <tt class="filename">log.smbmount</tt>. The <b class="command">
-CLASS="FILENAME"
+	smbmount</b> process may also be called mount.smbfs.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> <b class="command">smbmount</b> 
->log.smbmount</TT
+	calls <a href="smbmnt.8.html"><span class="citerefentry"><span class="refentrytitle">smbmnt</span>(8)</span></a> to do the actual mount. You 
->. The
+	must make sure that <b class="command">smbmnt</b> is in the path so 
-	<B
+	that it can be found. </p></div></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">username=&lt;arg&gt;</span></dt><dd><p>specifies the username to connect as. If
-CLASS="COMMAND"
+		this is not given, then the environment variable <tt class="envar">
->smbmount</B
+		USER</tt> is used. This option can also take the
-> process may also be called mount.smbfs.</P
+		form &quot;user%password&quot; or &quot;user/workgroup&quot; or
-><P
+		&quot;user/workgroup%password&quot; to allow the password and workgroup
-><SPAN
+		to be specified as part of the username.</p></dd><dt><span class="term">password=&lt;arg&gt;</span></dt><dd><p>specifies the SMB password. If this
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >NOTE:</I
 ></SPAN
 > <B
 CLASS="COMMAND"
 >smbmount</B
 > 
 	calls <B
 CLASS="COMMAND"
 >smbmnt(8)</B
 > to do the actual mount. You 
 	must make sure that <B
 CLASS="COMMAND"
 >smbmnt</B
 > is in the path so 
 	that it can be found. </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN31"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >username=&lt;arg&gt;</DT
 ><DD
 ><P
 >specifies the username to connect as. If
 		this is not given, then the environment variable <TT
 CLASS="ENVAR"
 >		USER</TT
 > is used. This option can also take the
 		form "user%password" or "user/workgroup" or
 		"user/workgroup%password" to allow the password and workgroup
 		to be specified as part of the username.</P
 ></DD
 ><DT
 >password=&lt;arg&gt;</DT
 ><DD
 ><P
 >specifies the SMB password. If this
 		option is not given then the environment variable
-		<TT
+		<tt class="envar">PASSWD</tt> is used. If it can find
-CLASS="ENVAR"
+		no password <b class="command">smbmount</b> will prompt
 >PASSWD</TT
 > is used. If it can find
 		no password <B
 CLASS="COMMAND"
 >smbmount</B
 > will prompt
 		for a passeword, unless the guest option is
-		given. </P
+		given. </p><p>
-><P
+		Note that passwords which contain the argument delimiter
 >		Note that passwords which contain the argument delimiter
 		character (i.e. a comma ',') will failed to be parsed correctly
 		on the command line.  However, the same password defined
 		in the PASSWD environment variable or a credentials file (see
 		below) will be read correctly.
-		</P
+		</p></dd><dt><span class="term">credentials=&lt;filename&gt;</span></dt><dd><p>specifies a file that contains a username and/or password. 
-></DD
+The format of the file is:
-><DT
+</p><pre class="programlisting">
->credentials=&lt;filename&gt;</DT
+username = &lt;value&gt;
-><DD
+password = &lt;value&gt;
-><P
+</pre><p>This is preferred over having passwords in plaintext in a
->specifies a file that contains a username
+		shared file, such as <tt class="filename">/etc/fstab</tt>. Be sure to protect any
 		and/or password. The format of the file is:</P
 ><P
 >		<PRE
 CLASS="PROGRAMLISTING"
 >		username = &lt;value&gt;
 		password = &lt;value&gt;
 		</PRE
 >
 		</P
 ><P
 >This is preferred over having passwords in plaintext in a
 		shared file, such as <TT
 CLASS="FILENAME"
 >/etc/fstab</TT
 >. Be sure to protect any
 		credentials file properly.
-		</P
+		</p></dd><dt><span class="term">krb</span></dt><dd><p>Use kerberos (Active Directory). </p></dd><dt><span class="term">netbiosname=&lt;arg&gt;</span></dt><dd><p>sets the source NetBIOS name. It defaults 
-></DD
+		to the local hostname. </p></dd><dt><span class="term">uid=&lt;arg&gt;</span></dt><dd><p>sets the uid that will own all files on
 ><DT
 >netbiosname=&lt;arg&gt;</DT
 ><DD
 ><P
 >sets the source NetBIOS name. It defaults 
 		to the local hostname. </P
 ></DD
 ><DT
 >uid=&lt;arg&gt;</DT
 ><DD
 ><P
 >sets the uid that will own all files on
 		the mounted filesystem.
 		It may be specified as either a username or a numeric uid.
-		</P
+		</p></dd><dt><span class="term">gid=&lt;arg&gt;</span></dt><dd><p>sets the gid that will own all files on
 ></DD
 ><DT
 >gid=&lt;arg&gt;</DT
 ><DD
 ><P
 >sets the gid that will own all files on
 		the mounted filesystem.
 		It may be specified as either a groupname or a numeric 
-		gid. </P
+		gid. </p></dd><dt><span class="term">port=&lt;arg&gt;</span></dt><dd><p>sets the remote SMB port number. The default 
-></DD
+		is 139. </p></dd><dt><span class="term">fmask=&lt;arg&gt;</span></dt><dd><p>sets the file mask. This determines the 
 ><DT
 >port=&lt;arg&gt;</DT
 ><DD
 ><P
 >sets the remote SMB port number. The default 
 		is 139. </P
 ></DD
 ><DT
 >fmask=&lt;arg&gt;</DT
 ><DD
 ><P
 >sets the file mask. This determines the 
 		permissions that remote files have in the local filesystem. 
-		The default is based on the current umask. </P
+		This is not a umask, but the actual permissions for the files.
-></DD
+		The default is based on the current umask. </p></dd><dt><span class="term">dmask=&lt;arg&gt;</span></dt><dd><p>Sets the directory mask. This determines the 
 ><DT
 >dmask=&lt;arg&gt;</DT
 ><DD
 ><P
 >sets the directory mask. This determines the 
 		permissions that remote directories have in the local filesystem. 
-		The default is based on the current umask. </P
+		This is not a umask, but the actual permissions for the directories.
-></DD
+		The default is based on the current umask. </p></dd><dt><span class="term">debug=&lt;arg&gt;</span></dt><dd><p>Sets the debug level. This is useful for 
 ><DT
 >debug=&lt;arg&gt;</DT
 ><DD
 ><P
 >sets the debug level. This is useful for 
 		tracking down SMB connection problems. A suggested value to
 		start with is 4. If set too high there will be a lot of
-		output, possibly hiding the useful output.</P
+		output, possibly hiding the useful output.</p></dd><dt><span class="term">ip=&lt;arg&gt;</span></dt><dd><p>Sets the destination host or IP address.
-></DD
+		</p></dd><dt><span class="term">workgroup=&lt;arg&gt;</span></dt><dd><p>Sets the workgroup on the destination </p></dd><dt><span class="term">sockopt=&lt;arg&gt;</span></dt><dd><p>Sets the TCP socket options. See the <a href="smb.conf.5.html#SOCKETOPTIONS" target="_top"><a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a></a> <i class="parameter"><tt>socket options</tt></i> option.
-><DT
+		</p></dd><dt><span class="term">scope=&lt;arg&gt;</span></dt><dd><p>Sets the NetBIOS scope </p></dd><dt><span class="term">guest</span></dt><dd><p>Don't prompt for a password </p></dd><dt><span class="term">ro</span></dt><dd><p>mount read-only </p></dd><dt><span class="term">rw</span></dt><dd><p>mount read-write </p></dd><dt><span class="term">iocharset=&lt;arg&gt;</span></dt><dd><p>
->ip=&lt;arg&gt;</DT
+		sets the charset used by the Linux side for codepage
 ><DD
 ><P
 >sets the destination host or IP address.
 		</P
 ></DD
 ><DT
 >workgroup=&lt;arg&gt;</DT
 ><DD
 ><P
 >sets the workgroup on the destination </P
 ></DD
 ><DT
 >sockopt=&lt;arg&gt;</DT
 ><DD
 ><P
 >sets the TCP socket options. See the <A
 HREF="smb.conf.5.html#SOCKETOPTIONS"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf
 		</TT
 ></A
 > <TT
 CLASS="PARAMETER"
 ><I
 >socket options</I
 ></TT
 > option.
 		</P
 ></DD
 ><DT
 >scope=&lt;arg&gt;</DT
 ><DD
 ><P
 >sets the NetBIOS scope </P
 ></DD
 ><DT
 >guest</DT
 ><DD
 ><P
 >don't prompt for a password </P
 ></DD
 ><DT
 >ro</DT
 ><DD
 ><P
 >mount read-only </P
 ></DD
 ><DT
 >rw</DT
 ><DD
 ><P
 >mount read-write </P
 ></DD
 ><DT
 >iocharset=&lt;arg&gt;</DT
 ><DD
 ><P
 >		sets the charset used by the Linux side for codepage
 		to charset translations (NLS). Argument should be the
 		name of a charset, like iso8859-1. (Note: only kernel
 		2.4.0 or later)
-		</P
+		</p></dd><dt><span class="term">codepage=&lt;arg&gt;</span></dt><dd><p>
-></DD
+		sets the codepage the server uses. See the iocharset
 ><DT
 >codepage=&lt;arg&gt;</DT
 ><DD
 ><P
 >		sets the codepage the server uses. See the iocharset
 		option. Example value cp850. (Note: only kernel 2.4.0
 		or later)
-		</P
+		</p></dd><dt><span class="term">ttl=&lt;arg&gt;</span></dt><dd><p>
-></DD
+		sets how long a directory listing is cached in milliseconds
 ><DT
 >ttl=&lt;arg&gt;</DT
 ><DD
 ><P
 >		sets how long a directory listing is cached in milliseconds
 		(also affects visibility of file size and date
 		changes). A higher value means that changes on the
 		server take longer to be noticed but it can give
@ -324,141 +75,34 @@ CLASS="PARAMETER"
 		like 10000ms (10 seconds) is probably more reasonable
 		in many cases.
 		(Note: only kernel 2.4.2 or later)
-		</P
+		</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>ENVIRONMENT VARIABLES</h2><p>The variable <tt class="envar">USER</tt> may contain the username of the
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN125"
 ></A
 ><H2
 >ENVIRONMENT VARIABLES</H2
 ><P
 >The variable <TT
 CLASS="ENVAR"
 >USER</TT
 > may contain the username of the
 	person using the client.  This information is used only if the
 	protocol level is high enough to support session-level
 	passwords. The variable can be used to set both username and
-	password by using the format username%password.</P
+	password by using the format username%password.</p><p>The variable <tt class="envar">PASSWD</tt> may contain the password of the
 ><P
 >The variable <TT
 CLASS="ENVAR"
 >PASSWD</TT
 > may contain the password of the
 	person using the client.  This information is used only if the
 	protocol level is high enough to support session-level
-	passwords.</P
+	passwords.</p><p>The variable <tt class="envar">PASSWD_FILE</tt> may contain the pathname
 ><P
 >The variable <TT
 CLASS="ENVAR"
 >PASSWD_FILE</TT
 > may contain the pathname
 	of a file to read the password from. A single line of input is
-	read and used as the password.</P
+	read and used as the password.</p></div><div class="refsect1" lang="en"><h2>BUGS</h2><p>Passwords and other options containing , can not be handled.
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN133"
 ></A
 ><H2
 >BUGS</H2
 ><P
 >Passwords and other options containing , can not be handled.
 	For passwords an alternative way of passing them is in a credentials
-	file or in the PASSWD environment.</P
+	file or in the PASSWD environment.</p><p>The credentials file does not handle usernames or passwords with
-><P
+	leading space.</p><p>One smbfs bug is important enough to mention here, even if it
->The credentials file does not handle usernames or passwords with
+	is a bit misplaced:</p><div class="itemizedlist"><ul type="disc"><li><p>Mounts sometimes stop working. This is usually
 	leading space.</P
 ><P
 >One smbfs bug is important enough to mention here, even if it
 	is a bit misplaced:</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 >Mounts sometimes stop working. This is usually
 	caused by smbmount terminating. Since smbfs needs smbmount to
 	reconnect when the server disconnects, the mount will eventually go
 	dead. An umount/mount normally fixes this. At least 2 ways to
-	trigger this bug are known.</P
+	trigger this bug are known.</p></li></ul></div><p>Note that the typical response to a bug report is suggestion
 ></LI
 ></UL
 ><P
 >Note that the typical response to a bug report is suggestion
 	to try the latest version first. So please try doing that first,
 	and always include which versions you use of relevant software
-	when reporting bugs (minimum: samba, kernel, distribution)</P
+	when reporting bugs (minimum: samba, kernel, distribution)</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p>Documentation/filesystems/smbfs.txt in the linux kernel
-></DIV
+	source tree may contain additional options and information.</p><p>FreeBSD also has a smbfs, but it is not related to smbmount</p><p>For Solaris, HP-UX and others you may want to look at <a href="smbsh.1.html"><span class="citerefentry"><span class="refentrytitle">smbsh</span>(1)</span></a> or at other solutions, such as 
-><DIV
+	Sharity or perhaps replacing the SMB server with a NFS server.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
-CLASS="REFSECT1"
+	and others.</p><p>The current maintainer of smbfs and the userspace
-><A
+	tools <b class="command">smbmount</b>, <b class="command">smbumount</b>,
-NAME="AEN142"
+	and <b class="command">smbmnt</b> is <a href="mailto:urban@teststation.com" target="_top">Urban Widmark</a>.
-></A
+	The <a href="mailto:samba@samba.org" target="_top">SAMBA Mailing list</a>
 ><H2
 >SEE ALSO</H2
 ><P
 >Documentation/filesystems/smbfs.txt in the linux kernel
 	source tree may contain additional options and information.</P
 ><P
 >FreeBSD also has a smbfs, but it is not related to smbmount</P
 ><P
 >For Solaris, HP-UX and others you may want to look at
 	<A
 HREF="smbsh.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbsh(1)</B
 ></A
 > or at other
 	solutions, such as sharity or perhaps replacing the SMB server with
 	a NFS server.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN149"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
 	and others.</P
 ><P
 >The current maintainer of smbfs and the userspace
 	tools <B
 CLASS="COMMAND"
 >smbmount</B
 >, <B
 CLASS="COMMAND"
 >smbumount</B
 >,
 	and <B
 CLASS="COMMAND"
 >smbmnt</B
 > is <A
 HREF="mailto:urban@teststation.com"
 TARGET="_top"
 >Urban Widmark</A
 >.
 	The <A
 HREF="mailto:samba@samba.org"
 TARGET="_top"
 >SAMBA Mailing list</A
 >
 	is the preferred place to ask questions regarding these programs.
-	</P
+	</p><p>The conversion of this manpage for Samba 2.2 was performed 
-><P
+	by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
->The conversion of this manpage for Samba 2.2 was performed 
+	was done by Alexander Bokovoy.</p></div></div></body></html>
 	by Gerald Carter</P
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/smbpasswd.5.html
+++ b/docs/htmldocs/smbpasswd.5.html
@ -1,357 +1,89 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbpasswd</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbpasswd.5"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbpasswd &#8212; The Samba encrypted password file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><p><tt class="filename">smbpasswd</tt></p></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>smbpasswd is the Samba encrypted password file. It contains 
 <HTML
 ><HEAD
 ><TITLE
 >smbpasswd</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SMBPASSWD"
 ></A
 >smbpasswd</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >smbpasswd&nbsp;--&nbsp;The Samba encrypted password file</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><TT
 CLASS="FILENAME"
 >smbpasswd</TT
 ></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN11"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 >smbpasswd is the Samba encrypted password file. It contains 
 	the username, Unix user id and the SMB hashed passwords of the 
 	user, as well as account flag information and the time the 
 	password was last changed. This file format has been evolving with 
-	Samba and has had several different formats in the past. </P
+	Samba and has had several different formats in the past. </p></div><div class="refsect1" lang="en"><h2>FILE FORMAT</h2><p>The format of the smbpasswd file used by Samba 2.2 
-></DIV
+	is very similar to the familiar Unix <tt class="filename">passwd(5)</tt> 
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN16"
 ></A
 ><H2
 >FILE FORMAT</H2
 ><P
 >The format of the smbpasswd file used by Samba 2.2 
 	is very similar to the familiar Unix <TT
 CLASS="FILENAME"
 >passwd(5)</TT
 > 
 	file. It is an ASCII file containing one line for each user. Each field 
 	ithin each line is separated from the next by a colon. Any entry 
 	beginning with '#' is ignored. The smbpasswd file contains the 
-	following information for each user: </P
+	following information for each user: </p><div class="variablelist"><dl><dt><span class="term">name</span></dt><dd><p> This is the user name. It must be a name that 
-><P
+		already exists in the standard UNIX passwd file. </p></dd><dt><span class="term">uid</span></dt><dd><p>This is the UNIX uid. It must match the uid
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >name</DT
 ><DD
 ><P
 > This is the user name. It must be a name that 
 		already exists in the standard UNIX passwd file. </P
 ></DD
 ><DT
 >uid</DT
 ><DD
 ><P
 >This is the UNIX uid. It must match the uid
 		field for the same user entry in the standard UNIX passwd file. 
 		If this does not match then Samba will refuse to recognize 
 		this smbpasswd file entry as being valid for a user. 
-		</P
+		</p></dd><dt><span class="term">Lanman Password Hash</span></dt><dd><p>This is the LANMAN hash of the user's password, 
 ></DD
 ><DT
 >Lanman Password Hash</DT
 ><DD
 ><P
 >This is the LANMAN hash of the user's password, 
 		encoded as 32 hex digits.  The LANMAN hash is created by DES 
 		encrypting a well known string with the user's password as the 
 		DES key. This is the same password used by Windows 95/98 machines. 
 		Note that this password hash is regarded as weak as it is
 		vulnerable to dictionary attacks and if two users choose the 
 		same password this entry will be identical (i.e. the password 
-		is not "salted" as the UNIX password is). If the user has a 
+		is not &quot;salted&quot; as the UNIX password is). If the user has a 
-		null password this field will contain the characters "NO PASSWORD" 
+		null password this field will contain the characters &quot;NO PASSWORD&quot; 
 		as the start of the hex string. If the hex string is equal to 
 		32 'X' characters then the user's account is marked as 
-		<TT
+		<tt class="constant">disabled</tt> and the user will not be able to 
-CLASS="CONSTANT"
+		log onto the Samba server. </p><p><span class="emphasis"><em>WARNING !!</em></span> Note that, due to 
 >disabled</TT
 > and the user will not be able to 
 		log onto the Samba server. </P
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >WARNING !!</I
 ></SPAN
 > Note that, due to 
 		the challenge-response nature of the SMB/CIFS authentication
 		protocol, anyone with a knowledge of this password hash will 
 		be able to impersonate the user on the network. For this
-		reason these hashes are known as <SPAN
+		reason these hashes are known as <span class="emphasis"><em>plain text 
-CLASS="emphasis"
+		equivalents</em></span> and must <span class="emphasis"><em>NOT</em></span> be made 
 ><I
 CLASS="EMPHASIS"
 >plain text 
 		equivalents</I
 ></SPAN
 > and must <SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >NOT</I
 ></SPAN
 > be made 
 		available to anyone but the root user. To protect these passwords 
 		the smbpasswd file is placed in a directory with read and 
 		traverse access only to the root user and the smbpasswd file 
 		itself must be set to be read/write only by root, with no
-		other access. </P
+		other access. </p></dd><dt><span class="term">NT Password Hash</span></dt><dd><p>This is the Windows NT hash of the user's 
 ></DD
 ><DT
 >NT Password Hash</DT
 ><DD
 ><P
 >This is the Windows NT hash of the user's 
 		password, encoded as 32 hex digits.  The Windows NT hash is 
 		created by taking the user's password as represented in 
 		16-bit, little-endian UNICODE and then applying the MD4 
-		(internet rfc1321) hashing algorithm to it. </P
+		(internet rfc1321) hashing algorithm to it. </p><p>This password hash is considered more secure than
 ><P
 >This password hash is considered more secure than
 		the LANMAN Password Hash as it preserves the case of the 
 		password and uses a much higher quality hashing algorithm. 
 		However, it is still the case that if two users choose the same 
 		password this entry will be identical (i.e. the password is 
-		not "salted" as the UNIX password is). </P
+		not &quot;salted&quot; as the UNIX password is). </p><p><span class="emphasis"><em>WARNING !!</em></span>. Note that, due to 
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >WARNING !!</I
 ></SPAN
 >. Note that, due to 
 		the challenge-response nature of the SMB/CIFS authentication
 		protocol, anyone with a knowledge of this password hash will 
 		be able to impersonate the user on the network. For this
-		reason these hashes are known as <SPAN
+		reason these hashes are known as <span class="emphasis"><em>plain text 
-CLASS="emphasis"
+		equivalents</em></span> and must <span class="emphasis"><em>NOT</em></span> be made 
 ><I
 CLASS="EMPHASIS"
 >plain text 
 		equivalents</I
 ></SPAN
 > and must <SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >NOT</I
 ></SPAN
 > be made 
 		available to anyone but the root user. To protect these passwords 
 		the smbpasswd file is placed in a directory with read and 
 		traverse access only to the root user and the smbpasswd file 
 		itself must be set to be read/write only by root, with no
-		other access. </P
+		other access. </p></dd><dt><span class="term">Account Flags</span></dt><dd><p>This section contains flags that describe 
 ></DD
 ><DT
 >Account Flags</DT
 ><DD
 ><P
 >This section contains flags that describe 
 		the attributes of the users account. In the Samba 2.2 release 
 		this field is bracketed by '[' and ']' characters and is always 
 		13 characters in length (including the '[' and ']' characters).
-		The contents of this field may be any of the characters.
+		The contents of this field may be any of the following characters:
-		</P
+		</p><div class="itemizedlist"><ul type="disc"><li><p><span class="emphasis"><em>U</em></span> - This means 
-><P
+			this is a &quot;User&quot; account, i.e. an ordinary user. Only User 
 ></P
 ><UL
 ><LI
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >U</I
 ></SPAN
 > - This means 
 			this is a "User" account, i.e. an ordinary user. Only User 
 			and Workstation Trust accounts are currently supported 
-			in the smbpasswd file. </P
+			in the smbpasswd file. </p></li><li><p><span class="emphasis"><em>N</em></span> - This means the
 ></LI
 ><LI
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >N</I
 ></SPAN
 > - This means the
 			account has no password (the passwords in the fields LANMAN 
 			Password Hash and NT Password Hash are ignored). Note that this 
-			will only allow users to log on with no password if the <TT
+			will only allow users to log on with no password if the <i class="parameter"><tt>
-CLASS="PARAMETER"
+			null passwords</tt></i> parameter is set in the <a href="smb.conf.5.html#NULLPASSWORDS" target="_top"><a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a></a> config file. </p></li><li><p><span class="emphasis"><em>D</em></span> - This means the account 
-><I
+			is disabled and no SMB/CIFS logins  will be allowed for this user. </p></li><li><p><span class="emphasis"><em>W</em></span> - This means this account 
->			null passwords</I
+			is a &quot;Workstation Trust&quot; account. This kind of account is used 
 ></TT
 > parameter is set in the <A
 HREF="smb.conf.5.html#NULLPASSWORDS"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf(5)
 			</TT
 ></A
 > config file. </P
 ></LI
 ><LI
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >D</I
 ></SPAN
 > - This means the account 
 			is disabled and no SMB/CIFS logins  will be	allowed for 
 			this user. </P
 ></LI
 ><LI
 ><P
 ><SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >W</I
 ></SPAN
 > - This means this account 
 			is a "Workstation Trust" account. This kind of account is used 
 			in the Samba PDC code stream to allow Windows NT Workstations 
-			and Servers to join a Domain hosted by a Samba PDC. </P
+			and Servers to join a Domain hosted by a Samba PDC. </p></li></ul></div><p>Other flags may be added as the code is extended in future.
-></LI
+		The rest of this field space is filled in with spaces. </p></dd><dt><span class="term">Last Change Time</span></dt><dd><p>This field consists of the time the account was 
 ></UL
 ><P
 >Other flags may be added as the code is extended in future.
 		The rest of this field space is filled in with spaces. </P
 ></DD
 ><DT
 >Last Change Time</DT
 ><DD
 ><P
 >This field consists of the time the account was 
 		last modified. It consists of the characters 'LCT-' (standing for 
-		"Last Change Time") followed by a numeric encoding of the UNIX time 
+		&quot;Last Change Time&quot;) followed by a numeric encoding of the UNIX time 
 		in seconds since the epoch (1970) that the last change was made. 
-		</P
+		</p></dd></dl></div><p>All other colon separated fields are ignored at this time.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of 
-></DD
+	the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbpasswd.8.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(8)</span></a>, <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a>, and
 ></DL
 ></DIV
 ><P
 >All other colon separated fields are ignored at this time.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN73"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 3.0 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN76"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="smbpasswd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbpasswd(8)</B
 ></A
 >, 
 	<A
 HREF="samba.7.html"
 TARGET="_top"
 >samba(7)</A
 >, and
 	the Internet RFC1321 for details on the MD4 algorithm.
-	</P
+	</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN82"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
-></DIV
+	for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/smbpasswd.8.html
+++ b/docs/htmldocs/smbpasswd.8.html
@ -1,626 +1,163 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbpasswd</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbpasswd.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbpasswd &#8212; change a user's SMB password</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbpasswd</tt>  [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r &lt;remote machine&gt;] [-R &lt;name resolve order&gt;] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-i] [-L] [username]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>The smbpasswd program has several different 
-<HTML
+	functions, depending on whether it is run by the <span class="emphasis"><em>root</em></span> user 
-><HEAD
+	or not. When run as a normal user it allows the user to change 
 ><TITLE
 >smbpasswd</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
 "></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SMBPASSWD">smbpasswd</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >smbpasswd&nbsp;--&nbsp;change a user's SMB password</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbpasswd</B
 > [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r &#60;remote machine&#62;] [-R &#60;name resolve order&#62;] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-i] [-L] [username]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN27"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 >The smbpasswd program has several different 
 	functions, depending on whether it is run by the <I
 CLASS="EMPHASIS"
 >root</I
 > 
 	user or not. When run as a normal user it allows the user to change 
 	the password used for their SMB sessions on any machines that store 
-	SMB passwords. </P
+	SMB passwords. </p><p>By default (when run with no arguments) it will attempt to 
 ><P
 >By default (when run with no arguments) it will attempt to 
 	change the current user's SMB password on the local machine. This is 
-	similar to the way the <B
+	similar to the way the <b class="command">passwd(1)</b> program works. <b class="command">
-CLASS="COMMAND"
+	smbpasswd</b> differs from how the passwd program works 
->passwd(1)</B
+	however in that it is not <span class="emphasis"><em>setuid root</em></span> but works in 
-> program works. 
+	a client-server mode and communicates with a 
-	<B
+	locally running <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>. As a consequence in order for this to 
 CLASS="COMMAND"
 >smbpasswd</B
 > differs from how the passwd program works 
 	however in that it is not <I
 CLASS="EMPHASIS"
 >setuid root</I
 > but works in 
 	a client-server mode and communicates with a locally running
 	<B
 CLASS="COMMAND"
 >smbd(8)</B
 >. As a consequence in order for this to 
 	succeed the smbd daemon must be running on the local machine. On a 
 	UNIX machine the encrypted SMB passwords are usually stored in 
-	the <TT
+	the <a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> file. </p><p>When run by an ordinary user with no options, smbpasswd 
 CLASS="FILENAME"
 >smbpasswd(5)</TT
 > file. </P
 ><P
 >When run by an ordinary user with no options, smbpasswd 
 	will prompt them for their old SMB password and then ask them 
 	for their new password twice, to ensure that the new password
 	was typed correctly. No passwords will be echoed on the screen 
 	whilst being typed. If you have a blank SMB password (specified by 
-	the string "NO PASSWORD" in the smbpasswd file) then just press 
+	the string &quot;NO PASSWORD&quot; in the smbpasswd file) then just press 
-	the &#60;Enter&#62; key when asked for your old password. </P
+	the &lt;Enter&gt; key when asked for your old password. </p><p>smbpasswd can also be used by a normal user to change their
 ><P
 >smbpasswd can also be used by a normal user to change their
 	SMB password on remote machines, such as Windows NT Primary Domain 
-	Controllers.   See the (-r) and -U options below. </P
+	Controllers.   See the (<i class="parameter"><tt>-r</tt></i>) and <i class="parameter"><tt>-U</tt></i> options 
-><P
+	below. </p><p>When run by root, smbpasswd allows new users to be added 
 >When run by root, smbpasswd allows new users to be added 
 	and deleted in the smbpasswd file, as well as allows changes to 
-	the attributes of the user in this file to be made. When run by root, 
+	the attributes of the user in this file to be made. When run by root, <b class="command">
-	<B
+	smbpasswd</b> accesses the local smbpasswd file 
 CLASS="COMMAND"
 >smbpasswd</B
 > accesses the local smbpasswd file 
 	directly, thus enabling changes to be made even if smbd is not 
-	running. </P
+	running. </p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-a</span></dt><dd><p>This option specifies that the username 
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN43"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-a</DT
 ><DD
 ><P
 >This option specifies that the username 
 		following should be added to the local smbpasswd file, with the 
-		new password typed (type &#60;Enter&#62; for the old password). This 
+		new password typed (type &lt;Enter&gt; for the old password). This 
 		option is ignored if the username following already exists in 
 		the smbpasswd file and it is treated like a regular change 
 		password command.  Note that the default passdb backends require 
                the user to already exist in the system password file (usually 
-                <TT
+                <tt class="filename">/etc/passwd</tt>), else the request to add the 
-CLASS="FILENAME"
+                user will fail. </p><p>This option is only available when running smbpasswd 
->/etc/passwd</TT
+		as root. </p></dd><dt><span class="term">-x</span></dt><dd><p>This option specifies that the username 
 >), else the request to add the 
                user will fail. </P
 ><P
 >This option is only available when running smbpasswd 
 		as root. </P
 ></DD
 ><DT
 >-x</DT
 ><DD
 ><P
 >This option specifies that the username 
 		following should be deleted from the local smbpasswd file.
-		</P
+		</p><p>This option is only available when running smbpasswd as 
-><P
+		root.</p></dd><dt><span class="term">-d</span></dt><dd><p>This option specifies that the username following 
->This option is only available when running smbpasswd as 
+		should be <tt class="constant">disabled</tt> in the local smbpasswd 
-		root.</P
+		file. This is done by writing a <tt class="constant">'D'</tt> flag 
 ></DD
 ><DT
 >-d</DT
 ><DD
 ><P
 >This option specifies that the username following 
 		should be <TT
 CLASS="CONSTANT"
 >disabled</TT
 > in the local smbpasswd 
 		file. This is done by writing a <TT
 CLASS="CONSTANT"
 >'D'</TT
 > flag 
 		into the account control space in the smbpasswd file. Once this 
 		is done all attempts to authenticate via SMB using this username 
-		will fail. </P
+		will fail. </p><p>If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
 ><P
 >If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
 		format) there is no space in the user's password entry to write
-		this information and the command will FAIL. See <B
+		this information and the command will FAIL. See <a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> for details on the 'old' and new password file formats.
-CLASS="COMMAND"
+		</p><p>This option is only available when running smbpasswd as 
->smbpasswd(5)
+		root.</p></dd><dt><span class="term">-e</span></dt><dd><p>This option specifies that the username following 
-		</B
+		should be <tt class="constant">enabled</tt> in the local smbpasswd file, 
 > for details on the 'old' and new password file formats.
 		</P
 ><P
 >This option is only available when running smbpasswd as 
 		root.</P
 ></DD
 ><DT
 >-e</DT
 ><DD
 ><P
 >This option specifies that the username following 
 		should be <TT
 CLASS="CONSTANT"
 >enabled</TT
 > in the local smbpasswd file, 
 		if the account was previously disabled. If the account was not 
 		disabled this option has no effect. Once the account is enabled then 
-		the user will be able to authenticate via SMB once again. </P
+		the user will be able to authenticate via SMB once again. </p><p>If the smbpasswd file is in the 'old' format, then <b class="command">
-><P
+		smbpasswd</b> will FAIL to enable the account.  
->If the smbpasswd file is in the 'old' format, then <B
+                See <a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a> for 
-CLASS="COMMAND"
+		details on the 'old' and new password file formats. </p><p>This option is only available when running smbpasswd as root. 
->		smbpasswd</B
+		</p></dd><dt><span class="term">-D debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer 
 > will FAIL to enable the account.  
                See <B
 CLASS="COMMAND"
 >smbpasswd (5)</B
 > for 
 		details on the 'old' and new password file formats. </P
 ><P
 >This option is only available when running smbpasswd as root. 
 		</P
 ></DD
 ><DT
 >-D debuglevel</DT
 ><DD
 ><P
 ><TT
 CLASS="REPLACEABLE"
 ><I
 >debuglevel</I
 ></TT
 > is an integer 
 		from 0 to 10.  The default value if this parameter is not specified 
-		is zero. </P
+		is zero. </p><p>The higher this value, the more detail will be logged to the 
 ><P
 >The higher this value, the more detail will be logged to the 
 		log files about the activities of smbpasswd. At level 0, only 
-		critical errors and serious warnings will be logged. </P
+		critical errors and serious warnings will be logged. </p><p>Levels above 1 will generate considerable amounts of log 
 ><P
 >Levels above 1 will generate considerable amounts of log 
 		data, and should only be used when investigating a problem. Levels 
 		above 3 are designed for use only by developers and generate
 		HUGE amounts of log data, most of which is extremely cryptic. 
-		</P
+		</p></dd><dt><span class="term">-n</span></dt><dd><p>This option specifies that the username following 
 ></DD
 ><DT
 >-n</DT
 ><DD
 ><P
 >This option specifies that the username following 
 		should have their password set to null (i.e. a blank password) in 
-		the local smbpasswd file. This is done by writing the string "NO 
+		the local smbpasswd file. This is done by writing the string &quot;NO 
-		PASSWORD" as the first part of the first password stored in the 
+		PASSWORD&quot; as the first part of the first password stored in the 
-		smbpasswd file. </P
+		smbpasswd file. </p><p>Note that to allow users to logon to a Samba server once 
-><P
+		the password has been set to &quot;NO PASSWORD&quot; in the smbpasswd
 >Note that to allow users to logon to a Samba server once 
 		the password has been set to "NO PASSWORD" in the smbpasswd
 		file the administrator must set the following parameter in the [global]
-		section of the <TT
+		section of the <tt class="filename">smb.conf</tt> file : </p><p><b class="command">null passwords = yes</b></p><p>This option is only available when running smbpasswd as 
-CLASS="FILENAME"
+		root.</p></dd><dt><span class="term">-r remote machine name</span></dt><dd><p>This option allows a user to specify what machine 
 >smb.conf</TT
 > file : </P
 ><P
 ><B
 CLASS="COMMAND"
 >null passwords = yes</B
 ></P
 ><P
 >This option is only available when running smbpasswd as 
 		root.</P
 ></DD
 ><DT
 >-r remote machine name</DT
 ><DD
 ><P
 >This option allows a user to specify what machine 
 		they wish to change their password on. Without this parameter 
-		smbpasswd defaults to the local host. The <TT
+		smbpasswd defaults to the local host. The <i class="replaceable"><tt>remote 
-CLASS="REPLACEABLE"
+		machine name</tt></i> is the NetBIOS name of the SMB/CIFS 
 ><I
 >remote 
 		machine name</I
 ></TT
 > is the NetBIOS name of the SMB/CIFS 
 		server to contact to attempt the password change. This name is 
 		resolved into an IP address using the standard name resolution 
-		mechanism in all programs of the Samba suite. See the <TT
+		mechanism in all programs of the Samba suite. See the <i class="parameter"><tt>-R 
-CLASS="PARAMETER"
+		name resolve order</tt></i> parameter for details on changing 
-><I
+		this resolving mechanism. </p><p>The username whose password is changed is that of the 
->-R 
+		current UNIX logged on user. See the <i class="parameter"><tt>-U username</tt></i>
 		name resolve order</I
 ></TT
 > parameter for details on changing 
 		this resolving mechanism. </P
 ><P
 >The username whose password is changed is that of the 
 		current UNIX logged on user. See the <TT
 CLASS="PARAMETER"
 ><I
 >-U username</I
 ></TT
 >
 		parameter for details on changing the password for a different 
-		username. </P
+		username. </p><p>Note that if changing a Windows NT Domain password the 
 ><P
 >Note that if changing a Windows NT Domain password the 
 		remote machine specified must be the Primary Domain Controller for 
 		the domain (Backup Domain Controllers only have a read-only
 		copy of the user account database and will not allow the password 
-		change).</P
+		change).</p><p><span class="emphasis"><em>Note</em></span> that Windows 95/98 do not have 
 ><P
 ><I
 CLASS="EMPHASIS"
 >Note</I
 > that Windows 95/98 do not have 
 		a real password database so it is not possible to change passwords 
-		specifying a Win95/98  machine as remote machine target. </P
+		specifying a Win95/98  machine as remote machine target. </p></dd><dt><span class="term">-R name resolve order</span></dt><dd><p>This option allows the user of smbpasswd to determine
 ></DD
 ><DT
 >-R name resolve order</DT
 ><DD
 ><P
 >This option allows the user of smbpasswd to determine
 		what name resolution services to use when looking up the NetBIOS
-		name of the host being connected to. </P
+		name of the host being connected to. </p><p>The options are :&quot;lmhosts&quot;, &quot;host&quot;, &quot;wins&quot; and &quot;bcast&quot;. They
-><P
+		 cause names to be resolved as follows: </p><div class="itemizedlist"><ul type="disc"><li><p><tt class="constant">lmhosts</tt>: Lookup an IP 
 >The options are :"lmhosts", "host", "wins" and "bcast". They
 		 cause names to be resolved as follows : </P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 ><TT
 CLASS="CONSTANT"
 >lmhosts</TT
 > : Lookup an IP 
            address in the Samba lmhosts file. If the line in lmhosts has 
-            no name type attached to the NetBIOS name (see the <A
+            no name type attached to the NetBIOS name (see the <a href="lmhosts.5.html"><span class="citerefentry"><span class="refentrytitle">lmhosts</span>(5)</span></a> for details) then
-HREF="lmhosts.5.html"
+            any name type matches for lookup.</p></li><li><p><tt class="constant">host</tt>: Do a standard host 
-TARGET="_top"
+            name to IP address resolution, using the system <tt class="filename">/etc/hosts
->lmhosts(5)</A
+            </tt>, NIS, or DNS lookups. This method of name resolution 
 > for details) then
            any name type matches for lookup.</P
 ></LI
 ><LI
 ><P
 ><TT
 CLASS="CONSTANT"
 >host</TT
 > : Do a standard host 
            name to IP address resolution, using the system <TT
 CLASS="FILENAME"
 >/etc/hosts
            </TT
 >, NIS, or DNS lookups. This method of name resolution 
            is operating system depended for instance on IRIX or Solaris this 
-            may be controlled by the <TT
+            may be controlled by the <tt class="filename">/etc/nsswitch.conf</tt> 
 CLASS="FILENAME"
 >/etc/nsswitch.conf</TT
 > 
            file).  Note that this method is only used if the NetBIOS name 
            type being queried is the 0x20 (server) name type, otherwise 
-            it is ignored.</P
+            it is ignored.</p></li><li><p><tt class="constant">wins</tt>: Query a name with 
-></LI
+            the IP address listed in the <i class="parameter"><tt>wins server</tt></i> 
 ><LI
 ><P
 ><TT
 CLASS="CONSTANT"
 >wins</TT
 > : Query a name with 
            the IP address listed in the <TT
 CLASS="PARAMETER"
 ><I
 >wins server</I
 ></TT
 > 
 	    parameter.  If no WINS server has been specified this method 
-	    will be ignored.</P
+	    will be ignored.</p></li><li><p><tt class="constant">bcast</tt>: Do a broadcast on 
 ></LI
 ><LI
 ><P
 ><TT
 CLASS="CONSTANT"
 >bcast</TT
 > : Do a broadcast on 
            each of the known local interfaces listed in the
-            <TT
+            <i class="parameter"><tt>interfaces</tt></i> parameter. This is the least 
 CLASS="PARAMETER"
 ><I
 >interfaces</I
 ></TT
 > parameter. This is the least 
 	    reliable of the name resolution methods as it depends on the 
-	    target host being on a locally connected subnet.</P
+	    target host being on a locally connected subnet.</p></li></ul></div><p>The default order is <b class="command">lmhosts, host, wins, bcast</b> 
-></LI
+		and without this parameter or any entry in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file the name resolution methods will 
-></UL
+		be attempted in this order. </p></dd><dt><span class="term">-m</span></dt><dd><p>This option tells smbpasswd that the account 
 ><P
 >The default order is <B
 CLASS="COMMAND"
 >lmhosts, host, wins, bcast</B
 > 
 		and without this parameter or any entry in the 
 		<TT
 CLASS="FILENAME"
 >smb.conf</TT
 > file the name resolution methods will 
 		be attempted in this order. </P
 ></DD
 ><DT
 >-m</DT
 ><DD
 ><P
 >This option tells smbpasswd that the account 
 		being changed is a MACHINE account. Currently this is used 
-		when Samba is being used as an NT Primary Domain Controller.</P
+		when Samba is being used as an NT Primary Domain Controller.</p><p>This option is only available when running smbpasswd as root.
-><P
+		</p></dd><dt><span class="term">-U username</span></dt><dd><p>This option may only be used in conjunction 
->This option is only available when running smbpasswd as root.
+		with the <i class="parameter"><tt>-r</tt></i> option. When changing
 		</P
 ></DD
 ><DT
 >-U username</DT
 ><DD
 ><P
 >This option may only be used in conjunction 
 		with the <TT
 CLASS="PARAMETER"
 ><I
 >-r</I
 ></TT
 > option. When changing
 		a password on a remote machine it allows the user to specify 
 		the user name on that machine whose password will be changed. It 
 		is present to allow users who have different user names on 
-		different systems to change these passwords. </P
+		different systems to change these passwords. </p></dd><dt><span class="term">-h</span></dt><dd><p>This option prints the help string for <b class="command">
-></DD
+		smbpasswd</b>, selecting the correct one for running as root 
-><DT
+		or as an ordinary user. </p></dd><dt><span class="term">-s</span></dt><dd><p>This option causes smbpasswd to be silent (i.e. 
 >-h</DT
 ><DD
 ><P
 >This option prints the help string for <B
 CLASS="COMMAND"
 >		smbpasswd</B
 >, selecting the correct one for running as root 
 		or as an ordinary user. </P
 ></DD
 ><DT
 >-s</DT
 ><DD
 ><P
 >This option causes smbpasswd to be silent (i.e. 
 		not issue prompts) and to read its old and new passwords from 
-		standard  input, rather than from <TT
+		standard  input, rather than from <tt class="filename">/dev/tty</tt> 
-CLASS="FILENAME"
+		(like the <b class="command">passwd(1)</b> program does). This option 
->/dev/tty</TT
+		is to aid people writing scripts to drive smbpasswd</p></dd><dt><span class="term">-w password</span></dt><dd><p>This parameter is only available if Samba
 > 
 		(like the <B
 CLASS="COMMAND"
 >passwd(1)</B
 > program does). This option 
 		is to aid people writing scripts to drive smbpasswd</P
 ></DD
 ><DT
 >-w password</DT
 ><DD
 ><P
 >This parameter is only available if Samba
 		has been configured to use the experimental
-		<B
+		<b class="command">--with-ldapsam</b> option. The <i class="parameter"><tt>-w</tt></i> 
 CLASS="COMMAND"
 >--with-ldapsam</B
 > option. The <TT
 CLASS="PARAMETER"
 ><I
 >-w</I
 ></TT
 > 
 		switch is used to specify the password to be used with the 
-		<A
+		<a href="smb.conf.5.html#LDAPADMINDN" target="_top"><i class="parameter"><tt>ldap admin 
-HREF="smb.conf.5.html#LDAPADMINDN"
+		dn</tt></i></a>.  Note that the password is stored in
-TARGET="_top"
+		the <tt class="filename">secrets.tdb</tt> and is keyed off 
-><TT
+		of the admin's DN.  This means that if the value of <i class="parameter"><tt>ldap
-CLASS="PARAMETER"
+		admin dn</tt></i> ever changes, the password will need to be 
 ><I
 >ldap admin 
 		dn</I
 ></TT
 ></A
 >.  Note that the password is stored in
 		the <TT
 CLASS="FILENAME"
 >private/secrets.tdb</TT
 > and is keyed off 
 		of the admin's DN.  This means that if the value of <TT
 CLASS="PARAMETER"
 ><I
 >ldap
 		admin dn</I
 ></TT
 > ever changes, the password will need to be 
 		manually updated as well.
-		</P
+		</p></dd><dt><span class="term">-i</span></dt><dd><p>This option tells smbpasswd that the account 
 ></DD
 ><DT
 >-i</DT
 ><DD
 ><P
 >This option tells smbpasswd that the account 
 		being changed is an interdomain trust account. Currently this is used 
 		when Samba is being used as an NT Primary Domain Controller. 
-		The account contains the info about another trusted domain.</P
+		The account contains the info about another trusted domain.</p><p>This option is only available when running smbpasswd as root.
-><P
+		</p></dd><dt><span class="term">-L</span></dt><dd><p>Run in local mode.</p></dd><dt><span class="term">username</span></dt><dd><p>This specifies the username for all of the 
->This option is only available when running smbpasswd as root.
+		<span class="emphasis"><em>root only</em></span> options to operate on. Only root 
 		</P
 ></DD
 ><DT
 >-L</DT
 ><DD
 ><P
 >Run in local mode.</P
 ></DD
 ><DT
 >username</DT
 ><DD
 ><P
 >This specifies the username for all of the 
 		<I
 CLASS="EMPHASIS"
 >root only</I
 > options to operate on. Only root 
 		can specify this parameter as only root has the permission needed 
 		to modify attributes directly in the local smbpasswd file. 
-		</P
+		</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>NOTES</h2><p>Since <b class="command">smbpasswd</b> works in client-server 
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN173"
 ></A
 ><H2
 >NOTES</H2
 ><P
 >Since <B
 CLASS="COMMAND"
 >smbpasswd</B
 > works in client-server 
 	mode communicating  with a local smbd for a non-root user then 
 	the smbd daemon must be running for this to work. A common problem 
-	is to add a restriction to the hosts that may access the <B
+	is to add a restriction to the hosts that may access the <b class="command">
-CLASS="COMMAND"
+	smbd</b> running on the local machine by specifying either <i class="parameter"><tt>allow
->	smbd</B
+	hosts</tt></i> or <i class="parameter"><tt>deny hosts</tt></i> entry in 
-> running on the local machine by specifying a 
+	the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file and neglecting to 
-	<TT
+	allow &quot;localhost&quot; access to the smbd. </p><p>In addition, the smbpasswd command is only useful if Samba
-CLASS="PARAMETER"
+	has been set up to use encrypted passwords. See the document <a href="pwencrypt.html" target="_top">
-><I
+	&quot;LanMan and NT Password Encryption in Samba&quot;</a> in the docs directory for details 
->allow hosts</I
+	on how to do this. </p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbpasswd.5.html"><span class="citerefentry"><span class="refentrytitle">smbpasswd</span>(5)</span></a>, <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 ></TT
 > or <TT
 CLASS="PARAMETER"
 ><I
 >deny hosts</I
 ></TT
 > 
 	entry in the <TT
 CLASS="FILENAME"
 >smb.conf</TT
 > file and neglecting to 
 	allow "localhost" access to the smbd. </P
 ><P
 >In addition, the smbpasswd command is only useful if Samba
 	has been set up to use encrypted passwords. See the file 
 	<TT
 CLASS="FILENAME"
 >ENCRYPTION.txt</TT
 > in the docs directory for details 
 	on how to do this. </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN183"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 3.0 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN186"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="smbpasswd.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smbpasswd(5)</TT
 ></A
 >, 
 	<A
 HREF="samba.7.html"
 TARGET="_top"
 >samba(7)</A
 >
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN192"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
-></DIV
+	for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/smbsh.1.html
+++ b/docs/htmldocs/smbsh.1.html
@ -1,467 +1,110 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbsh</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbsh.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbsh &#8212; Allows access to Windows NT filesystem 
-<HTML
+	using UNIX commands</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbsh</tt>  [-W workgroup] [-U username] [-P prefix] [-R &lt;name resolve order&gt;] [-d &lt;debug level&gt;] [-l logfile] [-L libdir]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">smbsh</b> allows you to access an NT filesystem 
-><HEAD
+	using UNIX commands such as <b class="command">ls</b>, <b class="command">
-><TITLE
+	egrep</b>, and <b class="command">rcp</b>. You must use a 
->smbsh</TITLE
+	shell that is dynamically linked in order for <b class="command">smbsh</b> 
-><META
+	to work correctly.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-W WORKGROUP</span></dt><dd><p>Override the default workgroup specified in the 
-NAME="GENERATOR"
+		workgroup parameter of the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file 
 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
 "></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SMBSH">smbsh</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >smbsh&nbsp;--&nbsp;Allows access to Windows NT filesystem 
 	using UNIX commands</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbsh</B
 > [-W workgroup] [-U username] [-P prefix] [-R &#60;name resolve order&#62;] [-d &#60;debug level&#62;] [-l logfile] [-L libdir]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN18"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >smbsh</B
 > allows you to access an NT filesystem 
 	using UNIX commands such as <B
 CLASS="COMMAND"
 >ls</B
 >, <B
 CLASS="COMMAND"
 >	egrep</B
 >, and <B
 CLASS="COMMAND"
 >rcp</B
 >. You must use a 
 	shell that is dynamically linked in order for <B
 CLASS="COMMAND"
 >smbsh</B
 > 
 	to work correctly.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN28"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-W WORKGROUP</DT
 ><DD
 ><P
 >Override the default workgroup specified in the 
 		workgroup parameter of the <TT
 CLASS="FILENAME"
 >smb.conf</TT
 > file 
 		for this session. This may be needed to connect to some 
-		servers. </P
+		servers. </p></dd><dt><span class="term">-U username[%pass]</span></dt><dd><p>Sets the SMB username or username and password.
 ></DD
 ><DT
 >-U username[%pass]</DT
 ><DD
 ><P
 >Sets the SMB username or username and password.
 		If this option is not specified, the user will be prompted for 
 		both the username and the password.  If %pass is not specified, 
 		the user will be prompted for the password.
-		</P
+		</p></dd><dt><span class="term">-P prefix</span></dt><dd><p>This option allows
 ></DD
 ><DT
 >-P prefix</DT
 ><DD
 ><P
 >This option allows
 		the user to set the directory prefix for SMB access. The 
 		default value if this option is not specified is 
-		<I
+		<span class="emphasis"><em>smb</em></span>.
-CLASS="EMPHASIS"
+		</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
->smb</I
+configuration details required by the server.  The 
->.
+information in this file includes server-specific
-		</P
+information such as what printcap file to use, as well 
-></DD
+as descriptions of all the services that the server is 
-><DT
+to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
->-R &#60;name resolve order&#62;</DT
+smb.conf(5)</tt></a> for more information.
-><DD
+The default configuration file name is determined at 
-><P
+compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer 
->This option is used to determine what naming 
+from 0 to 10.  The default value if this parameter is 
-		services and in what order to resolve 
+not specified is zero.</p><p>The higher this value, the more detail will be 
-		host names to IP addresses. The option takes a space-separated 
+logged to the log files about the activities of the 
-		string of different name resolution options.</P
+server. At level 0, only critical errors and serious 
-><P
+warnings will be logged. Level 1 is a reasonable level for
->The options are :"lmhosts", "host", "wins" and "bcast". 
+day to day running - it generates a small amount of 
-		They cause names to be resolved as follows :</P
+information about operations carried out.</p><p>Levels above 1 will generate considerable 
-><P
+amounts of log data, and should only be used when 
-></P
+investigating a problem. Levels above 3 are designed for 
-><UL
+use only by developers and generate HUGE amounts of log
-><LI
+data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will 
-><P
+override the <a href="smb.conf.5.html#loglevel" target="_top">log
-><TT
+level</a> parameter in the <a href="smb.conf.5.html" target="_top">
-CLASS="CONSTANT"
+<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-R &lt;name resolve order&gt;</span></dt><dd><p>This option is used to determine what naming 
->lmhosts</TT
+services and in what order to resolve 
-> : 
+host names to IP addresses. The option takes a space-separated 
-			Lookup an IP address in the Samba lmhosts file. If the 
+string of different name resolution options.</p><p>The options are: &quot;lmhosts&quot;, &quot;host&quot;, &quot;wins&quot; and &quot;bcast&quot;. 
-			line in lmhosts has no name type attached to the 
+They cause names to be resolved as follows :</p><div class="itemizedlist"><ul type="disc"><li><p><tt class="constant">lmhosts</tt>: 
-			NetBIOS name 
+Lookup an IP address in the Samba lmhosts file. If the 
-			(see the <A
+line in lmhosts has no name type attached to the 
-HREF="lmhosts.5.html"
+NetBIOS name 
-TARGET="_top"
+(see the <a href="lmhosts.5.html"><span class="citerefentry"><span class="refentrytitle">lmhosts</span>(5)</span></a>	for details) 
->lmhosts(5)</A
+then any name type matches for lookup.
->
+</p></li><li><p><tt class="constant">host</tt>: 
-			for details) then any name type matches for lookup.
+Do a standard host name to IP address resolution, using
-			</P
+the system <tt class="filename">/etc/hosts</tt>, NIS, or DNS
-></LI
+lookups. This method of name resolution is operating 
-><LI
+system dependent, for instance on IRIX or Solaris this 
-><P
+may be controlled by the <tt class="filename">/etc/nsswitch.conf
-><TT
+</tt> file).  Note that this method is only used 
-CLASS="CONSTANT"
+if the NetBIOS name type being queried is the 0x20 
->host</TT
+(server) name type, otherwise it is ignored.
-> : 
+</p></li><li><p><tt class="constant">wins</tt>: 
-			Do a standard host name to IP address resolution, using
+Query a name with the IP address listed in the 
-			the system <TT
+<i class="parameter"><tt>wins server</tt></i> parameter.  If no 
-CLASS="FILENAME"
+WINS server has been specified this method will be 
->/etc/hosts</TT
+ignored.
->, NIS, or DNS
+</p></li><li><p><tt class="constant">bcast</tt>: 
-			lookups. This method of name resolution is operating 
+Do a broadcast on each of the known local interfaces 
-			system dependent, for instance on IRIX or Solaris this 
+listed in the <i class="parameter"><tt>interfaces</tt></i>
-			may be controlled by the <TT
+parameter. This is the least reliable of the name 
-CLASS="FILENAME"
+resolution methods as it depends on the target host 
->/etc/nsswitch.conf
+being on a locally connected subnet.
-			</TT
+</p></li></ul></div><p>If this parameter is not set then the name resolve order 
-> file).  Note that this method is only used 
+defined in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file parameter  
-			if the NetBIOS name type being queried is the 0x20 
+(<i class="parameter"><tt>name resolve order</tt></i>) will be used. </p><p>The default order is lmhosts, host, wins, bcast. Without 
-			(server) name type, otherwise it is ignored.
+this parameter or any entry in the <i class="parameter"><tt>name resolve order
-			</P
+</tt></i> parameter of the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file, the name resolution methods 
-></LI
+will be attempted in this order. </p></dd><dt><span class="term">-L libdir</span></dt><dd><p>This parameter specifies the location of the 
-><LI
+		shared libraries used by <b class="command">smbsh</b>. The default
 ><P
 ><TT
 CLASS="CONSTANT"
 >wins</TT
 > : 
 			Query a name with the IP address listed in the 
 			<TT
 CLASS="PARAMETER"
 ><I
 >wins server</I
 ></TT
 > parameter.  If no 
 			WINS server has been specified this method will be 
 			ignored.
 			</P
 ></LI
 ><LI
 ><P
 ><TT
 CLASS="CONSTANT"
 >bcast</TT
 > : 
 			Do a broadcast on each of the known local interfaces 
 			listed in the <TT
 CLASS="PARAMETER"
 ><I
 >interfaces</I
 ></TT
 >
 			parameter. This is the least reliable of the name 
 			resolution methods as it depends on the target host 
 			being on a locally connected subnet.
 			</P
 ></LI
 ></UL
 ><P
 >If this parameter is not set then the name resolve order 
 		defined in the <TT
 CLASS="FILENAME"
 >smb.conf</TT
 > file parameter  
 		(name resolve order) will be used. </P
 ><P
 >The default order is lmhosts, host, wins, bcast. Without 
 		this parameter or any entry in the <TT
 CLASS="PARAMETER"
 ><I
 >name resolve order
 		</I
 ></TT
 > parameter of the <TT
 CLASS="FILENAME"
 >smb.conf</TT
 > 
 		file, the name resolution methods will be attempted in this 
 		order. </P
 ></DD
 ><DT
 >-d &#60;debug level&#62;</DT
 ><DD
 ><P
 >debug level is an integer from 0 to 10.</P
 ><P
 >The default value if this parameter is not specified
 		is zero.</P
 ><P
 >The higher this value, the more detail will be logged
 		about the activities of <B
 CLASS="COMMAND"
 >nmblookup</B
 >. At level
 		0, only critical errors and serious warnings will be logged.
 		</P
 ></DD
 ><DT
 >-l logfilename</DT
 ><DD
 ><P
 >If specified causes all debug messages to be
 		written to the file specified by <TT
 CLASS="REPLACEABLE"
 ><I
 >logfilename
 		</I
 ></TT
 >. If not specified then all messages will be 
 		written to<TT
 CLASS="REPLACEABLE"
 ><I
 >stderr</I
 ></TT
 >.
 		</P
 ></DD
 ><DT
 >-L libdir</DT
 ><DD
 ><P
 >This parameter specifies the location of the 
 		shared libraries used by <B
 CLASS="COMMAND"
 >smbsh</B
 >. The default
 		value is specified at compile time.
-		</P
+		</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>EXAMPLES</h2><p>To use the <b class="command">smbsh</b> command, execute <b class="command">
-></DD
+	smbsh</b> from the prompt and enter the username and password 
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN91"
 ></A
 ><H2
 >EXAMPLES</H2
 ><P
 >To use the <B
 CLASS="COMMAND"
 >smbsh</B
 > command, execute <B
 CLASS="COMMAND"
 >	smbsh</B
 > from the prompt and enter the username and password 
 	that authenticates you to the machine running the Windows NT 
-	operating system.</P
+	operating system.
-><P
+</p><pre class="programlisting">
-><TABLE
+<tt class="prompt">system% </tt><b class="userinput"><tt>smbsh</tt></b>
-BORDER="0"
+<tt class="prompt">Username: </tt><b class="userinput"><tt>user</tt></b>
-BGCOLOR="#E0E0E0"
+<tt class="prompt">Password: </tt><b class="userinput"><tt>XXXXXXX</tt></b>
-WIDTH="100%"
+</pre><p>Any dynamically linked command you execute from 
-><TR
+	this shell will access the <tt class="filename">/smb</tt> directory 
-><TD
+	using the smb protocol. For example, the command <b class="command">ls /smb
-><PRE
+	</b> will show a list of workgroups. The command 
-CLASS="PROGRAMLISTING"
+	<b class="command">ls /smb/MYGROUP </b> will show all the machines in 
 >	<TT
 CLASS="PROMPT"
 >system% </TT
 ><TT
 CLASS="USERINPUT"
 ><B
 >smbsh</B
 ></TT
 >
 	<TT
 CLASS="PROMPT"
 >Username: </TT
 ><TT
 CLASS="USERINPUT"
 ><B
 >user</B
 ></TT
 >
 	<TT
 CLASS="PROMPT"
 >Password: </TT
 ><TT
 CLASS="USERINPUT"
 ><B
 >XXXXXXX</B
 ></TT
 >
 	</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ><P
 >Any dynamically linked command you execute from 
 	this shell will access the <TT
 CLASS="FILENAME"
 >/smb</TT
 > directory 
 	using the smb protocol. For example, the command <B
 CLASS="COMMAND"
 >ls /smb
 	</B
 > will show a list of workgroups. The command 
 	<B
 CLASS="COMMAND"
 >ls /smb/MYGROUP </B
 > will show all the machines in 
 	the  workgroup MYGROUP. The command 
-	<B
+	<b class="command">ls /smb/MYGROUP/&lt;machine-name&gt;</b> will show the share 
-CLASS="COMMAND"
+	names for that machine. You could then, for example, use the <b class="command">
->ls /smb/MYGROUP/&#60;machine-name&#62;</B
+	cd</b> command to change directories, <b class="command">vi</b> to 
-> will show the share 
+	edit files, and <b class="command">rcp</b>  to copy files.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><h2>BUGS</h2><p><b class="command">smbsh</b> works by intercepting the standard 
-	names for that machine. You could then, for example, use the <B
+	libc calls with the dynamically loaded versions in <tt class="filename">
-CLASS="COMMAND"
+	smbwrapper.o</tt>. Not all calls have been &quot;wrapped&quot;, so 
->	cd</B
+	some programs may not function correctly under <b class="command">smbsh
-> command to change directories, <B
+	</b>.</p><p>Programs which are not dynamically linked cannot make 
-CLASS="COMMAND"
+	use of <b class="command">smbsh</b>'s functionality. Most versions 
->vi</B
+	of UNIX have a <b class="command">file</b> command that will 
-> to 
+	describe how a program was linked.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 	edit files, and <B
 CLASS="COMMAND"
 >rcp</B
 >  to copy files.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN112"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 3.0 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN115"
 ></A
 ><H2
 >BUGS</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbsh</B
 > works by intercepting the standard 
 	libc calls with the dynamically loaded versions in <TT
 CLASS="FILENAME"
 >	smbwrapper.o</TT
 >. Not all calls have been "wrapped", so 
 	some programs may not function correctly under <B
 CLASS="COMMAND"
 >smbsh
 	</B
 >.</P
 ><P
 >Programs which are not dynamically linked cannot make 
 	use of <B
 CLASS="COMMAND"
 >smbsh</B
 >'s functionality. Most versions 
 	of UNIX have a <B
 CLASS="COMMAND"
 >file</B
 > command that will 
 	describe how a program was linked.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN124"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="smbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbd(8)</B
 ></A
 >, 
 	<A
 HREF="smb.conf.5.html"
 TARGET="_top"
 >smb.conf(5)</A
 >
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN130"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
-></DIV
+	for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/smbspool.8.html
+++ b/docs/htmldocs/smbspool.8.html
@ -1,227 +1,35 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbspool</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbspool.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbspool &#8212; send a print file to an SMB printer</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbspool</tt>  {job} {user} {title} {copies} {options} [filename]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>smbspool is a very small print spooling program that 
 <HTML
 ><HEAD
 ><TITLE
 >smbspool</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SMBSPOOL"
 ></A
 >smbspool</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >smbspool&nbsp;--&nbsp;send a print file to an SMB printer</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbspool</B
 >  [job] [user] [title] [copies] [options] [filename]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN17"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 >smbspool is a very small print spooling program that 
 	sends a print file to an SMB printer. The command-line arguments 
 	are position-dependent for compatibility with the Common UNIX 
 	Printing System, but you can use smbspool with any printing system 
-	or from a program or script.</P
+	or from a program or script.</p><p><span class="emphasis"><em>DEVICE URI</em></span></p><p>smbspool specifies the destination using a Uniform Resource 
-><P
+	Identifier (&quot;URI&quot;) with a method of &quot;smb&quot;. This string can take 
-><SPAN
+	a number of forms:</p><div class="itemizedlist"><ul type="disc"><li><p>smb://server/printer</p></li><li><p>smb://workgroup/server/printer</p></li><li><p>smb://username:password@server/printer</p></li><li><p>smb://username:password@workgroup/server/printer</p></li></ul></div><p>smbspool tries to get the URI from argv[0]. If argv[0] 
-CLASS="emphasis"
+	contains the name of the program then it looks in the <tt class="envar">
-><I
+	DEVICE_URI</tt> environment variable.</p><p>Programs using the <b class="command">exec(2)</b> functions can 
 CLASS="EMPHASIS"
 >DEVICE URI</I
 ></SPAN
 ></P
 ><P
 >smbspool specifies the destination using a Uniform Resource 
 	Identifier ("URI") with a method of "smb". This string can take 
 	a number of forms:</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 >smb://server/printer</P
 ></LI
 ><LI
 ><P
 >smb://workgroup/server/printer</P
 ></LI
 ><LI
 ><P
 >smb://username:password@server/printer</P
 ></LI
 ><LI
 ><P
 >smb://username:password@workgroup/server/printer
 		</P
 ></LI
 ></UL
 ><P
 >smbspool tries to get the URI from argv[0]. If argv[0] 
 	contains the name of the program then it looks in the <TT
 CLASS="ENVAR"
 >	DEVICE_URI</TT
 > environment variable.</P
 ><P
 >Programs using the <B
 CLASS="COMMAND"
 >exec(2)</B
 > functions can 
 	pass the URI in argv[0], while shell scripts must set the 
-	<TT
+	<tt class="envar">DEVICE_URI</tt> environment variable prior to
-CLASS="ENVAR"
+	running smbspool.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="itemizedlist"><ul type="disc"><li><p>The job argument (argv[1]) contains the 
 >DEVICE_URI</TT
 > environment variable prior to
 	running smbspool.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN39"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><UL
 ><LI
 ><P
 >The job argument (argv[1]) contains the 
 		job ID number and is presently not used by smbspool.
-		</P
+		</p></li><li><p>The user argument (argv[2]) contains the 
 ></LI
 ><LI
 ><P
 >The user argument (argv[2]) contains the 
 		print user's name and is presently not used by smbspool.
-		</P
+		</p></li><li><p>The title argument (argv[3]) contains the 
 ></LI
 ><LI
 ><P
 >The title argument (argv[3]) contains the 
 		job title string and is passed as the remote file name 
-		when sending the print job.</P
+		when sending the print job.</p></li><li><p>The copies argument (argv[4]) contains 
 ></LI
 ><LI
 ><P
 >The copies argument (argv[4]) contains 
 		the number of copies to be printed of the named file. If 
 		no filename is provided then this argument is not used by 
-		smbspool.</P
+		smbspool.</p></li><li><p>The options argument (argv[5]) contains 
 ></LI
 ><LI
 ><P
 >The options argument (argv[5]) contains 
 		the print options in a single string and is currently 
-		not used by smbspool.</P
+		not used by smbspool.</p></li><li><p>The filename argument (argv[6]) contains the 
 ></LI
 ><LI
 ><P
 >The filename argument (argv[6]) contains the 
 		name of the file to print. If this argument is not specified 
-		then the print file is read from the standard input.</P
+		then the print file is read from the standard input.</p></li></ul></div></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p><b class="command">smbspool</b> was written by Michael Sweet 
-></LI
+	at Easy Software Products.</p><p>The original Samba software and related utilities 
 ></UL
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN54"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 2.2 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN57"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="smbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbd(8)</B
 ></A
 >, 
 	and <A
 HREF="samba.7.html"
 TARGET="_top"
 >samba(7)</A
 >.
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN63"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbspool</B
 > was written by Michael Sweet 
 	at Easy Software Products.</P
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
-></DIV
+	for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/smbstatus.1.html
+++ b/docs/htmldocs/smbstatus.1.html
@ -1,223 +1,44 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbstatus</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbstatus.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbstatus &#8212; report on current Samba connections</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbstatus</tt>  [-P] [-b] [-d &lt;debug level&gt;] [-v] [-L] [-B] [-p] [-S] [-s &lt;configuration file&gt;] [-u &lt;username&gt;]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">smbstatus</b> is a very simple program to 
-<HTML
+	list the current Samba connections.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-P|--profile</span></dt><dd><p>If samba has been compiled with the 
 ><HEAD
 ><TITLE
 >smbstatus</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SMBSTATUS"
 ></A
 >smbstatus</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >smbstatus&nbsp;--&nbsp;report on current Samba connections</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbstatus</B
 >  [-P] [-b] [-d &lt;debug level&gt;] [-v] [-L] [-B] [-p] [-S] [-s &lt;configuration file&gt;] [-u &lt;username&gt;]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN21"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >smbstatus</B
 > is a very simple program to 
 	list the current Samba connections.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN27"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-P|--profile</DT
 ><DD
 ><P
 >If samba has been compiled with the 
 		profiling option, print only the contents of the profiling 
-		shared memory area.</P
+		shared memory area.</p></dd><dt><span class="term">-b|--brief</span></dt><dd><p>gives brief output.</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for 
-></DD
+<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
-><DT
+configuration details required by the server.  The 
->-b|--brief</DT
+information in this file includes server-specific
-><DD
+information such as what printcap file to use, as well 
-><P
+as descriptions of all the services that the server is 
->gives brief output.</P
+to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
-></DD
+smb.conf(5)</tt></a> for more information.
-><DT
+The default configuration file name is determined at 
->-d|--debug=&lt;debuglevel&gt;</DT
+compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer 
-><DD
+from 0 to 10.  The default value if this parameter is 
-><P
+not specified is zero.</p><p>The higher this value, the more detail will be 
->sets debugging to specified level</P
+logged to the log files about the activities of the 
-></DD
+server. At level 0, only critical errors and serious 
-><DT
+warnings will be logged. Level 1 is a reasonable level for
->-v|--verbose</DT
+day to day running - it generates a small amount of 
-><DD
+information about operations carried out.</p><p>Levels above 1 will generate considerable 
-><P
+amounts of log data, and should only be used when 
->gives verbose output.</P
+investigating a problem. Levels above 3 are designed for 
-></DD
+use only by developers and generate HUGE amounts of log
-><DT
+data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will 
->-L|--locks</DT
+override the <a href="smb.conf.5.html#loglevel" target="_top">log
-><DD
+level</a> parameter in the <a href="smb.conf.5.html" target="_top">
-><P
+<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
->causes smbstatus to only list locks.</P
+<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
-></DD
+never removed by the client.
-><DT
+</p></dd><dt><span class="term">-v|--verbose</span></dt><dd><p>gives verbose output.</p></dd><dt><span class="term">-L|--locks</span></dt><dd><p>causes smbstatus to only list locks.</p></dd><dt><span class="term">-B|--byterange</span></dt><dd><p>causes smbstatus to include byte range locks.
->-B|--byterange</DT
+		</p></dd><dt><span class="term">-p|--processes</span></dt><dd><p>print a list of <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> processes and exit. 
-><DD
+		Useful for scripting.</p></dd><dt><span class="term">-S|--shares</span></dt><dd><p>causes smbstatus to only list shares.</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-><P
+</p></dd><dt><span class="term">-u|--user=&lt;username&gt;</span></dt><dd><p>selects information relevant to 
->causes smbstatus to include byte range locks.
+		<i class="parameter"><tt>username</tt></i> only.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of 
-		</P
+	the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> and <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 ></DD
 ><DT
 >-p|--processes</DT
 ><DD
 ><P
 >print a list of <A
 HREF="smbd.8.html"
 TARGET="_top"
 >		<B
 CLASS="COMMAND"
 >smbd(8)</B
 ></A
 > processes and exit. 
 		Useful for scripting.</P
 ></DD
 ><DT
 >-S|--shares</DT
 ><DD
 ><P
 >causes smbstatus to only list shares.</P
 ></DD
 ><DT
 >-s|--conf=&lt;configuration file&gt;</DT
 ><DD
 ><P
 >The default configuration file name is
 		determined at compile time. The file specified contains the
 		configuration details required by the server. See <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 >
 		</A
 > for more information.</P
 ></DD
 ><DT
 >-u|--user=&lt;username&gt;</DT
 ><DD
 ><P
 >selects information relevant to 
 		<TT
 CLASS="PARAMETER"
 ><I
 >username</I
 ></TT
 > only.</P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN75"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 3.0 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN78"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="smbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbd(8)</B
 ></A
 > and
 	<A
 HREF="smb.conf.5.html"
 TARGET="_top"
 >smb.conf(5)</A
 >.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN84"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
-></DIV
+	for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/smbtar.1.html
+++ b/docs/htmldocs/smbtar.1.html
@ -1,356 +1,39 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbtar</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbtar.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbtar &#8212; shell script for backing up SMB/CIFS shares 
-<HTML
+	directly to UNIX tape drives</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbtar</tt>  [-r] [-i] [-a] [-v] {-s server} [-p password] [-x services] [-X] [-N filename] [-b blocksize] [-d directory] [-l loglevel] [-u user] [-t tape] {filenames}</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">smbtar</b> is a very small shell script on top 
-><HEAD
+	of <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a> which dumps SMB shares directly to tape.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-s server</span></dt><dd><p>The SMB/CIFS server that the share resides 
-><TITLE
+		upon.</p></dd><dt><span class="term">-x service</span></dt><dd><p>The share name on the server to connect to. 
->smbtar</TITLE
+		The default is &quot;backup&quot;.</p></dd><dt><span class="term">-X</span></dt><dd><p>Exclude mode. Exclude filenames... from tar 
-><META
+		create or restore. </p></dd><dt><span class="term">-d directory</span></dt><dd><p>Change to initial <i class="parameter"><tt>directory
-NAME="GENERATOR"
+		</tt></i> before restoring / backing up files. </p></dd><dt><span class="term">-v</span></dt><dd><p>Verbose mode.</p></dd><dt><span class="term">-p password</span></dt><dd><p>The password to use to access a share. 
-CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
+		Default: none </p></dd><dt><span class="term">-u user</span></dt><dd><p>The user id to connect as. Default: 
-><BODY
+		UNIX login name. </p></dd><dt><span class="term">-a</span></dt><dd><p>Reset DOS archive bit mode to 
-CLASS="REFENTRY"
+		indicate file has been archived. </p></dd><dt><span class="term">-t tape</span></dt><dd><p>Tape device. May be regular file or tape 
-BGCOLOR="#FFFFFF"
+		device. Default: <i class="parameter"><tt>$TAPE</tt></i> environmental 
-TEXT="#000000"
+		variable; if not set, a file called <tt class="filename">tar.out
-LINK="#0000FF"
+		</tt>. </p></dd><dt><span class="term">-b blocksize</span></dt><dd><p>Blocking factor. Defaults to 20. See
-VLINK="#840084"
+		<b class="command">tar(1)</b> for a fuller explanation. </p></dd><dt><span class="term">-N filename</span></dt><dd><p>Backup only files newer than filename. Could 
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SMBTAR"
 ></A
 >smbtar</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >smbtar&nbsp;--&nbsp;shell script for backing up SMB/CIFS shares 
 	directly to UNIX tape drives</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbtar</B
 >  {-s server} [-p password] [-x services] [-X] [-d directory] [-u user] [-t tape] [-t tape] [-b blocksize] [-N filename] [-i] [-r] [-l loglevel] [-v] {filenames}</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN26"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >smbtar</B
 > is a very small shell script on top 
 	of <A
 HREF="smbclient.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbclient(1)</B
 ></A
 > 
 	which dumps SMB shares directly to tape. </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN34"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-s server</DT
 ><DD
 ><P
 >The SMB/CIFS server that the share resides 
 		upon.</P
 ></DD
 ><DT
 >-x service</DT
 ><DD
 ><P
 >The share name on the server to connect to. 
 		The default is "backup".</P
 ></DD
 ><DT
 >-X</DT
 ><DD
 ><P
 >Exclude mode. Exclude filenames... from tar 
 		create or restore. </P
 ></DD
 ><DT
 >-d directory</DT
 ><DD
 ><P
 >Change to initial <TT
 CLASS="PARAMETER"
 ><I
 >directory
 		</I
 ></TT
 > before restoring / backing up files. </P
 ></DD
 ><DT
 >-v</DT
 ><DD
 ><P
 >Verbose mode.</P
 ></DD
 ><DT
 >-p password</DT
 ><DD
 ><P
 >The password to use to access a share. 
 		Default: none </P
 ></DD
 ><DT
 >-u user</DT
 ><DD
 ><P
 >The user id to connect as. Default: 
 		UNIX login name. </P
 ></DD
 ><DT
 >-t tape</DT
 ><DD
 ><P
 >Tape device. May be regular file or tape 
 		device. Default: <TT
 CLASS="PARAMETER"
 ><I
 >$TAPE</I
 ></TT
 > environmental 
 		variable; if not set, a file called <TT
 CLASS="FILENAME"
 >tar.out
 		</TT
 >. </P
 ></DD
 ><DT
 >-b blocksize</DT
 ><DD
 ><P
 >Blocking factor. Defaults to 20. See
 		<B
 CLASS="COMMAND"
 >tar(1)</B
 > for a fuller explanation. </P
 ></DD
 ><DT
 >-N filename</DT
 ><DD
 ><P
 >Backup only files newer than filename. Could 
 		be used (for example) on a log file to implement incremental
-		backups. </P
+		backups. </p></dd><dt><span class="term">-i</span></dt><dd><p>Incremental mode; tar files are only backed 
 ></DD
 ><DT
 >-i</DT
 ><DD
 ><P
 >Incremental mode; tar files are only backed 
 		up if they have the archive bit set. The archive bit is reset 
-		after each file is read. </P
+		after each file is read. </p></dd><dt><span class="term">-r</span></dt><dd><p>Restore. Files are restored to the share 
-></DD
+		from the tar file. </p></dd><dt><span class="term">-l log level</span></dt><dd><p>Log (debug) level. Corresponds to the 
-><DT
+		<i class="parameter"><tt>-d</tt></i> flag of <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>ENVIRONMENT VARIABLES</h2><p>The <i class="parameter"><tt>$TAPE</tt></i> variable specifies the 
 >-r</DT
 ><DD
 ><P
 >Restore. Files are restored to the share 
 		from the tar file. </P
 ></DD
 ><DT
 >-l log level</DT
 ><DD
 ><P
 >Log (debug) level. Corresponds to the 
 		<TT
 CLASS="PARAMETER"
 ><I
 >-d</I
 ></TT
 > flag of <B
 CLASS="COMMAND"
 >smbclient(1)
 		</B
 >. </P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN95"
 ></A
 ><H2
 >ENVIRONMENT VARIABLES</H2
 ><P
 >The <TT
 CLASS="PARAMETER"
 ><I
 >$TAPE</I
 ></TT
 > variable specifies the 
 	default tape device to write to. May be overridden
-	with the -t option. </P
+	with the -t option. </p></div><div class="refsect1" lang="en"><h2>BUGS</h2><p>The <b class="command">smbtar</b> script has different 
-></DIV
+	options from ordinary tar and from smbclient's tar command. </p></div><div class="refsect1" lang="en"><h2>CAVEATS</h2><p>Sites that are more careful about security may not like 
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN99"
 ></A
 ><H2
 >BUGS</H2
 ><P
 >The <B
 CLASS="COMMAND"
 >smbtar</B
 > script has different 
 	options from ordinary tar and from smbclient's tar command. </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN103"
 ></A
 ><H2
 >CAVEATS</H2
 ><P
 >Sites that are more careful about security may not like 
 	the way the script handles PC passwords. Backup and restore work 
 	on entire shares; should work on file lists. smbtar works best
-	with GNU tar and may not work well with other versions. </P
+	with GNU tar and may not work well with other versions. </p></div><div class="refsect1" lang="en"><h2>DIAGNOSTICS</h2><p>See the <span class="emphasis"><em>DIAGNOSTICS</em></span> section for the <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a> command.</p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of 
-></DIV
+	the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN106"
 ></A
 ><H2
 >DIAGNOSTICS</H2
 ><P
 >See the <SPAN
 CLASS="emphasis"
 ><I
 CLASS="EMPHASIS"
 >DIAGNOSTICS</I
 ></SPAN
 > section for the 
 	<A
 HREF="smbclient.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbclient(1)</B
 > 
 	</A
 > command.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN112"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 3.0 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN115"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="smbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbd(8)</B
 ></A
 >, 
 	<A
 HREF="smbclient.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbclient(1)</B
 ></A
 >, 
 	<A
 HREF="smb.conf.5.html"
 TARGET="_top"
 >smb.conf(5)</A
 >,
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN123"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p><a href="mailto:poultenr@logica.co.uk" target="_top">Ricky Poulten</a>  
-><P
+	wrote the tar extension and this man page. The <b class="command">smbtar</b> 
-><A
+	script was heavily rewritten and improved by <a href="mailto:Martin.Kraemer@mch.sni.de" target="_top">Martin Kraemer</a>. Many 
 HREF="mailto:poultenr@logica.co.uk"
 TARGET="_top"
 >Ricky Poulten</A
 >  
 	wrote the tar extension and this man page. The <B
 CLASS="COMMAND"
 >smbtar</B
 > 
 	script was heavily rewritten and improved by <A
 HREF="mailto:Martin.Kraemer@mch.sni.de"
 TARGET="_top"
 >Martin Kraemer</A
 >. Many 
 	thanks to everyone who suggested extensions, improvements, bug 
 	fixes, etc. The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter.</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
-></DIV
+	Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/smbumount.8.html
+++ b/docs/htmldocs/smbumount.8.html
@ -1,141 +1,16 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>smbumount</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="smbumount.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>smbumount &#8212; smbfs umount for normal users</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">smbumount</tt>  {mount-point}</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>With this program, normal users can unmount smb-filesystems, 
-<HTML
+	provided that it is suid root.  <b class="command">smbumount</b> has 
 ><HEAD
 ><TITLE
 >smbumount</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SMBUMOUNT"
 ></A
 >smbumount</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >smbumount&nbsp;--&nbsp;smbfs umount for normal users</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >smbumount</B
 >  {mount-point}</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN12"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >With this program, normal users can unmount smb-filesystems, 
 	provided that it is suid root.  <B
 CLASS="COMMAND"
 >smbumount</B
 > has 
 	been written to give normal Linux users more control over their 
 	resources. It is safe to install this program suid root, because only 
 	the user who has mounted a filesystem is allowed to unmount it again.  
 	For root it is not necessary to use smbumount. The normal umount 
 	program works perfectly well, but it would certainly be problematic 
-	to make umount setuid root.</P
+	to make umount setuid root.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">mount-point</span></dt><dd><p>The directory to unmount.</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smbmount.8.html"><span class="citerefentry"><span class="refentrytitle">smbmount</span>(8)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
-></DIV
+	and others.</p><p>The current maintainer of smbfs and the userspace
-><DIV
+	tools <b class="command">smbmount</b>, <b class="command">smbumount</b>,
-CLASS="REFSECT1"
+	and <b class="command">smbmnt</b> is <a href="mailto:urban@teststation.com" target="_top">Urban Widmark</a>.
-><A
+	The <a href="mailto:samba@samba.org" target="_top">SAMBA Mailing list</a>
 NAME="AEN16"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >mount-point</DT
 ><DD
 ><P
 >The directory to unmount.</P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN23"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="smbmount.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbmount(8)</B
 >
 	</A
 ></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN28"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
 	and others.</P
 ><P
 >The current maintainer of smbfs and the userspace
 	tools <B
 CLASS="COMMAND"
 >smbmount</B
 >, <B
 CLASS="COMMAND"
 >smbumount</B
 >,
 	and <B
 CLASS="COMMAND"
 >smbmnt</B
 > is <A
 HREF="mailto:urban@teststation.com"
 TARGET="_top"
 >Urban Widmark</A
 >.
 	The <A
 HREF="mailto:samba@samba.org"
 TARGET="_top"
 >SAMBA Mailing list</A
 >
 	is the preferred place to ask questions regarding these programs.
-	</P
+	</p><p>The conversion of this manpage for Samba 2.2 was performed 
-><P
+	by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0
->The conversion of this manpage for Samba 2.2 was performed 
+	was done by Alexander Bokovoy.</p></div></div></body></html>
 	by Gerald Carter</P
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/speed.html
+++ b/docs/htmldocs/speed.html
@ -1,419 +1,143 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter<EFBFBD>39.<2E>Samba Performance Tuning</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="Appendixes.html" title="Part<72>VI.<2E>Appendixes"><link rel="previous" href="Other-Clients.html" title="Chapter<65>38.<2E>Samba and other CIFS clients"><link rel="next" href="DNSDHCP.html" title="Chapter<65>40.<2E>DNS and DHCP Configuration Guide"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter<EFBFBD>39.<2E>Samba Performance Tuning</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Other-Clients.html">Prev</a><EFBFBD></td><th width="60%" align="center">Part<EFBFBD>VI.<2E>Appendixes</th><td width="20%" align="right"><EFBFBD><a accesskey="n" href="DNSDHCP.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="speed"></a>Chapter<EFBFBD>39.<2E>Samba Performance Tuning</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Paul</span> <span class="surname">Cochrane</span></h3><div class="affiliation"><span class="orgname">Dundee Limb Fitting Centre<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:paulc@dth.scot.nhs.uk">paulc@dth.scot.nhs.uk</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">Jelmer</span> <span class="othername">R.</span> <span class="surname">Vernooij</span></h3><div class="affiliation"><span class="orgname">The Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jelmer@samba.org">jelmer@samba.org</a>&gt;</tt></p></div></div></div></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</tt></p></div></div></div></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="speed.html#id3018190">Comparisons</a></dt><dt><a href="speed.html#id3018235">Socket options</a></dt><dt><a href="speed.html#id3018310">Read size</a></dt><dt><a href="speed.html#id3018354">Max xmit</a></dt><dt><a href="speed.html#id3018407">Log level</a></dt><dt><a href="speed.html#id3018430">Read raw</a></dt><dt><a href="speed.html#id3018486">Write raw</a></dt><dt><a href="speed.html#id3018528">Slow Logins</a></dt><dt><a href="speed.html#id3018550">LDAP</a></dt><dt><a href="speed.html#id3018575">Client tuning</a></dt><dt><a href="speed.html#id3018601">Samba performance problem due changing kernel</a></dt><dt><a href="speed.html#id3018632">Corrupt tdb Files</a></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018190"></a>Comparisons</h2></div></div><div></div></div><p>
-<HTML
+The Samba server uses TCP to talk to the client. Thus if you are
 ><HEAD
 ><TITLE
 >Samba performance issues</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
 "><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
 REL="UP"
 TITLE="Optional configuration"
 HREF="optional.html"><LINK
 REL="PREVIOUS"
 TITLE="Group mapping HOWTO"
 HREF="groupmapping.html"><LINK
 REL="NEXT"
 TITLE="Appendixes"
 HREF="appendixes.html"></HEAD
 ><BODY
 CLASS="CHAPTER"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><DIV
 CLASS="NAVHEADER"
 ><TABLE
 SUMMARY="Header navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TH
 COLSPAN="3"
 ALIGN="center"
 >SAMBA Project Documentation</TH
 ></TR
 ><TR
 ><TD
 WIDTH="10%"
 ALIGN="left"
 VALIGN="bottom"
 ><A
 HREF="groupmapping.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="80%"
 ALIGN="center"
 VALIGN="bottom"
 ></TD
 ><TD
 WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 ><A
 HREF="appendixes.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ></TABLE
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"></DIV
 ><DIV
 CLASS="CHAPTER"
 ><H1
 ><A
 NAME="SPEED">Chapter 22. Samba performance issues</H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN3055">22.1. Comparisons</H1
 ><P
 >The Samba server uses TCP to talk to the client. Thus if you are
 trying to see if it performs well you should really compare it to
 programs that use the same protocol. The most readily available
 programs for file transfer that use TCP are ftp or another TCP based
-SMB server.</P
+SMB server.
-><P
+</p><p>
->If you want to test against something like a NT or WfWg server then
+If you want to test against something like a NT or WfWg server then
 you will have to disable all but TCP on either the client or
 server. Otherwise you may well be using a totally different protocol
-(such as Netbeui) and comparisons may not be valid.</P
+(such as Netbeui) and comparisons may not be valid.
-><P
+</p><p>
->Generally you should find that Samba performs similarly to ftp at raw
+Generally you should find that Samba performs similarly to ftp at raw
 transfer speed. It should perform quite a bit faster than NFS,
-although this very much depends on your system.</P
+although this very much depends on your system.
-><P
+</p><p>
->Several people have done comparisons between Samba and Novell, NFS or
+Several people have done comparisons between Samba and Novell, NFS or
 WinNT. In some cases Samba performed the best, in others the worst. I
 suspect the biggest factor is not Samba vs some other system but the
 hardware and drivers used on the various systems. Given similar
 hardware Samba should certainly be competitive in speed with other
-systems.</P
+systems.
-></DIV
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018235"></a>Socket options</h2></div></div><div></div></div><p>
-><DIV
+There are a number of socket options that can greatly affect the
-CLASS="SECT1"
+performance of a TCP based server like Samba.
-><H1
+</p><p>
-CLASS="SECT1"
+The socket options that Samba uses are settable both on the command
-><A
+line with the <tt class="option">-O</tt> option, or in the <tt class="filename">smb.conf</tt> file.
-NAME="AEN3061">22.2. Socket options</H1
+</p><p>
-><P
+The <i class="parameter"><tt>socket options</tt></i> section of the <tt class="filename">smb.conf</tt> manual page describes how
->There are a number of socket options that can greatly affect the
+to set these and gives recommendations.
-performance of a TCP based server like Samba.</P
+</p><p>
-><P
+Getting the socket options right can make a big difference to your
 >The socket options that Samba uses are settable both on the command
 line with the -O option, or in the smb.conf file.</P
 ><P
 >The "socket options" section of the smb.conf manual page describes how
 to set these and gives recommendations.</P
 ><P
 >Getting the socket options right can make a big difference to your
 performance, but getting them wrong can degrade it by just as
-much. The correct settings are very dependent on your local network.</P
+much. The correct settings are very dependent on your local network.
-><P
+</p><p>
->The socket option TCP_NODELAY is the one that seems to make the
+The socket option TCP_NODELAY is the one that seems to make the
 biggest single difference for most networks. Many people report that
-adding "socket options = TCP_NODELAY" doubles the read performance of
+adding <i class="parameter"><tt>socket options = TCP_NODELAY</tt></i> doubles the read 
-a Samba drive. The best explanation I have seen for this is that the
+performance of a Samba drive. The best explanation I have seen for this is
-Microsoft TCP/IP stack is slow in sending tcp ACKs.</P
+that the Microsoft TCP/IP stack is slow in sending tcp ACKs.
-></DIV
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018310"></a>Read size</h2></div></div><div></div></div><p>
-><DIV
+The option <i class="parameter"><tt>read size</tt></i> affects the overlap of disk
-CLASS="SECT1"
+reads/writes with network reads/writes. If the amount of data being
-><H1
+transferred in several of the SMB commands (currently SMBwrite, SMBwriteX and
 CLASS="SECT1"
 ><A
 NAME="AEN3068">22.3. Read size</H1
 ><P
 >The option "read size" affects the overlap of disk reads/writes with
 network reads/writes. If the amount of data being transferred in
 several of the SMB commands (currently SMBwrite, SMBwriteX and
 SMBreadbraw) is larger than this value then the server begins writing
 the data before it has received the whole packet from the network, or
 in the case of SMBreadbraw, it begins writing to the network before
-all the data has been read from disk.</P
+all the data has been read from disk.
-><P
+</p><p>
->This overlapping works best when the speeds of disk and network access
+This overlapping works best when the speeds of disk and network access
 are similar, having very little effect when the speed of one is much
-greater than the other.</P
+greater than the other.
-><P
+</p><p>
->The default value is 16384, but very little experimentation has been
+The default value is 16384, but very little experimentation has been
 done yet to determine the optimal value, and it is likely that the best
 value will vary greatly between systems anyway. A value over 65536 is
-pointless and will cause you to allocate memory unnecessarily.</P
+pointless and will cause you to allocate memory unnecessarily.
-></DIV
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018354"></a>Max xmit</h2></div></div><div></div></div><p>
-><DIV
+At startup the client and server negotiate a <i class="parameter"><tt>maximum transmit</tt></i> size,
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN3073">22.4. Max xmit</H1
 ><P
 >At startup the client and server negotiate a "maximum transmit" size,
 which limits the size of nearly all SMB commands. You can set the
-maximum size that Samba will negotiate using the "max xmit = " option
+maximum size that Samba will negotiate using the <i class="parameter"><tt>max xmit = </tt></i> option
-in smb.conf. Note that this is the maximum size of SMB request that 
+in <tt class="filename">smb.conf</tt>. Note that this is the maximum size of SMB requests that 
 Samba will accept, but not the maximum size that the *client* will accept.
 The client maximum receive size is sent to Samba by the client and Samba
-honours this limit.</P
+honours this limit.
-><P
+</p><p>
->It defaults to 65536 bytes (the maximum), but it is possible that some
+It defaults to 65536 bytes (the maximum), but it is possible that some
 clients may perform better with a smaller transmit unit. Trying values
-of less than 2048 is likely to cause severe problems.</P
+of less than 2048 is likely to cause severe problems.
-><P
+</p><p>
->In most cases the default is the best option.</P
+In most cases the default is the best option.
-></DIV
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018407"></a>Log level</h2></div></div><div></div></div><p>
-><DIV
+If you set the log level (also known as <i class="parameter"><tt>debug level</tt></i>) higher than 2
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN3078">22.5. Log level</H1
 ><P
 >If you set the log level (also known as "debug level") higher than 2
 then you may suffer a large drop in performance. This is because the
 server flushes the log file after each operation, which can be very
-expensive. </P
+expensive. 
-></DIV
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018430"></a>Read raw</h2></div></div><div></div></div><p>
-><DIV
+The <i class="parameter"><tt>read raw</tt></i> operation is designed to be an optimised, low-latency
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN3081">22.6. Read raw</H1
 ><P
 >The "read raw" operation is designed to be an optimised, low-latency
 file read operation. A server may choose to not support it,
-however. and Samba makes support for "read raw" optional, with it
+however. and Samba makes support for <i class="parameter"><tt>read raw</tt></i> optional, with it
-being enabled by default.</P
+being enabled by default.
-><P
+</p><p>
->In some cases clients don't handle "read raw" very well and actually
+In some cases clients don't handle <i class="parameter"><tt>read raw</tt></i> very well and actually
 get lower performance using it than they get using the conventional
-read operations. </P
+read operations. 
-><P
+</p><p>
->So you might like to try "read raw = no" and see what happens on your
+So you might like to try <i class="parameter"><tt>read raw = no</tt></i> and see what happens on your
 network. It might lower, raise or not affect your performance. Only
-testing can really tell.</P
+testing can really tell.
-></DIV
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018486"></a>Write raw</h2></div></div><div></div></div><p>
-><DIV
+The <i class="parameter"><tt>write raw</tt></i> operation is designed to be an optimised, low-latency
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN3086">22.7. Write raw</H1
 ><P
 >The "write raw" operation is designed to be an optimised, low-latency
 file write operation. A server may choose to not support it,
-however. and Samba makes support for "write raw" optional, with it
+however. and Samba makes support for <i class="parameter"><tt>write raw</tt></i> optional, with it
-being enabled by default.</P
+being enabled by default.
-><P
+</p><p>
->Some machines may find "write raw" slower than normal write, in which
+Some machines may find <i class="parameter"><tt>write raw</tt></i> slower than normal write, in which
-case you may wish to change this option.</P
+case you may wish to change this option.
-></DIV
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018528"></a>Slow Logins</h2></div></div><div></div></div><p>
-><DIV
+Slow logins are almost always due to the password checking time. Using
-CLASS="SECT1"
+the lowest practical <i class="parameter"><tt>password level</tt></i> will improve things. 
-><H1
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018550"></a>LDAP</h2></div></div><div></div></div><p>
-CLASS="SECT1"
+LDAP can be vastly improved by using the
-><A
+<a href="smb.conf.5.html#LDAPTRUSTIDS" target="_top"><i class="parameter"><tt>ldap trust ids</tt></i></a> parameter.
-NAME="AEN3090">22.8. Slow Clients</H1
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018575"></a>Client tuning</h2></div></div><div></div></div><p>
-><P
+Often a speed problem can be traced to the client. The client (for
 >One person has reported that setting the protocol to COREPLUS rather
 than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).</P
 ><P
 >I suspect that his PC's (386sx16 based) were asking for more data than
 they could chew. I suspect a similar speed could be had by setting
 "read raw = no" and "max xmit = 2048", instead of changing the
 protocol. Lowering the "read size" might also help.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN3094">22.9. Slow Logins</H1
 ><P
 >Slow logins are almost always due to the password checking time. Using
 the lowest practical "password level" will improve things a lot. You
 could also enable the "UFC crypt" option in the Makefile.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
 NAME="AEN3097">22.10. Client tuning</H1
 ><P
 >Often a speed problem can be traced to the client. The client (for
 example Windows for Workgroups) can often be tuned for better TCP
-performance.</P
+performance. Check the sections on the various clients in 
-><P
+<a href="Other-Clients.html" title="Chapter<65>38.<2E>Samba and other CIFS clients">Samba and Other Clients</a>.
->See your client docs for details. In particular, I have heard rumours
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018601"></a>Samba performance problem due changing kernel</h2></div></div><div></div></div><p>
-that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a
+Hi everyone. I am running Gentoo on my server and samba 2.2.8a. Recently
-large impact on performance.</P
+I changed kernel version from linux-2.4.19-gentoo-r10 to
-><P
+linux-2.4.20-wolk4.0s. And now I have performance issue with samba. Ok
->Also note that some people have found that setting DefaultRcvWindow in
+many of you will probably say that move to vanilla sources...well I ried
-the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a
+it too and it didn't work. I have 100mb LAN and two computers (linux +
-big improvement. I don't know why.</P
+Windows2000). Linux server shares directory with DivX files, client
-><P
+(windows2000) plays them via LAN. Before when I was running 2.4.19 kernel
->My own experience wth DefaultRcvWindow is that I get much better
+everything was fine, but now movies freezes and stops...I tried moving
-performance with a large value (16384 or larger). Other people have
+files between server and Windows and it's trerribly slow.
-reported that anything over 3072 slows things down enourmously. One
+</p><p>
-person even reported a speed drop of a factor of 30 when he went from
+Grab mii-tool and check the duplex settings on the NIC.
-3072 to 8192. I don't know why.</P
+My guess is that it is a link layer issue, not an application
-><P
+layer problem.  Also run ifconfig and verify that the framing
->It probably depends a lot on your hardware, and the type of unix box
+error, collisions, etc... look normal for ethernet.
-you have at the other end of the link.</P
+</p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3018632"></a>Corrupt tdb Files</h2></div></div><div></div></div><p>
-><P
+Well today it happend, our first major problem using samba.
->Paul Cochrane has done some testing on client side tuning and come 
+Our samba PDC server has been hosting 3 TB of data to our 500+ users
-to the following conclusions:</P
+[Windows NT/XP]  for the last 3 years using samba, no problem.
-><P
+But today all shares went SLOW; very slow. Also the main smbd kept
->Install the W2setup.exe file from www.microsoft.com. This is an 
+spawning new processes so we had 1600+ running smbd's (normally we avg. 250).
-update for the winsock stack and utilities which improve performance.</P
+It crashed the SUN E3500 cluster twice. After alot of searching I
-><P
+decided to <b class="command">rm /var/locks/*.tbl</b>. Happy again.
->Configure the win95 TCPIP registry settings to give better 
+</p><p>
-perfomance. I use a program called MTUSPEED.exe which I got off the 
+Q1) Is there any method of keeping the *.tbl files in top condition or
-net. There are various other utilities of this type freely available. 
+how to early detect corruption?
-The setting which give the best performance for me are:</P
+</p><p>
-><P
+A1) Yes, run <b class="command">tdbbackup</b> each time after stoping nmbd and before starting nmbd.
-></P
+</p><p>
-><OL
+Q2) What I also would like to mention is that the service latency seems
-TYPE="1"
+alot lower then before the locks cleanup, any ideas on keeping it top notch?
-><LI
+</p><p>
-><P
+A2) Yes! Samba answer as for Q1!
->MaxMTU                  Remove</P
+</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Other-Clients.html">Prev</a><EFBFBD></td><td width="20%" align="center"><a accesskey="u" href="Appendixes.html">Up</a></td><td width="40%" align="right"><EFBFBD><a accesskey="n" href="DNSDHCP.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter<EFBFBD>38.<2E>Samba and other CIFS clients<74></td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"><EFBFBD>Chapter<EFBFBD>40.<2E>DNS and DHCP Configuration Guide</td></tr></table></div></body></html>
 ></LI
 ><LI
 ><P
 >RWIN                    Remove</P
 ></LI
 ><LI
 ><P
 >MTUAutoDiscover         Disable</P
 ></LI
 ><LI
 ><P
 >MTUBlackHoleDetect      Disable</P
 ></LI
 ><LI
 ><P
 >Time To Live            Enabled</P
 ></LI
 ><LI
 ><P
 >Time To Live - HOPS     32</P
 ></LI
 ><LI
 ><P
 >NDI Cache Size          0</P
 ></LI
 ></OL
 ><P
 >I tried virtually all of the items mentioned in the document and 
 the only one which made a difference to me was the socket options. It 
 turned out I was better off without any!!!!!</P
 ><P
 >In terms of overall speed of transfer, between various win95 clients 
 and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE 
 drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT.</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 >The figures are:          Put              Get 
 P166 client 3Com card:    420-440kB/s      500-520kB/s
 P100 client 3Com card:    390-410kB/s      490-510kB/s
 DX4-75 client NE2000:     370-380kB/s      330-350kB/s</PRE
 ></P
 ><P
 >I based these test on transfer two files a 4.5MB text file and a 15MB 
 textfile. The results arn't bad considering the hardware Samba is 
 running on. It's a crap machine!!!!</P
 ><P
 >The updates mentioned in 1 and 2 brought up the transfer rates from 
 just over 100kB/s in some clients.</P
 ><P
 >A new client is a P333 connected via a 100MB/s card and hub. The 
 transfer rates from this were good: 450-500kB/s on put and 600+kB/s 
 on get.</P
 ><P
 >Looking at standard FTP throughput, Samba is a bit slower (100kB/s 
 upwards). I suppose there is more going on in the samba protocol, but 
 if it could get up to the rate of FTP the perfomance would be quite 
 staggering.</P
 ></DIV
 ></DIV
 ><DIV
 CLASS="NAVFOOTER"
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"><TABLE
 SUMMARY="Footer navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
 HREF="groupmapping.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="samba-howto-collection.html"
 ACCESSKEY="H"
 >Home</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
 HREF="appendixes.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 >Group mapping HOWTO</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="optional.html"
 ACCESSKEY="U"
 >Up</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 >Appendixes</TD
 ></TR
 ></TABLE
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/swat.8.html
+++ b/docs/htmldocs/swat.8.html
@ -1,425 +1,87 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>swat</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="swat.8"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>swat &#8212; Samba Web Administration Tool</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">swat</tt>  [-s &lt;smb config file&gt;] [-a]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">swat</b> allows a Samba administrator to 
-<HTML
+	configure the complex <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file via a Web browser. In addition, 
-><HEAD
+	a <b class="command">swat</b> configuration page has help links 
-><TITLE
+	to all the configurable options in the <tt class="filename">smb.conf</tt> file allowing an 
->swat</TITLE
+	administrator to easily look up the effects of any change. </p><p><b class="command">swat</b> is run from <b class="command">inetd</b> </p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-s smb configuration file</span></dt><dd><p>The default configuration file path is 
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="SWAT"
 ></A
 >swat</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >swat&nbsp;--&nbsp;Samba Web Administration Tool</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >swat</B
 >  [-s &lt;smb config file&gt;] [-a]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN13"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >swat</B
 > allows a Samba administrator to 
 	configure the complex <A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >	smb.conf(5)</TT
 ></A
 > file via a Web browser. In addition, 
 	a <B
 CLASS="COMMAND"
 >swat</B
 > configuration page has help links 
 	to all the configurable options in the <TT
 CLASS="FILENAME"
 >smb.conf</TT
 > file allowing an 
 	administrator to easily look up the effects of any change. </P
 ><P
 ><B
 CLASS="COMMAND"
 >swat</B
 > is run from <B
 CLASS="COMMAND"
 >inetd</B
 > </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN26"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-s smb configuration file</DT
 ><DD
 ><P
 >The default configuration file path is 
 		determined at compile time.  The file specified contains 
-		the configuration details required by the <B
+		the configuration details required by the <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> server. This is the file 
-CLASS="COMMAND"
+		that <b class="command">swat</b> will modify. 
 >smbd
 		</B
 > server. This is the file that <B
 CLASS="COMMAND"
 >swat</B
 > will modify. 
 		The information in this file includes server-specific 
 		information such as what printcap file to use, as well as 
 		descriptions of all the services that the server is to provide.
-		See <TT
+		See <tt class="filename">smb.conf</tt> for more information. 
-CLASS="FILENAME"
+		</p></dd><dt><span class="term">-a</span></dt><dd><p>This option disables authentication and puts 
->smb.conf</TT
+		<b class="command">swat</b> in demo mode. In that mode anyone will be able to modify 
-> for more information. 
+		the <tt class="filename">smb.conf</tt> file. </p><p><span class="emphasis"><em>WARNING: Do NOT enable this option on a production 
-		</P
+		server. </em></span></p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for 
-></DD
+<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
-><DT
+configuration details required by the server.  The 
->-a</DT
+information in this file includes server-specific
-><DD
+information such as what printcap file to use, as well 
-><P
+as descriptions of all the services that the server is 
->This option disables authentication and puts 
+to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
-		<B
+smb.conf(5)</tt></a> for more information.
-CLASS="COMMAND"
+The default configuration file name is determined at 
->swat</B
+compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer 
-> in demo mode. In that mode anyone will be able to modify 
+from 0 to 10.  The default value if this parameter is 
-		the <TT
+not specified is zero.</p><p>The higher this value, the more detail will be 
-CLASS="FILENAME"
+logged to the log files about the activities of the 
->smb.conf</TT
+server. At level 0, only critical errors and serious 
-> file. </P
+warnings will be logged. Level 1 is a reasonable level for
-><P
+day to day running - it generates a small amount of 
-><SPAN
+information about operations carried out.</p><p>Levels above 1 will generate considerable 
-CLASS="emphasis"
+amounts of log data, and should only be used when 
-><I
+investigating a problem. Levels above 3 are designed for 
-CLASS="EMPHASIS"
+use only by developers and generate HUGE amounts of log
->WARNING: Do NOT enable this option on a production 
+data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will 
-		server. </I
+override the <a href="smb.conf.5.html#loglevel" target="_top">log
-></SPAN
+level</a> parameter in the <a href="smb.conf.5.html" target="_top">
-></P
+<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
-></DD
+<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
-></DL
+never removed by the client.
-></DIV
+</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-></DIV
+</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>INSTALLATION</h2><p>Swat is included as binary package with most distributions. The 
-><DIV
+	package manager in this case takes care of the installation and 
-CLASS="REFSECT1"
+	configuration. This section is only for those who have compiled 
-><A
+	swat from scratch.
-NAME="AEN44"
+	</p><p>After you compile SWAT you need to run <b class="command">make install
-></A
+	</b> to install the <b class="command">swat</b> binary
 ><H2
 >INSTALLATION</H2
 ><P
 >After you compile SWAT you need to run <B
 CLASS="COMMAND"
 >make install
 	</B
 > to install the <B
 CLASS="COMMAND"
 >swat</B
 > binary
 	and the various help files and images. A default install would put 
-	these in: </P
+	these in: </p><div class="itemizedlist"><ul type="disc"><li><p>/usr/local/samba/bin/swat</p></li><li><p>/usr/local/samba/swat/images/*</p></li><li><p>/usr/local/samba/swat/help/*</p></li></ul></div><div class="refsect2" lang="en"><h3>Inetd Installation</h3><p>You need to edit your <tt class="filename">/etc/inetd.conf
-><P
+		</tt> and <tt class="filename">/etc/services</tt>
-></P
+		to enable SWAT to be launched via <b class="command">inetd</b>.</p><p>In <tt class="filename">/etc/services</tt> you need to 
-><UL
+		add a line like this: </p><p><b class="command">swat            901/tcp</b></p><p>Note for NIS/YP and LDAP users - you may need to rebuild the 
-><LI
+		NIS service maps rather than alter your local <tt class="filename">
-><P
+		/etc/services</tt> file. </p><p>the choice of port number isn't really important 
 >/usr/local/samba/bin/swat</P
 ></LI
 ><LI
 ><P
 >/usr/local/samba/swat/images/*</P
 ></LI
 ><LI
 ><P
 >/usr/local/samba/swat/help/*</P
 ></LI
 ></UL
 ><DIV
 CLASS="REFSECT2"
 ><A
 NAME="AEN56"
 ></A
 ><H3
 >Inetd Installation</H3
 ><P
 >You need to edit your <TT
 CLASS="FILENAME"
 >/etc/inetd.conf
 		</TT
 > and <TT
 CLASS="FILENAME"
 >/etc/services</TT
 >
 		to enable SWAT to be launched via <B
 CLASS="COMMAND"
 >inetd</B
 >.</P
 ><P
 >In <TT
 CLASS="FILENAME"
 >/etc/services</TT
 > you need to 
 		add a line like this: </P
 ><P
 ><B
 CLASS="COMMAND"
 >swat            901/tcp</B
 ></P
 ><P
 >Note for NIS/YP users - you may need to rebuild the 
 		NIS service maps rather than alter your local <TT
 CLASS="FILENAME"
 >		/etc/services</TT
 > file. </P
 ><P
 >the choice of port number isn't really important 
 		except that it should be less than 1024 and not currently 
 		used (using a number above 1024 presents an obscure security 
 		hole depending on the implementation details of your 
-		<B
+		<b class="command">inetd</b> daemon). </p><p>In <tt class="filename">/etc/inetd.conf</tt> you should 
-CLASS="COMMAND"
+		add a line like this: </p><p><b class="command">swat    stream  tcp     nowait.400  root
->inetd</B
+		/usr/local/samba/bin/swat swat</b></p><p>One you have edited <tt class="filename">/etc/services</tt> 
-> daemon). </P
+		and <tt class="filename">/etc/inetd.conf</tt> you need to send a 
-><P
+		HUP signal to inetd. To do this use <b class="command">kill -1 PID
->In <TT
+		</b> where PID is the process ID of the inetd daemon. </p></div></div><div class="refsect1" lang="en"><h2>LAUNCHING</h2><p>To launch SWAT just run your favorite web browser and 
-CLASS="FILENAME"
+	point it at &quot;http://localhost:901/&quot;.</p><p>Note that you can attach to SWAT from any IP connected 
 >/etc/inetd.conf</TT
 > you should 
 		add a line like this: </P
 ><P
 ><B
 CLASS="COMMAND"
 >swat    stream  tcp     nowait.400  root
 		/usr/local/samba/bin/swat swat</B
 ></P
 ><P
 >One you have edited <TT
 CLASS="FILENAME"
 >/etc/services</TT
 > 
 		and <TT
 CLASS="FILENAME"
 >/etc/inetd.conf</TT
 > you need to send a 
 		HUP signal to inetd. To do this use <B
 CLASS="COMMAND"
 >kill -1 PID
 		</B
 > where PID is the process ID of the inetd daemon. </P
 ></DIV
 ><DIV
 CLASS="REFSECT2"
 ><A
 NAME="AEN78"
 ></A
 ><H3
 >Launching</H3
 ><P
 >To launch SWAT just run your favorite web browser and 
 		point it at "http://localhost:901/".</P
 ><P
 >Note that you can attach to SWAT from any IP connected 
 	machine but connecting from a remote machine leaves your 
 	connection open to password sniffing as passwords will be sent 
-		in the clear over the wire. </P
+	in the clear over the wire. </p></div><div class="refsect1" lang="en"><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><tt class="filename">/etc/inetd.conf</tt></span></dt><dd><p>This file must contain suitable startup 
-></DIV
+		information for the meta-daemon.</p></dd><dt><span class="term"><tt class="filename">/etc/services</tt></span></dt><dd><p>This file must contain a mapping of service name 
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN82"
 ></A
 ><H2
 >FILES</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 ><TT
 CLASS="FILENAME"
 >/etc/inetd.conf</TT
 ></DT
 ><DD
 ><P
 >This file must contain suitable startup 
 		information for the meta-daemon.</P
 ></DD
 ><DT
 ><TT
 CLASS="FILENAME"
 >/etc/services</TT
 ></DT
 ><DD
 ><P
 >This file must contain a mapping of service name 
 		(e.g., swat) to service port (e.g., 901) and protocol type 
-		(e.g., tcp).  </P
+		(e.g., tcp).  </p></dd><dt><span class="term"><tt class="filename">/usr/local/samba/lib/smb.conf</tt></span></dt><dd><p>This is the default location of the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> server configuration file that swat edits. Other 
-></DD
+		common places that systems install this file are <tt class="filename">
-><DT
+		/usr/samba/lib/smb.conf</tt> and <tt class="filename">/etc/smb.conf
-><TT
+		</tt>.  This file describes all the services the server 
-CLASS="FILENAME"
+		is to make available to clients. </p></dd></dl></div></div><div class="refsect1" lang="en"><h2>WARNINGS</h2><p><b class="command">swat</b> will rewrite your <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file. It will rearrange the entries and delete all 
->/usr/local/samba/lib/smb.conf</TT
+	comments, <i class="parameter"><tt>include=</tt></i> and <i class="parameter"><tt>copy=
-></DT
+	</tt></i> options. If you have a carefully crafted <tt class="filename">
-><DD
+	smb.conf</tt> then back it up or don't use swat! </p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><b class="command">inetd(5)</b>, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 ><P
 >This is the default location of the <TT
 CLASS="FILENAME"
 >smb.conf(5)
 		</TT
 > server configuration file that swat edits. Other 
 		common places that systems install this file are <TT
 CLASS="FILENAME"
 >		/usr/samba/lib/smb.conf</TT
 > and <TT
 CLASS="FILENAME"
 >/etc/smb.conf
 		</TT
 >.  This file describes all the services the server 
 		is to make available to clients. </P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN103"
 ></A
 ><H2
 >WARNINGS</H2
 ><P
 ><B
 CLASS="COMMAND"
 >swat</B
 > will rewrite your <TT
 CLASS="FILENAME"
 >smb.conf
 	</TT
 > file. It will rearrange the entries and delete all 
 	comments, <TT
 CLASS="PARAMETER"
 ><I
 >include=</I
 ></TT
 > and <TT
 CLASS="PARAMETER"
 ><I
 >copy=
 	</I
 ></TT
 > options. If you have a carefully crafted <TT
 CLASS="FILENAME"
 >	smb.conf</TT
 > then back it up or don't use swat! </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN111"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 2.2 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN114"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><B
 CLASS="COMMAND"
 >inetd(5)</B
 >,
 	<A
 HREF="smbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbd(8)</B
 ></A
 >, 
 	<A
 HREF="smb.conf.5.html"
 TARGET="_top"
 >smb.conf(5)</A
 >
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN121"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
-></DIV
+	Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/testparm.1.html
+++ b/docs/htmldocs/testparm.1.html
@ -1,316 +1,51 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>testparm</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="testparm.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>testparm &#8212; check an smb.conf configuration file for 
-<HTML
+	internal correctness</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">testparm</tt>  [-s] [-h] [-v] [-L &lt;servername&gt;] [-t &lt;encoding&gt;] {config filename} [hostname hostIP]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">testparm</b> is a very simple test program 
-><HEAD
+	to check an <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> configuration file for 
 ><TITLE
 >testparm</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
 "></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="TESTPARM">testparm</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >testparm&nbsp;--&nbsp;check an smb.conf configuration file for 
 	internal correctness</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >testparm</B
 > [-s] [-h] [-v] [-L &#60;servername&#62;] [-t &#60;encoding&#62;] {config filename} [hostname hostIP]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN18"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >testparm</B
 > is a very simple test program 
 	to check an <B
 CLASS="COMMAND"
 >smbd</B
 > configuration file for 
 	internal correctness. If this program reports no problems, you 
-	can use the configuration file with confidence that <B
+	can use the configuration file with confidence that <b class="command">smbd
-CLASS="COMMAND"
+	</b> will successfully load the configuration file.</p><p>Note that this is <span class="emphasis"><em>NOT</em></span> a guarantee that 
 >smbd
 	</B
 > will successfully load the configuration file.</P
 ><P
 >Note that this is <I
 CLASS="EMPHASIS"
 >NOT</I
 > a guarantee that 
 	the services specified in the configuration file will be 
-	available or will operate as expected. </P
+	available or will operate as expected. </p><p>If the optional host name and host IP address are 
 ><P
 >If the optional host name and host IP address are 
 	specified on the command line, this test program will run through 
 	the service entries reporting whether the specified host
-	has access to each service. </P
+	has access to each service. </p><p>If <b class="command">testparm</b> finds an error in the <tt class="filename">
-><P
+	smb.conf</tt> file it returns an exit code of 1 to the calling 
 >If <B
 CLASS="COMMAND"
 >testparm</B
 > finds an error in the <TT
 CLASS="FILENAME"
 >	smb.conf</TT
 > file it returns an exit code of 1 to the calling 
 	program, else it returns an exit code of 0. This allows shell scripts 
-	to test the output from <B
+	to test the output from <b class="command">testparm</b>.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-s</span></dt><dd><p>Without this option, <b class="command">testparm</b> 
 CLASS="COMMAND"
 >testparm</B
 >.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN33"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-s</DT
 ><DD
 ><P
 >Without this option, <B
 CLASS="COMMAND"
 >testparm</B
 > 
 		will prompt for a carriage return after printing the service 
-		names and before dumping the service definitions.</P
+		names and before dumping the service definitions.</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-></DD
+</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for 
-><DT
+<b class="command">smbd</b>.</p></dd><dt><span class="term">-L servername</span></dt><dd><p>Sets the value of the %L macro to <i class="replaceable"><tt>servername</tt></i>.
 >-h</DT
 ><DD
 ><P
 >Print usage message </P
 ></DD
 ><DT
 >-L servername</DT
 ><DD
 ><P
 >Sets the value of the %L macro to <TT
 CLASS="REPLACEABLE"
 ><I
 >servername</I
 ></TT
 >.
 		This is useful for testing include files specified with the 
-		%L macro. </P
+		%L macro. </p></dd><dt><span class="term">-v</span></dt><dd><p>If this option is specified, testparm 
-></DD
+		will also output all options that were not used in <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> and are thus set to their defaults.</p></dd><dt><span class="term">-t encoding</span></dt><dd><p>
-><DT
+		Output data in specified encoding.
->-v</DT
+		</p></dd><dt><span class="term">configfilename</span></dt><dd><p>This is the name of the configuration file 
 ><DD
 ><P
 >If this option is specified, testparm 
 		will also output all options that were not used in 
 		<TT
 CLASS="FILENAME"
 >smb.conf</TT
 > and are thus set to
 		their defaults.</P
 ></DD
 ><DT
 >-t encoding</DT
 ><DD
 ><P
 >		Output data in specified encoding.
 		</P
 ></DD
 ><DT
 >configfilename</DT
 ><DD
 ><P
 >This is the name of the configuration file 
 		to check. If this parameter is not present then the 
-		default <TT
+		default <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file will be checked. 	
-CLASS="FILENAME"
+		</p></dd><dt><span class="term">hostname</span></dt><dd><p>If this parameter and the following are 
->smb.conf</TT
+		specified, then <b class="command">testparm</b> will examine the <i class="parameter"><tt>hosts
-> file will be checked. 	
+		allow</tt></i> and <i class="parameter"><tt>hosts deny</tt></i> 
-		</P
+		parameters in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a> file to 
 ></DD
 ><DT
 >hostname</DT
 ><DD
 ><P
 >If this parameter and the following are 
 		specified, then <B
 CLASS="COMMAND"
 >testparm</B
 > will examine the <TT
 CLASS="PARAMETER"
 ><I
 >hosts
 		allow</I
 ></TT
 > and <TT
 CLASS="PARAMETER"
 ><I
 >hosts deny</I
 ></TT
 > 
 		parameters in the <TT
 CLASS="FILENAME"
 >smb.conf</TT
 > file to 
 		determine if the hostname with this IP address would be
-		allowed access to the <B
+		allowed access to the <b class="command">smbd</b> server.  If 
 CLASS="COMMAND"
 >smbd</B
 > server.  If 
 		this parameter is supplied, the hostIP parameter must also
-		be supplied.</P
+		be supplied.</p></dd><dt><span class="term">hostIP</span></dt><dd><p>This is the IP address of the host specified 
 ></DD
 ><DT
 >hostIP</DT
 ><DD
 ><P
 >This is the IP address of the host specified 
 		in the previous parameter.  This address must be supplied 
-		if the hostname parameter is supplied. </P
+		if the hostname parameter is supplied. </p></dd></dl></div></div><div class="refsect1" lang="en"><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a></span></dt><dd><p>This is usually the name of the configuration 
-></DD
+		file used by <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>. 
-></DL
+		</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>DIAGNOSTICS</h2><p>The program will issue a message saying whether the 
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN77"
 ></A
 ><H2
 >FILES</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 ><TT
 CLASS="FILENAME"
 >smb.conf</TT
 ></DT
 ><DD
 ><P
 >This is usually the name of the configuration 
 		file used by <B
 CLASS="COMMAND"
 >smbd</B
 >. 
 		</P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN86"
 ></A
 ><H2
 >DIAGNOSTICS</H2
 ><P
 >The program will issue a message saying whether the 
 	configuration file loaded OK or not. This message may be preceded by 
 	errors and warnings if the file did not load. If the file was 
 	loaded OK, the program then dumps all known service details 
-	to stdout. </P
+	to stdout. </p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of 
-></DIV
+	the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>, <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN89"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 3.0 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN92"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="smb.conf.5.html"
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 ></A
 >, 
 	<A
 HREF="smbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbd(8)</B
 ></A
 >
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN99"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
-></DIV
+	for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/testprns.1.html
+++ b/docs/htmldocs/testprns.1.html
@ -1,253 +1,38 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>testprns</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="testprns.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>testprns &#8212; check printer name for validity with smbd</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">testprns</tt>  {printername} [printcapname]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">testprns</b> is a very simple test program 
 <HTML
 ><HEAD
 ><TITLE
 >testprns</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="TESTPRNS"
 ></A
 >testprns</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >testprns&nbsp;--&nbsp;check printer name for validity with smbd</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >testprns</B
 >  {printername} [printcapname]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN13"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >testprns</B
 > is a very simple test program 
 	to determine whether a given printer name is valid for use in 
-	a service to be provided by <A
+	a service to be provided by <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>.</p><p>&quot;Valid&quot; in this context means &quot;can be found in the 
-HREF="smbd.8.html"
+	printcap specified&quot;. This program is very stupid - so stupid in 
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >	smbd(8)</B
 ></A
 >. </P
 ><P
 >"Valid" in this context means "can be found in the 
 	printcap specified". This program is very stupid - so stupid in 
 	fact that it would be wisest to always specify the printcap file 
-	to use. </P
+	to use. </p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">printername</span></dt><dd><p>The printer name to validate.</p><p>Printer names are taken from the first field in each 
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN22"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >printername</DT
 ><DD
 ><P
 >The printer name to validate.</P
 ><P
 >Printer names are taken from the first field in each 
 		record in the printcap file, single printer names and sets 
-		of aliases separated by vertical bars ("|") are recognized. 
+		of aliases separated by vertical bars (&quot;|&quot;) are recognized. 
 		Note that no validation or checking of the printcap syntax is 
 		done beyond that required to extract the printer name. It may
 		be that the print spooling system is more forgiving or less 
-		forgiving than <B
+		forgiving than <b class="command">testprns</b>. However, if 
-CLASS="COMMAND"
+		<b class="command">testprns</b> finds the printer then <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> should do so as well. </p></dd><dt><span class="term">printcapname</span></dt><dd><p>This is the name of the printcap file within
->testprns</B
+		which to search for the given printer name. </p><p>If no printcap name is specified <b class="command">testprns
->. However, if 
+		</b> will attempt to scan the printcap file name 
-		<B
+		specified at compile time. </p></dd></dl></div></div><div class="refsect1" lang="en"><h2>FILES</h2><div class="variablelist"><dl><dt><span class="term"><tt class="filename">/etc/printcap</tt></span></dt><dd><p>This is usually the default printcap 
-CLASS="COMMAND"
+		file to scan. See <tt class="filename">printcap (5)</tt>. 
->testprns</B
+		</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>DIAGNOSTICS</h2><p>If a printer is found to be valid, the message 
-> finds the printer then 
+	&quot;Printer name &lt;printername&gt; is valid&quot; will be 
-		<B
+	displayed. </p><p>If a printer is found to be invalid, the message
-CLASS="COMMAND"
+	&quot;Printer name &lt;printername&gt; is not valid&quot; will be 
->smbd</B
+	displayed. </p><p>All messages that would normally be logged during
 > should do so as well. </P
 ></DD
 ><DT
 >printcapname</DT
 ><DD
 ><P
 >This is the name of the printcap file within
 		which to search for the given printer name. </P
 ><P
 >If no printcap name is specified <B
 CLASS="COMMAND"
 >testprns
 		</B
 > will attempt to scan the printcap file name 
 		specified at compile time. </P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN39"
 ></A
 ><H2
 >FILES</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 ><TT
 CLASS="FILENAME"
 >/etc/printcap</TT
 ></DT
 ><DD
 ><P
 >This is usually the default printcap 
 		file to scan. See <TT
 CLASS="FILENAME"
 >printcap (5)</TT
 >. 
 		</P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN48"
 ></A
 ><H2
 >DIAGNOSTICS</H2
 ><P
 >If a printer is found to be valid, the message 
 	"Printer name &lt;printername&gt; is valid" will be 
 	displayed. </P
 ><P
 >If a printer is found to be invalid, the message
 	"Printer name &lt;printername&gt; is not valid" will be 
 	displayed. </P
 ><P
 >All messages that would normally be logged during
 	operation of the Samba daemons are logged by this program to the 
-	file <TT
+	file <tt class="filename">test.log</tt> in the current directory. The
 CLASS="FILENAME"
 >test.log</TT
 > in the current directory. The
 	program runs at debuglevel 3, so quite extensive logging 
 	information is written. The log should be checked carefully 
-	for errors and warnings. </P
+	for errors and warnings. </p><p>Other messages are self-explanatory. </p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of 
-><P
+	the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><tt class="filename">printcap(5)</tt>, 
->Other messages are self-explanatory. </P
+	<a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a>, <a href="smbclient.1.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(1)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN55"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 2.2 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN58"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><TT
 CLASS="FILENAME"
 >printcap(5)</TT
 >, 
 	<A
 HREF="smbd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbd(8)</B
 ></A
 >, 
 	<A
 HREF="smbclient.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >smbclient(1)</B
 ></A
 >
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN66"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The original Samba man pages were written by Karl Auer. 
 ><P
 >The original Samba man pages were written by Karl Auer. 
 	The man page sources were converted to YODL format (another 
-	excellent piece of Open Source software, available at
+	excellent piece of Open Source software, available at <a href="ftp://ftp.icce.rug.nl/pub/unix/" target="_top">
-	<A
+	ftp://ftp.icce.rug.nl/pub/unix/</a>) and updated for the Samba 2.0 
 HREF="ftp://ftp.icce.rug.nl/pub/unix/"
 TARGET="_top"
 >	ftp://ftp.icce.rug.nl/pub/unix/</A
 >) and updated for the Samba 2.0 
 	release by Jeremy Allison.  The conversion to DocBook for 
-	Samba 2.2 was done by Gerald Carter</P
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
-></DIV
+	for Samba 3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/type.html
+++ b/docs/htmldocs/type.html
@ -1,389 +1,9 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Part<EFBFBD>II.<2E>Server Configuration Basics</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="index.html" title="SAMBA Project Documentation"><link rel="previous" href="FastStart.html" title="Chapter<65>3.<2E>FastStart for the Impatient"><link rel="next" href="ServerType.html" title="Chapter<65>4.<2E>Server Types and Security Modes"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Part<EFBFBD>II.<2E>Server Configuration Basics</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="FastStart.html">Prev</a><EFBFBD></td><th width="60%" align="center"><EFBFBD></th><td width="20%" align="right"><EFBFBD><a accesskey="n" href="ServerType.html">Next</a></td></tr></table><hr></div><div class="part" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="type"></a>Server Configuration Basics</h1></div></div><div></div></div><div class="partintro" lang="en"><div><div><div><h1 class="title"><a name="id2886752"></a>First Steps in Server Configuration</h1></div></div><div></div></div><p>
-<HTML
+Samba can operate in various modes within SMB networks. This HOWTO section contains information on
-><HEAD
+configuring samba to function as the type of server your network requires. Please read this
-><TITLE
+section carefully.
->Type of installation</TITLE
+</p><div class="toc"><p><b>Table of Contents</b></p><dl><dt>4. <a href="ServerType.html">Server Types and Security Modes</a></dt><dd><dl><dt><a href="ServerType.html#id2888708">Features and Benefits</a></dt><dt><a href="ServerType.html#id2888804">Server Types</a></dt><dt><a href="ServerType.html#id2888887">Samba Security Modes</a></dt><dd><dl><dt><a href="ServerType.html#id2889003">User Level Security</a></dt><dt><a href="ServerType.html#id2889136">Share Level Security</a></dt><dt><a href="ServerType.html#id2889257">Domain Security Mode (User Level Security)</a></dt><dt><a href="ServerType.html#id2889510">ADS Security Mode (User Level Security)</a></dt><dt><a href="ServerType.html#id2889596">Server Security (User Level Security)</a></dt></dl></dd><dt><a href="ServerType.html#id2889820">Seamless Windows Network Integration</a></dt><dt><a href="ServerType.html#id2889997">Common Errors</a></dt><dd><dl><dt><a href="ServerType.html#id2890025">What makes Samba a SERVER?</a></dt><dt><a href="ServerType.html#id2890058">What makes Samba a Domain Controller?</a></dt><dt><a href="ServerType.html#id2890086">What makes Samba a Domain Member?</a></dt><dt><a href="ServerType.html#id2890120">Constantly Losing Connections to Password Server</a></dt></dl></dd></dl></dd><dt>5. <a href="samba-pdc.html">Domain Control</a></dt><dd><dl><dt><a href="samba-pdc.html#id2891927">Features and Benefits</a></dt><dt><a href="samba-pdc.html#id2892230">Basics of Domain Control</a></dt><dd><dl><dt><a href="samba-pdc.html#id2892246">Domain Controller Types</a></dt><dt><a href="samba-pdc.html#id2892458">Preparing for Domain Control</a></dt></dl></dd><dt><a href="samba-pdc.html#id2892778">Domain Control - Example Configuration</a></dt><dt><a href="samba-pdc.html#id2893076">Samba ADS Domain Control</a></dt><dt><a href="samba-pdc.html#id2893098">Domain and Network Logon Configuration</a></dt><dd><dl><dt><a href="samba-pdc.html#id2893113">Domain Network Logon Service</a></dt><dt><a href="samba-pdc.html#id2893441">Security Mode and Master Browsers</a></dt></dl></dd><dt><a href="samba-pdc.html#id2893548">Common Problems and Errors</a></dt><dd><dl><dt><a href="samba-pdc.html#id2893555">I cannot include a '$' in a machine name</a></dt><dt><a href="samba-pdc.html#id2893594">I get told &quot;You already have a connection to the Domain....&quot; 
-><META
+or &quot;Cannot join domain, the credentials supplied conflict with an 
-NAME="GENERATOR"
+existing set..&quot; when creating a machine trust account.</a></dt><dt><a href="samba-pdc.html#id2893643">The system can not log you on (C000019B)....</a></dt><dt><a href="samba-pdc.html#id2893714">The machine trust account for this computer either does not 
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
+exist or is not accessible.</a></dt><dt><a href="samba-pdc.html#id2893771">When I attempt to login to a Samba Domain from a NT4/W2K workstation,
-"><LINK
+I get a message about my account being disabled.</a></dt><dt><a href="samba-pdc.html#id2893798">Until a few minutes after Samba has started, clients get the error &quot;Domain Controller Unavailable&quot;</a></dt></dl></dd></dl></dd><dt>6. <a href="samba-bdc.html">Backup Domain Control</a></dt><dd><dl><dt><a href="samba-bdc.html#id2895956">Features And Benefits</a></dt><dt><a href="samba-bdc.html#id2896128">Essential Background Information</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896156">MS Windows NT4 Style Domain Control</a></dt><dt><a href="samba-bdc.html#id2896368">Active Directory Domain Control</a></dt><dt><a href="samba-bdc.html#id2896390">What qualifies a Domain Controller on the network?</a></dt><dt><a href="samba-bdc.html#id2896416">How does a Workstation find its domain controller?</a></dt></dl></dd><dt><a href="samba-bdc.html#id2896462">Backup Domain Controller Configuration</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896532">Example Configuration</a></dt></dl></dd><dt><a href="samba-bdc.html#id2896591">Common Errors</a></dt><dd><dl><dt><a href="samba-bdc.html#id2896605">Machine Accounts keep expiring, what can I do?</a></dt><dt><a href="samba-bdc.html#id2896630">Can Samba be a Backup Domain Controller to an NT4 PDC?</a></dt><dt><a href="samba-bdc.html#id2896663">How do I replicate the smbpasswd file?</a></dt><dt><a href="samba-bdc.html#id2896692">Can I do this all with LDAP?</a></dt></dl></dd></dl></dd><dt>7. <a href="domain-member.html">Domain Membership</a></dt><dd><dl><dt><a href="domain-member.html#id2897692">Features and Benefits</a></dt><dt><a href="domain-member.html#id2897816">MS Windows Workstation/Server Machine Trust Accounts</a></dt><dd><dl><dt><a href="domain-member.html#id2897991">Manual Creation of Machine Trust Accounts</a></dt><dt><a href="domain-member.html#id2898243">Using NT4 Server Manager to Add Machine Accounts to the Domain</a></dt><dt><a href="domain-member.html#id2898440">&quot;On-the-Fly&quot; Creation of Machine Trust Accounts</a></dt><dt><a href="domain-member.html#id2898502">Making an MS Windows Workstation or Server a Domain Member</a></dt></dl></dd><dt><a href="domain-member.html#id2898648">Domain Member Server</a></dt><dd><dl><dt><a href="domain-member.html#id2898697">Joining an NT4 type Domain with Samba-3</a></dt><dt><a href="domain-member.html#id2899075">Why is this better than security = server?</a></dt></dl></dd><dt><a href="domain-member.html#ads-member">Samba ADS Domain Membership</a></dt><dd><dl><dt><a href="domain-member.html#id2899216">Setup your smb.conf</a></dt><dt><a href="domain-member.html#id2899298">Setup your /etc/krb5.conf</a></dt><dt><a href="domain-member.html#ads-create-machine-account">Create the computer account</a></dt><dt><a href="domain-member.html#ads-test-server">Test your server setup</a></dt><dt><a href="domain-member.html#ads-test-smbclient">Testing with smbclient</a></dt><dt><a href="domain-member.html#id2899656">Notes</a></dt></dl></dd><dt><a href="domain-member.html#id2899678">Common Errors</a></dt><dd><dl><dt><a href="domain-member.html#id2899712">Can Not Add Machine Back to Domain</a></dt><dt><a href="domain-member.html#id2899742">Adding Machine to Domain Fails</a></dt></dl></dd></dl></dd><dt>8. <a href="StandAloneServer.html">Stand-Alone Servers</a></dt><dd><dl><dt><a href="StandAloneServer.html#id2902078">Features and Benefits</a></dt><dt><a href="StandAloneServer.html#id2902275">Background</a></dt><dt><a href="StandAloneServer.html#id2902347">Example Configuration</a></dt><dd><dl><dt><a href="StandAloneServer.html#id2902362">Reference Documentation Server</a></dt><dt><a href="StandAloneServer.html#id2902411">Central Print Serving</a></dt></dl></dd><dt><a href="StandAloneServer.html#id2902618">Common Errors</a></dt></dl></dd><dt>9. <a href="ClientConfig.html">MS Windows Network Configuration Guide</a></dt><dd><dl><dt><a href="ClientConfig.html#id2901732">Note</a></dt></dl></dd></dl></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="FastStart.html">Prev</a><EFBFBD></td><td width="20%" align="center"><a accesskey="u" href="index.html">Up</a></td><td width="40%" align="right"><EFBFBD><a accesskey="n" href="ServerType.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter<EFBFBD>3.<2E>FastStart for the Impatient<6E></td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"><EFBFBD>Chapter<EFBFBD>4.<2E>Server Types and Security Modes</td></tr></table></div></body></html>
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
 REL="PREVIOUS"
 TITLE="LanMan and NT Password Encryption in Samba"
 HREF="pwencrypt.html"><LINK
 REL="NEXT"
 TITLE="User and Share security level (for servers not in a domain)"
 HREF="securitylevels.html"></HEAD
 ><BODY
 CLASS="PART"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><DIV
 CLASS="NAVHEADER"
 ><TABLE
 SUMMARY="Header navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TH
 COLSPAN="3"
 ALIGN="center"
 >SAMBA Project Documentation</TH
 ></TR
 ><TR
 ><TD
 WIDTH="10%"
 ALIGN="left"
 VALIGN="bottom"
 ><A
 HREF="pwencrypt.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="80%"
 ALIGN="center"
 VALIGN="bottom"
 ></TD
 ><TD
 WIDTH="10%"
 ALIGN="right"
 VALIGN="bottom"
 ><A
 HREF="securitylevels.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ></TABLE
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"></DIV
 ><DIV
 CLASS="PART"
 ><A
 NAME="TYPE"><DIV
 CLASS="TITLEPAGE"
 ><H1
 CLASS="TITLE"
 >II. Type of installation</H1
 ><DIV
 CLASS="PARTINTRO"
 ><A
 NAME="AEN531"><H1
 >Introduction</H1
 ><P
 >Samba can operate in various SMB networks. This part contains information on configuring samba 
 for various environments.</P
 ></DIV
 ><DIV
 CLASS="TOC"
 ><DL
 ><DT
 ><B
 >Table of Contents</B
 ></DT
 ><DT
 >5. <A
 HREF="securitylevels.html"
 >User and Share security level (for servers not in a domain)</A
 ></DT
 ><DT
 >6. <A
 HREF="samba-pdc.html"
 >How to Configure Samba as a NT4 Primary Domain Controller</A
 ></DT
 ><DD
 ><DL
 ><DT
 >6.1. <A
 HREF="samba-pdc.html#AEN575"
 >Prerequisite Reading</A
 ></DT
 ><DT
 >6.2. <A
 HREF="samba-pdc.html#AEN581"
 >Background</A
 ></DT
 ><DT
 >6.3. <A
 HREF="samba-pdc.html#AEN620"
 >Configuring the Samba Domain Controller</A
 ></DT
 ><DT
 >6.4. <A
 HREF="samba-pdc.html#AEN663"
 >Creating Machine Trust Accounts and Joining Clients to the
 Domain</A
 ></DT
 ><DD
 ><DL
 ><DT
 >6.4.1. <A
 HREF="samba-pdc.html#AEN682"
 >Manual Creation of Machine Trust Accounts</A
 ></DT
 ><DT
 >6.4.2. <A
 HREF="samba-pdc.html#AEN723"
 >"On-the-Fly" Creation of Machine Trust Accounts</A
 ></DT
 ><DT
 >6.4.3. <A
 HREF="samba-pdc.html#AEN732"
 >Joining the Client to the Domain</A
 ></DT
 ></DL
 ></DD
 ><DT
 >6.5. <A
 HREF="samba-pdc.html#AEN747"
 >Common Problems and Errors</A
 ></DT
 ><DT
 >6.6. <A
 HREF="samba-pdc.html#AEN795"
 >System Policies and Profiles</A
 ></DT
 ><DT
 >6.7. <A
 HREF="samba-pdc.html#AEN839"
 >What other help can I get?</A
 ></DT
 ><DT
 >6.8. <A
 HREF="samba-pdc.html#AEN953"
 >Domain Control for Windows 9x/ME</A
 ></DT
 ><DD
 ><DL
 ><DT
 >6.8.1. <A
 HREF="samba-pdc.html#AEN979"
 >Configuration Instructions:	Network Logons</A
 ></DT
 ><DT
 >6.8.2. <A
 HREF="samba-pdc.html#AEN998"
 >Configuration Instructions:	Setting up Roaming User Profiles</A
 ></DT
 ></DL
 ></DD
 ><DT
 >6.9. <A
 HREF="samba-pdc.html#AEN1091"
 >DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
 ></DT
 ></DL
 ></DD
 ><DT
 >7. <A
 HREF="samba-bdc.html"
 >How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
 ></DT
 ><DD
 ><DL
 ><DT
 >7.1. <A
 HREF="samba-bdc.html#AEN1127"
 >Prerequisite Reading</A
 ></DT
 ><DT
 >7.2. <A
 HREF="samba-bdc.html#AEN1131"
 >Background</A
 ></DT
 ><DT
 >7.3. <A
 HREF="samba-bdc.html#AEN1139"
 >What qualifies a Domain Controller on the network?</A
 ></DT
 ><DD
 ><DL
 ><DT
 >7.3.1. <A
 HREF="samba-bdc.html#AEN1142"
 >How does a Workstation find its domain controller?</A
 ></DT
 ><DT
 >7.3.2. <A
 HREF="samba-bdc.html#AEN1145"
 >When is the PDC needed?</A
 ></DT
 ></DL
 ></DD
 ><DT
 >7.4. <A
 HREF="samba-bdc.html#AEN1148"
 >Can Samba be a Backup Domain Controller?</A
 ></DT
 ><DT
 >7.5. <A
 HREF="samba-bdc.html#AEN1152"
 >How do I set up a Samba BDC?</A
 ></DT
 ><DD
 ><DL
 ><DT
 >7.5.1. <A
 HREF="samba-bdc.html#AEN1169"
 >How do I replicate the smbpasswd file?</A
 ></DT
 ></DL
 ></DD
 ></DL
 ></DD
 ><DT
 >8. <A
 HREF="ads.html"
 >Samba as a ADS domain member</A
 ></DT
 ><DD
 ><DL
 ><DT
 >8.1. <A
 HREF="ads.html#AEN1187"
 >Installing the required packages for Debian</A
 ></DT
 ><DT
 >8.2. <A
 HREF="ads.html#AEN1193"
 >Installing the required packages for RedHat</A
 ></DT
 ><DT
 >8.3. <A
 HREF="ads.html#AEN1202"
 >Compile Samba</A
 ></DT
 ><DT
 >8.4. <A
 HREF="ads.html#AEN1217"
 >Setup your /etc/krb5.conf</A
 ></DT
 ><DT
 >8.5. <A
 HREF="ads.html#AEN1227"
 >Create the computer account</A
 ></DT
 ><DD
 ><DL
 ><DT
 >8.5.1. <A
 HREF="ads.html#AEN1231"
 >Possible errors</A
 ></DT
 ></DL
 ></DD
 ><DT
 >8.6. <A
 HREF="ads.html#AEN1243"
 >Test your server setup</A
 ></DT
 ><DT
 >8.7. <A
 HREF="ads.html#AEN1248"
 >Testing with smbclient</A
 ></DT
 ><DT
 >8.8. <A
 HREF="ads.html#AEN1251"
 >Notes</A
 ></DT
 ></DL
 ></DD
 ><DT
 >9. <A
 HREF="domain-security.html"
 >Samba as a NT4 domain member</A
 ></DT
 ><DD
 ><DL
 ><DT
 >9.1. <A
 HREF="domain-security.html#AEN1273"
 >Joining an NT Domain with Samba 2.2</A
 ></DT
 ><DT
 >9.2. <A
 HREF="domain-security.html#AEN1337"
 >Samba and Windows 2000 Domains</A
 ></DT
 ><DT
 >9.3. <A
 HREF="domain-security.html#AEN1342"
 >Why is this better than security = server?</A
 ></DT
 ></DL
 ></DD
 ></DL
 ></DIV
 ></DIV
 ></DIV
 ><DIV
 CLASS="NAVFOOTER"
 ><HR
 ALIGN="LEFT"
 WIDTH="100%"><TABLE
 SUMMARY="Footer navigation table"
 WIDTH="100%"
 BORDER="0"
 CELLPADDING="0"
 CELLSPACING="0"
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 ><A
 HREF="pwencrypt.html"
 ACCESSKEY="P"
 >Prev</A
 ></TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 ><A
 HREF="samba-howto-collection.html"
 ACCESSKEY="H"
 >Home</A
 ></TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 ><A
 HREF="securitylevels.html"
 ACCESSKEY="N"
 >Next</A
 ></TD
 ></TR
 ><TR
 ><TD
 WIDTH="33%"
 ALIGN="left"
 VALIGN="top"
 >LanMan and NT Password Encryption in Samba</TD
 ><TD
 WIDTH="34%"
 ALIGN="center"
 VALIGN="top"
 >&nbsp;</TD
 ><TD
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
 >User and Share security level (for servers not in a domain)</TD
 ></TR
 ></TABLE
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/vfstest.1.html
+++ b/docs/htmldocs/vfstest.1.html
@ -1,487 +1,43 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>vfstest</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="vfstest.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>vfstest &#8212; tool for testing samba VFS modules </p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">vfstest</tt>  [-d debuglevel] [-c command] [-l logfile] [-h]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p><b class="command">vfstest</b> is a small command line
 <HTML
 ><HEAD
 ><TITLE
 >vfstest</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
 "></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="VFSTEST">vfstest</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >vfstest&nbsp;--&nbsp;tool for testing samba VFS modules </DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >vfstest</B
 > [-d debuglevel] [-c command] [-l logfile] [-h]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN15"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 ><B
 CLASS="COMMAND"
 >vfstest</B
 > is a small command line
 	utility that has the ability to test dso samba VFS modules. It gives the
 	user the ability to call the various VFS functions manually and
 	supports cascaded VFS modules.
-	</P
+	</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-c|--command=command</span></dt><dd><p>Execute the specified (colon-separated) commands.
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN21"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-c|--command=command</DT
 ><DD
 ><P
 >Execute the specified (colon-separated) commands.
 		See below for the commands that are available.
-		</P
+		</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-></DD
+</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
-><DT
+		<tt class="constant">'.client'</tt> will be appended. The log file is never removed
->-d|--debug=debuglevel</DT
+		by the client.
-><DD
+		</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for 
-><P
+<b class="command">smbd</b>.</p></dd><dt><span class="term">-s &lt;configuration file&gt;</span></dt><dd><p>The file specified contains the 
-><TT
+configuration details required by the server.  The 
-CLASS="REPLACEABLE"
+information in this file includes server-specific
-><I
+information such as what printcap file to use, as well 
->debuglevel</I
+as descriptions of all the services that the server is 
-></TT
+to provide. See <a href="smb.conf.5.html" target="_top"><tt class="filename">
-> is an integer 
+smb.conf(5)</tt></a> for more information.
 The default configuration file name is determined at 
 compile time.</p></dd><dt><span class="term">-d|--debug=debuglevel</span></dt><dd><p><i class="replaceable"><tt>debuglevel</tt></i> is an integer 
 from 0 to 10.  The default value if this parameter is 
-not specified is zero.</P
+not specified is zero.</p><p>The higher this value, the more detail will be 
 ><P
 >The higher this value, the more detail will be 
 logged to the log files about the activities of the 
 server. At level 0, only critical errors and serious 
 warnings will be logged. Level 1 is a reasonable level for
 day to day running - it generates a small amount of 
-information about operations carried out.</P
+information about operations carried out.</p><p>Levels above 1 will generate considerable 
 ><P
 >Levels above 1 will generate considerable 
 amounts of log data, and should only be used when 
 investigating a problem. Levels above 3 are designed for 
 use only by developers and generate HUGE amounts of log
-data, most of which is extremely cryptic.</P
+data, most of which is extremely cryptic.</p><p>Note that specifying this parameter here will 
-><P
+override the <a href="smb.conf.5.html#loglevel" target="_top">log
->Note that specifying this parameter here will 
+level</a> parameter in the <a href="smb.conf.5.html" target="_top">
-override the <A
+<tt class="filename">smb.conf(5)</tt></a> file.</p></dd><dt><span class="term">-l|--logfile=logbasename</span></dt><dd><p>File name for log/debug files. The extension
-HREF="smb.conf.5.html#loglevel"
+<tt class="constant">&quot;.client&quot;</tt> will be appended. The log file is
-TARGET="_top"
+never removed by the client.
->log
+</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>COMMANDS</h2><p><span class="emphasis"><em>VFS COMMANDS</em></span></p><div class="itemizedlist"><ul type="disc"><li><p><b class="command">load &lt;module.so&gt;</b> - Load specified VFS module </p></li><li><p><b class="command">populate &lt;char&gt; &lt;size&gt;</b> - Populate a data buffer with the specified data
-level</A
+		</p></li><li><p><b class="command">showdata [&lt;offset&gt; &lt;len&gt;]</b> - Show data currently in data buffer
-> parameter in the <A
+		</p></li><li><p><b class="command">connect</b> - VFS connect()</p></li><li><p><b class="command">disconnect</b> - VFS disconnect()</p></li><li><p><b class="command">disk_free</b> - VFS disk_free()</p></li><li><p><b class="command">opendir</b> - VFS opendir()</p></li><li><p><b class="command">readdir</b> - VFS readdir()</p></li><li><p><b class="command">mkdir</b> - VFS mkdir()</p></li><li><p><b class="command">rmdir</b> - VFS rmdir()</p></li><li><p><b class="command">closedir</b> - VFS closedir()</p></li><li><p><b class="command">open</b> - VFS open()</p></li><li><p><b class="command">close</b> - VFS close()</p></li><li><p><b class="command">read</b> - VFS read()</p></li><li><p><b class="command">write</b> - VFS write()</p></li><li><p><b class="command">lseek</b> - VFS lseek()</p></li><li><p><b class="command">rename</b> - VFS rename()</p></li><li><p><b class="command">fsync</b> - VFS fsync()</p></li><li><p><b class="command">stat</b> - VFS stat()</p></li><li><p><b class="command">fstat</b> - VFS fstat()</p></li><li><p><b class="command">lstat</b> - VFS lstat()</p></li><li><p><b class="command">unlink</b> - VFS unlink()</p></li><li><p><b class="command">chmod</b> - VFS chmod()</p></li><li><p><b class="command">fchmod</b> - VFS fchmod()</p></li><li><p><b class="command">chown</b> - VFS chown()</p></li><li><p><b class="command">fchown</b> - VFS fchown()</p></li><li><p><b class="command">chdir</b> - VFS chdir()</p></li><li><p><b class="command">getwd</b> - VFS getwd()</p></li><li><p><b class="command">utime</b> - VFS utime()</p></li><li><p><b class="command">ftruncate</b> - VFS ftruncate()</p></li><li><p><b class="command">lock</b> - VFS lock()</p></li><li><p><b class="command">symlink</b> - VFS symlink()</p></li><li><p><b class="command">readlink</b> - VFS readlink()</p></li><li><p><b class="command">link</b> - VFS link()</p></li><li><p><b class="command">mknod</b> - VFS mknod()</p></li><li><p><b class="command">realpath</b> - VFS realpath()</p></li></ul></div><p><span class="emphasis"><em>GENERAL COMMANDS</em></span></p><div class="itemizedlist"><ul type="disc"><li><p><b class="command">conf &lt;smb.conf&gt;</b> - Load a different configuration file</p></li><li><p><b class="command">help [&lt;command&gt;]</b> - Get list of commands or info about specified command</p></li><li><p><b class="command">debuglevel &lt;level&gt;</b> - Set debug level</p></li><li><p><b class="command">freemem</b> - Free memory currently in use</p></li><li><p><b class="command">exit</b> - Exit vfstest</p></li></ul></div></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of the Samba
-HREF="smb.conf.5.html"
+	suite.</p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities
 TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >smb.conf(5)</TT
 ></A
 > file.</P
 ></DD
 ><DT
 >-h|--help</DT
 ><DD
 ><P
 >Print a summary of command line options.</P
 ></DD
 ><DT
 >-l|--logfile=logbasename</DT
 ><DD
 ><P
 >File name for log/debug files. The extension
 		<TT
 CLASS="CONSTANT"
 >'.client'</TT
 > will be appended. The log file is never removed
 		by the client.
 		</P
 ></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN48"
 ></A
 ><H2
 >COMMANDS</H2
 ><P
 ><I
 CLASS="EMPHASIS"
 >VFS COMMANDS</I
 ></P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >load &#60;module.so&#62;</B
 > - Load specified VFS module </P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >populate &#60;char&#62; &#60;size&#62;</B
 > - Populate a data buffer with the specified data
 		</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >showdata [&#60;offset&#62; &#60;len&#62;]</B
 > - Show data currently in data buffer
 		</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >connect</B
 > - VFS connect()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >disconnect</B
 > - VFS disconnect()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >disk_free</B
 > - VFS disk_free()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >opendir</B
 > - VFS opendir()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >readdir</B
 > - VFS readdir()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >mkdir</B
 > - VFS mkdir()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >rmdir</B
 > - VFS rmdir()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >closedir</B
 > - VFS closedir()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >open</B
 > - VFS open()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >close</B
 > - VFS close()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >read</B
 > - VFS read()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >write</B
 > - VFS write()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >lseek</B
 > - VFS lseek()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >rename</B
 > - VFS rename()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >fsync</B
 > - VFS fsync()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >stat</B
 > - VFS stat()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >fstat</B
 > - VFS fstat()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >lstat</B
 > - VFS lstat()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >unlink</B
 > - VFS unlink()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >chmod</B
 > - VFS chmod()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >fchmod</B
 > - VFS fchmod()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >chown</B
 > - VFS chown()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >fchown</B
 > - VFS fchown()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >chdir</B
 > - VFS chdir()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >getwd</B
 > - VFS getwd()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >utime</B
 > - VFS utime()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >ftruncate</B
 > - VFS ftruncate()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >lock</B
 > - VFS lock()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >symlink</B
 > - VFS symlink()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >readlink</B
 > - VFS readlink()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >link</B
 > - VFS link()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >mknod</B
 > - VFS mknod()</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >realpath</B
 > - VFS realpath()</P
 ></LI
 ></UL
 ><P
 ><I
 CLASS="EMPHASIS"
 >GENERAL COMMANDS</I
 ></P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >conf &#60;smb.conf&#62;</B
 > - Load a different configuration file</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >help [&#60;command&#62;]</B
 > - Get list of commands or info about specified command</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >debuglevel &#60;level&#62;</B
 > - Set debug level</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >freemem</B
 > - Free memory currently in use</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >exit</B
 > - Exit vfstest</P
 ></LI
 ></UL
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN179"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 3.0 of the Samba
 	suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN182"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p>The vfstest man page was written by Jelmer Vernooij.</p></div></div></body></html>
 ><P
 >The vfstest man page was written by Jelmer Vernooij.</P
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/wbinfo.1.html
+++ b/docs/htmldocs/wbinfo.1.html
@ -1,383 +1,71 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>wbinfo</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="wbinfo.1"></a><div class="titlepage"><div></div><div></div></div><div class="refnamediv"><h2>Name</h2><p>wbinfo &#8212; Query information from winbind daemon</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><tt class="command">wbinfo</tt>  [-u] [-g] [-N netbios-name] [-I ip] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [--sequence] [-r user] [-a user%password] [-A user%password] [--get-auth-user] [-p]</p></div></div><div class="refsect1" lang="en"><h2>DESCRIPTION</h2><p>This tool is part of the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> suite.</p><p>The <b class="command">wbinfo</b> program queries and returns information 
-<HTML
+	created and used by the <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon. </p><p>The <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon must be configured 
-><HEAD
+	and running for the <b class="command">wbinfo</b> program to be able 
-><TITLE
+	to return information.</p></div><div class="refsect1" lang="en"><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">-u</span></dt><dd><p>This option will list all users available 
->wbinfo</TITLE
+		in the Windows NT domain for which the <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon is operating in. Users in all trusted domains 
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.77"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
 NAME="WBINFO"
 ></A
 >wbinfo</H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
 NAME="AEN5"
 ></A
 ><H2
 >Name</H2
 >wbinfo&nbsp;--&nbsp;Query information from winbind daemon</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
 NAME="AEN8"
 ></A
 ><H2
 >Synopsis</H2
 ><P
 ><B
 CLASS="COMMAND"
 >wbinfo</B
 >  [-u] [-g] [-i ip] [-N netbios-name] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-r user] [-a user%password] [-A user%password] [-p]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN27"
 ></A
 ><H2
 >DESCRIPTION</H2
 ><P
 >This tool is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
 >The <B
 CLASS="COMMAND"
 >wbinfo</B
 > program queries and returns information 
 	created and used by the <A
 HREF="winbindd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >	winbindd(8)</B
 ></A
 > daemon. </P
 ><P
 >The <B
 CLASS="COMMAND"
 >winbindd(8)</B
 > daemon must be configured 
 	and running for the <B
 CLASS="COMMAND"
 >wbinfo</B
 > program to be able 
 	to return information.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN38"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
 ></P
 ><DIV
 CLASS="VARIABLELIST"
 ><DL
 ><DT
 >-u</DT
 ><DD
 ><P
 >This option will list all users available 
 		in the Windows NT domain for which the <B
 CLASS="COMMAND"
 >winbindd(8)
 		</B
 > daemon is operating in. Users in all trusted domains 
 		will also be listed.  Note that this operation does not assign 
-		user ids to any users that have not already been seen by 
+		user ids to any users that have not already been seen by <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a>
-		<B
+		.</p></dd><dt><span class="term">-g</span></dt><dd><p>This option will list all groups available 
-CLASS="COMMAND"
+		in the Windows NT domain for which the <a href="Samba.7.html"><span class="citerefentry"><span class="refentrytitle">Samba</span>(7)</span></a> daemon is operating in. Groups in all trusted domains
 >winbindd(8)</B
 >.</P
 ></DD
 ><DT
 >-g</DT
 ><DD
 ><P
 >This option will list all groups available 
 		in the Windows NT domain for which the <B
 CLASS="COMMAND"
 >winbindd(8)
 		</B
 > daemon is operating in. Groups in all trusted domains
 		will also be listed.  Note that this operation does not assign 
-		group ids to any groups that have not already been seen by
+		group ids to any groups that have not already been 
-		<B
+		seen by <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a>. </p></dd><dt><span class="term">-N name</span></dt><dd><p>The <i class="parameter"><tt>-N</tt></i> option 
-CLASS="COMMAND"
+		queries <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> to query the WINS
 >winbindd(8)</B
 >. </P
 ></DD
 ><DT
 >-N name</DT
 ><DD
 ><P
 >The <TT
 CLASS="PARAMETER"
 ><I
 >-N</I
 ></TT
 > option 
 		queries <B
 CLASS="COMMAND"
 >winbindd(8)</B
 > to query the WINS
 		server for the IP address associated with the NetBIOS name
-		specified by the <TT
+		specified by the <i class="parameter"><tt>name</tt></i> parameter.
-CLASS="PARAMETER"
+		</p></dd><dt><span class="term">-I ip</span></dt><dd><p>The <i class="parameter"><tt>-I</tt></i> option 
-><I
+		queries <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> to send a node status
 >name</I
 ></TT
 > parameter.
 		</P
 ></DD
 ><DT
 >-I ip</DT
 ><DD
 ><P
 >The <TT
 CLASS="PARAMETER"
 ><I
 >-I</I
 ></TT
 > option 
 		queries <B
 CLASS="COMMAND"
 >winbindd(8)</B
 > to send a node status
 		request to get the NetBIOS name associated with the IP address
-		specified by the <TT
+		specified by the <i class="parameter"><tt>ip</tt></i> parameter.
-CLASS="PARAMETER"
+		</p></dd><dt><span class="term">-n name</span></dt><dd><p>The <i class="parameter"><tt>-n</tt></i> option 
-><I
+		queries <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> for the SID 		
 >ip</I
 ></TT
 > parameter.
 		</P
 ></DD
 ><DT
 >-n name</DT
 ><DD
 ><P
 >The <TT
 CLASS="PARAMETER"
 ><I
 >-n</I
 ></TT
 > option 
 		queries <B
 CLASS="COMMAND"
 >winbindd(8)</B
 > for the SID 		
 		associated with the name specified. Domain names can be specified 
 		before the user name by using the winbind separator character.  
 		For example CWDOM1/Administrator refers to the Administrator
 		user in the domain CWDOM1.  If no domain is specified then the 
-		domain used is the one specified in the <TT
+		domain used is the one specified in the <a href="smb.conf.5.html"><span class="citerefentry"><span class="refentrytitle">smb.conf</span>(5)</span></a>	<i class="parameter"><tt>workgroup
-CLASS="FILENAME"
+		</tt></i> parameter. </p></dd><dt><span class="term">-s sid</span></dt><dd><p>Use <i class="parameter"><tt>-s</tt></i> to resolve
->smb.conf</TT
+		a SID to a name.  This is the inverse of the <i class="parameter"><tt>-n
->
+		</tt></i> option above.  SIDs must be specified as ASCII strings 
 		<TT
 CLASS="PARAMETER"
 ><I
 >workgroup</I
 ></TT
 > parameter. </P
 ></DD
 ><DT
 >-s sid</DT
 ><DD
 ><P
 >Use <TT
 CLASS="PARAMETER"
 ><I
 >-s</I
 ></TT
 > to resolve
 		a SID to a name.  This is the inverse of the <TT
 CLASS="PARAMETER"
 ><I
 >-n
 		</I
 ></TT
 > option above.  SIDs must be specified as ASCII strings 
 		in the traditional Microsoft format. For example,
-		S-1-5-21-1455342024-3071081365-2475485837-500. </P
+		S-1-5-21-1455342024-3071081365-2475485837-500. </p></dd><dt><span class="term">-U uid</span></dt><dd><p>Try to convert a UNIX user id to a Windows NT 
 ></DD
 ><DT
 >-U uid</DT
 ><DD
 ><P
 >Try to convert a UNIX user id to a Windows NT 
 		SID.  If the uid specified does not refer to one within
-		the winbind uid range then the operation will fail. </P
+		the winbind uid range then the operation will fail. </p></dd><dt><span class="term">-G gid</span></dt><dd><p>Try to convert a UNIX group id to a Windows 
 ></DD
 ><DT
 >-G gid</DT
 ><DD
 ><P
 >Try to convert a UNIX group id to a Windows 
 		NT SID.  If the gid specified does not refer to one within 
-		the winbind gid range then the operation will fail. </P
+		the winbind gid range then the operation will fail. </p></dd><dt><span class="term">-S sid</span></dt><dd><p>Convert a SID to a UNIX user id.  If the SID 
-></DD
+		does not correspond to a UNIX user mapped by <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> then the operation will fail. </p></dd><dt><span class="term">-Y sid</span></dt><dd><p>Convert a SID to a UNIX group id.  If the SID 
-><DT
+		does not correspond to a UNIX group mapped by <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> then 
->-S sid</DT
+		the operation will fail. </p></dd><dt><span class="term">-t</span></dt><dd><p>Verify that the workstation trust account 
 ><DD
 ><P
 >Convert a SID to a UNIX user id.  If the SID 
 		does not correspond to a UNIX user mapped by <B
 CLASS="COMMAND"
 >		winbindd(8)</B
 > then the operation will fail. </P
 ></DD
 ><DT
 >-Y sid</DT
 ><DD
 ><P
 >Convert a SID to a UNIX group id.  If the SID 
 		does not correspond to a UNIX group mapped by <B
 CLASS="COMMAND"
 >		winbindd(8)</B
 > then the operation will fail. </P
 ></DD
 ><DT
 >-t</DT
 ><DD
 ><P
 >Verify that the workstation trust account 
 		created when the Samba server is added to the Windows NT
-		domain is working. </P
+		domain is working. </p></dd><dt><span class="term">-m</span></dt><dd><p>Produce a list of domains trusted by the 
-></DD
+		Windows NT server <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> contacts 
 ><DT
 >-m</DT
 ><DD
 ><P
 >Produce a list of domains trusted by the 
 		Windows NT server <B
 CLASS="COMMAND"
 >winbindd(8)</B
 > contacts 
 		when resolving names.  This list does not include the Windows 
 		NT domain the server is a Primary Domain Controller for.
-		</P
+		</p></dd><dt><span class="term">--sequence</span></dt><dd><p>Show sequence numbers of 
-></DD
+		all known domains</p></dd><dt><span class="term">-r username</span></dt><dd><p>Try to obtain the list of UNIX group ids
 ><DT
 >-r username</DT
 ><DD
 ><P
 >Try to obtain the list of UNIX group ids
 		to which the user belongs.  This only works for users
 		defined on a Domain Controller.
-		</P
+		</p></dd><dt><span class="term">-a username%password</span></dt><dd><p>Attempt to authenticate a user via winbindd. 
 ></DD
 ><DT
 >-a username%password</DT
 ><DD
 ><P
 >Attempt to authenticate a user via winbindd. 
                This checks both authenticaion methods and reports its results.
-		</P
+		</p></dd><dt><span class="term">-A username%password</span></dt><dd><p>Store username and password used by winbindd 
 ></DD
 ><DT
 >-A username%password</DT
 ><DD
 ><P
 >Store username and password used by winbindd 
 		during session setup to a domain controller.  This enables
 		winbindd to operate in a Windows 2000 domain with Restrict
 		Anonymous turned on (a.k.a. Permissions compatiable with
 		Windows 2000 servers only).
-		</P
+		</p></dd><dt><span class="term">--get-auth-user</span></dt><dd><p>Print username and password used by winbindd
-></DD
+		during session setup to a domain controller. Username 
-></DL
+		and password can be set using '-A'. Only available for 
-></DIV
+		root.</p></dd><dt><span class="term">-p</span></dt><dd><p>Check whether winbindd is still alive. 
-></DIV
+		Prints out either 'succeeded' or 'failed'.
-><DIV
+		</p></dd><dt><span class="term">-V</span></dt><dd><p>Prints the version number for 
-CLASS="REFSECT1"
+<b class="command">smbd</b>.</p></dd><dt><span class="term">-h|--help</span></dt><dd><p>Print a summary of command line options.
-><A
+</p></dd></dl></div></div><div class="refsect1" lang="en"><h2>EXIT STATUS</h2><p>The wbinfo program returns 0 if the operation 
-NAME="AEN120"
+	succeeded, or 1 if the operation failed.  If the <a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a> daemon is not working <b class="command">wbinfo</b> will always return 
-></A
+	failure. </p></div><div class="refsect1" lang="en"><h2>VERSION</h2><p>This man page is correct for version 3.0 of 
-><H2
+	the Samba suite.</p></div><div class="refsect1" lang="en"><h2>SEE ALSO</h2><p><a href="winbindd.8.html"><span class="citerefentry"><span class="refentrytitle">winbindd</span>(8)</span></a></p></div><div class="refsect1" lang="en"><h2>AUTHOR</h2><p>The original Samba software and related utilities 
 >EXIT STATUS</H2
 ><P
 >The wbinfo program returns 0 if the operation 
 	succeeded, or 1 if the operation failed.  If the <B
 CLASS="COMMAND"
 >winbindd(8)
 	</B
 > daemon is not working <B
 CLASS="COMMAND"
 >wbinfo</B
 > will always return 
 	failure. </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN125"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 3.0 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN128"
 ></A
 ><H2
 >SEE ALSO</H2
 ><P
 ><A
 HREF="winbindd.8.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >winbindd(8)</B
 >
 	</A
 ></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
 NAME="AEN133"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
 >The original Samba software and related utilities 
 	were created by Andrew Tridgell. Samba is now developed
 	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
+	to the way the Linux kernel is developed.</p><p><b class="command">wbinfo</b> and <b class="command">winbindd</b>
-><P
+	were written by Tim Potter.</p><p>The conversion to DocBook for Samba 2.2 was done 
-><B
+	by Gerald Carter. The conversion to DocBook XML 4.2 for Samba
-CLASS="COMMAND"
+	3.0 was done by Alexander Bokovoy.</p></div></div></body></html>
 >wbinfo</B
 > and <B
 CLASS="COMMAND"
 >winbindd</B
 >
 	were written by Tim Potter.</P
 ><P
 >The conversion to DocBook for Samba 2.2 was done 
 	by Gerald Carter</P
 ></DIV
 ></BODY
 ></HTML
 >
--- a/docs/htmldocs/winbind.html
+++ b/docs/htmldocs/winbind.html
--- a/docs/htmldocs/winbindd.8.html
+++ b/docs/htmldocs/winbindd.8.html
--- a/docs/manpages/findsmb.1
+++ b/docs/manpages/findsmb.1
@ -1,100 +1,95 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "FINDSMB" "1" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "FINDSMB" 1 "" "" ""
 .SH NAME
 findsmb \- list info about machines that respond to SMB name queries on a subnet
-.SH SYNOPSIS
+.SH "SYNOPSIS"
 \fBfindsmb\fR [ \fBsubnet broadcast address\fR ]
 .SH "DESCRIPTION"
 .PP
 This perl script is part of the  Samba suite.
 .PP
 \fBfindsmb\fR is a perl script that
 prints out several pieces of information about machines 
 on a subnet that respond to SMB  name query requests.
 It uses \fB nmblookup(1)\fR to obtain this information.
 .SH "OPTIONS"
 .TP
 \fB-r\fR
 Controls whether \fBfindsmb\fR takes
 bugs in Windows95 into account when trying to find a Netbios name
 registered of the remote machine. This option is disabled by default
 because it is specific to Windows 95 and Windows 95 machines only. 
 If set, \fBnmblookup\fR
 will be called with -B option.
 .TP
 \fBsubnet broadcast address\fR
 Without this option, \fBfindsmb
 \fR will probe the subnet of the machine where 
 \fBfindsmb\fR is run. This value is passed 
 to \fBnmblookup\fR as part of the 
 -B option.
 .SH "EXAMPLES"
 .PP
 The output of \fBfindsmb\fR lists the following 
 information for all machines that respond to the initial 
 \fBnmblookup\fR for any name: IP address, NetBIOS name, 
 Workgroup name, operating system, and SMB server version.
 .PP
 There will be a '+' in front of the workgroup name for 
 machines that are local master browsers for that workgroup. There 
 will be an '*' in front of the workgroup name for 
 machines that are the domain master browser for that workgroup. 
 Machines that are running Windows, Windows 95 or Windows 98 will 
 not show any information about the operating system or server 
 version.
 .PP
 The command with -r option
 must be run on a system without \fBnmbd\fR running. 
 If \fBnmbd\fR is running on the system, you will 
 only  get the IP address and the DNS name of the machine. To 
 get proper responses  from Windows 95 and Windows 98 machines, 
 the command must be run as root and with -r
 option on a machine without \fBnmbd\fR running.
 .PP
 For example, running \fBfindsmb\fR without 
 -r option set would yield output similar
 to the following
 .nf
 \fBfindsmb\fR [subnet broadcast address]
 .fi
 .SH "DESCRIPTION"
 .PP
 This perl script is part of the \fBSamba\fR(7) suite\&.
 .PP
 \fBfindsmb\fR is a perl script that prints out several pieces of information about machines on a subnet that respond to SMB name query requests\&. It uses \fBnmblookup\fR(1) and \fBsmbclient\fR(1) to obtain this information\&.
 .SH "OPTIONS"
 .TP
 -r
 Controls whether \fBfindsmb\fR takes bugs in Windows95 into account when trying to find a Netbios name registered of the remote machine\&. This option is disabled by default because it is specific to Windows 95 and Windows 95 machines only\&. If set, \fBnmblookup\fR(1) will be called with \fB-B\fR option\&.
 .TP
 subnet broadcast address
 Without this option, \fBfindsmb \fR will probe the subnet of the machine where \fBfindsmb\fR(1) is run\&. This value is passed to \fBnmblookup\fR(1) as part of the \fB-B\fR option\&.
 .SH "EXAMPLES"
 .PP
 The output of \fBfindsmb\fR lists the following information for all machines that respond to the initial\fBnmblookup\fR for any name: IP address, NetBIOS name, Workgroup name, operating system, and SMB server version\&.
 .PP
 There will be a '+' in front of the workgroup name for machines that are local master browsers for that workgroup\&. There will be an '*' in front of the workgroup name for machines that are the domain master browser for that workgroup\&. Machines that are running Windows, Windows 95 or Windows 98 will not show any information about the operating system or server version\&.
 .PP
 The command with \fB-r\fR option must be run on a system without \fBnmbd\fR(8)running\&. If \fBnmbd\fR is running on the system, you will only get the IP address and the DNS name of the machine\&. To get proper responses from Windows 95 and Windows 98 machines, the command must be run as root and with \fB-r\fR option on a machine without \fBnmbd\fR running\&.
 .PP
 For example, running \fBfindsmb\fR without \fB-r\fR option set would yield output similar to the following
 .nf
 IP ADDR         NETBIOS NAME   WORKGROUP/OS/VERSION 
 --------------------------------------------------------------------- 
-192.168.35.10   MINESET-TEST1  [DMVENGR]
+192\&.168\&.35\&.10   MINESET-TEST1  [DMVENGR]
-192.168.35.55   LINUXBOX      *[MYGROUP] [Unix] [Samba 2.0.6]
+192\&.168\&.35\&.55   LINUXBOX      *[MYGROUP] [Unix] [Samba 2\&.0\&.6]
-192.168.35.56   HERBNT2        [HERB-NT]
+192\&.168\&.35\&.56   HERBNT2        [HERB-NT]
-192.168.35.63   GANDALF        [MVENGR] [Unix] [Samba 2.0.5a for IRIX]
+192\&.168\&.35\&.63   GANDALF        [MVENGR] [Unix] [Samba 2\&.0\&.5a for IRIX]
-192.168.35.65   SAUNA          [WORKGROUP] [Unix] [Samba 1.9.18p10]
+192\&.168\&.35\&.65   SAUNA          [WORKGROUP] [Unix] [Samba 1\&.9\&.18p10]
-192.168.35.71   FROGSTAR       [ENGR] [Unix] [Samba 2.0.0 for IRIX]
+192\&.168\&.35\&.71   FROGSTAR       [ENGR] [Unix] [Samba 2\&.0\&.0 for IRIX]
-192.168.35.78   HERBDHCP1     +[HERB]
+192\&.168\&.35\&.78   HERBDHCP1     +[HERB]
-192.168.35.88   SCNT2         +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
+192\&.168\&.35\&.88   SCNT2         +[MVENGR] [Windows NT 4\&.0] [NT LAN Manager 4\&.0]
-192.168.35.93   FROGSTAR-PC    [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
+192\&.168\&.35\&.93   FROGSTAR-PC    [MVENGR] [Windows 5\&.0] [Windows 2000 LAN Manager]
-192.168.35.97   HERBNT1       *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
+192\&.168\&.35\&.97   HERBNT1       *[HERB-NT] [Windows NT 4\&.0] [NT LAN Manager 4\&.0]
 .fi
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fBnmbd(8)\fR 
+\fBnmbd\fR(8),\fBsmbclient\fR(1), and \fBnmblookup\fR(1) 
-\fBsmbclient(1)
+
 \fR and  \fBnmblookup(1)\fR
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/lmhosts.5
+++ b/docs/manpages/lmhosts.5
@ -1,86 +1,92 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "LMHOSTS" "5" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "LMHOSTS" 5 "" "" ""
 .SH NAME
 lmhosts \- The Samba NetBIOS hosts file
-.SH SYNOPSIS
+.SH "SYNOPSIS"
 .PP
-\fIlmhosts\fR is the  Samba NetBIOS name to IP address mapping file.
+\fIlmhosts\fR is the \fBSamba\fR(7) NetBIOS name to IP address mapping file\&.
 .SH "DESCRIPTION"
 .PP
-This file is part of the  Samba suite.
+This file is part of the \fBSamba\fR(7) suite\&.
 .PP
-\fIlmhosts\fR is the \fBSamba
+\fIlmhosts\fR is the \fBSamba \fR NetBIOS name to IP address mapping file\&. It is very similar to the \fI/etc/hosts\fR file format, except that the hostname component must correspond to the NetBIOS naming format\&.
-\fR NetBIOS name to IP address mapping file.  It 
+
 is very similar to the \fI/etc/hosts\fR file 
 format, except that the hostname component must correspond 
 to the NetBIOS naming format.
 .SH "FILE FORMAT"
 .PP
 It is an ASCII file containing one line for NetBIOS name. 
 The two fields on each line are separated from each other by 
 white space. Any entry beginning with '#' is ignored. Each line 
 in the lmhosts file contains the following information :
 .TP 0.2i
 \(bu
 IP Address - in dotted decimal format.
 .TP 0.2i
 \(bu
 NetBIOS Name - This name format is a 
 maximum fifteen character host name, with an optional 
 trailing '#' character followed by the NetBIOS name type 
 as two hexadecimal digits.
 If the trailing '#' is omitted then the given IP 
 address will be returned for all names that match the given 
 name, whatever the NetBIOS name type in the lookup.
 .PP
 An example follows :
 .PP
 It is an ASCII file containing one line for NetBIOS name\&. The two fields on each line are separated from each other by white space\&. Any entry beginning with '#' is ignored\&. Each line in the lmhosts file contains the following information:
 .TP 3
 \(bu
 IP Address - in dotted decimal format\&.
 .TP
 \(bu
 NetBIOS Name - This name format is a maximum fifteen character host name, with an optional trailing '#' character followed by the NetBIOS name type as two hexadecimal digits\&.
 If the trailing '#' is omitted then the given IP address will be returned for all names that match the given name, whatever the NetBIOS name type in the lookup\&.
 .LP
 .PP
 An example follows:
 .nf
 #
 # Sample Samba lmhosts file.
 #
 192.9.200.1	TESTPC
 192.9.200.20	NTSERVER#20
 192.9.200.21	SAMBASERVER
-.fi
+#
 # Sample Samba lmhosts file\&.
 #
 192\&.9\&.200\&.1	TESTPC
 192\&.9\&.200\&.20	NTSERVER#20
 192\&.9\&.200\&.21	SAMBASERVER
 	.fi
 .PP
-Contains three IP to NetBIOS name mappings. The first 
+Contains three IP to NetBIOS name mappings\&. The first and third will be returned for any queries for the names "TESTPC" and "SAMBASERVER" respectively, whatever the type component of the NetBIOS name requested\&.
-and third will be returned for any queries for the names "TESTPC" 
+
 and "SAMBASERVER" respectively, whatever the type component of 
 the NetBIOS name requested.
 .PP
-The second mapping will be returned only when the "0x20" name 
+The second mapping will be returned only when the "0x20" name type for a name "NTSERVER" is queried\&. Any other name type will not be resolved\&.
-type for a name "NTSERVER" is queried. Any other name type will not 
+
 be resolved.
 .PP
-The default location of the \fIlmhosts\fR file 
+The default location of the \fIlmhosts\fR file is in the same directory as the \fBsmb.conf\fR(5) file\&.
-is in the same directory as the    
+
 smb.conf(5)> file.
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fBsmbclient(1)
+\fBsmbclient\fR(1), \fBsmb.conf\fR(5), and \fBsmbpasswd\fR(8) 
-\fR and \fB smbpasswd(8)\fR
+
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available atftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/net.8
+++ b/docs/manpages/net.8
@ -1,151 +1,549 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "NET" "8" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "NET" 8 "" "" ""
 .SH NAME
 net \- Tool for administration of Samba and remote CIFS servers.
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBnet\fR \fB<ads|rap|rpc>\fR [ \fB-h\fR ] [ \fB-w workgroup\fR ] [ \fB-W myworkgroup\fR ] [ \fB-U user\fR ] [ \fB-I ip-address\fR ] [ \fB-p port\fR ] [ \fB-n myname\fR ] [ \fB-s conffile\fR ] [ \fB-S server\fR ] [ \fB-C comment\fR ] [ \fB-M maxusers\fR ] [ \fB-F flags\fR ] [ \fB-j jobid\fR ] [ \fB-l\fR ] [ \fB-r\fR ] [ \fB-f\fR ] [ \fB-t timeout\fR ] [ \fB-P\fR ] [ \fB-D debuglevel\fR ]
+.nf
 \fBnet\fR {<ads|rap|rpc>} [-h] [-w workgroup] [-W myworkgroup] [-U user] [-I ip-address]
    [-p port] [-n myname] [-s conffile] [-S server] [-l] [-P] [-D debuglevel]
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-The samba net utility is meant to work just like the net utility 
+The samba net utility is meant to work just like the net utility available for windows and DOS\&. The first argument should be used to specify the protocol to use when executing a certain command\&. ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3) clients and RPC can be used for NT4 and Windows 2000\&. If this argument is omitted, net will try to determine it automatically\&. Not all commands are available on all protocols\&.
-available for windows and DOS.
+
 .SH "OPTIONS"
 .TP
-\fB-h\fR
+-h|--help
-Display summary of all available options.
+Print a summary of command line options\&.
 .TP
-\fB-w target-workgroup\fR
+-w target-workgroup
-Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server.
+Sets target workgroup or domain\&. You have to specify either this option or the IP address or the name of a server\&.
 .TP
-\fB-W workgroup\fR
+-W workgroup
 Sets client workgroup or domain
 .TP
-\fB-U user\fR
+-U user
 User name to use
 .TP
-\fB-I ip-address\fR
+-I ip-address
-IP address of target server to use. You have to specify either this option or a target workgroup or a target server.
+IP address of target server to use\&. You have to specify either this option or a target workgroup or a target server\&.
 .TP
-\fB-p port\fR
+-p port
-Port on the target server to connect to.
+Port on the target server to connect to (usually 139 or 445)\&. Defaults to trying 445 first, then 139\&.
 .TP
-\fB-n myname\fR
+-n <primary NetBIOS name>
-Sets name of the client.
+This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&.
 .TP
-\fB-s conffile\fR
+-s <configuration file>
-Specify alternative configuration file that should be loaded.
+The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
 .TP
-\fB-S server\fR
+-S server
-Name of target server. You should specify either this option or a target workgroup or a target IP address.
+Name of target server\&. You should specify either this option or a target workgroup or a target IP address\&.
 .TP
-\fB-C comment\fR
+-l
-FIXME
+When listing data, give more information on each item\&.
 .TP
-\fB-M maxusers\fR
+-P
-FIXME
+Make queries to the external server using the machine account of the local server\&.
 .TP
-\fB-F flags\fR
+-d|--debug=debuglevel
-FIXME
+\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
-.TP
+
-\fB-j jobid\fR
+
-FIXME
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
-.TP
+
-\fB-l\fR
+
-FIXME
+Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
-.TP
+
-\fB-r\fR
+
-FIXME
+Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
-.TP
+
-\fB-f\fR
+
-FIXME
+.SH "COMMANDS"
-.TP
+
-\fB-t timeout\fR
+.SS "TIME"
-FIXME
+
 .TP
 \fB-P\fR
 Make queries to the external server using the machine account of the local server.
 .TP
 \fB-D debuglevel\fR
 set the debuglevel. Debug level 0 is the lowest
 and 100 being the highest. This should be set to 100 if you are
 planning on submitting a bug report to the Samba team (see
 \fIBUGS.txt\fR).
 .SH "TIME"
 .PP
-The \fBNET TIME\fR command allows you to view the time on a remote server
+The \fBNET TIME\fR command allows you to view the time on a remote server or synchronise the time on the local server with the time on the remote server\&.
-or synchronise the time on the local server with the time on the remote server.
+
 .TP
 \fB\fR
 Without any options, the \fBNET TIME\fR command 
 displays the time on the remote server.
 .TP
 \fBSYSTEM\fR
 Displays the time on the remote server in a format ready for /bin/date
 .TP
 \fBSET\fR
 Tries to set the date and time of the local server to that on 
 the remote server using /bin/date.
 .TP
 \fBZONE\fR
 Displays the timezone in hours from GMT on the remote computer.
 .SH "RPC"
 .PP
-The \fBNET RPC\fR command allows you to do various 
+Without any options, the \fBNET TIME\fR command displays the time on the remote server\&.
-NT4 operations.
+
 .PP
 Displays the time on the remote server in a format ready for \fB/bin/date\fR
 .PP
 Tries to set the date and time of the local server to that on the remote server using \fB/bin/date\fR\&.
 .PP
 Displays the timezone in hours from GMT on the remote computer\&.
 .SS "[RPC|ADS] JOIN [TYPE] [-U username[%password]] [options]"
 .PP
 Join a domain\&. If the account already exists on the server, and [TYPE] is MEMBER, the machine will attempt to join automatically\&. (Assuming that the machine has been created in server manager) Otherwise, a password will be prompted for, and a new account may be created\&.
 .PP
 [TYPE] may be PDC, BDC or MEMBER to specify the type of server joining the domain\&.
 .SS "[RPC] OLDJOIN [options]"
 .PP
 Join a domain\&. Use the OLDJOIN option to join the domain using the old style of domain joining - you need to create a trust account in server manager first\&.
 .SS "[RPC|ADS] USER"
 .PP
 Delete specified user
 .PP
 List all users
 .PP
 List the domain groups of a the specified user\&.
 .PP
 Add specified user\&.
 .SS "[RPC|ADS] GROUP"
 .PP
 List user groups\&.
 .PP
 Delete specified group\&.
 .PP
 Create specified group\&.
 .SS "[RAP|RPC] SHARE"
 .PP
 Enumerates all exported resources (network shares) on target server\&.
 .PP
 Adds a share from a server (makes the export active)\&. Maxusers specifies the number of users that can be connected to the share simultaneously\&.
 .PP
 Delete specified share\&.
 .SS "[RPC|RAP] FILE"
 .PP
 List all open files on remote server\&.
 .PP
 Close file with specified \fIfileid\fR on remote server\&.
 .PP
 Print information on specified \fIfileid\fR\&. Currently listed are: file-id, username, locks, path, permissions\&.
 .RS
 .Sh "Note"
 .PP
 Currently NOT implemented\&.
 .RE
 .SS "SESSION"
 .PP
 Without any other options, SESSION enumerates all active SMB/CIFS sessions on the target server\&.
 .PP
 Close the specified sessions\&.
 .PP
 Give a list with all the open files in specified session\&.
 .SS "RAP SERVER DOMAIN"
 .PP
 List all servers in specified domain or workgroup\&. Defaults to local domain\&.
 .SS "RAP DOMAIN"
 .PP
 Lists all domains and workgroups visible on the current network\&.
 .SS "RAP PRINTQ"
 .PP
 Lists the specified print queue and print jobs on the server\&. If the \fIQUEUE_NAME\fR is omitted, all queues are listed\&.
 .PP
 Delete job with specified id\&.
 .SS "RAP VALIDATE user [password]"
 .PP
 Validate whether the specified user can log in to the remote server\&. If the password is not specified on the commandline, it will be prompted\&.
 .RS
 .Sh "Note"
 .PP
 Currently NOT implemented\&.
 .RE
 .SS "RAP GROUPMEMBER"
 .PP
 List all members of the specified group\&.
 .PP
 Delete member from group\&.
 .PP
 Add member to group\&.
 .SS "RAP ADMIN command"
 .PP
 Execute the specified \fIcommand\fR on the remote server\&. Only works with OS/2 servers\&.
 .RS
 .Sh "Note"
 .PP
 Currently NOT implemented\&.
 .RE
 .SS "RAP SERVICE"
 .PP
 Start the specified service on the remote server\&. Not implemented yet\&.
 .RS
 .Sh "Note"
 .PP
 Currently NOT implemented\&.
 .RE
 .PP
 Stop the specified service on the remote server\&.
 .RS
 .Sh "Note"
 .PP
 Currently NOT implemented\&.
 .RE
 .SS "RAP PASSWORD USER OLDPASS NEWPASS"
 .PP
 Change password of \fIUSER\fR from \fIOLDPASS\fR to \fINEWPASS\fR\&.
 .SS "LOOKUP"
 .PP
 Lookup the IP address of the given host with the specified type (netbios suffix)\&. The type defaults to 0x20 (workstation)\&.
 .PP
 Give IP address of LDAP server of specified \fIDOMAIN\fR\&. Defaults to local domain\&.
 .PP
 Give IP address of KDC for the specified \fIREALM\fR\&. Defaults to local realm\&.
 .PP
 Give IP's of Domain Controllers for specified \fI DOMAIN\fR\&. Defaults to local domain\&.
 .PP
 Give IP of master browser for specified \fIDOMAIN\fR or workgroup\&. Defaults to local domain\&.
 .SS "CACHE"
 .PP
 Samba uses a general caching interface called 'gencache'\&. It can be controlled using 'NET CACHE'\&.
 .PP
 All the timeout parameters support the suffixes: s - Secondsm - Minutesh - Hoursd - Daysw - Weeks 
 .PP
 Add specified key+data to the cache with the given timeout\&.
 .PP
 Delete key from the cache\&.
 .PP
 Update data of existing cache entry\&.
 .PP
 Search for the specified pattern in the cache data\&.
 .PP
 List all current items in the cache\&.
 .PP
 Remove all the current items from the cache\&.
 .SS "GETLOCALSID [DOMAIN]"
 .PP
 Print the SID of the specified domain, or if the parameter is omitted, the SID of the domain the local server is in\&.
 .SS "SETLOCALSID S-1-5-21-x-y-z"
 .PP
 Sets domain sid for the local server to the specified SID\&.
 .SS "GROUPMAP"
 .PP
 Manage the mappings between Windows group SIDs and UNIX groups\&. Parameters take the for "parameter=value"\&. Common options include:
 .TP 3
 \(bu
 unixgroup - Name of the UNIX group
 .TP
-\fBJOIN -U username[%password] [options]\fR
+\(bu
-Join a domain with specified username and password. Password 
+ntgroup - Name of the Windows NT group (must be resolvable to a SID
-will be prompted if none is specified.
+
 .TP
-\fBJOIN [options except -U]\fR
+\(bu
-to join a domain created in server manager
+rid - Unsigned 32-bit integer
 .TP
-\fBUSER [misc. options] [targets]\fR
+\(bu
-List users
+sid - Full SID in the form of "S-1-\&.\&.\&."
 .TP
-\fBUSER DELETE <name> [misc options]\fR
+\(bu
-delete specified user
+type - Type of the group; either 'domain', 'local', or 'builtin'
 .TP
-\fBUSER INFO <name> [misc options]\fR
+\(bu
-list the domain groups of the specified user
+comment - Freeform text description of the group
 .LP
 .PP
 Add a new group mapping entry
 .PP
 net groupmap add {rid=int|sid=string} unixgroup=string [type={domain|local|builtin}] [ntgroup=string] [comment=string]
 .PP
 Delete a group mapping entry
 .PP
 net groupmap delete {ntgroup=string|sid=SID}
 .PP
 Update en existing group entry
 .PP
 net groupmap modify {ntgroup=string|sid=SID} [unixgroup=string] [comment=string] [type={domain|local}
 .PP
 List existing group mapping entries
 .PP
 net groupmap list [verbose] [ntgroup=string] [sid=SID]
 .SS "MAXRID"
 .PP
 Prints out the highest RID currently in use on the local server (by the active 'passdb backend')\&.
 .SS "RPC INFO"
 .PP
 Print information about the domain of the remote server, such as domain name, domain sid and number of users and groups\&.
 .SS "[RPC|ADS] TESTJOIN"
 .PP
 Check whether participation in a domain is still valid\&.
 .SS "[RPC|ADS] CHANGETRUSTPW"
 .PP
 Force change of domain trust password\&.
 .SS "RPC TRUSTDOM"
 .PP
 Add a interdomain trust account for \fIDOMAIN\fR to the remote server\&.
 .PP
 Remove interdomain trust account for \fIDOMAIN\fR from the remote server\&.
 .RS
 .Sh "Note"
 .PP
 Currently NOT implemented\&.
 .RE
 .PP
 Establish a trust relationship to a trusting domain\&. Interdomain account must already be created on the remote PDC\&.
 .PP
 Abandon relationship to trusted domain
 .PP
 List all current interdomain trust relationships\&.
 .SS "RPC ABORTSHUTDOWN"
 .PP
 Abort the shutdown of a remote server\&.
 .SS "SHUTDOWN [-t timeout] [-r] [-f] [-C message]"
 .PP
 Shut down the remote server\&.
 .TP
-\fBUSER ADD <name> [password] [-F user flags] [misc. options\fR
+-r
-Add specified user
+Reboot after shutdown\&.
 .TP
-\fBGROUP [misc options] [targets]\fR
+-f
-List user groups
+Force shutting down all applications\&.
 .TP
-\fBGROUP DELETE <name> [misc. options] [targets]\fR
+-t timeout
-Delete specified group
+Timeout before system will be shut down\&. An interactive user of the system can use this time to cancel the shutdown\&.
 .TP
-\fBGROUP ADD <name> [-C comment]\fR
+-C message
-Create specified group
+Display the specified message on the screen to announce the shutdown\&.
-.TP
+
-\fBSHARE [misc. options] [targets]\fR
+
-enumerates all exported resources (network shares) on target server
+.SS "SAMDUMP"
-.TP
+
-\fBSHARE ADD <name=serverpath> [misc. options] [targets]\fR
+.PP
-Adds a share from a server (makes the export active)
+Print out sam database of remote server\&. You need to run this on either a BDC\&.
-.TP
+
-\fBSHARE DELETE <sharenam\fR
+.SS "VAMPIRE"
 .PP
 Export users, aliases and groups from remote server to local server\&. Can only be run an a BDC\&.
 .SS "GETSID"
 .PP
 Fetch domain SID and store it in the local \fIsecrets\&.tdb\fR\&.
 .SS "ADS LEAVE"
 .PP
 Make the remote host leave the domain it is part of\&.
 .SS "ADS STATUS"
 .PP
 Print out status of machine account of the local machine in ADS\&. Prints out quite some debug info\&. Aimed at developers, regular users should use \fBNET ADS TESTJOIN\fR\&.
 .SS "ADS PRINTER"
 .PP
 Lookup info for \fIPRINTER\fR on \fISERVER\fR\&. The printer name defaults to "*", the server name defaults to the local host\&.
 .PP
 Publish specified printer using ADS\&.
 .PP
 Remove specified printer from ADS directory\&.
 .SS "ADS SEARCH EXPRESSION ATTRIBUTES..."
 .PP
 Perform a raw LDAP search on a ADS server and dump the results\&. The expression is a standard LDAP search expression, and the attributes are a list of LDAP fields to show in the results\&.
 .PP
 Example: \fBnet ads search '(objectCategory=group)' sAMAccountName\fR 
 .SS "ADS DN DN (attributes)"
 .PP
 Perform a raw LDAP search on a ADS server and dump the results\&. The DN standard LDAP DN, and the attributes are a list of LDAP fields to show in the result\&.
 .PP
 Example: \fBnet ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName\fR
 .SS "WORKGROUP"
 .PP
 Print out workgroup name for specified kerberos realm\&.
 .SS "HELP [COMMAND]"
 .PP
 Gives usage information for the specified command\&.
 .SH "VERSION"
 .PP
-This man page is incomplete for version 3.0 of the Samba 
+This man page is complete for version 3\&.0 of the Samba suite\&.
-suite.
+
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer.
+The net manpage was written by Jelmer Vernooij\&.
-The current set of manpages and documentation is maintained
+
 by the Samba Team in the same fashion as the Samba source code.
--- a/docs/manpages/nmbd.8
+++ b/docs/manpages/nmbd.8
@ -1,272 +1,178 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "NMBD" "8" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "NMBD" 8 "" "" ""
 .SH NAME
 nmbd \- NetBIOS name server to provide NetBIOS over IP naming services to clients
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBnmbd\fR [ \fB-D\fR ] [ \fB-F\fR ] [ \fB-S\fR ] [ \fB-a\fR ] [ \fB-i\fR ] [ \fB-o\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-d <debug level>\fR ] [ \fB-H <lmhosts file>\fR ] [ \fB-l <log directory>\fR ] [ \fB-n <primary netbios name>\fR ] [ \fB-p <port number>\fR ] [ \fB-s <configuration file>\fR ]
+.nf
 \fBnmbd\fR [-D] [-F] [-S] [-a] [-i] [-o] [-h] [-V] [-d <debug level>] [-H <lmhosts file>] [-l <log directory>] [-n <primary netbios name>] [-p <port number>] [-s <configuration file>]
 .fi
 .SH "DESCRIPTION"
 .PP
-This program is part of the Samba suite.
+This program is part of the \fBSamba\fR(7) suite\&.
 .PP
-\fBnmbd\fR is a server that understands 
+\fBnmbd\fR is a server that understands and can reply to NetBIOS over IP name service requests, like those produced by SMB/CIFS clients such as Windows 95/98/ME, Windows NT, Windows 2000, Windows XP and LanManager clients\&. It also participates in the browsing protocols which make up the Windows "Network Neighborhood" view\&.
-and can reply to NetBIOS over IP name service requests, like 
+
 those produced by SMB/CIFS clients such as Windows 95/98/ME, 
 Windows NT, Windows 2000, Windows XP and LanManager clients. It also
 participates in the browsing protocols which make up the 
 Windows "Network Neighborhood" view.
 .PP
-SMB/CIFS clients, when they start up, may wish to 
+SMB/CIFS clients, when they start up, may wish to locate an SMB/CIFS server\&. That is, they wish to know what IP number a specified host is using\&.
-locate an SMB/CIFS server. That is, they wish to know what 
+
 IP number a specified host is using.
 .PP
-Amongst other services, \fBnmbd\fR will 
+Amongst other services, \fBnmbd\fR will listen for such requests, and if its own NetBIOS name is specified it will respond with the IP number of the host it is running on\&. Its "own NetBIOS name" is by default the primary DNS name of the host it is running on, but this can be overridden with the \fB-n\fR option (see OPTIONS below)\&. Thus \fBnmbd\fR will reply to broadcast queries for its own name(s)\&. Additional names for \fBnmbd\fR to respond on can be set via parameters in the \fBsmb.conf\fR(5) configuration file\&.
-listen for such requests, and if its own NetBIOS name is 
+
 specified it will respond with the IP number of the host it 
 is running on.  Its "own NetBIOS name" is by
 default the primary DNS name of the host it is running on, 
 but this can be overridden with the \fB-n\fR 
 option (see OPTIONS below). Thus \fBnmbd\fR will 
 reply to broadcast queries for its own name(s). Additional
 names for \fBnmbd\fR to respond on can be set 
 via parameters in the \fI smb.conf(5)\fR configuration file.
 .PP
-\fBnmbd\fR can also be used as a WINS 
+\fBnmbd\fR can also be used as a WINS (Windows Internet Name Server) server\&. What this basically means is that it will act as a WINS database server, creating a database from name registration requests that it receives and replying to queries from clients for these names\&.
-(Windows Internet Name Server) server. What this basically means 
+
 is that it will act as a WINS database server, creating a 
 database from name registration requests that it receives and 
 replying to queries from clients for these names.
 .PP
-In addition, \fBnmbd\fR can act as a WINS 
+In addition, \fBnmbd\fR can act as a WINS proxy, relaying broadcast queries from clients that do not understand how to talk the WINS protocol to a WINS server\&.
-proxy, relaying broadcast queries from clients that do 
+
 not understand how to talk the WINS protocol to a WINS 
 server.
 .SH "OPTIONS"
 .TP
 \fB-D\fR
 If specified, this parameter causes 
 \fBnmbd\fR to operate as a daemon. That is, 
 it detaches itself and runs in the background, fielding 
 requests on the appropriate port. By default, \fBnmbd\fR 
 will operate as a daemon if launched from a command shell. 
 nmbd can also be operated from the \fBinetd\fR 
 meta-daemon, although this is not recommended.
 .TP
 \fB-F\fR
 If specified, this parameter causes
 the main \fBnmbd\fR process to not daemonize,
 i.e. double-fork and disassociate with the terminal.
 Child processes are still created as normal to service
 each connection request, but the main process does not
 exit. This operation mode is suitable for running
 \fBnmbd\fR under process supervisors such
 as \fBsupervise\fR and \fBsvscan\fR
 from Daniel J. Bernstein's \fBdaemontools\fR
 package, or the AIX process monitor.
 .TP
 \fB-S\fR
 If specified, this parameter causes
 \fBnmbd\fR to log to standard output rather
 than a file.
 .TP
 \fB-a\fR
 If this parameter is specified, each new 
 connection will append log messages to the log file.  
 This is the default.
 .TP
 \fB-i\fR
 If this parameter is specified it causes the
 server to run "interactively", not as a daemon, even if the
 server is executed on the command line of a shell. Setting this
 parameter negates the implicit daemon mode when run from the
 command line. \fBnmbd\fR also logs to standard
 output, as if the \fB-S\fR parameter had been
 given. 
 .TP
 \fB-o\fR
 If this parameter is specified, the 
 log files will be overwritten when opened.  By default, 
 \fBsmbd\fR will append entries to the log 
 files.
 .TP
 \fB-h\fR
 Prints the help information (usage) 
 for \fBnmbd\fR.
 .TP
 \fB-H <filename>\fR
 NetBIOS lmhosts file.  The lmhosts 
 file is a list of NetBIOS names to IP addresses that 
 is loaded by the nmbd server and used via the name 
 resolution mechanism   name resolve order described in  \fIsmb.conf(5)\fR
 to resolve any NetBIOS name queries needed by the server. Note 
 that the contents of this file are \fBNOT\fR 
 used by \fBnmbd\fR to answer any name queries. 
 Adding a line to this file affects name NetBIOS resolution 
 from this host \fBONLY\fR.
 The default path to this file is compiled into 
 Samba as part of the build process. Common defaults 
 are \fI/usr/local/samba/lib/lmhosts\fR,
 \fI/usr/samba/lib/lmhosts\fR or
 \fI/etc/lmhosts\fR. See the
 \fIlmhosts(5)\fR
 man page for details on the contents of this file.
 .TP
-\fB-V\fR
+-D
-Prints the version number for 
+If specified, this parameter causes \fBnmbd\fR to operate as a daemon\&. That is, it detaches itself and runs in the background, fielding requests on the appropriate port\&. By default, \fBnmbd\fR will operate as a daemon if launched from a command shell\&. nmbd can also be operated from the \fBinetd\fR meta-daemon, although this is not recommended\&.
 \fBnmbd\fR.
 .TP
 \fB-d <debug level>\fR
 debuglevel is an integer 
 from 0 to 10.  The default value if this parameter is 
 not specified is zero.
 The higher this value, the more detail will 
 be logged to the log files about the activities of the 
 server. At level 0, only critical errors and serious 
 warnings will be logged. Level 1 is a reasonable level for
 day to day running - it generates a small amount of 
 information about operations carried out.
-Levels above 1 will generate considerable amounts 
+.TP
-of log data, and should only be used when investigating 
+-F
-a problem. Levels above 3 are designed for use only by developers 
+If specified, this parameter causes the main \fBnmbd\fR process to not daemonize, i\&.e\&. double-fork and disassociate with the terminal\&. Child processes are still created as normal to service each connection request, but the main process does not exit\&. This operation mode is suitable for running \fBnmbd\fR under process supervisors such as \fBsupervise\fR and \fBsvscan\fR from Daniel J\&. Bernstein's \fBdaemontools\fR package, or the AIX process monitor\&.
-and generate HUGE amounts of log data, most of which is extremely 
+
-cryptic.
+
 .TP
 -S
 If specified, this parameter causes \fBnmbd\fR to log to standard output rather than a file\&.
 .TP
 -i
 If this parameter is specified it causes the server to run "interactively", not as a daemon, even if the server is executed on the command line of a shell\&. Setting this parameter negates the implicit daemon mode when run from the command line\&. \fBnmbd\fR also logs to standard output, as if the \fB-S\fR parameter had been given\&.
 .TP
 -h|--help
 Print a summary of command line options\&.
 .TP
 -H <filename>
 NetBIOS lmhosts file\&. The lmhosts file is a list of NetBIOS names to IP addresses that is loaded by the nmbd server and used via the name resolution mechanism \fIname resolve order\fR described in \fBsmb.conf\fR(5) to resolve any NetBIOS name queries needed by the server\&. Note that the contents of this file are \fBNOT\fR used by \fBnmbd\fR to answer any name queries\&. Adding a line to this file affects name NetBIOS resolution from this host \fBONLY\fR\&.
 The default path to this file is compiled into Samba as part of the build process\&. Common defaults are \fI/usr/local/samba/lib/lmhosts\fR, \fI/usr/samba/lib/lmhosts\fR or \fI/etc/samba/lmhosts\fR\&. See the \fBlmhosts\fR(5) man page for details on the contents of this file\&.
 .TP
 -V
 Prints the version number for \fBsmbd\fR\&.
 .TP
 -s <configuration file>
 The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
 .TP
 -d|--debug=debuglevel
 \fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
 The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
 Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
 .TP
 -l|--logfile=logbasename
 File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
 .TP
 -p <UDP port number>
 UDP port number is a positive integer value\&. This option changes the default UDP port number (normally 137) that \fBnmbd\fR responds to name queries on\&. Don't use this option unless you are an expert, in which case you won't need help!
 Note that specifying this parameter here will override 
 the log level 
 parameter in the \fI  smb.conf(5)\fR file.
 .TP
 \fB-l <log directory>\fR
 The -l parameter specifies a directory 
 into which the "log.nmbd" log file will be created
 for operational data from the running \fBnmbd\fR
 server. The default log directory is compiled into Samba
 as part of the build process. Common defaults are \fI  /usr/local/samba/var/log.nmb\fR, \fI  /usr/samba/var/log.nmb\fR or
 \fI/var/log/log.nmb\fR.  \fBBeware:\fR
 If the directory specified does not exist, \fBnmbd\fR
 will log to the default debug log location defined at compile time.
 .TP
 \fB-n <primary NetBIOS name>\fR
 This option allows you to override
 the NetBIOS name that Samba uses for itself. This is identical 
 to setting the   NetBIOS name parameter in the  
 \fIsmb.conf\fR file.  However, a command
 line setting will take precedence over settings in 
 \fIsmb.conf\fR.
 .TP
 \fB-p <UDP port number>\fR
 UDP port number is a positive integer value.
 This option changes the default UDP port number (normally 137)
 that \fBnmbd\fR responds to name queries on. Don't
 use this option unless you are an expert, in which case you
 won't need help!
 .TP
 \fB-s <configuration file>\fR
 The default configuration file name
 is set at build time, typically as \fI  /usr/local/samba/lib/smb.conf\fR, but
 this may be changed when Samba is autoconfigured.
 The file specified contains the configuration details
 required by the server. See   \fIsmb.conf(5)\fR for more information.
 .SH "FILES"
 .TP
 \fB\fI/etc/inetd.conf\fB\fR
 If the server is to be run by the
 \fBinetd\fR meta-daemon, this file
 must contain suitable startup information for the
 meta-daemon. See the UNIX_INSTALL.html document
 for details.
 .TP
 \fB\fI/etc/rc\fB\fR
 or whatever initialization script your
 system uses).
 If running the server as a daemon at startup,
 this file will need to contain an appropriate startup
 sequence for the server. See the UNIX_INSTALL.html document
 for details.
 .TP
-\fB\fI/etc/services\fB\fR
+\fI/etc/inetd\&.conf\fR
-If running the server via the
+If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the meta-daemon\&. See the install document for details\&.
-meta-daemon \fBinetd\fR, this file
+
-must contain a mapping of service name (e.g., netbios-ssn)
+
 to service port (e.g., 139) and protocol type (e.g., tcp).
 See the UNIX_INSTALL.html
 document for details.
 .TP
-\fB\fI/usr/local/samba/lib/smb.conf\fB\fR
+\fI/etc/rc\fR
-This is the default location of the
+or whatever initialization script your system uses)\&.
-\fIsmb.conf\fR
+
-server configuration file. Other common places that systems
+
-install this file are \fI/usr/samba/lib/smb.conf\fR
+If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server\&. See the "How to Install and Test SAMBA" document for details\&.
-and \fI/etc/smb.conf\fR.
+
 .TP
 \fI/etc/services\fR
 If running the server via the meta-daemon \fBinetd\fR, this file must contain a mapping of service name (e\&.g\&., netbios-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&. See the "How to Install and Test SAMBA" document for details\&.
 .TP
 \fI/usr/local/samba/lib/smb\&.conf\fR
 This is the default location of the \fBsmb.conf\fR(5) server configuration file\&. Other common places that systems install this file are \fI/usr/samba/lib/smb\&.conf\fR and \fI/etc/samba/smb\&.conf\fR\&.
 When run as a WINS server (see the \fBwins support\fR parameter in the \fBsmb.conf\fR(5) man page), \fBnmbd\fR will store the WINS database in the file \fIwins\&.dat\fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself\&.
 If \fBnmbd\fR is acting as a \fB browse master\fR (see the \fBlocal master\fR parameter in the \fBsmb.conf\fR(5) man page, \fBnmbd\fR will store the browsing database in the file \fIbrowse\&.dat \fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself\&.
 When run as a WINS server (see the
 wins support
 parameter in the \fIsmb.conf(5)\fR man page),
 \fBnmbd\fR
 will store the WINS database in the file \fIwins.dat\fR
 in the \fIvar/locks\fR directory configured under
 wherever Samba was configured to install itself.
 If \fBnmbd\fR is acting as a \fB  browse master\fR (see the local master
 parameter in the \fIsmb.conf(5)\fR man page,
 \fBnmbd\fR
 will store the browsing database in the file \fIbrowse.dat
 \fR in the \fIvar/locks\fR directory
 configured under wherever Samba was configured to install itself.
 .SH "SIGNALS"
 .PP
-To shut down an \fBnmbd\fR process it is recommended
+To shut down an \fBnmbd\fR process it is recommended that SIGKILL (-9) \fBNOT\fR be used, except as a last resort, as this may leave the name database in an inconsistent state\&. The correct way to terminate \fBnmbd\fR is to send it a SIGTERM (-15) signal and wait for it to die on its own\&.
-that SIGKILL (-9) \fBNOT\fR be used, except as a last
+
 resort, as this may leave the name database in an inconsistent state.
 The correct way to terminate \fBnmbd\fR is to send it
 a SIGTERM (-15) signal and wait for it to die on its own.
 .PP
-\fBnmbd\fR will accept SIGHUP, which will cause
+\fBnmbd\fR will accept SIGHUP, which will cause it to dump out its namelists into the file \fInamelist\&.debug \fR in the \fI/usr/local/samba/var/locks\fR directory (or the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself)\&. This will also cause \fBnmbd\fR to dump out its server database in the \fIlog\&.nmb\fR file\&.
-it to dump out its namelists into the file \fInamelist.debug
+
 \fR in the \fI/usr/local/samba/var/locks\fR
 directory (or the \fIvar/locks\fR directory configured
 under wherever Samba was configured to install itself). This will also
 cause \fBnmbd\fR to dump out its server database in
 the \fIlog.nmb\fR file.
 .PP
-The debug log level of nmbd may be raised or lowered using
+The debug log level of nmbd may be raised or lowered using \fBsmbcontrol\fR(1) (SIGUSR[1|2] signals are no longer used since Samba 2\&.2)\&. This is to allow transient problems to be diagnosed, whilst still running at a normally low log level\&.
-\fBsmbcontrol(1)\fR
+
 (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is
 to allow transient problems to be diagnosed, whilst still running
 at a normally low log level.
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fBinetd(8)\fR, \fBsmbd(8)\fR 
+\fBinetd\fR(8), \fBsmbd\fR(8), \fBsmb.conf\fR(5), \fBsmbclient\fR(1), \fBtestparm\fR(1), \fBtestprns\fR(1), and the Internet RFC's \fIrfc1001\&.txt\fR, \fIrfc1002\&.txt\fR\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page http://samba\&.org/cifs/\&.
-\fIsmb.conf(5)\fR
+
 \fBsmbclient(1)
 \fR and the Internet RFC's
 \fIrfc1001.txt\fR, \fIrfc1002.txt\fR. 
 In addition the CIFS (formerly SMB) specification is available 
 as a link from the Web page  
 http://samba.org/cifs/ <URL:http://samba.org/cifs/>.
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/nmblookup.1
+++ b/docs/manpages/nmblookup.1
@ -1,160 +1,185 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "NMBLOOKUP" "1" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "NMBLOOKUP" 1 "" "" ""
 .SH NAME
 nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBnmblookup\fR [ \fB-M\fR ] [ \fB-R\fR ] [ \fB-S\fR ] [ \fB-r\fR ] [ \fB-A\fR ] [ \fB-h\fR ] [ \fB-B <broadcast address>\fR ] [ \fB-U <unicast address>\fR ] [ \fB-d <debug level>\fR ] [ \fB-s <smb config file>\fR ] [ \fB-i <NetBIOS scope>\fR ] [ \fB-T\fR ] [ \fB-f\fR ] \fBname\fR
+.nf
 \fBnmblookup\fR [-M] [-R] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast
          address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>]
          [-T] [-f] {name}
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-\fBnmblookup\fR is used to query NetBIOS names 
+\fBnmblookup\fR is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries\&. The options allow the name queries to be directed at a particular IP broadcast area or to a particular machine\&. All queries are done over UDP\&.
-and map them to IP addresses in a network using NetBIOS over TCP/IP 
+
 queries. The options allow the name queries to be directed at a 
 particular IP broadcast area or to a particular machine. All queries 
 are done over UDP.
 .SH "OPTIONS"
 .TP
 \fB-M\fR
 Searches for a master browser by looking 
 up the  NetBIOS name \fIname\fR with a 
 type of 0x1d. If \fI  name\fR is "-" then it does a lookup on the special name 
 __MSBROWSE__.
 .TP
 \fB-R\fR
 Set the recursion desired bit in the packet 
 to do a recursive lookup. This is used when sending a name 
 query to a machine running a WINS server and the user wishes 
 to query the names in the WINS server.  If this bit is unset 
 the normal (broadcast responding) NetBIOS processing code 
 on a machine is used instead. See rfc1001, rfc1002 for details.
 .TP
 \fB-S\fR
 Once the name query has returned an IP 
 address then do a node status query as well. A node status 
 query returns the NetBIOS names registered by a host.
 .TP
 \fB-r\fR
 Try and bind to UDP port 137 to send and receive UDP
 datagrams. The reason for this option is a bug in Windows 95 
 where it ignores the source port of the requesting packet 
 and only replies to UDP port 137. Unfortunately, on most UNIX 
 systems root privilege is needed to bind to this port, and 
 in addition, if the nmbd(8) 
 daemon is running on this machine it also binds to this port.
 .TP
 \fB-A\fR
 Interpret \fIname\fR as 
 an IP Address and do a node status query on this address.
 .TP
 \fB-h\fR
 Print a help (usage) message.
 .TP
 \fB-B <broadcast address>\fR
 Send the query to the given broadcast address. Without 
 this option the default behavior of nmblookup is to send the 
 query to the broadcast address of the network interfaces as 
 either auto-detected or defined in the \fIinterfaces\fR
 parameter of the  \fIsmb.conf (5)\fR file.
 .TP
 \fB-U <unicast address>\fR
 Do a unicast query to the specified address or 
 host \fIunicast address\fR. This option 
 (along with the \fI-R\fR option) is needed to 
 query a WINS server.
 .TP
 \fB-d <debuglevel>\fR
 debuglevel is an integer from 0 to 10.
 The default value if this parameter is not specified 
 is zero.
 The higher this value, the more detail will be logged 
 about the activities of \fBnmblookup\fR. At level 
 0, only critical errors and serious warnings will be logged.
 Levels above 1 will generate considerable amounts of 
 log data, and should only be used when investigating a problem. 
 Levels above 3 are designed for use only by developers and 
 generate HUGE amounts of data, most of which is extremely cryptic.
 Note that specifying this parameter here will override 
 the \fI  log level\fR parameter in the \fI  smb.conf(5)\fR file.
 .TP
-\fB-s <smb.conf>\fR
+-M
-This parameter specifies the pathname to 
+Searches for a master browser by looking up the NetBIOS name \fIname\fR with a type of \fB0x1d\fR\&. If \fI name\fR is "-" then it does a lookup on the special name \fB__MSBROWSE__\fR\&. Please note that in order to use the name "-", you need to make sure "-" isn't parsed as an argument, e\&.g\&. use : \fBnmblookup -M -- -\fR\&.
 the Samba configuration file,   smb.conf(5)  This file controls all aspects of
 the Samba setup on the machine.
 .TP
 \fB-i <scope>\fR
 This specifies a NetBIOS scope that
 \fBnmblookup\fR will use to communicate with when 
 generating NetBIOS names. For details on the use of NetBIOS 
 scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are 
 \fBvery\fR rarely used, only set this parameter 
 if you are the system administrator in charge of all the 
 NetBIOS systems you communicate with.
 .TP
 \fB-T\fR
 This causes any IP addresses found in the 
 lookup to be looked up via a reverse DNS lookup into a 
 DNS name, and printed out before each
 \fBIP address .... NetBIOS name\fR
 pair that is the normal output.
 .TP
-\fB-f\fR
+-R
-Show which flags apply to the name that has been looked up. Possible 
+Set the recursion desired bit in the packet to do a recursive lookup\&. This is used when sending a name query to a machine running a WINS server and the user wishes to query the names in the WINS server\&. If this bit is unset the normal (broadcast responding) NetBIOS processing code on a machine is used instead\&. See RFC1001, RFC1002 for details\&.
-answers are zero or more of: Response, Authoritative, 
+
-Truncated, Recursion_Desired, Recursion_Available, Broadcast.
+
 .TP
-\fBname\fR
+-S
-This is the NetBIOS name being queried. Depending 
+Once the name query has returned an IP address then do a node status query as well\&. A node status query returns the NetBIOS names registered by a host\&.
-upon the previous options this may be a NetBIOS name or IP address. 
+
-If a NetBIOS name then the different name types may be specified 
+
-by appending '#<type>' to the name. This name may also be
+.TP
-\&'*', which will return all registered names within a broadcast 
+-r
-area.
+Try and bind to UDP port 137 to send and receive UDP datagrams\&. The reason for this option is a bug in Windows 95 where it ignores the source port of the requesting packet and only replies to UDP port 137\&. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and in addition, if the \fBnmbd\fR(8) daemon is running on this machine it also binds to this port\&.
 .TP
 -A
 Interpret \fIname\fR as an IP Address and do a node status query on this address\&.
 .TP
 -n <primary NetBIOS name>
 This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&.
 .TP
 -i <scope>
 This specifies a NetBIOS scope that \fBnmblookup\fR will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are \fBvery\fR rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&.
 .TP
 -W|--workgroup=domain
 Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&.
 .TP
 -O socket options
 TCP socket options to set on the client socket\&. See the socket options parameter in the \fBsmb.conf\fR(5) manual page for the list of valid options\&.
 .TP
 -h|--help
 Print a summary of command line options\&.
 .TP
 -B <broadcast address>
 Send the query to the given broadcast address\&. Without this option the default behavior of nmblookup is to send the query to the broadcast address of the network interfaces as either auto-detected or defined in the \fIinterfaces\fR parameter of the \fBsmb.conf\fR(5) file\&.
 .TP
 -U <unicast address>
 Do a unicast query to the specified address or host \fIunicast address\fR\&. This option (along with the \fI-R\fR option) is needed to query a WINS server\&.
 .TP
 -V
 Prints the version number for \fBsmbd\fR\&.
 .TP
 -s <configuration file>
 The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
 .TP
 -d|--debug=debuglevel
 \fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
 The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
 Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
 .TP
 -l|--logfile=logbasename
 File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
 .TP
 -T
 This causes any IP addresses found in the lookup to be looked up via a reverse DNS lookup into a DNS name, and printed out before each
 \fBIP address \&.\&.\&.\&. NetBIOS name\fR
 pair that is the normal output\&.
 .TP
 -f
 Show which flags apply to the name that has been looked up\&. Possible answers are zero or more of: Response, Authoritative, Truncated, Recursion_Desired, Recursion_Available, Broadcast\&.
 .TP
 name
 This is the NetBIOS name being queried\&. Depending upon the previous options this may be a NetBIOS name or IP address\&. If a NetBIOS name then the different name types may be specified by appending '#<type>' to the name\&. This name may also be '*', which will return all registered names within a broadcast area\&.
 .SH "EXAMPLES"
 .PP
-\fBnmblookup\fR can be used to query 
+\fBnmblookup\fR can be used to query a WINS server (in the same way \fBnslookup\fR is used to query DNS servers)\&. To query a WINS server, \fBnmblookup\fR must be called like this:
-a WINS server (in the same way \fBnslookup\fR is 
+
 used to query DNS servers). To query a WINS server, 
 \fBnmblookup\fR must be called like this:
 .PP
 \fBnmblookup -U server -R 'name'\fR
 .PP
 For example, running :
 .PP
 \fBnmblookup -U samba.org -R 'IRIX#1B'\fR
 .PP
-would query the WINS server samba.org for the domain 
+would query the WINS server samba\&.org for the domain master browser (1B name type) for the IRIX workgroup\&.
-master browser (1B name type) for the IRIX workgroup.
+
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fBnmbd(8)\fR 
+\fBnmbd\fR(8), \fBsamba\fR(7), and \fBsmb.conf\fR(5)\&.
-samba(7) and smb.conf(5)
+
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/pdbedit.8
+++ b/docs/manpages/pdbedit.8
@ -1,279 +1,331 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "PDBEDIT" "8" "30 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "PDBEDIT" 8 "" "" ""
 .SH NAME
 pdbedit \- manage the SAM database
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBpdbedit\fR [ \fB-l\fR ] [ \fB-v\fR ] [ \fB-w\fR ] [ \fB-u username\fR ] [ \fB-f fullname\fR ] [ \fB-h homedir\fR ] [ \fB-D drive\fR ] [ \fB-S script\fR ] [ \fB-p profile\fR ] [ \fB-a\fR ] [ \fB-m\fR ] [ \fB-x\fR ] [ \fB-i passdb-backend\fR ] [ \fB-e passdb-backend\fR ] [ \fB-g\fR ] [ \fB-b passdb-backend\fR ] [ \fB-d debuglevel\fR ] [ \fB-s configfile\fR ] [ \fB-P account-policy\fR ] [ \fB-V value\fR ]
+.nf
 \fBpdbedit\fR [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S
        script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend]
        [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy]
        [-C value]
 .fi
 .SH "DESCRIPTION"
 .PP
 This tool is part of the  Samba suite.
 .PP
 The pdbedit program is used to manage the users accounts
 stored in the sam database and can only be run by root.
 .PP
 The pdbedit tool uses the passdb modular interface and is
 independent from the kind of users database used (currently there
 are smbpasswd, ldap, nis+ and tdb based and more can be added
 without changing the tool).
 .PP
 There are five main ways to use pdbedit: adding a user account,
 removing a user account, modifing a user account, listing user
 accounts, importing users accounts.
 .SH "OPTIONS"
 .TP
 \fB-l\fR
 This option lists all the user accounts
 present in the users database.
 This option prints a list of user/uid pairs separated by
 the ':' character.
-Example: \fBpdbedit -l\fR
+.PP
 This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
 The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root\&.
 .PP
 The pdbedit tool uses the passdb modular interface and is independent from the kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb based and more can be added without changing the tool)\&.
 .PP
 There are five main ways to use pdbedit: adding a user account, removing a user account, modifing a user account, listing user accounts, importing users accounts\&.
 .SH "OPTIONS"
 .TP
 -L
 This option lists all the user accounts present in the users database\&. This option prints a list of user/uid pairs separated by the ':' character\&.
 Example: \fBpdbedit -L\fR
 .nf
 		sorce:500:Simo Sorce
 		samba:45:Test User
 sorce:500:Simo Sorce
 samba:45:Test User
 .fi
 .TP
-\fB-v\fR
+-v
-This option enables the verbose listing format.
+This option enables the verbose listing format\&. It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format\&.
-It causes pdbedit to list the users in the database, printing
+
 out the account fields in a descriptive format.
 Example: \fBpdbedit -l -v\fR
 .nf
 		---------------
 		username:       sorce
 		user ID/Group:  500/500
 		user RID/GRID:  2000/2001
 		Full Name:      Simo Sorce
 		Home Directory: \\\\BERSERKER\\sorce
 		HomeDir Drive:  H:
 		Logon Script:   \\\\BERSERKER\\netlogon\\sorce.bat
 		Profile Path:   \\\\BERSERKER\\profile
 		---------------
 		username:       samba
 		user ID/Group:  45/45
 		user RID/GRID:  1090/1091
 		Full Name:      Test User
 		Home Directory: \\\\BERSERKER\\samba
 		HomeDir Drive:  
 		Logon Script:   
 		Profile Path:   \\\\BERSERKER\\profile
 ---------------
 username:       sorce
 user ID/Group:  500/500
 user RID/GRID:  2000/2001
 Full Name:      Simo Sorce
 Home Directory: \\\\BERSERKER\\sorce
 HomeDir Drive:  H:
 Logon Script:   \\\\BERSERKER\\netlogon\\sorce\&.bat
 Profile Path:   \\\\BERSERKER\\profile
 ---------------
 username:       samba
 user ID/Group:  45/45
 user RID/GRID:  1090/1091
 Full Name:      Test User
 Home Directory: \\\\BERSERKER\\samba
 HomeDir Drive:  
 Logon Script:   
 Profile Path:   \\\\BERSERKER\\profile
 .fi
 .TP
-\fB-w\fR
+-w
-This option sets the "smbpasswd" listing format.
+This option sets the "smbpasswd" listing format\&. It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the \fIsmbpasswd\fR file format\&. (see the \fBsmbpasswd\fR(5) for details)
 It will make pdbedit list the users in the database, printing
 out the account fields in a format compatible with the
 \fIsmbpasswd\fR file format. (see the \fIsmbpasswd(5)\fR for details)
 Example: \fBpdbedit -l -w\fR
-.nf
+Example: \fBpdbedit -L -w\fR
-		sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
+
-		samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:
+
 sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
 samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:
 .fi
 .TP
-\fB-u username\fR
+-u username
-This option specifies the username to be
+This option specifies the username to be used for the operation requested (listing, adding, removing)\&. It is \fBrequired\fR in add, remove and modify operations and \fBoptional\fR in list operations\&.
-used for the operation requested (listing, adding, removing).
+
-It is \fBrequired\fR in add, remove and modify
+
 operations and \fBoptional\fR in list
 operations.
 .TP
-\fB-f fullname\fR
+-f fullname
-This option can be used while adding or
+This option can be used while adding or modifing a user account\&. It will specify the user's full name\&.
-modifing a user account. It will specify the user's full
+
 name. 
 Example: \fB-f "Simo Sorce"\fR
 .TP
 \fB-h homedir\fR
 This option can be used while adding or
 modifing a user account. It will specify the user's home
 directory network path.
-Example: \fB-h "\\\\\\\\BERSERKER\\\\sorce"\fR
+
 .TP
-\fB-D drive\fR
+-h homedir
-This option can be used while adding or
+This option can be used while adding or modifing a user account\&. It will specify the user's home directory network path\&.
-modifing a user account. It will specify the windows drive
+
-letter to be used to map the home directory.
+
 Example: \fB-h "\\\\BERSERKER\\sorce"\fR
 .TP
 -D drive
 This option can be used while adding or modifing a user account\&. It will specify the windows drive letter to be used to map the home directory\&.
 Example: \fB-d "H:"\fR
 .TP
 \fB-S script\fR
 This option can be used while adding or
 modifing a user account. It will specify the user's logon
 script path.
 Example: \fB-s "\\\\\\\\BERSERKER\\\\netlogon\\\\sorce.bat"\fR
 .TP
 \fB-p profile\fR
 This option can be used while adding or
 modifing a user account. It will specify the user's profile
 directory.
 Example: \fB-p "\\\\\\\\BERSERKER\\\\netlogon"\fR
 .TP
-\fB-a\fR
+-S script
-This option is used to add a user into the
+This option can be used while adding or modifing a user account\&. It will specify the user's logon script path\&.
-database. This command needs a user name specified with
+
-the -u switch. When adding a new user, pdbedit will also
+
-ask for the password to be used.
+Example: \fB-s "\\\\BERSERKER\\netlogon\\sorce.bat"\fR
 .TP
 -p profile
 This option can be used while adding or modifing a user account\&. It will specify the user's profile directory\&.
 Example: \fB-p "\\\\BERSERKER\\netlogon"\fR
 .TP
 -G SID|rid
 This option can be used while adding or modifying a user account\&. It will specify the users' new primary group SID (Security Identifier) or rid\&.
 Example: \fB-G S-1-5-21-2447931902-1787058256-3961074038-1201\fR
 .TP
 -U SID|rid
 This option can be used while adding or modifying a user account\&. It will specify the users' new SID (Security Identifier) or rid\&.
 Example: \fB-U S-1-5-21-2447931902-1787058256-3961074038-5004\fR
 .TP
 -c account-control
 This option can be used while adding or modifying a user account\&. It will specify the users' account control property\&. Possible flags that can be set are: N, D, H, L, X\&.
 Example: \fB-c "[X ]"\fR
 .TP
 -a
 This option is used to add a user into the database\&. This command needs a user name specified with the -u switch\&. When adding a new user, pdbedit will also ask for the password to be used\&.
 Example: \fBpdbedit -a -u sorce\fR
 .nf
 new password:
-		retype new password
+retype new password
 .fi
 .TP
-\fB-m\fR
+-r
-This option may only be used in conjunction 
+This option is used to modify an existing user in the database\&. This command needs a user name specified with the -u switch\&. Other options can be specified to modify the properties of the specified user\&. This flag is kept for backwards compatibility, but it is no longer necessary to specify it\&.
-with the \fI-a\fR option. It will make
+
-pdbedit to add a machine trust account instead of a user
+
-account (-u username will provide the machine name).
+.TP
 -m
 This option may only be used in conjunction with the \fI-a\fR option\&. It will make pdbedit to add a machine trust account instead of a user account (-u username will provide the machine name)\&.
 Example: \fBpdbedit -a -m -u w2k-wks\fR
 .TP
-\fB-x\fR
+-x
-This option causes pdbedit to delete an account
+This option causes pdbedit to delete an account from the database\&. It needs a username specified with the -u switch\&.
-from the database. It needs a username specified with the
+
 -u switch.
 Example: \fBpdbedit -x -u bob\fR
 .TP
-\fB-i passdb-backend\fR
+-i passdb-backend
-Use a different passdb backend to retrieve users
+Use a different passdb backend to retrieve users than the one specified in smb\&.conf\&. Can be used to import data into your local user database\&.
-than the one specified in smb.conf. Can be used to import data into
+
-your local user database.
+
 This option will ease migration from one passdb backend to another\&.
 Example: \fBpdbedit -i smbpasswd:/etc/smbpasswd.old \fR
 This option will ease migration from one passdb backend to
 another.
 Example: \fBpdbedit -i smbpasswd:/etc/smbpasswd.old
 \fR
 .TP
-\fB-e passdb-backend\fR
+-e passdb-backend
-Exports all currently available users to the
+Exports all currently available users to the specified password database backend\&.
-specified password database backend.
+
 This option will ease migration from one passdb backend to another and will ease backing up\&.
 This option will ease migration from one passdb backend to
 another and will ease backing up.
 Example: \fBpdbedit -e smbpasswd:/root/samba-users.backup\fR
 .TP
 \fB-g\fR
 If you specify \fI-g\fR,
 then \fI-i in-backend -e out-backend\fR
 applies to the group mapping instead of the user database.
-This option will ease migration from one passdb backend to
+
 another and will ease backing up.
 .TP
-\fB-b passdb-backend\fR
+-g
-Use a different default passdb backend. 
+If you specify \fI-g\fR, then \fI-i in-backend -e out-backend\fR applies to the group mapping instead of the user database\&.
 This option will ease migration from one passdb backend to another and will ease backing up\&.
 .TP
 -b passdb-backend
 Use a different default passdb backend\&.
 Example: \fBpdbedit -b xml:/root/pdb-backup.xml -l\fR
 .TP
-\fB-P account-policy\fR
+-P account-policy
 Display an account policy
-Valid policies are: minimum password age, reset count minutes, disconnect time,
+
-user must logon to change password, password history, lockout duration, min password length,
+Valid policies are: minimum password age, reset count minutes, disconnect time, user must logon to change password, password history, lockout duration, min password length, maximum password age and bad lockout attempt\&.
-maximum password age and bad lockout attempt.
+
 Example: \fBpdbedit -P "bad lockout attempt"\fR
 .nf
 		account policy value for bad lockout attempt is 0
 account policy value for bad lockout attempt is 0
 .fi
 .TP
 \fB-V account-policy-value\fR
 Sets an account policy to a specified value. 
 This option may only be used in conjunction
 with the \fI-P\fR option.
-Example: \fBpdbedit -P "bad lockout attempt" -V 3\fR
+
 .TP
 -C account-policy-value
 Sets an account policy to a specified value\&. This option may only be used in conjunction with the \fI-P\fR option\&.
 Example: \fBpdbedit -P "bad lockout attempt" -C 3\fR
 .nf
 		account policy value for bad lockout attempt was 0
 		account policy value for bad lockout attempt is now 3
 account policy value for bad lockout attempt was 0
 account policy value for bad lockout attempt is now 3
 .fi
 .TP
 \fB-d|--debug=debuglevel\fR
 \fIdebuglevel\fR is an integer 
 from 0 to 10.  The default value if this parameter is 
 not specified is zero.
 The higher this value, the more detail will be 
 logged to the log files about the activities of the 
 server. At level 0, only critical errors and serious 
 warnings will be logged. Level 1 is a reasonable level for
 day to day running - it generates a small amount of 
 information about operations carried out.
-Levels above 1 will generate considerable 
+.TP
-amounts of log data, and should only be used when 
+-h|--help
-investigating a problem. Levels above 3 are designed for 
+Print a summary of command line options\&.
-use only by developers and generate HUGE amounts of log
+
 data, most of which is extremely cryptic.
 Note that specifying this parameter here will 
 override the log
 level file.
 .TP
-\fB-h|--help\fR
+-V
-Print a summary of command line options.
+Prints the version number for \fBsmbd\fR\&.
 .TP
-\fB-s <configuration file>\fR
+-s <configuration file>
-The file specified contains the 
+The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
-configuration details required by the server.  The 
+
-information in this file includes server-specific
+
-information such as what printcap file to use, as well 
+.TP
-as descriptions of all the services that the server is 
+-d|--debug=debuglevel
-to provide. See \fIsmb.conf(5)\fR for more information.
+\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
-The default configuration file name is determined at 
+
-compile time.
+
 The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
 Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
 .TP
 -l|--logfile=logbasename
 File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
 .SH "NOTES"
 .PP
-This command may be used only by root.
+This command may be used only by root\&.
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-smbpasswd(8) 
+\fBsmbpasswd\fR(5), \fBsamba\fR(7)
-samba(7)
+
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/rpcclient.1
+++ b/docs/manpages/rpcclient.1
@ -1,358 +1,616 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "RPCCLIENT" "1" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "RPCCLIENT" 1 "" "" ""
 .SH NAME
 rpcclient \- tool for executing client side MS-RPC functions
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBrpcclient\fR [ \fB-A authfile\fR ] [ \fB-c <command string>\fR ] [ \fB-d debuglevel\fR ] [ \fB-h\fR ] [ \fB-l logfile\fR ] [ \fB-N\fR ] [ \fB-s <smb config file>\fR ] [ \fB-U username[%password]\fR ] [ \fB-W workgroup\fR ] [ \fB-N\fR ] [ \fB-I destinationIP\fR ] \fBserver\fR
+.nf
 \fBrpcclient\fR [-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logfile]
          [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup]
          [-N] [-I destinationIP] {server}
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-\fBrpcclient\fR is a utility initially developed
+\fBrpcclient\fR is a utility initially developed to test MS-RPC functionality in Samba itself\&. It has undergone several stages of development and stability\&. Many system administrators have now written scripts around it to manage Windows NT clients from their UNIX workstation\&.
-to test MS-RPC functionality in Samba itself.  It has undergone 
+
 several stages of development and stability.  Many system administrators
 have now written scripts around it to manage Windows NT clients from 
 their UNIX workstation. 
 .SH "OPTIONS"
 .TP
-\fBserver\fR
+server
-NetBIOS name of Server to which to connect. 
+NetBIOS name of Server to which to connect\&. The server can be any SMB/CIFS server\&. The name is resolved using the \fIname resolve order\fR line from \fBsmb.conf\fR(5)\&.
-The server can be  any SMB/CIFS server.  The name is 
+
-resolved using the   \fIname resolve order\fR line from 
+
 \fIsmb.conf(5)\fR.
 .TP
-\fB-A|--authfile=filename\fR
+-c|--command='command string'
-This option allows 
+execute semicolon separated commands (listed below))
-you to specify a file from which to read the username and 
+
-password used in the connection.  The format of the file is 
+
 .TP
 -I IP-address
 \fIIP address\fR is the address of the server to connect to\&. It should be specified in standard "a\&.b\&.c\&.d" notation\&.
 Normally the client would attempt to locate a named SMB/CIFS server by looking it up via the NetBIOS name resolution mechanism described above in the \fIname resolve order\fR parameter above\&. Using this parameter will force the client to assume that the server is on the machine with the specified IP address and the NetBIOS name component of the resource being connected to will be ignored\&.
 There is no default for this parameter\&. If not supplied, it will be determined automatically by the client as described above\&.
 .TP
 -V
 Prints the version number for \fBsmbd\fR\&.
 .TP
 -s <configuration file>
 The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
 .TP
 -d|--debug=debuglevel
 \fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
 The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
 Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
 .TP
 -l|--logfile=logbasename
 File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
 .TP
 -N
 If specified, this parameter suppresses the normal password prompt from the client to the user\&. This is useful when accessing a service that does not require a password\&.
 Unless a password is specified on the command line or this parameter is specified, the client will request a password\&.
 .TP
 -k
 Try to authenticate with kerberos\&. Only useful in an Active Directory environment\&.
 .TP
 -A|--authfile=filename
 This option allows you to specify a file from which to read the username and password used in the connection\&. The format of the file is
 .nf
 		username = <value> 
 		password = <value>
 		domain   = <value>
 username = <value>
 password = <value>
 domain   = <value>
 .fi
 Make certain that the permissions on the file restrict 
 access from unwanted users. 
 .TP
 \fB-c|--command='command string'\fR
 execute semicolon separated commands (listed 
 below)) 
 .TP
 \fB-d|--debug=debuglevel\fR
 \fIdebuglevel\fR is an integer 
 from 0 to 10.  The default value if this parameter is 
 not specified is zero.
-The higher this value, the more detail will be 
+Make certain that the permissions on the file restrict access from unwanted users\&.
 logged to the log files about the activities of the 
 server. At level 0, only critical errors and serious 
 warnings will be logged. Level 1 is a reasonable level for
 day to day running - it generates a small amount of 
 information about operations carried out.
 Levels above 1 will generate considerable 
 amounts of log data, and should only be used when 
 investigating a problem. Levels above 3 are designed for 
 use only by developers and generate HUGE amounts of log
 data, most of which is extremely cryptic.
 Note that specifying this parameter here will 
 override the log
 level file.
 .TP
-\fB-h|--help\fR
+-U|--user=username[%password]
-Print a summary of command line options.
+Sets the SMB username or username and password\&.
 .TP
 \fB-I IP-address\fR
 \fIIP address\fR is the address of the server to connect to. 
 It should be specified in standard "a.b.c.d" notation. 
 Normally the client would attempt to locate a named 
 SMB/CIFS server by looking it up via the NetBIOS name resolution 
 mechanism described above in the \fIname resolve order\fR 
 parameter above. Using this parameter will force the client
 to assume that the server is on the machine with the specified IP 
 address and the NetBIOS name component of the resource being 
 connected to will be ignored. 
-There is no default for this parameter. If not supplied, 
+If %password is not specified, the user will be prompted\&. The client will first check the \fBUSER\fR environment variable, then the \fBLOGNAME\fR variable and if either exists, the string is uppercased\&. If these environmental variables are not found, the username \fBGUEST\fR is used\&.
 it will be determined automatically by the client as described 
 above. 
 .TP
 \fB-l|--logfile=logbasename\fR
 File name for log/debug files. The extension 
 \&'.client' will be appended. The log file is
 never removed by the client.
 .TP
 \fB-N|--nopass\fR
 instruct \fBrpcclient\fR not to ask 
 for a password.   By default, \fBrpcclient\fR will
 prompt for a password.  See also the \fI-U\fR
 option.
 .TP
 \fB-s|--conf=smb.conf\fR
 Specifies the location of the all-important 
 \fIsmb.conf\fR file. 
 .TP
 \fB-U|--user=username[%password]\fR
 Sets the SMB username or username and password. 
 If %password is not specified, the user will be prompted. The 
 client will first check the \fBUSER\fR environment variable, then the 
 \fBLOGNAME\fR variable and if either exists, the 
 string is uppercased. If these environmental variables are not 
 found, the username GUEST is used. 
-A third option is to use a credentials file which 
+A third option is to use a credentials file which contains the plaintext of the username and password\&. This option is mainly provided for scripts where the admin does not wish to pass the credentials on the command line or via environment variables\&. If this method is used, make certain that the permissions on the file restrict access from unwanted users\&. See the \fI-A\fR for more details\&.
-contains the plaintext of the username and password.  This 
+
-option is mainly provided for scripts where the admin does not 
+
-wish to pass the credentials on the command line or via environment 
+Be cautious about including passwords in scripts\&. Also, on many systems the command line of a running process may be seen via the \fBps\fR command\&. To be safe always allow \fBrpcclient\fR to prompt for a password and type it in directly\&.
-variables. If this method is used, make certain that the permissions 
+
 on the file restrict access from unwanted users.  See the 
 \fI-A\fR for more details. 
 Be cautious about including passwords in scripts. Also, on 
 many systems the command line of a running process may be seen 
 via the \fBps\fR command.  To be safe always allow 
 \fBrpcclient\fR to prompt for a password and type 
 it in directly. 
 .TP
-\fB-W|--workgroup=domain\fR
+-n <primary NetBIOS name>
-Set the SMB domain of the username.   This 
+This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&.
-overrides the default domain which is the domain defined in 
+
-smb.conf.  If the domain specified is the same as the server's NetBIOS name, 
+
-it causes the client to log on using the  server's local SAM (as 
+.TP
-opposed to the Domain SAM). 
+-i <scope>
 This specifies a NetBIOS scope that \fBnmblookup\fR will use to communicate with when generating NetBIOS names\&. For details on the use of NetBIOS scopes, see rfc1001\&.txt and rfc1002\&.txt\&. NetBIOS scopes are \fBvery\fR rarely used, only set this parameter if you are the system administrator in charge of all the NetBIOS systems you communicate with\&.
 .TP
 -W|--workgroup=domain
 Set the SMB domain of the username\&. This overrides the default domain which is the domain defined in smb\&.conf\&. If the domain specified is the same as the servers NetBIOS name, it causes the client to log on using the servers local SAM (as opposed to the Domain SAM)\&.
 .TP
 -O socket options
 TCP socket options to set on the client socket\&. See the socket options parameter in the \fBsmb.conf\fR(5) manual page for the list of valid options\&.
 .TP
 -h|--help
 Print a summary of command line options\&.
 .SH "COMMANDS"
 .SS "LSARPC"
 .TP
 lsaquery
 Query info policy
 .TP
 lookupsids
 Resolve a list of SIDs to usernames\&.
 .TP
 lookupnames
 Resolve a list of usernames to SIDs\&.
 .TP
 enumtrusts
 Enumerate trusted domains
 .TP
 enumprivs
 Enumerate privileges
 .TP
 getdispname
 Get the privilege name
 .TP
 lsaenumsid
 Enumerate the LSA SIDS
 .TP
 lsaenumprivsaccount
 Enumerate the privileges of an SID
 .TP
 lsaenumacctrights
 Enumerate the rights of an SID
 .TP
 lsaenumacctwithright
 Enumerate accounts with a right
 .TP
 lsaaddacctrights
 Add rights to an account
 .TP
 lsaremoveacctrights
 Remove rights from an account
 .TP
 lsalookupprivvalue
 Get a privilege value given its name
 .TP
 lsaquerysecobj
 Query LSA security object
 .SS "LSARPC-DS"
 .TP
 dsroledominfo
 Get Primary Domain Information
 .PP
-\fBLSARPC\fR
+
-.TP 0.2i
+
 \(bu
 \fBlsaquery\fR
 .TP 0.2i
 \(bu
 \fBlookupsids\fR - Resolve a list 
 of SIDs to usernames.
 .TP 0.2i
 \(bu
 \fBlookupnames\fR - Resolve a list 
 of usernames to SIDs.
 .TP 0.2i
 \(bu
 \fBenumtrusts\fR
 .PP
-.PP
+\fBDFS\fR
-\fBSAMR\fR
+
-.TP 0.2i
+.TP
-\(bu
+dfsexist
-\fBqueryuser\fR
+Query DFS support
-.TP 0.2i
+
-\(bu
+
-\fBquerygroup\fR
+.TP
-.TP 0.2i
+dfsadd
-\(bu
+Add a DFS share
-\fBqueryusergroups\fR
+
-.TP 0.2i
+
-\(bu
+.TP
-\fBquerygroupmem\fR
+dfsremove
-.TP 0.2i
+Remove a DFS share
-\(bu
+
-\fBqueryaliasmem\fR
+
-.TP 0.2i
+.TP
-\(bu
+dfsgetinfo
-\fBquerydispinfo\fR
+Query DFS share info
-.TP 0.2i
+
-\(bu
+
-\fBquerydominfo\fR
+.TP
-.TP 0.2i
+dfsenum
-\(bu
+Enumerate dfs shares
-\fBenumdomgroups\fR
+
-.PP
+
-.PP
+.SS "REG"
-\fBSPOOLSS\fR
+
-.TP 0.2i
+.TP
-\(bu
+shutdown
-\fBadddriver <arch> <config>\fR 
+Remote Shutdown
- Execute an AddPrinterDriver() RPC to install the printer driver 
+
-information on the server.  Note that the driver files should 
+
-already exist in the directory returned by  
+.TP
-\fBgetdriverdir\fR.  Possible values for 
+abortshutdown
-\fIarch\fR are the same as those for 
+Abort Shutdown
-the \fBgetdriverdir\fR command.
+
-The \fIconfig\fR parameter is defined as 
+
-follows: 
+.SS "SRVSVC"
 .TP
 srvinfo
 Server query info
 .TP
 netshareenum
 Enumerate shares
 .TP
 netfileenum
 Enumerate open files
 .TP
 netremotetod
 Fetch remote time of day
 .SS "SAMR"
 .TP
 queryuser
 Query user info
 .TP
 querygroup
 Query group info
 .TP
 queryusergroups
 Query user groups
 .TP
 querygroupmem
 Query group membership
 .TP
 queryaliasmem
 Query alias membership
 .TP
 querydispinfo
 Query display info
 .TP
 querydominfo
 Query domain info
 .TP
 enumdomusers
 Enumerate domain users
 .TP
 enumdomgroups
 Enumerate domain groups
 .TP
 enumalsgroups
 Enumerate alias groups
 .TP
 createdomuser
 Create domain user
 .TP
 samlookupnames
 Look up names
 .TP
 samlookuprids
 Look up names
 .TP
 deletedomuser
 Delete domain user
 .TP
 samquerysecobj
 Query SAMR security object
 .TP
 getdompwinfo
 Retrieve domain password info
 .TP
 lookupdomain
 Look up domain
 .SS "SPOOLSS"
 .TP
 adddriver <arch> <config>
 Execute an AddPrinterDriver() RPC to install the printer driver information on the server\&. Note that the driver files should already exist in the directory returned by \fBgetdriverdir\fR\&. Possible values for \fIarch\fR are the same as those for the \fBgetdriverdir\fR command\&. The \fIconfig\fR parameter is defined as follows:
 .nf
 		Long Printer Name:\\
 		Driver File Name:\\
 		Data File Name:\\
 		Config File Name:\\
 		Help File Name:\\
 		Language Monitor Name:\\
 		Default Data Type:\\
 		Comma Separated list of Files
 Long Printer Name:\\
 Driver File Name:\\
 Data File Name:\\
 Config File Name:\\
 Help File Name:\\
 Language Monitor Name:\\
 Default Data Type:\\
 Comma Separated list of Files
 .fi
 Any empty fields should be enter as the string "NULL". 
-Samba does not need to support the concept of Print Monitors
+Any empty fields should be enter as the string "NULL"\&.
-since these only apply to local printers whose driver can make
+
-use of a bi-directional link for communication.  This field should 
+
-be "NULL".   On a remote NT print server, the Print Monitor for a 
+Samba does not need to support the concept of Print Monitors since these only apply to local printers whose driver can make use of a bi-directional link for communication\&. This field should be "NULL"\&. On a remote NT print server, the Print Monitor for a driver must already be installed prior to adding the driver or else the RPC will fail\&.
-driver must already be installed prior to adding the driver or 
+
-else the RPC will fail. 
+
-.TP 0.2i
+.TP
-\(bu
+addprinter <printername> <sharename> <drivername> <port>
-\fBaddprinter <printername> 
+Add a printer on the remote server\&. This printer will be automatically shared\&. Be aware that the printer driver must already be installed on the server (see \fBadddriver\fR) and the \fIport\fRmust be a valid port name (see \fBenumports\fR\&.
-<sharename> <drivername> <port>\fR 
+
- Add a printer on the remote server.  This printer 
+
-will be automatically shared.  Be aware that the printer driver 
+.TP
-must already be installed on the server (see \fBadddriver\fR) 
+deldriver
-and the \fIport\fRmust be a valid port name (see
+Delete the specified printer driver for all architectures\&. This does not delete the actual driver files from the server, only the entry from the server's list of drivers\&.
-\fBenumports\fR.
+
-.TP 0.2i
+
-\(bu
+.TP
-\fBdeldriver\fR - Delete the 
+enumdata
-specified printer driver for all architectures.  This
+Enumerate all printer setting data stored on the server\&. On Windows NT clients, these values are stored in the registry, while Samba servers store them in the printers TDB\&. This command corresponds to the MS Platform SDK GetPrinterData() function (* This command is currently unimplemented)\&.
-does not delete the actual driver files from the server,
+
-only the entry from the server's list of drivers.
+
-.TP 0.2i
+.TP
-\(bu
+enumdataex
-\fBenumdata\fR - Enumerate all 
+Enumerate printer data for a key
-printer setting data stored on the server. On Windows NT  clients, 
+
-these values are stored  in the registry, while Samba servers 
+
-store them in the printers TDB.  This command corresponds
+.TP
-to the MS Platform SDK GetPrinterData() function (* This
+enumjobs <printer>
-command is currently unimplemented).
+List the jobs and status of a given printer\&. This command corresponds to the MS Platform SDK EnumJobs() function
-.TP 0.2i
+
-\(bu
+
-\fBenumjobs <printer>\fR 
+.TP
- List the jobs and status of a given printer. 
+enumkey
-This command corresponds to the MS Platform SDK EnumJobs() 
+Enumerate printer keys
-function (* This command is currently unimplemented).
+
-.TP 0.2i
+
-\(bu
+.TP
-\fBenumports [level]\fR 
+enumports [level]
- Executes an EnumPorts() call using the specified 
+Executes an EnumPorts() call using the specified info level\&. Currently only info levels 1 and 2 are supported\&.
-info level. Currently only info levels 1 and 2 are supported. 
+
-.TP 0.2i
+
-\(bu
+.TP
-\fBenumdrivers [level]\fR 
+enumdrivers [level]
- Execute an EnumPrinterDrivers() call.  This lists the various installed 
+Execute an EnumPrinterDrivers() call\&. This lists the various installed printer drivers for all architectures\&. Refer to the MS Platform SDK documentation for more details of the various flags and calling options\&. Currently supported info levels are 1, 2, and 3\&.
-printer drivers for all architectures.  Refer to the MS Platform SDK 
+
-documentation for more details of the various flags and calling 
+
-options. Currently supported info levels are 1, 2, and 3.
+.TP
-.TP 0.2i
+enumprinters [level]
-\(bu
+Execute an EnumPrinters() call\&. This lists the various installed and share printers\&. Refer to the MS Platform SDK documentation for more details of the various flags and calling options\&. Currently supported info levels are 1, 2 and 5\&.
-\fBenumprinters [level]\fR 
+
- Execute an EnumPrinters() call.  This lists the various installed 
+
-and share printers.  Refer to the MS Platform SDK documentation for 
+.TP
-more details of the various flags and calling options. Currently
+getdata <printername> <valuename;>
-supported info levels are 0, 1, and 2.
+Retrieve the data for a given printer setting\&. See the \fBenumdata\fR command for more information\&. This command corresponds to the GetPrinterData() MS Platform SDK function\&.
-.TP 0.2i
+
-\(bu
+
-\fBgetdata <printername>\fR 
+.TP
- Retrieve the data for a given printer setting.  See 
+getdataex
-the  \fBenumdata\fR command for more information.  
+Get printer driver data with keyname
-This command corresponds to the GetPrinterData() MS Platform 
+
-SDK function (* This command is currently unimplemented). 
+
-.TP 0.2i
+.TP
-\(bu
+getdriver <printername>
-\fBgetdriver <printername>\fR 
+Retrieve the printer driver information (such as driver file, config file, dependent files, etc\&.\&.\&.) for the given printer\&. This command corresponds to the GetPrinterDriver() MS Platform SDK function\&. Currently info level 1, 2, and 3 are supported\&.
- Retrieve the printer driver information (such as driver file, 
+
-config file, dependent files, etc...) for 
+
-the given printer. This command corresponds to the GetPrinterDriver()
+.TP
-MS Platform  SDK function. Currently info level 1, 2, and 3 are supported.
+getdriverdir <arch>
-.TP 0.2i
+Execute a GetPrinterDriverDirectory() RPC to retrieve the SMB share name and subdirectory for storing printer driver files for a given architecture\&. Possible values for \fIarch\fR are "Windows 4\&.0" (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows Alpha_AXP", and "Windows NT R4000"\&.
-\(bu
+
-\fBgetdriverdir <arch>\fR 
+
- Execute a GetPrinterDriverDirectory()
+.TP
-RPC to retrieve the SMB share name and subdirectory for 
+getprinter <printername>
-storing printer driver files for a given architecture.  Possible 
+Retrieve the current printer information\&. This command corresponds to the GetPrinter() MS Platform SDK function\&.
-values for \fIarch\fR are "Windows 4.0" 
+
-(for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows
+
-Alpha_AXP", and "Windows NT R4000". 
+.TP
-.TP 0.2i
+getprintprocdir
-\(bu
+Get print processor directory
-\fBgetprinter <printername>\fR 
+
- Retrieve the current printer information.  This command 
+
-corresponds to the GetPrinter() MS Platform SDK function. 
+.TP
-.TP 0.2i
+openprinter <printername>
-\(bu
+Execute an OpenPrinterEx() and ClosePrinter() RPC against a given printer\&.
-\fBopenprinter <printername>\fR 
+
- Execute an OpenPrinterEx() and ClosePrinter() RPC 
+
-against a given printer. 
+.TP
-.TP 0.2i
+setdriver <printername> <drivername>
-\(bu
+Execute a SetPrinter() command to update the printer driver associated with an installed printer\&. The printer driver must already be correctly installed on the print server\&.
-\fBsetdriver <printername>
+
-<drivername>\fR
+
- Execute a SetPrinter() command to update the printer driver
+See also the \fBenumprinters\fR and \fBenumdrivers\fR commands for obtaining a list of of installed printers and drivers\&.
-associated with an installed printer.  The printer driver must
+
-already be correctly installed on the print server.  
+
 .TP
 addform
 Add form
 .TP
 setform
 Set form
 .TP
 getform
 Get form
 .TP
 deleteform
 Delete form
 .TP
 enumforms
 Enumerate form
 .TP
 setprinter
 Set printer comment
 .TP
 setprinterdata
 Set REG_SZ printer data
 .TP
 rffpcnex
 Rffpcnex test
 .SS "NETLOGON"
 .TP
 logonctrl2
 Logon Control 2
 .TP
 logonctrl
 Logon Control
 .TP
 samsync
 Sam Synchronisation
 .TP
 samdeltas
 Query Sam Deltas
 .TP
 samlogon
 Sam Logon
 .SS "GENERAL COMMANDS"
 .TP
 debuglevel
 Set the current debug level used to log information\&.
 .TP
 help (?)
 Print a listing of all known commands or extended help on a particular command\&.
 .TP
 quit (exit)
 Exit \fBrpcclient \fR\&.
 See also the \fBenumprinters\fR and 
 \fBenumdrivers\fR commands for obtaining a list of
 of installed printers and drivers.
 .PP
 \fBGENERAL OPTIONS\fR
 .TP 0.2i
 \(bu
 \fBdebuglevel\fR - Set the current
 debug level used to log information.
 .TP 0.2i
 \(bu
 \fBhelp (?)\fR - Print a listing of all 
 known commands or extended help  on a particular command. 
 .TP 0.2i
 \(bu
 \fBquit (exit)\fR - Exit \fBrpcclient
 \fR.
 .SH "BUGS"
 .PP
-\fBrpcclient\fR is designed as a developer testing tool 
+\fBrpcclient\fR is designed as a developer testing tool and may not be robust in certain areas (such as command line parsing)\&. It has been known to generate a core dump upon failures when invalid parameters where passed to the interpreter\&.
-and may not be robust in certain areas (such as command line parsing).  
+
 It has been known to  generate a core dump upon failures when invalid 
 parameters where passed to the interpreter. 
 .PP
 From Luke Leighton's original rpcclient man page:
 .PP
-\fB"WARNING!\fR The MSRPC over SMB code has 
+\fBWARNING!\fR The MSRPC over SMB code has been developed from examining Network traces\&. No documentation is available from the original creators (Microsoft) on how MSRPC over SMB works, or how the individual MSRPC services work\&. Microsoft's implementation of these services has been demonstrated (and reported) to be\&.\&.\&. a bit flaky in places\&.
-been developed from examining  Network traces. No documentation is 
+
 available from the original creators  (Microsoft) on how MSRPC over 
 SMB works, or how the individual MSRPC services  work. Microsoft's 
 implementation of these services has been demonstrated  (and reported) 
 to be... a bit flaky in places. 
 .PP
-The development of Samba's implementation is also a bit rough, 
+The development of Samba's implementation is also a bit rough, and as more of the services are understood, it can even result in versions of \fBsmbd\fR(8) and \fBrpcclient\fR(1) that are incompatible for some commands or services\&. Additionally, the developers are sending reports to Microsoft, and problems found or reported to Microsoft are fixed in Service Packs, which may result in incompatibilities\&.
-and as more  of the services are understood, it can even result in 
+
 versions of  \fBsmbd(8)\fR and \fBrpcclient(1)\fR 
 that are incompatible for some commands or  services. Additionally, 
 the developers are sending reports to Microsoft,  and problems found 
 or reported to Microsoft are fixed in Service Packs,  which may 
 result in incompatibilities." 
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of the Samba 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-suite.
+
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original rpcclient man page was written by Matthew 
+The original rpcclient man page was written by Matthew Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.  
+
 The conversion to DocBook for Samba 2.2 was done by Gerald 
 Carter.
--- a/docs/manpages/smb.conf.5
+++ b/docs/manpages/smb.conf.5
--- a/docs/manpages/smbcacls.1
+++ b/docs/manpages/smbcacls.1
@ -1,82 +1,135 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "SMBCACLS" "1" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "SMBCACLS" 1 "" "" ""
 .SH NAME
 smbcacls \- Set or get ACLs on an NT file or directory names
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBsmbcacls\fR \fB//server/share\fR \fBfilename\fR [ \fB-U username\fR ] [ \fB-A acls\fR ] [ \fB-M acls\fR ] [ \fB-D acls\fR ] [ \fB-S acls\fR ] [ \fB-C name\fR ] [ \fB-G name\fR ] [ \fB-n\fR ] [ \fB-h\fR ]
+.nf
 \fBsmbcacls\fR {//server/share} {filename} [-D acls] [-M acls] [-A acls] [-S acls] [-C name] [-G name] [-n] [-t] [-U username] [-h] [-d]
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-The \fBsmbcacls\fR program manipulates NT Access Control
+The \fBsmbcacls\fR program manipulates NT Access Control Lists (ACLs) on SMB file shares\&.
-Lists (ACLs) on SMB file shares. 
+
 .SH "OPTIONS"
 .PP
-The following options are available to the \fBsmbcacls\fR program.  
+The following options are available to the \fBsmbcacls\fR program\&. The format of ACLs is described in the section ACL FORMAT
 The format of ACLs is described in the section ACL FORMAT 
 .TP
 \fB-A acls\fR
 Add the ACLs specified to the ACL list.  Existing 
 access control entries are unchanged. 
 .TP
 \fB-M acls\fR
 Modify the mask value (permissions) for the ACLs 
 specified on the command line.  An error will be printed for each 
 ACL specified that was not already present in the ACL list
 .TP
 \fB-D acls\fR
 Delete any ACLs specified on the command line.  
 An error will be printed for each ACL specified that was not 
 already present in the ACL list. 
 .TP
 \fB-S acls\fR
 This command sets the ACLs on the file with 
 only the ones specified on the command line.  All other ACLs are 
 erased. Note that the ACL specified must contain at least a revision,
 type, owner and group for the call to succeed. 
 .TP
 \fB-U username\fR
 Specifies a username used to connect to the 
 specified service.  The username may be of the form "username" in 
 which case the user is prompted to enter in a password and the 
 workgroup specified in the \fIsmb.conf\fR file is 
 used, or "username%password"  or "DOMAIN\\username%password" and the 
 password and workgroup names are used as provided. 
 .TP
 \fB-C name\fR
 The owner of a file or directory can be changed 
 to the name given using the \fI-C\fR option.  
 The name can be a sid in the form S-1-x-y-z or a name resolved 
 against the server specified in the first argument. 
 This command is a shortcut for -M OWNER:name. 
 .TP
-\fB-G name\fR
+-A acls
-The group owner of a file or directory can 
+Add the ACLs specified to the ACL list\&. Existing access control entries are unchanged\&.
-be changed to the name given using the \fI-G\fR 
+
 option.  The name can be a sid in the form S-1-x-y-z or a name 
 resolved against the server specified n the first argument.
 This command is a shortcut for -M GROUP:name.
 .TP
-\fB-n\fR
+-M acls
-This option displays all ACL information in numeric 
+Modify the mask value (permissions) for the ACLs specified on the command line\&. An error will be printed for each ACL specified that was not already present in the ACL list
-format.  The default is to convert SIDs to names and ACE types 
+
-and masks to a readable string format.  
+
 .TP
-\fB-h\fR
+-D acls
-Print usage information on the \fBsmbcacls
+Delete any ACLs specified on the command line\&. An error will be printed for each ACL specified that was not already present in the ACL list\&.
-\fR program.
+
 .TP
 -S acls
 This command sets the ACLs on the file with only the ones specified on the command line\&. All other ACLs are erased\&. Note that the ACL specified must contain at least a revision, type, owner and group for the call to succeed\&.
 .TP
 -U username
 Specifies a username used to connect to the specified service\&. The username may be of the form "username" in which case the user is prompted to enter in a password and the workgroup specified in the \fBsmb.conf\fR(5) file is used, or "username%password" or "DOMAIN\\username%password" and the password and workgroup names are used as provided\&.
 .TP
 -C name
 The owner of a file or directory can be changed to the name given using the \fI-C\fR option\&. The name can be a sid in the form S-1-x-y-z or a name resolved against the server specified in the first argument\&.
 This command is a shortcut for -M OWNER:name\&.
 .TP
 -G name
 The group owner of a file or directory can be changed to the name given using the \fI-G\fR option\&. The name can be a sid in the form S-1-x-y-z or a name resolved against the server specified n the first argument\&.
 This command is a shortcut for -M GROUP:name\&.
 .TP
 -n
 This option displays all ACL information in numeric format\&. The default is to convert SIDs to names and ACE types and masks to a readable string format\&.
 .TP
 -t
 Don't actually do anything, only validate the correctness of the arguments\&.
 .TP
 -h|--help
 Print a summary of command line options\&.
 .TP
 -V
 Prints the version number for \fBsmbd\fR\&.
 .TP
 -s <configuration file>
 The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
 .TP
 -d|--debug=debuglevel
 \fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
 The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
 Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
 .TP
 -l|--logfile=logbasename
 File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
 .SH "ACL FORMAT"
 .PP
-The format of an ACL is one or more ACL entries separated by 
+The format of an ACL is one or more ACL entries separated by either commas or newlines\&. An ACL entry is one of the following:
-either commas or newlines.  An ACL entry is one of the following: 
+
 .PP
 .nf
@ -85,104 +138,109 @@ REVISION:<revision number>
 OWNER:<sid or name>
 GROUP:<sid or name>
 ACL:<sid or name>:<type>/<flags>/<mask>
 .fi
 .PP
-The revision of the ACL specifies the internal Windows 
+The revision of the ACL specifies the internal Windows NT ACL revision for the security descriptor\&. If not specified it defaults to 1\&. Using values other than 1 may cause strange behaviour\&.
-NT ACL revision for the security descriptor.  
+
 If not specified it defaults to 1.  Using values other than 1 may 
 cause strange behaviour. 
 .PP
-The owner and group specify the owner and group sids for the 
+The owner and group specify the owner and group sids for the object\&. If a SID in the format CWS-1-x-y-z is specified this is used, otherwise the name specified is resolved using the server on which the file or directory resides\&.
-object.  If a SID in the format CWS-1-x-y-z is specified this is used, 
+
 otherwise the name specified is resolved using the server on which 
 the file or directory resides. 
 .PP
-ACLs specify permissions granted to the SID.  This SID again 
+ACLs specify permissions granted to the SID\&. This SID again can be specified in CWS-1-x-y-z format or as a name in which case it is resolved against the server on which the file or directory resides\&. The type, flags and mask values determine the type of access granted to the SID\&.
-can be specified in CWS-1-x-y-z format or as a name in which case 
+
 it is resolved against the server on which the file or directory 
 resides.  The type, flags and mask values determine the type of 
 access granted to the SID. 
 .PP
-The type can be either 0 or 1 corresponding to ALLOWED or 
+The type can be either 0 or 1 corresponding to ALLOWED or DENIED access to the SID\&. The flags values are generally zero for file ACLs and either 9 or 2 for directory ACLs\&. Some common flags are:
-DENIED access to the SID.  The flags values are generally
+
-zero for file ACLs and either 9 or 2 for directory ACLs.  Some 
+.TP 3
 common flags are: 
 .TP 0.2i
 \(bu
-#define SEC_ACE_FLAG_OBJECT_INHERIT      0x1
+\fB#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1\fR
-.TP 0.2i
+
 .TP
 \(bu
-#define SEC_ACE_FLAG_CONTAINER_INHERIT   0x2
+\fB#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2\fR
-.TP 0.2i
+
 .TP
 \(bu
-#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT       0x4
+\fB#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4\fR
-.TP 0.2i
+
 .TP
 \(bu
-#define SEC_ACE_FLAG_INHERIT_ONLY        0x8
+\fB#define SEC_ACE_FLAG_INHERIT_ONLY 0x8\fR
 .LP
 .PP
-At present flags can only be specified as decimal or 
+At present flags can only be specified as decimal or hexadecimal values\&.
-hexadecimal values.
+
 .PP
-The mask is a value which expresses the access right 
+The mask is a value which expresses the access right granted to the SID\&. It can be given as a decimal or hexadecimal value, or by using one of the following text strings which map to the NT file permissions of the same name\&.
-granted to the SID. It can be given as a decimal or hexadecimal value, 
+
-or by using one of the following text strings which map to the NT 
+.TP 3
 file permissions of the same name. 
 .TP 0.2i
 \(bu
 \fBR\fR - Allow read access
-.TP 0.2i
+
 .TP
 \(bu
 \fBW\fR - Allow write access
-.TP 0.2i
+
 .TP
 \(bu
 \fBX\fR - Execute permission on the object
-.TP 0.2i
+
 .TP
 \(bu
 \fBD\fR - Delete the object
-.TP 0.2i
+
 .TP
 \(bu
 \fBP\fR - Change permissions
-.TP 0.2i
+
 .TP
 \(bu
 \fBO\fR - Take ownership
 .LP
 .PP
 The following combined permissions can be specified:
-.TP 0.2i
+
 .TP 3
 \(bu
-\fBREAD\fR -  Equivalent to 'RX'
+\fBREAD\fR - Equivalent to 'RX' permissions
-permissions
+
-.TP 0.2i
+.TP
 \(bu
 \fBCHANGE\fR - Equivalent to 'RXWD' permissions
-.TP 0.2i
+
 .TP
 \(bu
-\fBFULL\fR - Equivalent to 'RWXDPO' 
+\fBFULL\fR - Equivalent to 'RWXDPO' permissions
-permissions
+
 .LP
 .SH "EXIT STATUS"
 .PP
-The \fBsmbcacls\fR program sets the exit status 
+The \fBsmbcacls\fR program sets the exit status depending on the success or otherwise of the operations performed\&. The exit status may be one of the following values\&.
-depending on the success or otherwise of the operations performed.  
+
 The exit status may be one of the following values. 
 .PP
-If the operation succeeded, smbcacls returns and exit 
+If the operation succeeded, smbcacls returns and exit status of 0\&. If \fBsmbcacls\fR couldn't connect to the specified server, or there was an error getting or setting the ACLs, an exit status of 1 is returned\&. If there was an error parsing any command line arguments, an exit status of 2 is returned\&.
-status of 0.  If \fBsmbcacls\fR couldn't connect to the specified server, 
+
 or there was an error getting or setting the ACLs, an exit status 
 of 1 is returned.  If there was an error parsing any command line 
 arguments, an exit status of 2 is returned. 
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-\fBsmbcacls\fR was written by Andrew Tridgell 
+\fBsmbcacls\fR was written by Andrew Tridgell and Tim Potter\&.
-and Tim Potter.
+
 .PP
-The conversion to DocBook for Samba 2.2 was done 
+The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-by Gerald Carter
+
--- a/docs/manpages/smbclient.1
+++ b/docs/manpages/smbclient.1
--- a/docs/manpages/smbcontrol.1
+++ b/docs/manpages/smbcontrol.1
@ -1,151 +1,216 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "SMBCONTROL" "1" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "SMBCONTROL" 1 "" "" ""
 .SH NAME
 smbcontrol \- send messages to smbd, nmbd or winbindd processes
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBsmbcontrol\fR [ \fB-i\fR ]
+.nf
 \fBsmbcontrol\fR [-i] [-s]
 .fi
-
+.nf
-\fBsmbcontrol\fR [ \fBdestination\fR ] [ \fBmessage-type\fR ] [ \fBparameter\fR ]
+\fBsmbcontrol\fR [destination] [message-type] [parameter]
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-\fBsmbcontrol\fR is a very small program, which 
+\fBsmbcontrol\fR is a very small program, which sends messages to a \fBsmbd\fR(8), a \fBnmbd\fR(8), or a \fBwinbindd\fR(8) daemon running on the system\&.
-sends messages to an smbd(8) 
+
 an nmbd(8)
 or a winbindd(8) 
 daemon running on the system.
 .SH "OPTIONS"
 .TP
-\fB-i\fR
+-h|--help
-Run interactively. Individual commands 
+Print a summary of command line options\&.
-of the form destination message-type parameters can be entered 
+
-on STDIN. An empty command line or a "q" will quit the 
+
 program.
 .TP
-\fBdestination\fR
+-s <configuration file>
-One of \fInmbd\fR
+The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
 \fIsmbd\fR or a process ID.
 The \fIsmbd\fR destination causes the 
 message to "broadcast" to all smbd daemons.
 The \fInmbd\fR destination causes the 
 message to be sent to the nmbd daemon specified in the 
 \fInmbd.pid\fR file.
 If a single process ID is given, the message is sent 
 to only that process.
 .TP
-\fBmessage-type\fR
+-i
-One of: close-share,
+Run interactively\&. Individual commands of the form destination message-type parameters can be entered on STDIN\&. An empty command line or a "q" will quit the program\&.
 debug, 
 force-election, ping
 , profile,   debuglevel, profilelevel, 
 or printnotify.
 The close-share message-type sends a 
 message to smbd which will then close the client connections to
 the named share. Note that this doesn't affect client connections
 to any other shares. This message-type takes an argument of the
 share name for which client connections will be closed, or the
 "*" character which will close all currently open shares.
 This may be useful if you made changes to the access controls on the share.
 This message can only be sent to smbd.
 The debug message-type allows 
 the debug level to be set to the value specified by the 
 parameter. This can be sent to any of the destinations.
 The force-election message-type can only be 
 sent to the nmbd destination. This message 
 causes the \fBnmbd\fR daemon to force a new browse
 master election.
 The ping message-type sends the 
 number of "ping" messages specified by the parameter and waits 
 for the same number of  reply "pong" messages. This can be sent to 
 any of the destinations.
 The profile message-type sends a 
 message to an smbd to change the profile settings based on the 
 parameter. The parameter can be "on" to turn on profile stats 
 collection, "off" to turn off profile stats collection, "count"
 to enable only collection of count stats (time stats are 
 disabled), and "flush" to zero the current profile stats. This can 
 be sent to any smbd or nmbd destinations.
 The debuglevel message-type sends 
 a "request debug level" message. The current debug level setting 
 is returned by a  "debuglevel" message. This can be 
 sent to any of the destinations.
 The profilelevel message-type sends 
 a "request profile level" message.  The current profile level 
 setting is returned by a  "profilelevel" message. This can be sent 
 to any smbd or nmbd destinations.
 The printnotify message-type sends a 
 message to smbd which in turn sends a printer notify message to 
 any Windows NT clients connected to a printer. This message-type
 takes the following arguments:
 .RS
 .TP
-\fBqueuepause printername\fR
+destination
-Send a queue pause change notify
+One of \fInmbd\fR, \fIsmbd\fR or a process ID\&.
-message to the printer specified.
+
 The \fIsmbd\fR destination causes the message to "broadcast" to all smbd daemons\&.
 The \fInmbd\fR destination causes the message to be sent to the nmbd daemon specified in the \fInmbd\&.pid\fR file\&.
 If a single process ID is given, the message is sent to only that process\&.
 .TP
-\fBqueueresume printername\fR
+message-type
-Send a queue resume change notify
+Type of message to send\&. See the section \fBMESSAGE-TYPES\fR for details\&.
-message for the printer specified.
+
 .TP
-\fBjobpause printername unixjobid\fR
+parameters
 Send a job pause change notify
 message for the printer and unix jobid
 specified.
 .TP
 \fBjobresume printername unixjobid\fR
 Send a job resume change notify
 message for the printer and unix jobid
 specified.
 .TP
 \fBjobdelete printername unixjobid\fR
 Send a job delete change notify
 message for the printer and unix jobid
 specified.
 .RE
 Note that this message only sends notification that an
 event has occured.  It doesn't actually cause the
 event to happen.
 This message can only be sent to smbd. 
 .TP
 \fBparameters\fR
 any parameters required for the message-type
 .SH "MESSAGE-TYPES"
 .PP
 Available message types are:
 .TP
 close-share
 Order smbd to close the client connections to the named share\&. Note that this doesn't affect client connections to any other shares\&. This message-type takes an argument of the share name for which client connections will be closed, or the "*" character which will close all currently open shares\&. This may be useful if you made changes to the access controls on the share\&. This message can only be sent to \fBsmbd\fR\&.
 .TP
 debug
 Set debug level to the value specified by the parameter\&. This can be sent to any of the destinations\&.
 .TP
 force-election
 This message causes the \fBnmbd\fR daemon to force a new browse master election\&.
 .TP
 ping
 Send specified number of "ping" messages and wait for the same number of reply "pong" messages\&. This can be sent to any of the destinations\&.
 .TP
 profile
 Change profile settings of a daemon, based on the parameter\&. The parameter can be "on" to turn on profile stats collection, "off" to turn off profile stats collection, "count" to enable only collection of count stats (time stats are disabled), and "flush" to zero the current profile stats\&. This can be sent to any smbd or nmbd destinations\&.
 .TP
 debuglevel
 Request debuglevel of a certain daemon and write it to stdout\&. This can be sent to any of the destinations\&.
 .TP
 profilelevel
 Request profilelevel of a certain daemon and write it to stdout\&. This can be sent to any smbd or nmbd destinations\&.
 .TP
 printnotify
 Order smbd to send a printer notify message to any Windows NT clients connected to a printer\&. This message-type takes the following arguments:
 .RS
 .TP
 queuepause printername
 Send a queue pause change notify message to the printer specified\&.
 .TP
 queueresume printername
 Send a queue resume change notify message for the printer specified\&.
 .TP
 jobpause printername unixjobid
 Send a job pause change notify message for the printer and unix jobid specified\&.
 .TP
 jobresume printername unixjobid
 Send a job resume change notify message for the printer and unix jobid specified\&.
 .TP
 jobdelete printername unixjobid
 Send a job delete change notify message for the printer and unix jobid specified\&.
 .RE
 Note that this message only sends notification that an event has occured\&. It doesn't actually cause the event to happen\&.
 This message can only be sent to \fBsmbd\fR\&.
 .TP
 samsync
 Order smbd to synchronise sam database from PDC (being BDC)\&. Can only be sent to \fBsmbd\fR\&.
 Not working at the moment
 .TP
 samrepl
 Send sam replication message, with specified serial\&. Can only be sent to \fBsmbd\fR\&. Should not be used manually\&.
 .TP
 dmalloc-mark
 Set a mark for dmalloc\&. Can be sent to both smbd and nmbd\&. Only available if samba is built with dmalloc support\&.
 .TP
 dmalloc-log-changed
 Dump the pointers that have changed since the mark set by dmalloc-mark\&. Can be sent to both smbd and nmbd\&. Only available if samba is built with dmalloc support\&.
 .TP
 shutdown
 Shut down specified daemon\&. Can be sent to both smbd and nmbd\&.
 .TP
 pool-usage
 Print a human-readable description of all talloc(pool) memory usage by the specified daemon/process\&. Available for both smbd and nmbd\&.
 .TP
 drvupgrade
 Force clients of printers using specified driver to update their local version of the driver\&. Can only be sent to smbd\&.
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fBnmbd(8)\fR 
+\fBnmbd\fR(8) and \fBsmbd\fR(8)\&.
-and \fBsmbd(8)\fR
+
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/smbd.8
+++ b/docs/manpages/smbd.8
@ -1,316 +1,230 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "SMBD" "8" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "SMBD" 8 "" "" ""
 .SH NAME
 smbd \- server to provide SMB/CIFS services to clients
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBsmbd\fR [ \fB-D\fR ] [ \fB-F\fR ] [ \fB-S\fR ] [ \fB-i\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-b\fR ] [ \fB-d <debug level>\fR ] [ \fB-l <log directory>\fR ] [ \fB-p <port number>\fR ] [ \fB-O <socket option>\fR ] [ \fB-s <configuration file>\fR ]
+.nf
 \fBsmbd\fR [-D] [-F] [-S] [-i] [-h] [-V] [-b] [-d <debug level>] [-l <log directory>]
     [-p <port number>] [-O <socket option>] [-s <configuration file>]
 .fi
 .SH "DESCRIPTION"
 .PP
-This program is part of the Samba suite.
+This program is part of the \fBSamba\fR(7) suite\&.
 .PP
-\fBsmbd\fR is the server daemon that 
+\fBsmbd\fR is the server daemon that provides filesharing and printing services to Windows clients\&. The server provides filespace and printer services to clients using the SMB (or CIFS) protocol\&. This is compatible with the LanManager protocol, and can service LanManager clients\&. These include MSCLIENT 3\&.0 for DOS, Windows for Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, OS/2, DAVE for Macintosh, and smbfs for Linux\&.
-provides filesharing and printing services to Windows clients. 
+
 The server provides filespace and printer services to
 clients using the SMB (or CIFS) protocol. This is compatible 
 with the LanManager protocol, and can service LanManager 
 clients.  These include MSCLIENT 3.0 for DOS, Windows for 
 Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, 
 OS/2, DAVE for Macintosh, and smbfs for Linux.
 .PP
-An extensive description of the services that the 
+An extensive description of the services that the server can provide is given in the man page for the configuration file controlling the attributes of those services (see \fBsmb.conf\fR(5)\&. This man page will not describe the services, but will concentrate on the administrative aspects of running the server\&.
-server can provide is given in the man page for the 
+
 configuration file controlling the attributes of those 
 services (see \fIsmb.conf(5)
 \fR  This man page will not describe the 
 services, but will concentrate on the administrative aspects 
 of running the server.
 .PP
-Please note that there are significant security 
+Please note that there are significant security implications to running this server, and the \fBsmb.conf\fR(5) manual page should be regarded as mandatory reading before proceeding with installation\&.
-implications to running this server, and the \fIsmb.conf(5)\fR 
+
 manpage should be regarded as mandatory reading before 
 proceeding with installation.
 .PP
-A session is created whenever a client requests one. 
+A session is created whenever a client requests one\&. Each client gets a copy of the server for each session\&. This copy then services all connections made by the client during that session\&. When all connections from its client are closed, the copy of the server for that client terminates\&.
-Each client gets a copy of the server for each session. This 
+
 copy then services all connections made by the client during 
 that session. When all connections from its client are closed, 
 the copy of the server for that client terminates.
 .PP
-The configuration file, and any files that it includes, 
+The configuration file, and any files that it includes, are automatically reloaded every minute, if they change\&. You can force a reload by sending a SIGHUP to the server\&. Reloading the configuration file will not affect connections to any service that is already established\&. Either the user will have to disconnect from the service, or \fBsmbd\fR killed and restarted\&.
-are automatically reloaded every minute, if they change.  You 
+
 can force a reload by sending a SIGHUP to the server.  Reloading 
 the configuration file will not affect connections to any service 
 that is already established.  Either the user will have to 
 disconnect from the service, or \fBsmbd\fR killed and restarted.
 .SH "OPTIONS"
 .TP
 \fB-D\fR
 If specified, this parameter causes 
 the server to operate as a daemon. That is, it detaches 
 itself and runs in the background, fielding requests 
 on the appropriate port. Operating the server as a
 daemon is the recommended way of running \fBsmbd\fR for 
 servers that provide more than casual use file and 
 print services.  This switch is assumed if \fBsmbd
 \fR is executed on the command line of a shell.
 .TP
 \fB-F\fR
 If specified, this parameter causes
 the main \fBsmbd\fR process to not daemonize,
 i.e. double-fork and disassociate with the terminal.
 Child processes are still created as normal to service
 each connection request, but the main process does not
 exit. This operation mode is suitable for running
 \fBsmbd\fR under process supervisors such
 as \fBsupervise\fR and \fBsvscan\fR
 from Daniel J. Bernstein's \fBdaemontools\fR
 package, or the AIX process monitor.
 .TP
 \fB-S\fR
 If specified, this parameter causes
 \fBsmbd\fR to log to standard output rather
 than a file.
 .TP
 \fB-i\fR
 If this parameter is specified it causes the
 server to run "interactively", not as a daemon, even if the
 server is executed on the command line of a shell. Setting this
 parameter negates the implicit deamon mode when run from the
 command line. \fBsmbd\fR also logs to standard
 output, as if the \fB-S\fR parameter had been
 given.
 .TP
 \fB-h\fR
 Prints the help information (usage) 
 for \fBsmbd\fR.
 .TP
 \fB-V\fR
 Prints the version number for 
 \fBsmbd\fR.
 .TP
 \fB-b\fR
 Prints information about how 
 Samba was built.
 .TP
 \fB-d <debug level>\fR
 \fIdebuglevel\fR is an integer 
 from 0 to 10.  The default value if this parameter is 
 not specified is zero.
 The higher this value, the more detail will be 
 logged to the log files about the activities of the 
 server. At level 0, only critical errors and serious 
 warnings will be logged. Level 1 is a reasonable level for
 day to day running - it generates a small amount of 
 information about operations carried out.
 Levels above 1 will generate considerable 
 amounts of log data, and should only be used when 
 investigating a problem. Levels above 3 are designed for 
 use only by developers and generate HUGE amounts of log
 data, most of which is extremely cryptic.
 Note that specifying this parameter here will 
 override the log
 level file.
 .TP
-\fB-l <log directory>\fR
+-D
-If specified,
+If specified, this parameter causes the server to operate as a daemon\&. That is, it detaches itself and runs in the background, fielding requests on the appropriate port\&. Operating the server as a daemon is the recommended way of running \fBsmbd\fR for servers that provide more than casual use file and print services\&. This switch is assumed if \fBsmbd \fR is executed on the command line of a shell\&.
-\fIlog directory\fR 
+
 specifies a log directory into which the "log.smbd" log
 file will be created for informational and debug 
 messages from the running server. The log 
 file generated is never removed by the server although 
 its size may be controlled by the max log size
 option in the \fI  smb.conf(5)\fR file. \fBBeware:\fR
 If the directory specified does not exist, \fBsmbd\fR
 will log to the default debug log location defined at compile time.
 The default log directory is specified at
 compile time.
 .TP
-\fB-O <socket options>\fR
+-F
-See the socket options 
+If specified, this parameter causes the main \fBsmbd\fR process to not daemonize, i\&.e\&. double-fork and disassociate with the terminal\&. Child processes are still created as normal to service each connection request, but the main process does not exit\&. This operation mode is suitable for running \fBsmbd\fR under process supervisors such as \fBsupervise\fR and \fBsvscan\fR from Daniel J\&. Bernstein's \fBdaemontools\fR package, or the AIX process monitor\&.
-parameter in the \fIsmb.conf(5)
+
-\fR file for details.
+
 .TP
-\fB-p <port number>\fR
+-S
-\fIport number\fR is a positive integer 
+If specified, this parameter causes \fBsmbd\fR to log to standard output rather than a file\&.
 value.  The default value if this parameter is not 
 specified is 139.
 This number is the port number that will be 
 used when making connections to the server from client 
 software. The standard (well-known) port number for the 
 SMB over TCP is 139, hence the default. If you wish to 
 run the server as an ordinary user rather than
 as root, most systems will require you to use a port 
 number greater than 1024 - ask your system administrator 
 for help if you are in this situation.
 In order for the server to be useful by most 
 clients, should you configure it on a port other 
 than 139, you will require port redirection services 
 on port 139, details of which are outlined in rfc1002.txt 
 section 4.3.5.
 This parameter is not normally specified except 
 in the above situation.
 .TP
-\fB-s <configuration file>\fR
+-i
-The file specified contains the 
+If this parameter is specified it causes the server to run "interactively", not as a daemon, even if the server is executed on the command line of a shell\&. Setting this parameter negates the implicit deamon mode when run from the command line\&. \fBsmbd\fR also logs to standard output, as if the \fB-S\fR parameter had been given\&.
-configuration details required by the server.  The 
+
-information in this file includes server-specific
+
-information such as what printcap file to use, as well 
+.TP
-as descriptions of all the services that the server is 
+-V
-to provide. See \fI  smb.conf(5)\fR for more information.
+Prints the version number for \fBsmbd\fR\&.
-The default configuration file name is determined at 
+
-compile time.
+
 .TP
 -s <configuration file>
 The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
 .TP
 -d|--debug=debuglevel
 \fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
 The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
 Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
 .TP
 -l|--logfile=logbasename
 File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
 .TP
 -h|--help
 Print a summary of command line options\&.
 .TP
 -b
 Prints information about how Samba was built\&.
 .TP
 -l <log directory>
 If specified, \fIlog directory\fR specifies a log directory into which the "log\&.smbd" log file will be created for informational and debug messages from the running server\&. The log file generated is never removed by the server although its size may be controlled by the \fImax log size\fR option in the \fBsmb.conf\fR(5) file\&. \fBBeware:\fR If the directory specified does not exist, \fBsmbd\fR will log to the default debug log location defined at compile time\&.
 The default log directory is specified at compile time\&.
 .TP
 -p <port number>
 \fIport number\fR is a positive integer value\&. The default value if this parameter is not specified is 139\&.
 This number is the port number that will be used when making connections to the server from client software\&. The standard (well-known) port number for the SMB over TCP is 139, hence the default\&. If you wish to run the server as an ordinary user rather than as root, most systems will require you to use a port number greater than 1024 - ask your system administrator for help if you are in this situation\&.
 In order for the server to be useful by most clients, should you configure it on a port other than 139, you will require port redirection services on port 139, details of which are outlined in rfc1002\&.txt section 4\&.3\&.5\&.
 This parameter is not normally specified except in the above situation\&.
 .SH "FILES"
 .TP
 \fB\fI/etc/inetd.conf\fB\fR
 If the server is to be run by the 
 \fBinetd\fR meta-daemon, this file 
 must contain suitable startup information for the 
 meta-daemon. See the UNIX_INSTALL.html
 document for details.
 .TP
 \fB\fI/etc/rc\fB\fR
 or whatever initialization script your 
 system uses).
 If running the server as a daemon at startup, 
 this file will need to contain an appropriate startup 
 sequence for the server. See the UNIX_INSTALL.html
 document for details.
 .TP
-\fB\fI/etc/services\fB\fR
+\fI/etc/inetd\&.conf\fR
-If running the server via the 
+If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the meta-daemon\&. See the "How to Install and Test SAMBA" document for details\&.
-meta-daemon \fBinetd\fR, this file 
+
-must contain a mapping of service name (e.g., netbios-ssn) 
+
-to service port (e.g., 139) and protocol type (e.g., tcp). 
+.TP
-See the UNIX_INSTALL.html
+\fI/etc/rc\fR
-document for details.
+or whatever initialization script your system uses)\&.
-.TP
+
-\fB\fI/usr/local/samba/lib/smb.conf\fB\fR
+
-This is the default location of the 
+If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server\&. See the "How to Install and Test SAMBA" document for details\&.
-\fIsmb.conf\fR
+
-server configuration file. Other common places that systems 
+
-install this file are \fI/usr/samba/lib/smb.conf\fR 
+.TP
-and \fI/etc/smb.conf\fR.
+\fI/etc/services\fR
 If running the server via the meta-daemon \fBinetd\fR, this file must contain a mapping of service name (e\&.g\&., netbios-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&. See the "How to Install and Test SAMBA" document for details\&.
 .TP
 \fI/usr/local/samba/lib/smb\&.conf\fR
 This is the default location of the \fBsmb.conf\fR(5) server configuration file\&. Other common places that systems install this file are \fI/usr/samba/lib/smb\&.conf\fR and \fI/etc/samba/smb\&.conf\fR\&.
 This file describes all the services the server is to make available to clients\&. See \fBsmb.conf\fR(5) for more information\&.
 This file describes all the services the server 
 is to make available to clients. See   \fIsmb.conf(5)\fR for more information.
 .SH "LIMITATIONS"
 .PP
-On some systems \fBsmbd\fR cannot change uid back 
+On some systems \fBsmbd\fR cannot change uid back to root after a setuid() call\&. Such systems are called trapdoor uid systems\&. If you have such a system, you will be unable to connect from a client (such as a PC) as two different users at once\&. Attempts to connect the second user will result in access denied or similar\&.
-to root after a setuid() call.  Such systems are called 
+
 trapdoor uid systems. If you have such a system, 
 you will be unable to connect from a client (such as a PC) as 
 two different users at once. Attempts to connect the
 second user will result in access denied or 
 similar.
 .SH "ENVIRONMENT VARIABLES"
 .TP
 \fBPRINTER\fR
-If no printer name is specified to 
+If no printer name is specified to printable services, most systems will use the value of this variable (or \fBlp\fR if this variable is not defined) as the name of the printer to use\&. This is not specific to the server, however\&.
-printable services, most systems will use the value of 
+
-this variable (or lp if this variable is 
+
 not defined) as the name of the printer to use. This 
 is not specific to the server, however.
 .SH "PAM INTERACTION"
 .PP
-Samba uses PAM for authentication (when presented with a plaintext 
+Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management\&. The degree too which samba supports PAM is restricted by the limitations of the SMB protocol and the \fIobey pam restricions\fR  \fBsmb.conf\fR(5) paramater\&. When this is set, the following restrictions apply:
-password), for account checking (is this account disabled?) and for
+
-session management.  The degree too which samba supports PAM is restricted
+.TP 3
 by the limitations of the SMB protocol and the 
 obey pam restricions
 smb.conf paramater.  When this is set, the following restrictions apply:
 .TP 0.2i
 \(bu
-\fBAccount Validation\fR:  All accesses to a 
+\fBAccount Validation\fR: All accesses to a samba server are checked against PAM to see if the account is vaild, not disabled and is permitted to login at this time\&. This also applies to encrypted logins\&.
-samba server are checked 
+
-against PAM to see if the account is vaild, not disabled and is permitted to 
+.TP
 login at this time.  This also applies to encrypted logins.
 .TP 0.2i
 \(bu
-\fBSession Management\fR:  When not using share 
+\fBSession Management\fR: When not using share level secuirty, users must pass PAM's session checks before access is granted\&. Note however, that this is bypassed in share level secuirty\&. Note also that some older pam configuration files may need a line added for session support\&.
-level secuirty, users must pass PAM's session checks before access 
+
-is granted.  Note however, that this is bypassed in share level secuirty.  
+.LP
-Note also that some older pam configuration files may need a line 
+
 added for session support. 
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "DIAGNOSTICS"
 .PP
-Most diagnostics issued by the server are logged 
+Most diagnostics issued by the server are logged in a specified log file\&. The log file name is specified at compile time, but may be overridden on the command line\&.
-in a specified log file. The log file name is specified 
+
 at compile time, but may be overridden on the command line.
 .PP
-The number and nature of diagnostics available depends 
+The number and nature of diagnostics available depends on the debug level used by the server\&. If you have problems, set the debug level to 3 and peruse the log files\&.
-on the debug level used by the server. If you have problems, set 
+
 the debug level to 3 and peruse the log files.
 .PP
-Most messages are reasonably self-explanatory. Unfortunately, 
+Most messages are reasonably self-explanatory\&. Unfortunately, at the time this man page was created, there are too many diagnostics available in the source code to warrant describing each and every diagnostic\&. At this stage your best bet is still to grep the source code and inspect the conditions that gave rise to the diagnostics you are seeing\&.
-at the time this man page was created, there are too many diagnostics 
+
 available in the source code to warrant describing each and every 
 diagnostic. At this stage your best bet is still to grep the 
 source code and inspect the conditions that gave rise to the 
 diagnostics you are seeing.
 .SH "SIGNALS"
 .PP
-Sending the \fBsmbd\fR a SIGHUP will cause it to 
+Sending the \fBsmbd\fR a SIGHUP will cause it to reload its \fIsmb\&.conf\fR configuration file within a short period of time\&.
-reload its \fIsmb.conf\fR configuration 
+
 file within a short period of time.
 .PP
-To shut down a user's \fBsmbd\fR process it is recommended 
+To shut down a user's \fBsmbd\fR process it is recommended that \fBSIGKILL (-9)\fR  \fBNOT\fR be used, except as a last resort, as this may leave the shared memory area in an inconsistent state\&. The safe way to terminate an \fBsmbd\fR is to send it a SIGTERM (-15) signal and wait for it to die on its own\&.
-that \fBSIGKILL (-9)\fR \fBNOT\fR 
+
 be used, except as a last resort, as this may leave the shared
 memory area in an inconsistent state. The safe way to terminate 
 an \fBsmbd\fR is to send it a SIGTERM (-15) signal and wait for 
 it to die on its own.
 .PP
-The debug log level of \fBsmbd\fR may be raised
+The debug log level of \fBsmbd\fR may be raised or lowered using \fBsmbcontrol\fR(1) program (SIGUSR[1|2] signals are no longer used since Samba 2\&.2)\&. This is to allow transient problems to be diagnosed, whilst still running at a normally low log level\&.
-or lowered using \fBsmbcontrol(1)
+
 \fR program (SIGUSR[1|2] signals are no longer used in
 Samba 2.2). This is to allow transient problems to be diagnosed, 
 whilst still running at a normally low log level.
 .PP
-Note that as the signal handlers send a debug write, 
+Note that as the signal handlers send a debug write, they are not re-entrant in \fBsmbd\fR\&. This you should wait until\fBsmbd\fR is in a state of waiting for an incoming SMB before issuing them\&. It is possible to make the signal handlers safe by un-blocking the signals before the select call and re-blocking them after, however this would affect performance\&.
-they are not re-entrant in \fBsmbd\fR. This you should wait until 
+
 \fBsmbd\fR is in a state of waiting for an incoming SMB before 
 issuing them. It is possible to make the signal handlers safe 
 by un-blocking the signals before the select call and re-blocking 
 them after, however this would affect performance.
 .SH "SEE ALSO"
 .PP
-hosts_access(5), \fBinetd(8)\fR, 
+\fBhosts_access\fR(5), \fBinetd\fR(8), \fBnmbd\fR(8), \fBsmb.conf\fR(5), \fBsmbclient\fR(1), \fBtestparm\fR(1), \fBtestprns\fR(1), and the Internet RFC's\fIrfc1001\&.txt\fR, \fIrfc1002\&.txt\fR\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page http://samba\&.org/cifs/\&.
-\fBnmbd(8)\fR 
+
 \fIsmb.conf(5)\fR
 \fBsmbclient(1)
 \fR and the Internet RFC's
 \fIrfc1001.txt\fR, \fIrfc1002.txt\fR. 
 In addition the CIFS (formerly SMB) specification is available 
 as a link from the Web page  
 http://samba.org/cifs/ <URL:http://samba.org/cifs/>.
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/smbmnt.8
+++ b/docs/manpages/smbmnt.8
@ -1,64 +1,91 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "SMBMNT" "8" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "SMBMNT" 8 "" "" ""
 .SH NAME
 smbmnt \- helper utility for mounting SMB filesystems
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBsmbmnt\fR \fBmount-point\fR [ \fB-s <share>\fR ] [ \fB-r\fR ] [ \fB-u <uid>\fR ] [ \fB-g <gid>\fR ] [ \fB-f <mask>\fR ] [ \fB-d <mask>\fR ] [ \fB-o <options>\fR ]
+.nf
 \fBsmbmnt\fR {mount-point} [-s <share>] [-r] [-u <uid>] [-g <gid>] [-f <mask>] [-d <mask>] [-o <options>] [-h]
 .fi
 .SH "DESCRIPTION"
 .PP
-\fBsmbmnt\fR is a helper application used 
+\fBsmbmnt\fR is a helper application used by the smbmount program to do the actual mounting of SMB shares\&.\fBsmbmnt\fR can be installed setuid root if you want normal users to be able to mount their SMB shares\&.
-by the smbmount program to do the actual mounting of SMB shares. 
+
 \fBsmbmnt\fR can be installed setuid root if you want
 normal users to be able to mount their SMB shares.
 .PP
-A setuid smbmnt will only allow mounts on directories owned
+A setuid smbmnt will only allow mounts on directories owned by the user, and that the user has write permission on\&.
-by the user, and that the user has write permission on.
+
 .PP
-The \fBsmbmnt\fR program is normally invoked 
+The \fBsmbmnt\fR program is normally invoked by \fBsmbmount\fR(8)\&. It should not be invoked directly by users\&.
-by \fBsmbmount(8)\fR
+
 It should not be invoked directly by users. 
 .PP
-smbmount searches the normal PATH for smbmnt. You must ensure
+smbmount searches the normal PATH for smbmnt\&. You must ensure that the smbmnt version in your path matches the smbmount used\&.
-that the smbmnt version in your path matches the smbmount used.
+
 .SH "OPTIONS"
 .TP
-\fB-r\fR
+-r
 mount the filesystem read-only
 .TP
-\fB-u uid\fR
+-u uid
-specify the uid that the files will 
+specify the uid that the files will be owned by
-be owned by 
+
 .TP
-\fB-g gid\fR
+-g gid
-specify the gid that the files will be 
+specify the gid that the files will be owned by
-owned by 
+
 .TP
-\fB-f mask\fR
+-f mask
 specify the octal file mask applied
 .TP
-\fB-d mask\fR
+-d mask
-specify the octal directory mask 
+specify the octal directory mask applied
-applied  
+
 .TP
-\fB-o options\fR
+-o options
-list of options that are passed as-is to smbfs, if this
+list of options that are passed as-is to smbfs, if this command is run on a 2\&.4 or higher Linux kernel\&.
-command is run on a 2.4 or higher Linux kernel.
+
 .TP
 -h|--help
 Print a summary of command line options\&.
 .SH "AUTHOR"
 .PP
-Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
+Volker Lendecke, Andrew Tridgell, Michael H\&. Warfield and others\&.
-and others.
+
 .PP
-The current maintainer of smbfs and the userspace
+The current maintainer of smbfs and the userspace tools \fBsmbmount\fR, \fBsmbumount\fR, and \fBsmbmnt\fR is Urban Widmark\&. The SAMBA Mailing list is the preferred place to ask questions regarding these programs\&.
-tools \fBsmbmount\fR, \fBsmbumount\fR,
+
 and \fBsmbmnt\fR is Urban Widmark <URL:mailto:urban@teststation.com>.
 The SAMBA Mailing list <URL:mailto:samba@samba.org>
 is the preferred place to ask questions regarding these programs.
 .PP
-The conversion of this manpage for Samba 2.2 was performed 
+The conversion of this manpage for Samba 2\&.2 was performed by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-by Gerald Carter
+
--- a/docs/manpages/smbmount.8
+++ b/docs/manpages/smbmount.8
@ -1,215 +1,219 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "SMBMOUNT" "8" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "SMBMOUNT" 8 "" "" ""
 .SH NAME
 smbmount \- mount an smbfs filesystem
-.SH SYNOPSIS
+.SH "SYNOPSIS"
 \fBsmbmount\fR \fBservice\fR \fBmount-point\fR [ \fB-o options\fR ]
 .SH "DESCRIPTION"
 .PP
 \fBsmbmount\fR mounts a Linux SMB filesystem. It 
 is usually invoked as \fBmount.smbfs\fR by
 the \fBmount(8)\fR command when using the 
 "-t smbfs" option. This command only works in Linux, and the kernel must
 support the smbfs filesystem. 
 .PP
 Options to \fBsmbmount\fR are specified as a comma-separated
 list of key=value pairs. It is possible to send options other
 than those listed here, assuming that smbfs supports them. If
 you get mount failures, check your kernel log for errors on
 unknown options.
 .PP
 \fBsmbmount\fR is a daemon. After mounting it keeps running until
 the mounted smbfs is umounted. It will log things that happen
 when in daemon mode using the "machine name" smbmount, so
 typically this output will end up in \fIlog.smbmount\fR. The
 \fBsmbmount\fR process may also be called mount.smbfs.
 .PP
 \fBNOTE:\fR \fBsmbmount\fR 
 calls \fBsmbmnt(8)\fR to do the actual mount. You 
 must make sure that \fBsmbmnt\fR is in the path so 
 that it can be found. 
 .SH "OPTIONS"
 .TP
 \fBusername=<arg>\fR
 specifies the username to connect as. If
 this is not given, then the environment variable \fB  USER\fR is used. This option can also take the
 form "user%password" or "user/workgroup" or
 "user/workgroup%password" to allow the password and workgroup
 to be specified as part of the username.
 .TP
 \fBpassword=<arg>\fR
 specifies the SMB password. If this
 option is not given then the environment variable
 \fBPASSWD\fR is used. If it can find
 no password \fBsmbmount\fR will prompt
 for a passeword, unless the guest option is
 given. 
 Note that passwords which contain the argument delimiter
 character (i.e. a comma ',') will failed to be parsed correctly
 on the command line.  However, the same password defined
 in the PASSWD environment variable or a credentials file (see
 below) will be read correctly.
 .TP
 \fBcredentials=<filename>\fR
 specifies a file that contains a username
 and/or password. The format of the file is:
 .nf
-		username = <value>
+\fBsmbmount\fR {service} {mount-point} [-o options]
 		password = <value>
 .fi
-This is preferred over having passwords in plaintext in a
+.SH "DESCRIPTION"
-shared file, such as \fI/etc/fstab\fR. Be sure to protect any
+
-credentials file properly.
+.PP
 \fBsmbmount\fR mounts a Linux SMB filesystem\&. It is usually invoked as \fBmount.smbfs\fR by the \fBmount\fR(8) command when using the "-t smbfs" option\&. This command only works in Linux, and the kernel must support the smbfs filesystem\&.
 .PP
 Options to \fBsmbmount\fR are specified as a comma-separated list of key=value pairs\&. It is possible to send options other than those listed here, assuming that smbfs supports them\&. If you get mount failures, check your kernel log for errors on unknown options\&.
 .PP
 \fBsmbmount\fR is a daemon\&. After mounting it keeps running until the mounted smbfs is umounted\&. It will log things that happen when in daemon mode using the "machine name" smbmount, so typically this output will end up in \fIlog\&.smbmount\fR\&. The \fB smbmount\fR process may also be called mount\&.smbfs\&.
 .RS
 .Sh "Note"
 .PP
 \fBsmbmount\fR calls \fBsmbmnt\fR(8) to do the actual mount\&. You must make sure that \fBsmbmnt\fR is in the path so that it can be found\&.
 .RE
 .SH "OPTIONS"
 .TP
-\fBnetbiosname=<arg>\fR
+username=<arg>
-sets the source NetBIOS name. It defaults 
+specifies the username to connect as\&. If this is not given, then the environment variable \fB USER\fR is used\&. This option can also take the form "user%password" or "user/workgroup" or "user/workgroup%password" to allow the password and workgroup to be specified as part of the username\&.
-to the local hostname. 
+
 .TP
-\fBuid=<arg>\fR
+password=<arg>
-sets the uid that will own all files on
+specifies the SMB password\&. If this option is not given then the environment variable \fBPASSWD\fR is used\&. If it can find no password \fBsmbmount\fR will prompt for a passeword, unless the guest option is given\&.
-the mounted filesystem.
+
-It may be specified as either a username or a numeric uid.
+
 Note that passwords which contain the argument delimiter character (i\&.e\&. a comma ',') will failed to be parsed correctly on the command line\&. However, the same password defined in the PASSWD environment variable or a credentials file (see below) will be read correctly\&.
 .TP
-\fBgid=<arg>\fR
+credentials=<filename>
-sets the gid that will own all files on
+specifies a file that contains a username and/or password\&. 
-the mounted filesystem.
+The format of the file is:
-It may be specified as either a groupname or a numeric 
+.nf
-gid. 
+
 username = <value>
 password = <value>
 .fi
 This is preferred over having passwords in plaintext in a shared file, such as \fI/etc/fstab\fR\&. Be sure to protect any credentials file properly\&.
 .TP
-\fBport=<arg>\fR
+krb
-sets the remote SMB port number. The default 
+Use kerberos (Active Directory)\&.
-is 139. 
+
 .TP
-\fBfmask=<arg>\fR
+netbiosname=<arg>
-sets the file mask. This determines the 
+sets the source NetBIOS name\&. It defaults to the local hostname\&.
-permissions that remote files have in the local filesystem. 
+
-The default is based on the current umask. 
+
 .TP
-\fBdmask=<arg>\fR
+uid=<arg>
-sets the directory mask. This determines the 
+sets the uid that will own all files on the mounted filesystem\&. It may be specified as either a username or a numeric uid\&.
-permissions that remote directories have in the local filesystem. 
+
-The default is based on the current umask. 
+
 .TP
-\fBdebug=<arg>\fR
+gid=<arg>
-sets the debug level. This is useful for 
+sets the gid that will own all files on the mounted filesystem\&. It may be specified as either a groupname or a numeric gid\&.
-tracking down SMB connection problems. A suggested value to
+
-start with is 4. If set too high there will be a lot of
+
 output, possibly hiding the useful output.
 .TP
-\fBip=<arg>\fR
+port=<arg>
-sets the destination host or IP address.
+sets the remote SMB port number\&. The default is 139\&.
 .TP
-\fBworkgroup=<arg>\fR
+fmask=<arg>
-sets the workgroup on the destination 
+sets the file mask\&. This determines the permissions that remote files have in the local filesystem\&. This is not a umask, but the actual permissions for the files\&. The default is based on the current umask\&.
 .TP
-\fBsockopt=<arg>\fR
+dmask=<arg>
-sets the TCP socket options. See the \fIsmb.conf
+Sets the directory mask\&. This determines the permissions that remote directories have in the local filesystem\&. This is not a umask, but the actual permissions for the directories\&. The default is based on the current umask\&.
-\fR \fIsocket options\fR option.
+
 .TP
-\fBscope=<arg>\fR
+debug=<arg>
-sets the NetBIOS scope 
+Sets the debug level\&. This is useful for tracking down SMB connection problems\&. A suggested value to start with is 4\&. If set too high there will be a lot of output, possibly hiding the useful output\&.
 .TP
-\fBguest\fR
+ip=<arg>
-don't prompt for a password 
+Sets the destination host or IP address\&.
 .TP
-\fBro\fR
+workgroup=<arg>
 Sets the workgroup on the destination
 .TP
 sockopt=<arg>
 Sets the TCP socket options\&. See the \fBsmb.conf\fR(5) \fIsocket options\fR option\&.
 .TP
 scope=<arg>
 Sets the NetBIOS scope
 .TP
 guest
 Don't prompt for a password
 .TP
 ro
 mount read-only
 .TP
-\fBrw\fR
+rw
 mount read-write
 .TP
-\fBiocharset=<arg>\fR
+iocharset=<arg>
-sets the charset used by the Linux side for codepage
+sets the charset used by the Linux side for codepage to charset translations (NLS)\&. Argument should be the name of a charset, like iso8859-1\&. (Note: only kernel 2\&.4\&.0 or later)
-to charset translations (NLS). Argument should be the
+
-name of a charset, like iso8859-1. (Note: only kernel
+
 2.4.0 or later)
 .TP
-\fBcodepage=<arg>\fR
+codepage=<arg>
-sets the codepage the server uses. See the iocharset
+sets the codepage the server uses\&. See the iocharset option\&. Example value cp850\&. (Note: only kernel 2\&.4\&.0 or later)
-option. Example value cp850. (Note: only kernel 2.4.0
+
-or later)
+
 .TP
-\fBttl=<arg>\fR
+ttl=<arg>
-sets how long a directory listing is cached in milliseconds
+sets how long a directory listing is cached in milliseconds (also affects visibility of file size and date changes)\&. A higher value means that changes on the server take longer to be noticed but it can give better performance on large directories, especially over long distances\&. Default is 1000ms but something like 10000ms (10 seconds) is probably more reasonable in many cases\&. (Note: only kernel 2\&.4\&.2 or later)
-(also affects visibility of file size and date
+
-changes). A higher value means that changes on the
+
 server take longer to be noticed but it can give
 better performance on large directories, especially
 over long distances. Default is 1000ms but something
 like 10000ms (10 seconds) is probably more reasonable
 in many cases.
 (Note: only kernel 2.4.2 or later)
 .SH "ENVIRONMENT VARIABLES"
 .PP
-The variable \fBUSER\fR may contain the username of the
+The variable \fBUSER\fR may contain the username of the person using the client\&. This information is used only if the protocol level is high enough to support session-level passwords\&. The variable can be used to set both username and password by using the format username%password\&.
-person using the client.  This information is used only if the
+
 protocol level is high enough to support session-level
 passwords. The variable can be used to set both username and
 password by using the format username%password.
 .PP
-The variable \fBPASSWD\fR may contain the password of the
+The variable \fBPASSWD\fR may contain the password of the person using the client\&. This information is used only if the protocol level is high enough to support session-level passwords\&.
-person using the client.  This information is used only if the
+
 protocol level is high enough to support session-level
 passwords.
 .PP
-The variable \fBPASSWD_FILE\fR may contain the pathname
+The variable \fBPASSWD_FILE\fR may contain the pathname of a file to read the password from\&. A single line of input is read and used as the password\&.
-of a file to read the password from. A single line of input is
+
 read and used as the password.
 .SH "BUGS"
 .PP
-Passwords and other options containing , can not be handled.
+Passwords and other options containing , can not be handled\&. For passwords an alternative way of passing them is in a credentials file or in the PASSWD environment\&.
-For passwords an alternative way of passing them is in a credentials
+
 file or in the PASSWD environment.
 .PP
-The credentials file does not handle usernames or passwords with
+The credentials file does not handle usernames or passwords with leading space\&.
-leading space.
+
 .PP
-One smbfs bug is important enough to mention here, even if it
+One smbfs bug is important enough to mention here, even if it is a bit misplaced:
-is a bit misplaced:
+
-.TP 0.2i
+.TP 3
 \(bu
-Mounts sometimes stop working. This is usually
+Mounts sometimes stop working\&. This is usually caused by smbmount terminating\&. Since smbfs needs smbmount to reconnect when the server disconnects, the mount will eventually go dead\&. An umount/mount normally fixes this\&. At least 2 ways to trigger this bug are known\&.
-caused by smbmount terminating. Since smbfs needs smbmount to
+
-reconnect when the server disconnects, the mount will eventually go
+.LP
-dead. An umount/mount normally fixes this. At least 2 ways to
+
 trigger this bug are known.
 .PP
-Note that the typical response to a bug report is suggestion
+Note that the typical response to a bug report is suggestion to try the latest version first\&. So please try doing that first, and always include which versions you use of relevant software when reporting bugs (minimum: samba, kernel, distribution)
-to try the latest version first. So please try doing that first,
+
 and always include which versions you use of relevant software
 when reporting bugs (minimum: samba, kernel, distribution)
 .SH "SEE ALSO"
 .PP
-Documentation/filesystems/smbfs.txt in the linux kernel
+Documentation/filesystems/smbfs\&.txt in the linux kernel source tree may contain additional options and information\&.
-source tree may contain additional options and information.
+
 .PP
 FreeBSD also has a smbfs, but it is not related to smbmount
 .PP
-For Solaris, HP-UX and others you may want to look at
+For Solaris, HP-UX and others you may want to look at \fBsmbsh\fR(1) or at other solutions, such as Sharity or perhaps replacing the SMB server with a NFS server\&.
-\fBsmbsh(1)\fR or at other
+
 solutions, such as sharity or perhaps replacing the SMB server with
 a NFS server.
 .SH "AUTHOR"
 .PP
-Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
+Volker Lendecke, Andrew Tridgell, Michael H\&. Warfield and others\&.
-and others.
+
 .PP
-The current maintainer of smbfs and the userspace
+The current maintainer of smbfs and the userspace tools \fBsmbmount\fR, \fBsmbumount\fR, and \fBsmbmnt\fR is Urban Widmark\&. The SAMBA Mailing list is the preferred place to ask questions regarding these programs\&.
-tools \fBsmbmount\fR, \fBsmbumount\fR,
+
 and \fBsmbmnt\fR is Urban Widmark <URL:mailto:urban@teststation.com>.
 The SAMBA Mailing list <URL:mailto:samba@samba.org>
 is the preferred place to ask questions regarding these programs.
 .PP
-The conversion of this manpage for Samba 2.2 was performed 
+The conversion of this manpage for Samba 2\&.2 was performed by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-by Gerald Carter
+
--- a/docs/manpages/smbpasswd.5
+++ b/docs/manpages/smbpasswd.5
@ -1,157 +1,111 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "SMBPASSWD" "5" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "SMBPASSWD" 5 "" "" ""
 .SH NAME
 smbpasswd \- The Samba encrypted password file
-.SH SYNOPSIS
+.SH "SYNOPSIS"
 .PP
 \fIsmbpasswd\fR
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-smbpasswd is the Samba encrypted password file. It contains 
+smbpasswd is the Samba encrypted password file\&. It contains the username, Unix user id and the SMB hashed passwords of the user, as well as account flag information and the time the password was last changed\&. This file format has been evolving with Samba and has had several different formats in the past\&.
-the username, Unix user id and the SMB hashed passwords of the 
+
 user, as well as account flag information and the time the 
 password was last changed. This file format has been evolving with 
 Samba and has had several different formats in the past. 
 .SH "FILE FORMAT"
 .PP
-The format of the smbpasswd file used by Samba 2.2 
+The format of the smbpasswd file used by Samba 2\&.2 is very similar to the familiar Unix \fIpasswd(5)\fR file\&. It is an ASCII file containing one line for each user\&. Each field ithin each line is separated from the next by a colon\&. Any entry beginning with '#' is ignored\&. The smbpasswd file contains the following information for each user:
 is very similar to the familiar Unix \fIpasswd(5)\fR 
 file. It is an ASCII file containing one line for each user. Each field 
 ithin each line is separated from the next by a colon. Any entry 
 beginning with '#' is ignored. The smbpasswd file contains the 
 following information for each user: 
 .TP
 \fBname\fR
 This is the user name. It must be a name that 
 already exists in the standard UNIX passwd file. 
 .TP
 \fBuid\fR
 This is the UNIX uid. It must match the uid
 field for the same user entry in the standard UNIX passwd file. 
 If this does not match then Samba will refuse to recognize 
 this smbpasswd file entry as being valid for a user. 
 .TP
 \fBLanman Password Hash\fR
 This is the LANMAN hash of the user's password, 
 encoded as 32 hex digits.  The LANMAN hash is created by DES 
 encrypting a well known string with the user's password as the 
 DES key. This is the same password used by Windows 95/98 machines. 
 Note that this password hash is regarded as weak as it is
 vulnerable to dictionary attacks and if two users choose the 
 same password this entry will be identical (i.e. the password 
 is not "salted" as the UNIX password is). If the user has a 
 null password this field will contain the characters "NO PASSWORD" 
 as the start of the hex string. If the hex string is equal to 
 32 'X' characters then the user's account is marked as 
 disabled and the user will not be able to 
 log onto the Samba server. 
 \fBWARNING !!\fR Note that, due to 
 the challenge-response nature of the SMB/CIFS authentication
 protocol, anyone with a knowledge of this password hash will 
 be able to impersonate the user on the network. For this
 reason these hashes are known as \fBplain text 
 equivalents\fR and must \fBNOT\fR be made 
 available to anyone but the root user. To protect these passwords 
 the smbpasswd file is placed in a directory with read and 
 traverse access only to the root user and the smbpasswd file 
 itself must be set to be read/write only by root, with no
 other access. 
 .TP
-\fBNT Password Hash\fR
+name
-This is the Windows NT hash of the user's 
+This is the user name\&. It must be a name that already exists in the standard UNIX passwd file\&.
 password, encoded as 32 hex digits.  The Windows NT hash is 
 created by taking the user's password as represented in 
 16-bit, little-endian UNICODE and then applying the MD4 
 (internet rfc1321) hashing algorithm to it. 
 This password hash is considered more secure than
 the LANMAN Password Hash as it preserves the case of the 
 password and uses a much higher quality hashing algorithm. 
 However, it is still the case that if two users choose the same 
 password this entry will be identical (i.e. the password is 
 not "salted" as the UNIX password is). 
 \fBWARNING !!\fR. Note that, due to 
 the challenge-response nature of the SMB/CIFS authentication
 protocol, anyone with a knowledge of this password hash will 
 be able to impersonate the user on the network. For this
 reason these hashes are known as \fBplain text 
 equivalents\fR and must \fBNOT\fR be made 
 available to anyone but the root user. To protect these passwords 
 the smbpasswd file is placed in a directory with read and 
 traverse access only to the root user and the smbpasswd file 
 itself must be set to be read/write only by root, with no
 other access. 
 .TP
-\fBAccount Flags\fR
+uid
-This section contains flags that describe 
+This is the UNIX uid\&. It must match the uid field for the same user entry in the standard UNIX passwd file\&. If this does not match then Samba will refuse to recognize this smbpasswd file entry as being valid for a user\&.
-the attributes of the users account. In the Samba 2.2 release 
+
 this field is bracketed by '[' and ']' characters and is always 
 13 characters in length (including the '[' and ']' characters).
 The contents of this field may be any of the characters.
 .RS
 .TP 0.2i
 \(bu
 \fBU\fR - This means 
 this is a "User" account, i.e. an ordinary user. Only User 
 and Workstation Trust accounts are currently supported 
 in the smbpasswd file. 
 .TP 0.2i
 \(bu
 \fBN\fR - This means the
 account has no password (the passwords in the fields LANMAN 
 Password Hash and NT Password Hash are ignored). Note that this 
 will only allow users to log on with no password if the \fI   null passwords\fR parameter is set in the \fIsmb.conf(5)
 \fR config file. 
 .TP 0.2i
 \(bu
 \fBD\fR - This means the account 
 is disabled and no SMB/CIFS logins  will be allowed for 
 this user. 
 .TP 0.2i
 \(bu
 \fBW\fR - This means this account 
 is a "Workstation Trust" account. This kind of account is used 
 in the Samba PDC code stream to allow Windows NT Workstations 
 and Servers to join a Domain hosted by a Samba PDC. 
 .RE
 Other flags may be added as the code is extended in future.
 The rest of this field space is filled in with spaces. 
 .TP
-\fBLast Change Time\fR
+Lanman Password Hash
-This field consists of the time the account was 
+This is the LANMAN hash of the user's password, encoded as 32 hex digits\&. The LANMAN hash is created by DES encrypting a well known string with the user's password as the DES key\&. This is the same password used by Windows 95/98 machines\&. Note that this password hash is regarded as weak as it is vulnerable to dictionary attacks and if two users choose the same password this entry will be identical (i\&.e\&. the password is not "salted" as the UNIX password is)\&. If the user has a null password this field will contain the characters "NO PASSWORD" as the start of the hex string\&. If the hex string is equal to 32 'X' characters then the user's account is marked as \fBdisabled\fR and the user will not be able to log onto the Samba server\&.
-last modified. It consists of the characters 'LCT-' (standing for 
+
-"Last Change Time") followed by a numeric encoding of the UNIX time 
+
-in seconds since the epoch (1970) that the last change was made. 
+\fBWARNING !!\fR Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network\&. For this reason these hashes are known as \fBplain text equivalents\fR and must \fBNOT\fR be made available to anyone but the root user\&. To protect these passwords the smbpasswd file is placed in a directory with read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other access\&.
 .TP
 NT Password Hash
 This is the Windows NT hash of the user's password, encoded as 32 hex digits\&. The Windows NT hash is created by taking the user's password as represented in 16-bit, little-endian UNICODE and then applying the MD4 (internet rfc1321) hashing algorithm to it\&.
 This password hash is considered more secure than the LANMAN Password Hash as it preserves the case of the password and uses a much higher quality hashing algorithm\&. However, it is still the case that if two users choose the same password this entry will be identical (i\&.e\&. the password is not "salted" as the UNIX password is)\&.
 \fBWARNING !!\fR\&. Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network\&. For this reason these hashes are known as \fBplain text equivalents\fR and must \fBNOT\fR be made available to anyone but the root user\&. To protect these passwords the smbpasswd file is placed in a directory with read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other access\&.
 .TP
 Account Flags
 This section contains flags that describe the attributes of the users account\&. In the Samba 2\&.2 release this field is bracketed by '[' and ']' characters and is always 13 characters in length (including the '[' and ']' characters)\&. The contents of this field may be any of the following characters:
 \fBU\fR - This means this is a "User" account, i\&.e\&. an ordinary user\&. Only User and Workstation Trust accounts are currently supported in the smbpasswd file\&.
 \fBN\fR - This means the account has no password (the passwords in the fields LANMAN Password Hash and NT Password Hash are ignored)\&. Note that this will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fBsmb.conf\fR(5) config file\&.
 \fBD\fR - This means the account is disabled and no SMB/CIFS logins will be allowed for this user\&.
 \fBW\fR - This means this account is a "Workstation Trust" account\&. This kind of account is used in the Samba PDC code stream to allow Windows NT Workstations and Servers to join a Domain hosted by a Samba PDC\&.
 Other flags may be added as the code is extended in future\&. The rest of this field space is filled in with spaces\&.
 .TP
 Last Change Time
 This field consists of the time the account was last modified\&. It consists of the characters 'LCT-' (standing for "Last Change Time") followed by a numeric encoding of the UNIX time in seconds since the epoch (1970) that the last change was made\&.
 .PP
-All other colon separated fields are ignored at this time.
+All other colon separated fields are ignored at this time\&.
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fBsmbpasswd(8)\fR 
+\fBsmbpasswd\fR(8), \fBSamba\fR(7), and the Internet RFC1321 for details on the MD4 algorithm\&.
-samba(7) and
+
 the Internet RFC1321 for details on the MD4 algorithm.
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/smbpasswd.8
+++ b/docs/manpages/smbpasswd.8
@ -1,293 +1,219 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "SMBPASSWD" "8" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "SMBPASSWD" 8 "" "" ""
 .SH NAME
 smbpasswd \- change a user's SMB password
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBsmbpasswd\fR [ \fB-a\fR ] [ \fB-x\fR ] [ \fB-d\fR ] [ \fB-e\fR ] [ \fB-D debuglevel\fR ] [ \fB-n\fR ] [ \fB-r <remote machine>\fR ] [ \fB-R <name resolve order>\fR ] [ \fB-m\fR ] [ \fB-U username[%password]\fR ] [ \fB-h\fR ] [ \fB-s\fR ] [ \fB-w pass\fR ] [ \fB-i\fR ] [ \fB-L\fR ] [ \fBusername\fR ]
+.nf
 \fBsmbpasswd\fR [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-U username[%password]] [-h] [-s] [-w pass] [-i] [-L] [username]
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-The smbpasswd program has several different 
+The smbpasswd program has several different functions, depending on whether it is run by the \fBroot\fR user or not\&. When run as a normal user it allows the user to change the password used for their SMB sessions on any machines that store SMB passwords\&.
-functions, depending on whether it is run by the \fBroot\fR 
+
 user or not. When run as a normal user it allows the user to change 
 the password used for their SMB sessions on any machines that store 
 SMB passwords. 
 .PP
-By default (when run with no arguments) it will attempt to 
+By default (when run with no arguments) it will attempt to change the current user's SMB password on the local machine\&. This is similar to the way the \fBpasswd(1)\fR program works\&. \fB smbpasswd\fR differs from how the passwd program works however in that it is not \fBsetuid root\fR but works in a client-server mode and communicates with a locally running \fBsmbd\fR(8)\&. As a consequence in order for this to succeed the smbd daemon must be running on the local machine\&. On a UNIX machine the encrypted SMB passwords are usually stored in the \fBsmbpasswd\fR(5) file\&.
-change the current user's SMB password on the local machine. This is 
+
 similar to the way the \fBpasswd(1)\fR program works. 
 \fBsmbpasswd\fR differs from how the passwd program works 
 however in that it is not \fBsetuid root\fR but works in 
 a client-server mode and communicates with a locally running
 \fBsmbd(8)\fR. As a consequence in order for this to 
 succeed the smbd daemon must be running on the local machine. On a 
 UNIX machine the encrypted SMB passwords are usually stored in 
 the \fIsmbpasswd(5)\fR file. 
 .PP
-When run by an ordinary user with no options, smbpasswd 
+When run by an ordinary user with no options, smbpasswd will prompt them for their old SMB password and then ask them for their new password twice, to ensure that the new password was typed correctly\&. No passwords will be echoed on the screen whilst being typed\&. If you have a blank SMB password (specified by the string "NO PASSWORD" in the smbpasswd file) then just press the <Enter> key when asked for your old password\&.
-will prompt them for their old SMB password and then ask them 
+
 for their new password twice, to ensure that the new password
 was typed correctly. No passwords will be echoed on the screen 
 whilst being typed. If you have a blank SMB password (specified by 
 the string "NO PASSWORD" in the smbpasswd file) then just press 
 the <Enter> key when asked for your old password. 
 .PP
-smbpasswd can also be used by a normal user to change their
+smbpasswd can also be used by a normal user to change their SMB password on remote machines, such as Windows NT Primary Domain Controllers\&. See the (\fI-r\fR) and \fI-U\fR options below\&.
-SMB password on remote machines, such as Windows NT Primary Domain 
+
 Controllers.   See the (-r) and -U options below. 
 .PP
-When run by root, smbpasswd allows new users to be added 
+When run by root, smbpasswd allows new users to be added and deleted in the smbpasswd file, as well as allows changes to the attributes of the user in this file to be made\&. When run by root, \fB smbpasswd\fR accesses the local smbpasswd file directly, thus enabling changes to be made even if smbd is not running\&.
-and deleted in the smbpasswd file, as well as allows changes to 
+
 the attributes of the user in this file to be made. When run by root, 
 \fBsmbpasswd\fR accesses the local smbpasswd file 
 directly, thus enabling changes to be made even if smbd is not 
 running. 
 .SH "OPTIONS"
 .TP
-\fB-a\fR
+-a
-This option specifies that the username 
+This option specifies that the username following should be added to the local smbpasswd file, with the new password typed (type <Enter> for the old password)\&. This option is ignored if the username following already exists in the smbpasswd file and it is treated like a regular change password command\&. Note that the default passdb backends require the user to already exist in the system password file (usually \fI/etc/passwd\fR), else the request to add the user will fail\&.
-following should be added to the local smbpasswd file, with the 
+
-new password typed (type <Enter> for the old password). This 
+
-option is ignored if the username following already exists in 
+This option is only available when running smbpasswd as root\&.
-the smbpasswd file and it is treated like a regular change 
+
 password command.  Note that the default passdb backends require 
 the user to already exist in the system password file (usually 
 \fI/etc/passwd\fR), else the request to add the 
 user will fail. 
 This option is only available when running smbpasswd 
 as root. 
 .TP
-\fB-x\fR
+-x
-This option specifies that the username 
+This option specifies that the username following should be deleted from the local smbpasswd file\&.
-following should be deleted from the local smbpasswd file.
+
 This option is only available when running smbpasswd as root\&.
 This option is only available when running smbpasswd as 
 root.
 .TP
-\fB-d\fR
+-d
-This option specifies that the username following 
+This option specifies that the username following should be \fBdisabled\fR in the local smbpasswd file\&. This is done by writing a \fB'D'\fR flag into the account control space in the smbpasswd file\&. Once this is done all attempts to authenticate via SMB using this username will fail\&.
-should be disabled in the local smbpasswd 
+
-file. This is done by writing a 'D' flag 
+
-into the account control space in the smbpasswd file. Once this 
+If the smbpasswd file is in the 'old' format (pre-Samba 2\&.0 format) there is no space in the user's password entry to write this information and the command will FAIL\&. See \fBsmbpasswd\fR(5) for details on the 'old' and new password file formats\&.
-is done all attempts to authenticate via SMB using this username 
+
-will fail. 
+
 This option is only available when running smbpasswd as root\&.
 If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
 format) there is no space in the user's password entry to write
 this information and the command will FAIL. See \fBsmbpasswd(5)
 \fR for details on the 'old' and new password file formats.
 This option is only available when running smbpasswd as 
 root.
 .TP
-\fB-e\fR
+-e
-This option specifies that the username following 
+This option specifies that the username following should be \fBenabled\fR in the local smbpasswd file, if the account was previously disabled\&. If the account was not disabled this option has no effect\&. Once the account is enabled then the user will be able to authenticate via SMB once again\&.
-should be enabled in the local smbpasswd file, 
+
-if the account was previously disabled. If the account was not 
+
-disabled this option has no effect. Once the account is enabled then 
+If the smbpasswd file is in the 'old' format, then \fB smbpasswd\fR will FAIL to enable the account\&. See \fBsmbpasswd\fR(5) for details on the 'old' and new password file formats\&.
-the user will be able to authenticate via SMB once again. 
+
 This option is only available when running smbpasswd as root\&.
 If the smbpasswd file is in the 'old' format, then \fB  smbpasswd\fR will FAIL to enable the account.  
 See \fBsmbpasswd (5)\fR for 
 details on the 'old' and new password file formats. 
 This option is only available when running smbpasswd as root. 
 .TP
-\fB-D debuglevel\fR
+-D debuglevel
-\fIdebuglevel\fR is an integer 
+\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
-from 0 to 10.  The default value if this parameter is not specified 
+
-is zero. 
+
 The higher this value, the more detail will be logged to the log files about the activities of smbpasswd\&. At level 0, only critical errors and serious warnings will be logged\&.
 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
 The higher this value, the more detail will be logged to the 
 log files about the activities of smbpasswd. At level 0, only 
 critical errors and serious warnings will be logged. 
 Levels above 1 will generate considerable amounts of log 
 data, and should only be used when investigating a problem. Levels 
 above 3 are designed for use only by developers and generate
 HUGE amounts of log data, most of which is extremely cryptic. 
 .TP
-\fB-n\fR
+-n
-This option specifies that the username following 
+This option specifies that the username following should have their password set to null (i\&.e\&. a blank password) in the local smbpasswd file\&. This is done by writing the string "NO PASSWORD" as the first part of the first password stored in the smbpasswd file\&.
-should have their password set to null (i.e. a blank password) in 
+
-the local smbpasswd file. This is done by writing the string "NO 
+
-PASSWORD" as the first part of the first password stored in the 
+Note that to allow users to logon to a Samba server once the password has been set to "NO PASSWORD" in the smbpasswd file the administrator must set the following parameter in the [global] section of the \fIsmb\&.conf\fR file :
 smbpasswd file. 
 Note that to allow users to logon to a Samba server once 
 the password has been set to "NO PASSWORD" in the smbpasswd
 file the administrator must set the following parameter in the [global]
 section of the \fIsmb.conf\fR file : 
 \fBnull passwords = yes\fR
 This option is only available when running smbpasswd as 
 root.
 .TP
 \fB-r remote machine name\fR
 This option allows a user to specify what machine 
 they wish to change their password on. Without this parameter 
 smbpasswd defaults to the local host. The \fIremote 
 machine name\fR is the NetBIOS name of the SMB/CIFS 
 server to contact to attempt the password change. This name is 
 resolved into an IP address using the standard name resolution 
 mechanism in all programs of the Samba suite. See the \fI-R 
 name resolve order\fR parameter for details on changing 
 this resolving mechanism. 
-The username whose password is changed is that of the 
+This option is only available when running smbpasswd as root\&.
 current UNIX logged on user. See the \fI-U username\fR
 parameter for details on changing the password for a different 
 username. 
 Note that if changing a Windows NT Domain password the 
 remote machine specified must be the Primary Domain Controller for 
 the domain (Backup Domain Controllers only have a read-only
 copy of the user account database and will not allow the password 
 change).
 \fBNote\fR that Windows 95/98 do not have 
 a real password database so it is not possible to change passwords 
 specifying a Win95/98  machine as remote machine target. 
 .TP
-\fB-R name resolve order\fR
+-r remote machine name
-This option allows the user of smbpasswd to determine
+This option allows a user to specify what machine they wish to change their password on\&. Without this parameter smbpasswd defaults to the local host\&. The \fIremote machine name\fR is the NetBIOS name of the SMB/CIFS server to contact to attempt the password change\&. This name is resolved into an IP address using the standard name resolution mechanism in all programs of the Samba suite\&. See the \fI-R name resolve order\fR parameter for details on changing this resolving mechanism\&.
 what name resolution services to use when looking up the NetBIOS
 name of the host being connected to. 
 The options are :"lmhosts", "host", "wins" and "bcast". They
 cause names to be resolved as follows : 
 .RS
 .TP 0.2i
 \(bu
 lmhosts : Lookup an IP 
 address in the Samba lmhosts file. If the line in lmhosts has 
 no name type attached to the NetBIOS name (see the lmhosts(5) for details) then
 any name type matches for lookup.
 .TP 0.2i
 \(bu
 host : Do a standard host 
 name to IP address resolution, using the system \fI/etc/hosts
 \fR, NIS, or DNS lookups. This method of name resolution 
 is operating system depended for instance on IRIX or Solaris this 
 may be controlled by the \fI/etc/nsswitch.conf\fR 
 file).  Note that this method is only used if the NetBIOS name 
 type being queried is the 0x20 (server) name type, otherwise 
 it is ignored.
 .TP 0.2i
 \(bu
 wins : Query a name with 
 the IP address listed in the \fIwins server\fR 
 parameter.  If no WINS server has been specified this method 
 will be ignored.
 .TP 0.2i
 \(bu
 bcast : Do a broadcast on 
 each of the known local interfaces listed in the
 \fIinterfaces\fR parameter. This is the least 
 reliable of the name resolution methods as it depends on the 
 target host being on a locally connected subnet.
 .RE
-The default order is \fBlmhosts, host, wins, bcast\fR 
+The username whose password is changed is that of the current UNIX logged on user\&. See the \fI-U username\fR parameter for details on changing the password for a different username\&.
-and without this parameter or any entry in the 
+
-\fIsmb.conf\fR file the name resolution methods will 
+
-be attempted in this order. 
+Note that if changing a Windows NT Domain password the remote machine specified must be the Primary Domain Controller for the domain (Backup Domain Controllers only have a read-only copy of the user account database and will not allow the password change)\&.
-.TP
+
-\fB-m\fR
+
-This option tells smbpasswd that the account 
+\fBNote\fR that Windows 95/98 do not have a real password database so it is not possible to change passwords specifying a Win95/98 machine as remote machine target\&.
 being changed is a MACHINE account. Currently this is used 
 when Samba is being used as an NT Primary Domain Controller.
 This option is only available when running smbpasswd as root.
 .TP
 \fB-U username\fR
 This option may only be used in conjunction 
 with the \fI-r\fR option. When changing
 a password on a remote machine it allows the user to specify 
 the user name on that machine whose password will be changed. It 
 is present to allow users who have different user names on 
 different systems to change these passwords. 
 .TP
 \fB-h\fR
 This option prints the help string for \fB  smbpasswd\fR, selecting the correct one for running as root 
 or as an ordinary user. 
 .TP
 \fB-s\fR
 This option causes smbpasswd to be silent (i.e. 
 not issue prompts) and to read its old and new passwords from 
 standard  input, rather than from \fI/dev/tty\fR 
 (like the \fBpasswd(1)\fR program does). This option 
 is to aid people writing scripts to drive smbpasswd
 .TP
 \fB-w password\fR
 This parameter is only available if Samba
 has been configured to use the experimental
 \fB--with-ldapsam\fR option. The \fI-w\fR 
 switch is used to specify the password to be used with the 
 \fIldap admin 
 dn\fR  Note that the password is stored in
 the \fIprivate/secrets.tdb\fR and is keyed off 
 of the admin's DN.  This means that if the value of \fIldap
 admin dn\fR ever changes, the password will need to be 
 manually updated as well.
 .TP
 \fB-i\fR
 This option tells smbpasswd that the account 
 being changed is an interdomain trust account. Currently this is used 
 when Samba is being used as an NT Primary Domain Controller. 
 The account contains the info about another trusted domain.
 This option is only available when running smbpasswd as root.
 .TP
-\fB-L\fR
+-R name resolve order
-Run in local mode.
+This option allows the user of smbpasswd to determine what name resolution services to use when looking up the NetBIOS name of the host being connected to\&.
 The options are :"lmhosts", "host", "wins" and "bcast"\&. They cause names to be resolved as follows:
 \fBlmhosts\fR: Lookup an IP address in the Samba lmhosts file\&. If the line in lmhosts has no name type attached to the NetBIOS name (see the \fBlmhosts\fR(5) for details) then any name type matches for lookup\&.
 \fBhost\fR: Do a standard host name to IP address resolution, using the system \fI/etc/hosts \fR, NIS, or DNS lookups\&. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the \fI/etc/nsswitch\&.conf\fR file)\&. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored\&.
 \fBwins\fR: Query a name with the IP address listed in the \fIwins server\fR parameter\&. If no WINS server has been specified this method will be ignored\&.
 \fBbcast\fR: Do a broadcast on each of the known local interfaces listed in the \fIinterfaces\fR parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&.
 The default order is \fBlmhosts, host, wins, bcast\fR and without this parameter or any entry in the \fBsmb.conf\fR(5) file the name resolution methods will be attempted in this order\&.
 .TP
-\fBusername\fR
+-m
-This specifies the username for all of the 
+This option tells smbpasswd that the account being changed is a MACHINE account\&. Currently this is used when Samba is being used as an NT Primary Domain Controller\&.
-\fBroot only\fR options to operate on. Only root 
+
-can specify this parameter as only root has the permission needed 
+
-to modify attributes directly in the local smbpasswd file. 
+This option is only available when running smbpasswd as root\&.
 .TP
 -U username
 This option may only be used in conjunction with the \fI-r\fR option\&. When changing a password on a remote machine it allows the user to specify the user name on that machine whose password will be changed\&. It is present to allow users who have different user names on different systems to change these passwords\&.
 .TP
 -h
 This option prints the help string for \fB smbpasswd\fR, selecting the correct one for running as root or as an ordinary user\&.
 .TP
 -s
 This option causes smbpasswd to be silent (i\&.e\&. not issue prompts) and to read its old and new passwords from standard input, rather than from \fI/dev/tty\fR (like the \fBpasswd(1)\fR program does)\&. This option is to aid people writing scripts to drive smbpasswd
 .TP
 -w password
 This parameter is only available if Samba has been configured to use the experimental \fB--with-ldapsam\fR option\&. The \fI-w\fR switch is used to specify the password to be used with the \fIldap admin dn\fR\&. Note that the password is stored in the \fIsecrets\&.tdb\fR and is keyed off of the admin's DN\&. This means that if the value of \fIldap admin dn\fR ever changes, the password will need to be manually updated as well\&.
 .TP
 -i
 This option tells smbpasswd that the account being changed is an interdomain trust account\&. Currently this is used when Samba is being used as an NT Primary Domain Controller\&. The account contains the info about another trusted domain\&.
 This option is only available when running smbpasswd as root\&.
 .TP
 -L
 Run in local mode\&.
 .TP
 username
 This specifies the username for all of the \fBroot only\fR options to operate on\&. Only root can specify this parameter as only root has the permission needed to modify attributes directly in the local smbpasswd file\&.
 .SH "NOTES"
 .PP
-Since \fBsmbpasswd\fR works in client-server 
+Since \fBsmbpasswd\fR works in client-server mode communicating with a local smbd for a non-root user then the smbd daemon must be running for this to work\&. A common problem is to add a restriction to the hosts that may access the \fB smbd\fR running on the local machine by specifying either \fIallow hosts\fR or \fIdeny hosts\fR entry in the \fBsmb.conf\fR(5) file and neglecting to allow "localhost" access to the smbd\&.
-mode communicating  with a local smbd for a non-root user then 
+
 the smbd daemon must be running for this to work. A common problem 
 is to add a restriction to the hosts that may access the \fB smbd\fR running on the local machine by specifying a 
 \fIallow hosts\fR or \fIdeny hosts\fR 
 entry in the \fIsmb.conf\fR file and neglecting to 
 allow "localhost" access to the smbd. 
 .PP
-In addition, the smbpasswd command is only useful if Samba
+In addition, the smbpasswd command is only useful if Samba has been set up to use encrypted passwords\&. See the document "LanMan and NT Password Encryption in Samba" in the docs directory for details on how to do this\&.
-has been set up to use encrypted passwords. See the file 
+
 \fIENCRYPTION.txt\fR in the docs directory for details 
 on how to do this. 
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fIsmbpasswd(5)\fR 
+\fBsmbpasswd\fR(5), \fBSamba\fR(7)\&.
-samba(7)
+
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/smbsh.1
+++ b/docs/manpages/smbsh.1
@ -1,170 +1,141 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "SMBSH" "1" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "SMBSH" 1 "" "" ""
 .SH NAME
 smbsh \- Allows access to Windows NT filesystem using UNIX commands
-.SH SYNOPSIS
+.SH "SYNOPSIS"
 \fBsmbsh\fR [ \fB-W workgroup\fR ] [ \fB-U username\fR ] [ \fB-P prefix\fR ] [ \fB-R <name resolve order>\fR ] [ \fB-d <debug level>\fR ] [ \fB-l logfile\fR ] [ \fB-L libdir\fR ]
 .SH "DESCRIPTION"
 .PP
 This tool is part of the  Samba suite.
 .PP
 \fBsmbsh\fR allows you to access an NT filesystem 
 using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR. You must use a 
 shell that is dynamically linked in order for \fBsmbsh\fR 
 to work correctly.
 .SH "OPTIONS"
 .TP
 \fB-W WORKGROUP\fR
 Override the default workgroup specified in the 
 workgroup parameter of the \fIsmb.conf\fR file 
 for this session. This may be needed to connect to some 
 servers. 
 .TP
 \fB-U username[%pass]\fR
 Sets the SMB username or username and password.
 If this option is not specified, the user will be prompted for 
 both the username and the password.  If %pass is not specified, 
 the user will be prompted for the password.
 .TP
 \fB-P prefix\fR
 This option allows
 the user to set the directory prefix for SMB access. The 
 default value if this option is not specified is 
 \fBsmb\fR.
 .TP
 \fB-R <name resolve order>\fR
 This option is used to determine what naming 
 services and in what order to resolve 
 host names to IP addresses. The option takes a space-separated 
 string of different name resolution options.
 The options are :"lmhosts", "host", "wins" and "bcast". 
 They cause names to be resolved as follows :
 .RS
 .TP 0.2i
 \(bu
 lmhosts : 
 Lookup an IP address in the Samba lmhosts file. If the 
 line in lmhosts has no name type attached to the 
 NetBIOS name 
 (see the lmhosts(5)
 for details) then any name type matches for lookup.
 .TP 0.2i
 \(bu
 host : 
 Do a standard host name to IP address resolution, using
 the system \fI/etc/hosts\fR, NIS, or DNS
 lookups. This method of name resolution is operating 
 system dependent, for instance on IRIX or Solaris this 
 may be controlled by the \fI/etc/nsswitch.conf
 \fR file).  Note that this method is only used 
 if the NetBIOS name type being queried is the 0x20 
 (server) name type, otherwise it is ignored.
 .TP 0.2i
 \(bu
 wins : 
 Query a name with the IP address listed in the 
 \fIwins server\fR parameter.  If no 
 WINS server has been specified this method will be 
 ignored.
 .TP 0.2i
 \(bu
 bcast : 
 Do a broadcast on each of the known local interfaces 
 listed in the \fIinterfaces\fR
 parameter. This is the least reliable of the name 
 resolution methods as it depends on the target host 
 being on a locally connected subnet.
 .RE
 If this parameter is not set then the name resolve order 
 defined in the \fIsmb.conf\fR file parameter  
 (name resolve order) will be used. 
 The default order is lmhosts, host, wins, bcast. Without 
 this parameter or any entry in the \fIname resolve order
 \fR parameter of the \fIsmb.conf\fR 
 file, the name resolution methods will be attempted in this 
 order. 
 .TP
 \fB-d <debug level>\fR
 debug level is an integer from 0 to 10.
 The default value if this parameter is not specified
 is zero.
 The higher this value, the more detail will be logged
 about the activities of \fBnmblookup\fR. At level
 0, only critical errors and serious warnings will be logged.
 .TP
 \fB-l logfilename\fR
 If specified causes all debug messages to be
 written to the file specified by \fIlogfilename
 \fR. If not specified then all messages will be 
 written to\fIstderr\fR.
 .TP
 \fB-L libdir\fR
 This parameter specifies the location of the 
 shared libraries used by \fBsmbsh\fR. The default
 value is specified at compile time.
 .SH "EXAMPLES"
 .PP
 To use the \fBsmbsh\fR command, execute \fB smbsh\fR from the prompt and enter the username and password 
 that authenticates you to the machine running the Windows NT 
 operating system.
 .PP
 .nf
-	system% \fBsmbsh\fR
+\fBsmbsh\fR [-W workgroup] [-U username] [-P prefix] [-R <name resolve order>] [-d <debug level>] [-l logfile] [-L libdir]
 	Username: \fBuser\fR
 	Password: \fBXXXXXXX\fR
 .fi
 .SH "DESCRIPTION"
 .PP
-Any dynamically linked command you execute from 
+This tool is part of the \fBSamba\fR(7) suite\&.
-this shell will access the \fI/smb\fR directory 
+
-using the smb protocol. For example, the command \fBls /smb
+.PP
-\fR will show a list of workgroups. The command 
+\fBsmbsh\fR allows you to access an NT filesystem using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR\&. You must use a shell that is dynamically linked in order for \fBsmbsh\fR to work correctly\&.
-\fBls /smb/MYGROUP \fR will show all the machines in 
+
-the  workgroup MYGROUP. The command 
+.SH "OPTIONS"
-\fBls /smb/MYGROUP/<machine-name>\fR will show the share 
+
-names for that machine. You could then, for example, use the \fB cd\fR command to change directories, \fBvi\fR to 
+.TP
-edit files, and \fBrcp\fR  to copy files.
+-W WORKGROUP
 Override the default workgroup specified in the workgroup parameter of the \fBsmb.conf\fR(5) file for this session\&. This may be needed to connect to some servers\&.
 .TP
 -U username[%pass]
 Sets the SMB username or username and password\&. If this option is not specified, the user will be prompted for both the username and the password\&. If %pass is not specified, the user will be prompted for the password\&.
 .TP
 -P prefix
 This option allows the user to set the directory prefix for SMB access\&. The default value if this option is not specified is \fBsmb\fR\&.
 .TP
 -s <configuration file>
 The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
 .TP
 -d|--debug=debuglevel
 \fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
 The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
 Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
 .TP
 -R <name resolve order>
 This option is used to determine what naming services and in what order to resolve host names to IP addresses\&. The option takes a space-separated string of different name resolution options\&.
 The options are: "lmhosts", "host", "wins" and "bcast"\&. They cause names to be resolved as follows :
 \fBlmhosts\fR: Lookup an IP address in the Samba lmhosts file\&. If the line in lmhosts has no name type attached to the NetBIOS name (see the \fBlmhosts\fR(5) for details) then any name type matches for lookup\&.
 \fBhost\fR: Do a standard host name to IP address resolution, using the system \fI/etc/hosts\fR, NIS, or DNS lookups\&. This method of name resolution is operating system dependent, for instance on IRIX or Solaris this may be controlled by the \fI/etc/nsswitch\&.conf \fR file)\&. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored\&.
 \fBwins\fR: Query a name with the IP address listed in the \fIwins server\fR parameter\&. If no WINS server has been specified this method will be ignored\&.
 \fBbcast\fR: Do a broadcast on each of the known local interfaces listed in the \fIinterfaces\fR parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&.
 If this parameter is not set then the name resolve order defined in the \fBsmb.conf\fR(5) file parameter (\fIname resolve order\fR) will be used\&.
 The default order is lmhosts, host, wins, bcast\&. Without this parameter or any entry in the \fIname resolve order \fR parameter of the \fBsmb.conf\fR(5) file, the name resolution methods will be attempted in this order\&.
 .TP
 -L libdir
 This parameter specifies the location of the shared libraries used by \fBsmbsh\fR\&. The default value is specified at compile time\&.
 .SH "EXAMPLES"
 .PP
 To use the \fBsmbsh\fR command, execute \fB smbsh\fR from the prompt and enter the username and password that authenticates you to the machine running the Windows NT operating system\&. 
 .nf
 system% \fBsmbsh\fR
 Username: \fBuser\fR
 Password: \fBXXXXXXX\fR
 .fi
 .PP
 Any dynamically linked command you execute from this shell will access the \fI/smb\fR directory using the smb protocol\&. For example, the command \fBls /smb \fR will show a list of workgroups\&. The command\fBls /smb/MYGROUP \fR will show all the machines in the workgroup MYGROUP\&. The command\fBls /smb/MYGROUP/<machine-name>\fR will show the share names for that machine\&. You could then, for example, use the \fB cd\fR command to change directories, \fBvi\fR to edit files, and \fBrcp\fR to copy files\&.
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "BUGS"
 .PP
-\fBsmbsh\fR works by intercepting the standard 
+\fBsmbsh\fR works by intercepting the standard libc calls with the dynamically loaded versions in \fI smbwrapper\&.o\fR\&. Not all calls have been "wrapped", so some programs may not function correctly under \fBsmbsh \fR\&.
-libc calls with the dynamically loaded versions in \fI smbwrapper.o\fR. Not all calls have been "wrapped", so 
+
 some programs may not function correctly under \fBsmbsh
 \fR.
 .PP
-Programs which are not dynamically linked cannot make 
+Programs which are not dynamically linked cannot make use of \fBsmbsh\fR's functionality\&. Most versions of UNIX have a \fBfile\fR command that will describe how a program was linked\&.
-use of \fBsmbsh\fR's functionality. Most versions 
+
 of UNIX have a \fBfile\fR command that will 
 describe how a program was linked.
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fR 
+\fBsmbd\fR(8), \fBsmb.conf\fR(5)
-smb.conf(5)
+
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/smbspool.8
+++ b/docs/manpages/smbspool.8
@ -1,101 +1,115 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "SMBSPOOL" "8" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "SMBSPOOL" 8 "" "" ""
 .SH NAME
 smbspool \- send a print file to an SMB printer
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBsmbspool\fR [ \fBjob\fR ] [ \fBuser\fR ] [ \fBtitle\fR ] [ \fBcopies\fR ] [ \fBoptions\fR ] [ \fBfilename\fR ]
+.nf
 \fBsmbspool\fR {job} {user} {title} {copies} {options} [filename]
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-smbspool is a very small print spooling program that 
+smbspool is a very small print spooling program that sends a print file to an SMB printer\&. The command-line arguments are position-dependent for compatibility with the Common UNIX Printing System, but you can use smbspool with any printing system or from a program or script\&.
-sends a print file to an SMB printer. The command-line arguments 
+
 are position-dependent for compatibility with the Common UNIX 
 Printing System, but you can use smbspool with any printing system 
 or from a program or script.
 .PP
 \fBDEVICE URI\fR
 .PP
-smbspool specifies the destination using a Uniform Resource 
+smbspool specifies the destination using a Uniform Resource Identifier ("URI") with a method of "smb"\&. This string can take a number of forms:
-Identifier ("URI") with a method of "smb". This string can take 
+
-a number of forms:
+.TP 3
 .TP 0.2i
 \(bu
 smb://server/printer
-.TP 0.2i
+
 .TP
 \(bu
 smb://workgroup/server/printer
-.TP 0.2i
+
 .TP
 \(bu
 smb://username:password@server/printer
-.TP 0.2i
+
 .TP
 \(bu
 smb://username:password@workgroup/server/printer
 .LP
 .PP
-smbspool tries to get the URI from argv[0]. If argv[0] 
+smbspool tries to get the URI from argv[0]\&. If argv[0] contains the name of the program then it looks in the \fB DEVICE_URI\fR environment variable\&.
-contains the name of the program then it looks in the \fB DEVICE_URI\fR environment variable.
+
 .PP
-Programs using the \fBexec(2)\fR functions can 
+Programs using the \fBexec(2)\fR functions can pass the URI in argv[0], while shell scripts must set the\fBDEVICE_URI\fR environment variable prior to running smbspool\&.
-pass the URI in argv[0], while shell scripts must set the 
+
 \fBDEVICE_URI\fR environment variable prior to
 running smbspool.
 .SH "OPTIONS"
-.TP 0.2i
+
 .TP 3
 \(bu
-The job argument (argv[1]) contains the 
+The job argument (argv[1]) contains the job ID number and is presently not used by smbspool\&.
-job ID number and is presently not used by smbspool.
+
-.TP 0.2i
+.TP
 \(bu
-The user argument (argv[2]) contains the 
+The user argument (argv[2]) contains the print user's name and is presently not used by smbspool\&.
-print user's name and is presently not used by smbspool.
+
-.TP 0.2i
+.TP
 \(bu
-The title argument (argv[3]) contains the 
+The title argument (argv[3]) contains the job title string and is passed as the remote file name when sending the print job\&.
-job title string and is passed as the remote file name 
+
-when sending the print job.
+.TP
 .TP 0.2i
 \(bu
-The copies argument (argv[4]) contains 
+The copies argument (argv[4]) contains the number of copies to be printed of the named file\&. If no filename is provided then this argument is not used by smbspool\&.
-the number of copies to be printed of the named file. If 
+
-no filename is provided then this argument is not used by 
+.TP
 smbspool.
 .TP 0.2i
 \(bu
-The options argument (argv[5]) contains 
+The options argument (argv[5]) contains the print options in a single string and is currently not used by smbspool\&.
-the print options in a single string and is currently 
+
-not used by smbspool.
+.TP
 .TP 0.2i
 \(bu
-The filename argument (argv[6]) contains the 
+The filename argument (argv[6]) contains the name of the file to print\&. If this argument is not specified then the print file is read from the standard input\&.
-name of the file to print. If this argument is not specified 
+
-then the print file is read from the standard input.
+.LP
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fR 
+\fBsmbd\fR(8) and \fBSamba\fR(7)\&.
-and samba(7)
+
 .SH "AUTHOR"
 .PP
-\fBsmbspool\fR was written by Michael Sweet 
+\fBsmbspool\fR was written by Michael Sweet at Easy Software Products\&.
-at Easy Software Products.
+
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/smbstatus.1
+++ b/docs/manpages/smbstatus.1
@ -1,77 +1,131 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "SMBSTATUS" "1" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "SMBSTATUS" 1 "" "" ""
 .SH NAME
 smbstatus \- report on current Samba connections
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBsmbstatus\fR [ \fB-P\fR ] [ \fB-b\fR ] [ \fB-d <debug level>\fR ] [ \fB-v\fR ] [ \fB-L\fR ] [ \fB-B\fR ] [ \fB-p\fR ] [ \fB-S\fR ] [ \fB-s <configuration file>\fR ] [ \fB-u <username>\fR ]
+.nf
 \fBsmbstatus\fR [-P] [-b] [-d <debug level>] [-v] [-L] [-B] [-p] [-S] [-s <configuration
          file>] [-u <username>]
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-\fBsmbstatus\fR is a very simple program to 
+\fBsmbstatus\fR is a very simple program to list the current Samba connections\&.
-list the current Samba connections.
+
 .SH "OPTIONS"
 .TP
-\fB-P|--profile\fR
+-P|--profile
-If samba has been compiled with the 
+If samba has been compiled with the profiling option, print only the contents of the profiling shared memory area\&.
-profiling option, print only the contents of the profiling 
+
-shared memory area.
+
 .TP
-\fB-b|--brief\fR
+-b|--brief
-gives brief output.
+gives brief output\&.
 .TP
-\fB-d|--debug=<debuglevel>\fR
+-V
-sets debugging to specified level
+Prints the version number for \fBsmbd\fR\&.
 .TP
-\fB-v|--verbose\fR
+-s <configuration file>
-gives verbose output.
+The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
 .TP
-\fB-L|--locks\fR
+-d|--debug=debuglevel
-causes smbstatus to only list locks.
+\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
 The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
 Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
 .TP
-\fB-B|--byterange\fR
+-l|--logfile=logbasename
-causes smbstatus to include byte range locks.
+File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
 .TP
-\fB-p|--processes\fR
+-v|--verbose
-print a list of   \fBsmbd(8)\fR processes and exit. 
+gives verbose output\&.
-Useful for scripting.
+
 .TP
-\fB-S|--shares\fR
+-L|--locks
-causes smbstatus to only list shares.
+causes smbstatus to only list locks\&.
 .TP
-\fB-s|--conf=<configuration file>\fR
+-B|--byterange
-The default configuration file name is
+causes smbstatus to include byte range locks\&.
-determined at compile time. The file specified contains the
+
-configuration details required by the server. See \fIsmb.conf(5)\fR
+
 for more information.
 .TP
-\fB-u|--user=<username>\fR
+-p|--processes
-selects information relevant to 
+print a list of \fBsmbd\fR(8) processes and exit\&. Useful for scripting\&.
-\fIusername\fR only.
+
 .TP
 -S|--shares
 causes smbstatus to only list shares\&.
 .TP
 -h|--help
 Print a summary of command line options\&.
 .TP
 -u|--user=<username>
 selects information relevant to \fIusername\fR only\&.
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fR and
+\fBsmbd\fR(8) and \fBsmb.conf\fR(5)\&.
-smb.conf(5)
+
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/smbtar.1
+++ b/docs/manpages/smbtar.1
@ -1,121 +1,148 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "SMBTAR" "1" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "SMBTAR" 1 "" "" ""
 .SH NAME
 smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBsmbtar\fR \fB-s server\fR [ \fB-p password\fR ] [ \fB-x services\fR ] [ \fB-X\fR ] [ \fB-d directory\fR ] [ \fB-u user\fR ] [ \fB-t tape\fR ] [ \fB-t tape\fR ] [ \fB-b blocksize\fR ] [ \fB-N filename\fR ] [ \fB-i\fR ] [ \fB-r\fR ] [ \fB-l loglevel\fR ] [ \fB-v\fR ] \fBfilenames\fR
+.nf
 \fBsmbtar\fR [-r] [-i] [-a] [-v] {-s server} [-p password] [-x services] [-X] [-N filename]
       [-b blocksize] [-d directory] [-l loglevel] [-u user] [-t tape] {filenames}
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-\fBsmbtar\fR is a very small shell script on top 
+\fBsmbtar\fR is a very small shell script on top of \fBsmbclient\fR(1) which dumps SMB shares directly to tape\&.
-of \fBsmbclient(1)\fR 
+
 which dumps SMB shares directly to tape. 
 .SH "OPTIONS"
 .TP
-\fB-s server\fR
+-s server
-The SMB/CIFS server that the share resides 
+The SMB/CIFS server that the share resides upon\&.
-upon.
+
 .TP
-\fB-x service\fR
+-x service
-The share name on the server to connect to. 
+The share name on the server to connect to\&. The default is "backup"\&.
-The default is "backup".
+
 .TP
-\fB-X\fR
+-X
-Exclude mode. Exclude filenames... from tar 
+Exclude mode\&. Exclude filenames\&.\&.\&. from tar create or restore\&.
-create or restore. 
+
 .TP
-\fB-d directory\fR
+-d directory
-Change to initial \fIdirectory
+Change to initial \fIdirectory \fR before restoring / backing up files\&.
-\fR before restoring / backing up files. 
+
 .TP
-\fB-v\fR
+-v
-Verbose mode.
+Verbose mode\&.
 .TP
-\fB-p password\fR
+-p password
-The password to use to access a share. 
+The password to use to access a share\&. Default: none
-Default: none 
+
 .TP
-\fB-u user\fR
+-u user
-The user id to connect as. Default: 
+The user id to connect as\&. Default: UNIX login name\&.
-UNIX login name. 
+
 .TP
-\fB-t tape\fR
+-a
-Tape device. May be regular file or tape 
+Reset DOS archive bit mode to indicate file has been archived\&.
-device. Default: \fI$TAPE\fR environmental 
+
-variable; if not set, a file called \fItar.out
+
 \fR. 
 .TP
-\fB-b blocksize\fR
+-t tape
-Blocking factor. Defaults to 20. See
+Tape device\&. May be regular file or tape device\&. Default: \fI$TAPE\fR environmental variable; if not set, a file called \fItar\&.out \fR\&.
-\fBtar(1)\fR for a fuller explanation. 
+
 .TP
-\fB-N filename\fR
+-b blocksize
-Backup only files newer than filename. Could 
+Blocking factor\&. Defaults to 20\&. See \fBtar(1)\fR for a fuller explanation\&.
-be used (for example) on a log file to implement incremental
+
-backups. 
+
 .TP
-\fB-i\fR
+-N filename
-Incremental mode; tar files are only backed 
+Backup only files newer than filename\&. Could be used (for example) on a log file to implement incremental backups\&.
-up if they have the archive bit set. The archive bit is reset 
+
-after each file is read. 
+
 .TP
-\fB-r\fR
+-i
-Restore. Files are restored to the share 
+Incremental mode; tar files are only backed up if they have the archive bit set\&. The archive bit is reset after each file is read\&.
-from the tar file. 
+
 .TP
-\fB-l log level\fR
+-r
-Log (debug) level. Corresponds to the 
+Restore\&. Files are restored to the share from the tar file\&.
-\fI-d\fR flag of \fBsmbclient(1)
+
-\fR. 
+
 .TP
 -l log level
 Log (debug) level\&. Corresponds to the \fI-d\fR flag of \fBsmbclient\fR(1)\&.
 .SH "ENVIRONMENT VARIABLES"
 .PP
-The \fI$TAPE\fR variable specifies the 
+The \fI$TAPE\fR variable specifies the default tape device to write to\&. May be overridden with the -t option\&.
-default tape device to write to. May be overridden
+
 with the -t option. 
 .SH "BUGS"
 .PP
-The \fBsmbtar\fR script has different 
+The \fBsmbtar\fR script has different options from ordinary tar and from smbclient's tar command\&.
-options from ordinary tar and from smbclient's tar command. 
+
 .SH "CAVEATS"
 .PP
-Sites that are more careful about security may not like 
+Sites that are more careful about security may not like the way the script handles PC passwords\&. Backup and restore work on entire shares; should work on file lists\&. smbtar works best with GNU tar and may not work well with other versions\&.
-the way the script handles PC passwords. Backup and restore work 
+
 on entire shares; should work on file lists. smbtar works best
 with GNU tar and may not work well with other versions. 
 .SH "DIAGNOSTICS"
 .PP
-See the \fBDIAGNOSTICS\fR section for the 
+See the \fBDIAGNOSTICS\fR section for the \fBsmbclient\fR(1) command\&.
-\fBsmbclient(1)\fR 
+
 command.
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fR 
+\fBsmbd\fR(8), \fBsmbclient\fR(1), \fBsmb.conf\fR(5)\&.
-\fBsmbclient(1)\fR 
+
 smb.conf(5)
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-Ricky Poulten <URL:mailto:poultenr@logica.co.uk>  
+Ricky Poulten wrote the tar extension and this man page\&. The \fBsmbtar\fR script was heavily rewritten and improved by Martin Kraemer\&. Many thanks to everyone who suggested extensions, improvements, bug fixes, etc\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-wrote the tar extension and this man page. The \fBsmbtar\fR 
+
 script was heavily rewritten and improved by Martin Kraemer <URL:mailto:Martin.Kraemer@mch.sni.de>. Many 
 thanks to everyone who suggested extensions, improvements, bug 
 fixes, etc. The man page sources were converted to YODL format (another 
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter.
--- a/docs/manpages/smbumount.8
+++ b/docs/manpages/smbumount.8
@ -1,43 +1,56 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "SMBUMOUNT" "8" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "SMBUMOUNT" 8 "" "" ""
 .SH NAME
 smbumount \- smbfs umount for normal users
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBsmbumount\fR \fBmount-point\fR
+.nf
 \fBsmbumount\fR {mount-point}
 .fi
 .SH "DESCRIPTION"
 .PP
-With this program, normal users can unmount smb-filesystems, 
+With this program, normal users can unmount smb-filesystems, provided that it is suid root\&. \fBsmbumount\fR has been written to give normal Linux users more control over their resources\&. It is safe to install this program suid root, because only the user who has mounted a filesystem is allowed to unmount it again\&. For root it is not necessary to use smbumount\&. The normal umount program works perfectly well, but it would certainly be problematic to make umount setuid root\&.
-provided that it is suid root.  \fBsmbumount\fR has 
+
 been written to give normal Linux users more control over their 
 resources. It is safe to install this program suid root, because only 
 the user who has mounted a filesystem is allowed to unmount it again.  
 For root it is not necessary to use smbumount. The normal umount 
 program works perfectly well, but it would certainly be problematic 
 to make umount setuid root.
 .SH "OPTIONS"
 .TP
-\fBmount-point\fR
+mount-point
-The directory to unmount.
+The directory to unmount\&.
 .SH "SEE ALSO"
 .PP
-\fBsmbmount(8)\fR
+\fBsmbmount\fR(8)
 .SH "AUTHOR"
 .PP
-Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
+Volker Lendecke, Andrew Tridgell, Michael H\&. Warfield and others\&.
-and others.
+
 .PP
-The current maintainer of smbfs and the userspace
+The current maintainer of smbfs and the userspace tools \fBsmbmount\fR, \fBsmbumount\fR, and \fBsmbmnt\fR is Urban Widmark\&. The SAMBA Mailing list is the preferred place to ask questions regarding these programs\&.
-tools \fBsmbmount\fR, \fBsmbumount\fR,
+
 and \fBsmbmnt\fR is Urban Widmark <URL:mailto:urban@teststation.com>.
 The SAMBA Mailing list <URL:mailto:samba@samba.org>
 is the preferred place to ask questions regarding these programs.
 .PP
-The conversion of this manpage for Samba 2.2 was performed 
+The conversion of this manpage for Samba 2\&.2 was performed by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-by Gerald Carter
+
--- a/docs/manpages/swat.8
+++ b/docs/manpages/swat.8
@ -1,141 +1,184 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "SWAT" "8" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "SWAT" 8 "" "" ""
 .SH NAME
 swat \- Samba Web Administration Tool
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBswat\fR [ \fB-s <smb config file>\fR ] [ \fB-a\fR ]
+.nf
 \fBswat\fR [-s <smb config file>] [-a]
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-\fBswat\fR allows a Samba administrator to 
+\fBswat\fR allows a Samba administrator to configure the complex \fBsmb.conf\fR(5) file via a Web browser\&. In addition, a \fBswat\fR configuration page has help links to all the configurable options in the \fIsmb\&.conf\fR file allowing an administrator to easily look up the effects of any change\&.
-configure the complex \fI smb.conf(5)\fR file via a Web browser. In addition, 
+
 a \fBswat\fR configuration page has help links 
 to all the configurable options in the \fIsmb.conf\fR file allowing an 
 administrator to easily look up the effects of any change. 
 .PP
 \fBswat\fR is run from \fBinetd\fR 
 .SH "OPTIONS"
 .TP
 \fB-s smb configuration file\fR
 The default configuration file path is 
 determined at compile time.  The file specified contains 
 the configuration details required by the \fBsmbd
 \fR server. This is the file that \fBswat\fR will modify. 
 The information in this file includes server-specific 
 information such as what printcap file to use, as well as 
 descriptions of all the services that the server is to provide.
 See \fIsmb.conf\fR for more information. 
 .TP
 \fB-a\fR
 This option disables authentication and puts 
 \fBswat\fR in demo mode. In that mode anyone will be able to modify 
 the \fIsmb.conf\fR file. 
-\fBWARNING: Do NOT enable this option on a production 
+.SH "OPTIONS"
-server. \fR
+
 .TP
 -s smb configuration file
 The default configuration file path is determined at compile time\&. The file specified contains the configuration details required by the \fBsmbd\fR(8) server\&. This is the file that \fBswat\fR will modify\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&.
 .TP
 -a
 This option disables authentication and puts \fBswat\fR in demo mode\&. In that mode anyone will be able to modify the \fIsmb\&.conf\fR file\&.
 \fBWARNING: Do NOT enable this option on a production server\&. \fR
 .TP
 -V
 Prints the version number for \fBsmbd\fR\&.
 .TP
 -s <configuration file>
 The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
 .TP
 -d|--debug=debuglevel
 \fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
 The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
 Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
 .TP
 -l|--logfile=logbasename
 File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
 .TP
 -h|--help
 Print a summary of command line options\&.
 .SH "INSTALLATION"
 .PP
-After you compile SWAT you need to run \fBmake install
+Swat is included as binary package with most distributions\&. The package manager in this case takes care of the installation and configuration\&. This section is only for those who have compiled swat from scratch\&.
-\fR to install the \fBswat\fR binary
+
-and the various help files and images. A default install would put 
+.PP
-these in: 
+After you compile SWAT you need to run \fBmake install \fR to install the \fBswat\fR binary and the various help files and images\&. A default install would put these in:
-.TP 0.2i
+
 .TP 3
 \(bu
 /usr/local/samba/bin/swat
-.TP 0.2i
+
 .TP
 \(bu
 /usr/local/samba/swat/images/*
-.TP 0.2i
+
 .TP
 \(bu
 /usr/local/samba/swat/help/*
-.SS "INETD INSTALLATION"
+
 .LP
 .SS "Inetd Installation"
 .PP
-You need to edit your \fI/etc/inetd.conf
+You need to edit your \fI/etc/inetd\&.conf \fR and \fI/etc/services\fR to enable SWAT to be launched via \fBinetd\fR\&.
-\fR and \fI/etc/services\fR
+
 to enable SWAT to be launched via \fBinetd\fR.
 .PP
-In \fI/etc/services\fR you need to 
+In \fI/etc/services\fR you need to add a line like this:
-add a line like this: 
+
 .PP
 \fBswat 901/tcp\fR
 .PP
-Note for NIS/YP users - you may need to rebuild the 
+Note for NIS/YP and LDAP users - you may need to rebuild the NIS service maps rather than alter your local \fI /etc/services\fR file\&.
-NIS service maps rather than alter your local \fI  /etc/services\fR file. 
+
 .PP
-the choice of port number isn't really important 
+the choice of port number isn't really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your\fBinetd\fR daemon)\&.
-except that it should be less than 1024 and not currently 
+
 used (using a number above 1024 presents an obscure security 
 hole depending on the implementation details of your 
 \fBinetd\fR daemon). 
 .PP
-In \fI/etc/inetd.conf\fR you should 
+In \fI/etc/inetd\&.conf\fR you should add a line like this:
-add a line like this: 
+
 .PP
-\fBswat    stream  tcp     nowait.400  root
+\fBswat stream tcp nowait.400 root /usr/local/samba/bin/swat swat\fR
-/usr/local/samba/bin/swat swat\fR
+
 .PP
-One you have edited \fI/etc/services\fR 
+One you have edited \fI/etc/services\fR and \fI/etc/inetd\&.conf\fR you need to send a HUP signal to inetd\&. To do this use \fBkill -1 PID \fR where PID is the process ID of the inetd daemon\&.
-and \fI/etc/inetd.conf\fR you need to send a 
+
-HUP signal to inetd. To do this use \fBkill -1 PID
+.SH "LAUNCHING"
-\fR where PID is the process ID of the inetd daemon. 
+
 .SS "LAUNCHING"
 .PP
-To launch SWAT just run your favorite web browser and 
+To launch SWAT just run your favorite web browser and point it at "http://localhost:901/"\&.
-point it at "http://localhost:901/".
+
 .PP
-Note that you can attach to SWAT from any IP connected 
+Note that you can attach to SWAT from any IP connected machine but connecting from a remote machine leaves your connection open to password sniffing as passwords will be sent in the clear over the wire\&.
-machine but connecting from a remote machine leaves your 
+
 connection open to password sniffing as passwords will be sent 
 in the clear over the wire. 
 .SH "FILES"
 .TP
-\fB\fI/etc/inetd.conf\fB\fR
+\fI/etc/inetd\&.conf\fR
-This file must contain suitable startup 
+This file must contain suitable startup information for the meta-daemon\&.
-information for the meta-daemon.
+
 .TP
-\fB\fI/etc/services\fB\fR
+\fI/etc/services\fR
-This file must contain a mapping of service name 
+This file must contain a mapping of service name (e\&.g\&., swat) to service port (e\&.g\&., 901) and protocol type (e\&.g\&., tcp)\&.
-(e.g., swat) to service port (e.g., 901) and protocol type 
+
-(e.g., tcp).  
+
 .TP
-\fB\fI/usr/local/samba/lib/smb.conf\fB\fR
+\fI/usr/local/samba/lib/smb\&.conf\fR
-This is the default location of the \fIsmb.conf(5)
+This is the default location of the \fBsmb.conf\fR(5) server configuration file that swat edits\&. Other common places that systems install this file are \fI /usr/samba/lib/smb\&.conf\fR and \fI/etc/smb\&.conf \fR\&. This file describes all the services the server is to make available to clients\&.
-\fR server configuration file that swat edits. Other 
+
-common places that systems install this file are \fI  /usr/samba/lib/smb.conf\fR and \fI/etc/smb.conf
+
 \fR.  This file describes all the services the server 
 is to make available to clients. 
 .SH "WARNINGS"
 .PP
-\fBswat\fR will rewrite your \fIsmb.conf
+\fBswat\fR will rewrite your \fBsmb.conf\fR(5) file\&. It will rearrange the entries and delete all comments, \fIinclude=\fR and \fIcopy= \fR options\&. If you have a carefully crafted \fI smb\&.conf\fR then back it up or don't use swat!
-\fR file. It will rearrange the entries and delete all 
+
 comments, \fIinclude=\fR and \fIcopy=
 \fR options. If you have a carefully crafted \fI smb.conf\fR then back it up or don't use swat! 
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fBinetd(5)\fR,
+\fBinetd(5)\fR, \fBsmbd\fR(8), \fBsmb.conf\fR(5)
-\fBsmbd(8)\fR 
+
 smb.conf(5)
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/testparm.1
+++ b/docs/manpages/testparm.1
@ -1,110 +1,123 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "TESTPARM" "1" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "TESTPARM" 1 "" "" ""
 .SH NAME
 testparm \- check an smb.conf configuration file for internal correctness
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBtestparm\fR [ \fB-s\fR ] [ \fB-h\fR ] [ \fB-v\fR ] [ \fB-L <servername>\fR ] [ \fB-t <encoding>\fR ] \fBconfig filename\fR [ \fBhostname hostIP\fR ]
+.nf
 \fBtestparm\fR [-s] [-h] [-v] [-L <servername>] [-t <encoding>] {config filename} [hostname
         hostIP]
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-\fBtestparm\fR is a very simple test program 
+\fBtestparm\fR is a very simple test program to check an \fBsmbd\fR(8) configuration file for internal correctness\&. If this program reports no problems, you can use the configuration file with confidence that \fBsmbd \fR will successfully load the configuration file\&.
-to check an \fBsmbd\fR configuration file for 
+
 internal correctness. If this program reports no problems, you 
 can use the configuration file with confidence that \fBsmbd
 \fR will successfully load the configuration file.
 .PP
-Note that this is \fBNOT\fR a guarantee that 
+Note that this is \fBNOT\fR a guarantee that the services specified in the configuration file will be available or will operate as expected\&.
-the services specified in the configuration file will be 
+
 available or will operate as expected. 
 .PP
-If the optional host name and host IP address are 
+If the optional host name and host IP address are specified on the command line, this test program will run through the service entries reporting whether the specified host has access to each service\&.
-specified on the command line, this test program will run through 
+
 the service entries reporting whether the specified host
 has access to each service. 
 .PP
-If \fBtestparm\fR finds an error in the \fI smb.conf\fR file it returns an exit code of 1 to the calling 
+If \fBtestparm\fR finds an error in the \fI smb\&.conf\fR file it returns an exit code of 1 to the calling program, else it returns an exit code of 0\&. This allows shell scripts to test the output from \fBtestparm\fR\&.
-program, else it returns an exit code of 0. This allows shell scripts 
+
 to test the output from \fBtestparm\fR.
 .SH "OPTIONS"
 .TP
-\fB-s\fR
+-s
-Without this option, \fBtestparm\fR 
+Without this option, \fBtestparm\fR will prompt for a carriage return after printing the service names and before dumping the service definitions\&.
-will prompt for a carriage return after printing the service 
+
-names and before dumping the service definitions.
+
 .TP
-\fB-h\fR
+-h|--help
-Print usage message 
+Print a summary of command line options\&.
 .TP
-\fB-L servername\fR
+-V
-Sets the value of the %L macro to \fIservername\fR.
+Prints the version number for \fBsmbd\fR\&.
-This is useful for testing include files specified with the 
+
-%L macro. 
+
 .TP
-\fB-v\fR
+-L servername
-If this option is specified, testparm 
+Sets the value of the %L macro to \fIservername\fR\&. This is useful for testing include files specified with the %L macro\&.
-will also output all options that were not used in 
+
-\fIsmb.conf\fR and are thus set to
+
 their defaults.
 .TP
-\fB-t encoding\fR
+-v
-Output data in specified encoding.
+If this option is specified, testparm will also output all options that were not used in \fBsmb.conf\fR(5) and are thus set to their defaults\&.
 .TP
-\fBconfigfilename\fR
+-t encoding
-This is the name of the configuration file 
+Output data in specified encoding\&.
-to check. If this parameter is not present then the 
+
-default \fIsmb.conf\fR file will be checked.  
+
 .TP
-\fBhostname\fR
+configfilename
-If this parameter and the following are 
+This is the name of the configuration file to check\&. If this parameter is not present then the default \fBsmb.conf\fR(5) file will be checked\&.
-specified, then \fBtestparm\fR will examine the \fIhosts
+
-allow\fR and \fIhosts deny\fR 
+
 parameters in the \fIsmb.conf\fR file to 
 determine if the hostname with this IP address would be
 allowed access to the \fBsmbd\fR server.  If 
 this parameter is supplied, the hostIP parameter must also
 be supplied.
 .TP
-\fBhostIP\fR
+hostname
-This is the IP address of the host specified 
+If this parameter and the following are specified, then \fBtestparm\fR will examine the \fIhosts allow\fR and \fIhosts deny\fR parameters in the \fBsmb.conf\fR(5) file to determine if the hostname with this IP address would be allowed access to the \fBsmbd\fR server\&. If this parameter is supplied, the hostIP parameter must also be supplied\&.
-in the previous parameter.  This address must be supplied 
+
-if the hostname parameter is supplied. 
+
 .TP
 hostIP
 This is the IP address of the host specified in the previous parameter\&. This address must be supplied if the hostname parameter is supplied\&.
 .SH "FILES"
 .TP
-\fB\fIsmb.conf\fB\fR
+\fBsmb.conf\fR(5)
-This is usually the name of the configuration 
+This is usually the name of the configuration file used by \fBsmbd\fR(8)\&.
-file used by \fBsmbd\fR. 
+
 .SH "DIAGNOSTICS"
 .PP
-The program will issue a message saying whether the 
+The program will issue a message saying whether the configuration file loaded OK or not\&. This message may be preceded by errors and warnings if the file did not load\&. If the file was loaded OK, the program then dumps all known service details to stdout\&.
-configuration file loaded OK or not. This message may be preceded by 
+
 errors and warnings if the file did not load. If the file was 
 loaded OK, the program then dumps all known service details 
 to stdout. 
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fIsmb.conf(5)\fR 
+\fBsmb.conf\fR(5), \fBsmbd\fR(8)
-\fBsmbd(8)\fR
+
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/testprns.1
+++ b/docs/manpages/testprns.1
@ -1,91 +1,96 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "TESTPRNS" "1" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "TESTPRNS" 1 "" "" ""
 .SH NAME
 testprns \- check printer name for validity with smbd
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBtestprns\fR \fBprintername\fR [ \fBprintcapname\fR ]
+.nf
 \fBtestprns\fR {printername} [printcapname]
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-\fBtestprns\fR is a very simple test program 
+\fBtestprns\fR is a very simple test program to determine whether a given printer name is valid for use in a service to be provided by \fBsmbd\fR(8)\&.
-to determine whether a given printer name is valid for use in 
+
 a service to be provided by \fB smbd(8)\fR 
 .PP
-"Valid" in this context means "can be found in the 
+"Valid" in this context means "can be found in the printcap specified"\&. This program is very stupid - so stupid in fact that it would be wisest to always specify the printcap file to use\&.
-printcap specified". This program is very stupid - so stupid in 
+
 fact that it would be wisest to always specify the printcap file 
 to use. 
 .SH "OPTIONS"
 .TP
 \fBprintername\fR
 The printer name to validate.
 Printer names are taken from the first field in each 
 record in the printcap file, single printer names and sets 
 of aliases separated by vertical bars ("|") are recognized. 
 Note that no validation or checking of the printcap syntax is 
 done beyond that required to extract the printer name. It may
 be that the print spooling system is more forgiving or less 
 forgiving than \fBtestprns\fR. However, if 
 \fBtestprns\fR finds the printer then 
 \fBsmbd\fR should do so as well. 
 .TP
-\fBprintcapname\fR
+printername
-This is the name of the printcap file within
+The printer name to validate\&.
-which to search for the given printer name. 
+
 Printer names are taken from the first field in each record in the printcap file, single printer names and sets of aliases separated by vertical bars ("|") are recognized\&. Note that no validation or checking of the printcap syntax is done beyond that required to extract the printer name\&. It may be that the print spooling system is more forgiving or less forgiving than \fBtestprns\fR\&. However, if \fBtestprns\fR finds the printer then \fBsmbd\fR(8) should do so as well\&.
 .TP
 printcapname
 This is the name of the printcap file within which to search for the given printer name\&.
 If no printcap name is specified \fBtestprns \fR will attempt to scan the printcap file name specified at compile time\&.
 If no printcap name is specified \fBtestprns
 \fR will attempt to scan the printcap file name 
 specified at compile time. 
 .SH "FILES"
 .TP
-\fB\fI/etc/printcap\fB\fR
+\fI/etc/printcap\fR
-This is usually the default printcap 
+This is usually the default printcap file to scan\&. See \fIprintcap (5)\fR\&.
-file to scan. See \fIprintcap (5)\fR. 
+
 .SH "DIAGNOSTICS"
 .PP
-If a printer is found to be valid, the message 
+If a printer is found to be valid, the message "Printer name <printername> is valid" will be displayed\&.
-"Printer name <printername> is valid" will be 
+
 displayed. 
 .PP
-If a printer is found to be invalid, the message
+If a printer is found to be invalid, the message "Printer name <printername> is not valid" will be displayed\&.
-"Printer name <printername> is not valid" will be 
+
 displayed. 
 .PP
-All messages that would normally be logged during
+All messages that would normally be logged during operation of the Samba daemons are logged by this program to the file \fItest\&.log\fR in the current directory\&. The program runs at debuglevel 3, so quite extensive logging information is written\&. The log should be checked carefully for errors and warnings\&.
-operation of the Samba daemons are logged by this program to the 
+
 file \fItest.log\fR in the current directory. The
 program runs at debuglevel 3, so quite extensive logging 
 information is written. The log should be checked carefully 
 for errors and warnings. 
 .PP
-Other messages are self-explanatory. 
+Other messages are self-explanatory\&.
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fIprintcap(5)\fR, 
+\fIprintcap(5)\fR,\fBsmbd\fR(8), \fBsmbclient\fR(1)
-\fBsmbd(8)\fR 
+
 \fBsmbclient(1)\fR
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-The original Samba man pages were written by Karl Auer. 
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-The man page sources were converted to YODL format (another 
+
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
 release by Jeremy Allison.  The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
--- a/docs/manpages/vfstest.1
+++ b/docs/manpages/vfstest.1
@ -1,195 +1,271 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "VFSTEST" "1" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "VFSTEST" 1 "" "" ""
 .SH NAME
 vfstest \- tool for testing samba VFS modules
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBvfstest\fR [ \fB-d debuglevel\fR ] [ \fB-c command\fR ] [ \fB-l logfile\fR ] [ \fB-h\fR ]
+.nf
 \fBvfstest\fR [-d debuglevel] [-c command] [-l logfile] [-h]
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-\fBvfstest\fR is a small command line
+\fBvfstest\fR is a small command line utility that has the ability to test dso samba VFS modules\&. It gives the user the ability to call the various VFS functions manually and supports cascaded VFS modules\&.
-utility that has the ability to test dso samba VFS modules. It gives the
+
 user the ability to call the various VFS functions manually and
 supports cascaded VFS modules.
 .SH "OPTIONS"
 .TP
 \fB-c|--command=command\fR
 Execute the specified (colon-separated) commands.
 See below for the commands that are available.
 .TP
 \fB-d|--debug=debuglevel\fR
 \fIdebuglevel\fR is an integer 
 from 0 to 10.  The default value if this parameter is 
 not specified is zero.
 The higher this value, the more detail will be 
 logged to the log files about the activities of the 
 server. At level 0, only critical errors and serious 
 warnings will be logged. Level 1 is a reasonable level for
 day to day running - it generates a small amount of 
 information about operations carried out.
 Levels above 1 will generate considerable 
 amounts of log data, and should only be used when 
 investigating a problem. Levels above 3 are designed for 
 use only by developers and generate HUGE amounts of log
 data, most of which is extremely cryptic.
 Note that specifying this parameter here will 
 override the log
 level file.
 .TP
-\fB-h|--help\fR
+-c|--command=command
-Print a summary of command line options.
+Execute the specified (colon-separated) commands\&. See below for the commands that are available\&.
 .TP
-\fB-l|--logfile=logbasename\fR
+-h|--help
-File name for log/debug files. The extension
+Print a summary of command line options\&.
-\&'.client' will be appended. The log file is never removed
+
-by the client.
+
 .TP
 -l|--logfile=logbasename
 File name for log/debug files\&. The extension \fB'\&.client'\fR will be appended\&. The log file is never removed by the client\&.
 .TP
 -V
 Prints the version number for \fBsmbd\fR\&.
 .TP
 -s <configuration file>
 The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
 .TP
 -d|--debug=debuglevel
 \fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
 The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
 Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
 .TP
 -l|--logfile=logbasename
 File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
 .SH "COMMANDS"
 .PP
 \fBVFS COMMANDS\fR
-.TP 0.2i
+
 .TP 3
 \(bu
 \fBload <module.so>\fR - Load specified VFS module
-.TP 0.2i
+
 .TP
 \(bu
 \fBpopulate <char> <size>\fR - Populate a data buffer with the specified data
-.TP 0.2i
+
 .TP
 \(bu
 \fBshowdata [<offset> <len>]\fR - Show data currently in data buffer
-.TP 0.2i
+
 .TP
 \(bu
 \fBconnect\fR - VFS connect()
-.TP 0.2i
+
 .TP
 \(bu
 \fBdisconnect\fR - VFS disconnect()
-.TP 0.2i
+
 .TP
 \(bu
 \fBdisk_free\fR - VFS disk_free()
-.TP 0.2i
+
 .TP
 \(bu
 \fBopendir\fR - VFS opendir()
-.TP 0.2i
+
 .TP
 \(bu
 \fBreaddir\fR - VFS readdir()
-.TP 0.2i
+
 .TP
 \(bu
 \fBmkdir\fR - VFS mkdir()
-.TP 0.2i
+
 .TP
 \(bu
 \fBrmdir\fR - VFS rmdir()
-.TP 0.2i
+
 .TP
 \(bu
 \fBclosedir\fR - VFS closedir()
-.TP 0.2i
+
 .TP
 \(bu
 \fBopen\fR - VFS open()
-.TP 0.2i
+
 .TP
 \(bu
 \fBclose\fR - VFS close()
-.TP 0.2i
+
 .TP
 \(bu
 \fBread\fR - VFS read()
-.TP 0.2i
+
 .TP
 \(bu
 \fBwrite\fR - VFS write()
-.TP 0.2i
+
 .TP
 \(bu
 \fBlseek\fR - VFS lseek()
-.TP 0.2i
+
 .TP
 \(bu
 \fBrename\fR - VFS rename()
-.TP 0.2i
+
 .TP
 \(bu
 \fBfsync\fR - VFS fsync()
-.TP 0.2i
+
 .TP
 \(bu
 \fBstat\fR - VFS stat()
-.TP 0.2i
+
 .TP
 \(bu
 \fBfstat\fR - VFS fstat()
-.TP 0.2i
+
 .TP
 \(bu
 \fBlstat\fR - VFS lstat()
-.TP 0.2i
+
 .TP
 \(bu
 \fBunlink\fR - VFS unlink()
-.TP 0.2i
+
 .TP
 \(bu
 \fBchmod\fR - VFS chmod()
-.TP 0.2i
+
 .TP
 \(bu
 \fBfchmod\fR - VFS fchmod()
-.TP 0.2i
+
 .TP
 \(bu
 \fBchown\fR - VFS chown()
-.TP 0.2i
+
 .TP
 \(bu
 \fBfchown\fR - VFS fchown()
-.TP 0.2i
+
 .TP
 \(bu
 \fBchdir\fR - VFS chdir()
-.TP 0.2i
+
 .TP
 \(bu
 \fBgetwd\fR - VFS getwd()
-.TP 0.2i
+
 .TP
 \(bu
 \fButime\fR - VFS utime()
-.TP 0.2i
+
 .TP
 \(bu
 \fBftruncate\fR - VFS ftruncate()
-.TP 0.2i
+
 .TP
 \(bu
 \fBlock\fR - VFS lock()
-.TP 0.2i
+
 .TP
 \(bu
 \fBsymlink\fR - VFS symlink()
-.TP 0.2i
+
 .TP
 \(bu
 \fBreadlink\fR - VFS readlink()
-.TP 0.2i
+
 .TP
 \(bu
 \fBlink\fR - VFS link()
-.TP 0.2i
+
 .TP
 \(bu
 \fBmknod\fR - VFS mknod()
-.TP 0.2i
+
 .TP
 \(bu
 \fBrealpath\fR - VFS realpath()
 .LP
 .PP
 \fBGENERAL COMMANDS\fR
-.TP 0.2i
+
 .TP 3
 \(bu
 \fBconf <smb.conf>\fR - Load a different configuration file
-.TP 0.2i
+
 .TP
 \(bu
 \fBhelp [<command>]\fR - Get list of commands or info about specified command
-.TP 0.2i
+
 .TP
 \(bu
 \fBdebuglevel <level>\fR - Set debug level
-.TP 0.2i
+
 .TP
 \(bu
 \fBfreemem\fR - Free memory currently in use
-.TP 0.2i
+
 .TP
 \(bu
 \fBexit\fR - Exit vfstest
 .LP
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of the Samba
+This man page is correct for version 3\&.0 of the Samba suite\&.
-suite.
+
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar
 to the way the Linux kernel is developed.
 .PP
-The vfstest man page was written by Jelmer Vernooij.
+The vfstest man page was written by Jelmer Vernooij\&.
--- a/docs/manpages/wbinfo.1
+++ b/docs/manpages/wbinfo.1
@ -1,139 +1,169 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "WBINFO" "1" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "WBINFO" 1 "" "" ""
 .SH NAME
 wbinfo \- Query information from winbind daemon
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-i ip\fR ] [ \fB-N netbios-name\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] [ \fB-r user\fR ] [ \fB-a user%password\fR ] [ \fB-A user%password\fR ] [ \fB-p\fR ]
+.nf
 \fBwbinfo\fR [-u] [-g] [-N netbios-name] [-I ip] [-n name] [-s sid] [-U uid] [-G gid]
       [-S sid] [-Y sid] [-t] [-m] [--sequence] [-r user] [-a user%password]
       [-A user%password] [--get-auth-user] [-p]
 .fi
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
 .PP
-The \fBwbinfo\fR program queries and returns information 
+The \fBwbinfo\fR program queries and returns information created and used by the \fBwinbindd\fR(8) daemon\&.
-created and used by the \fB winbindd(8)\fR daemon. 
+
 .PP
-The \fBwinbindd(8)\fR daemon must be configured 
+The \fBwinbindd\fR(8) daemon must be configured and running for the \fBwbinfo\fR program to be able to return information\&.
-and running for the \fBwbinfo\fR program to be able 
+
 to return information.
 .SH "OPTIONS"
 .TP
-\fB-u\fR
+-u
-This option will list all users available 
+This option will list all users available in the Windows NT domain for which the \fBwinbindd\fR(8) daemon is operating in\&. Users in all trusted domains will also be listed\&. Note that this operation does not assign user ids to any users that have not already been seen by \fBwinbindd\fR(8) \&.
-in the Windows NT domain for which the \fBwinbindd(8)
+
-\fR daemon is operating in. Users in all trusted domains 
+
 will also be listed.  Note that this operation does not assign 
 user ids to any users that have not already been seen by 
 \fBwinbindd(8)\fR.
 .TP
-\fB-g\fR
+-g
-This option will list all groups available 
+This option will list all groups available in the Windows NT domain for which the \fBSamba\fR(7) daemon is operating in\&. Groups in all trusted domains will also be listed\&. Note that this operation does not assign group ids to any groups that have not already been seen by \fBwinbindd\fR(8)\&.
-in the Windows NT domain for which the \fBwinbindd(8)
+
-\fR daemon is operating in. Groups in all trusted domains
+
 will also be listed.  Note that this operation does not assign 
 group ids to any groups that have not already been seen by
 \fBwinbindd(8)\fR. 
 .TP
-\fB-N name\fR
+-N name
-The \fI-N\fR option 
+The \fI-N\fR option queries \fBwinbindd\fR(8) to query the WINS server for the IP address associated with the NetBIOS name specified by the \fIname\fR parameter\&.
-queries \fBwinbindd(8)\fR to query the WINS
+
-server for the IP address associated with the NetBIOS name
+
 specified by the \fIname\fR parameter.
 .TP
-\fB-I ip\fR
+-I ip
-The \fI-I\fR option 
+The \fI-I\fR option queries \fBwinbindd\fR(8) to send a node status request to get the NetBIOS name associated with the IP address specified by the \fIip\fR parameter\&.
-queries \fBwinbindd(8)\fR to send a node status
+
-request to get the NetBIOS name associated with the IP address
+
 specified by the \fIip\fR parameter.
 .TP
-\fB-n name\fR
+-n name
-The \fI-n\fR option 
+The \fI-n\fR option queries \fBwinbindd\fR(8) for the SID associated with the name specified\&. Domain names can be specified before the user name by using the winbind separator character\&. For example CWDOM1/Administrator refers to the Administrator user in the domain CWDOM1\&. If no domain is specified then the domain used is the one specified in the \fBsmb.conf\fR(5) \fIworkgroup \fR parameter\&.
-queries \fBwinbindd(8)\fR for the SID   
+
-associated with the name specified. Domain names can be specified 
+
 before the user name by using the winbind separator character.  
 For example CWDOM1/Administrator refers to the Administrator
 user in the domain CWDOM1.  If no domain is specified then the 
 domain used is the one specified in the \fIsmb.conf\fR
 \fIworkgroup\fR parameter. 
 .TP
-\fB-s sid\fR
+-s sid
-Use \fI-s\fR to resolve
+Use \fI-s\fR to resolve a SID to a name\&. This is the inverse of the \fI-n \fR option above\&. SIDs must be specified as ASCII strings in the traditional Microsoft format\&. For example, S-1-5-21-1455342024-3071081365-2475485837-500\&.
-a SID to a name.  This is the inverse of the \fI-n
+
-\fR option above.  SIDs must be specified as ASCII strings 
+
 in the traditional Microsoft format. For example,
 S-1-5-21-1455342024-3071081365-2475485837-500. 
 .TP
-\fB-U uid\fR
+-U uid
-Try to convert a UNIX user id to a Windows NT 
+Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified does not refer to one within the winbind uid range then the operation will fail\&.
-SID.  If the uid specified does not refer to one within
+
-the winbind uid range then the operation will fail. 
+
 .TP
-\fB-G gid\fR
+-G gid
-Try to convert a UNIX group id to a Windows 
+Try to convert a UNIX group id to a Windows NT SID\&. If the gid specified does not refer to one within the winbind gid range then the operation will fail\&.
-NT SID.  If the gid specified does not refer to one within 
+
-the winbind gid range then the operation will fail. 
+
 .TP
-\fB-S sid\fR
+-S sid
-Convert a SID to a UNIX user id.  If the SID 
+Convert a SID to a UNIX user id\&. If the SID does not correspond to a UNIX user mapped by \fBwinbindd\fR(8) then the operation will fail\&.
-does not correspond to a UNIX user mapped by \fB  winbindd(8)\fR then the operation will fail. 
+
 .TP
-\fB-Y sid\fR
+-Y sid
-Convert a SID to a UNIX group id.  If the SID 
+Convert a SID to a UNIX group id\&. If the SID does not correspond to a UNIX group mapped by \fBwinbindd\fR(8) then the operation will fail\&.
-does not correspond to a UNIX group mapped by \fB  winbindd(8)\fR then the operation will fail. 
+
 .TP
-\fB-t\fR
+-t
-Verify that the workstation trust account 
+Verify that the workstation trust account created when the Samba server is added to the Windows NT domain is working\&.
-created when the Samba server is added to the Windows NT
+
-domain is working. 
+
 .TP
-\fB-m\fR
+-m
-Produce a list of domains trusted by the 
+Produce a list of domains trusted by the Windows NT server \fBwinbindd\fR(8) contacts when resolving names\&. This list does not include the Windows NT domain the server is a Primary Domain Controller for\&.
-Windows NT server \fBwinbindd(8)\fR contacts 
+
-when resolving names.  This list does not include the Windows 
+
 NT domain the server is a Primary Domain Controller for.
 .TP
-\fB-r username\fR
+--sequence
-Try to obtain the list of UNIX group ids
+Show sequence numbers of all known domains
-to which the user belongs.  This only works for users
+
-defined on a Domain Controller.
+
 .TP
-\fB-a username%password\fR
+-r username
-Attempt to authenticate a user via winbindd. 
+Try to obtain the list of UNIX group ids to which the user belongs\&. This only works for users defined on a Domain Controller\&.
-This checks both authenticaion methods and reports its results.
+
 .TP
-\fB-A username%password\fR
+-a username%password
-Store username and password used by winbindd 
+Attempt to authenticate a user via winbindd\&. This checks both authenticaion methods and reports its results\&.
-during session setup to a domain controller.  This enables
+
-winbindd to operate in a Windows 2000 domain with Restrict
+
-Anonymous turned on (a.k.a. Permissions compatiable with
+.TP
-Windows 2000 servers only).
+-A username%password
 Store username and password used by winbindd during session setup to a domain controller\&. This enables winbindd to operate in a Windows 2000 domain with Restrict Anonymous turned on (a\&.k\&.a\&. Permissions compatiable with Windows 2000 servers only)\&.
 .TP
 --get-auth-user
 Print username and password used by winbindd during session setup to a domain controller\&. Username and password can be set using '-A'\&. Only available for root\&.
 .TP
 -p
 Check whether winbindd is still alive\&. Prints out either 'succeeded' or 'failed'\&.
 .TP
 -V
 Prints the version number for \fBsmbd\fR\&.
 .TP
 -h|--help
 Print a summary of command line options\&.
 .SH "EXIT STATUS"
 .PP
-The wbinfo program returns 0 if the operation 
+The wbinfo program returns 0 if the operation succeeded, or 1 if the operation failed\&. If the \fBwinbindd\fR(8) daemon is not working \fBwbinfo\fR will always return failure\&.
-succeeded, or 1 if the operation failed.  If the \fBwinbindd(8)
+
 \fR daemon is not working \fBwbinfo\fR will always return 
 failure. 
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fBwinbindd(8)\fR
+\fBwinbindd\fR(8)
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-\fBwbinfo\fR and \fBwinbindd\fR
+\fBwbinfo\fR and \fBwinbindd\fR were written by Tim Potter\&.
-were written by Tim Potter.
+
 .PP
-The conversion to DocBook for Samba 2.2 was done 
+The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-by Gerald Carter
+
--- a/docs/manpages/winbindd.8
+++ b/docs/manpages/winbindd.8
@ -1,242 +1,240 @@
-.\" This manpage has been automatically generated by docbook2man 
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.\" from a DocBook document.  This tool can be found at:
+.de Sh \" Subsection
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.br
-.\" Please send any bug reports, improvements, comments, patches, 
+.if t .Sp
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.ne 5
-.TH "WINBINDD" "8" "04 March 2003" "" ""
+.PP
 \fB\\$1\fR
 .PP
 ..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
 ..
 .de Ip \" List item
 .br
 .ie \\n(.$>=3 .ne \\$3
 .el .ne 3
 .IP "\\$1" \\$2
 ..
 .TH "WINBINDD" 8 "" "" ""
 .SH NAME
 winbindd \- Name Service Switch daemon for resolving names from NT servers
-.SH SYNOPSIS
+.SH "SYNOPSIS"
-\fBwinbindd\fR [ \fB-F\fR ] [ \fB-S\fR ] [ \fB-i\fR ] [ \fB-B\fR ] [ \fB-d <debug level>\fR ] [ \fB-s <smb config file>\fR ] [ \fB-n\fR ]
+.nf
 \fBwinbindd\fR [-F] [-S] [-i] [-B] [-d <debug level>] [-s <smb config file>] [-n]
 .fi
 .SH "DESCRIPTION"
 .PP
 This program is part of the  Samba suite.
 .PP
 \fBwinbindd\fR is a daemon that provides 
 a service for the Name Service Switch capability that is present 
 in most modern C libraries.  The Name Service Switch allows user 
 and system information to be obtained from different databases 
 services such as NIS or DNS.  The exact behaviour can be configured 
 throught the \fI/etc/nsswitch.conf\fR file.  
 Users and groups are allocated as they are resolved to a range 
 of user and group ids specified by the administrator of the 
 Samba system.
 .PP
 The service provided by \fBwinbindd\fR is called `winbind' and 
 can be used to resolve user and group information from a 
 Windows NT server. The service can also provide authentication
 services via an associated PAM module. 
 .PP
 The \fIpam_winbind\fR module in the 2.2.2 release only 
 supports the \fIauth\fR and \fIaccount\fR 
 module-types.  The latter simply
 performs a getpwnam() to verify that the system can obtain a uid for the
 user.  If the \fIlibnss_winbind\fR library has been correctly 
 installed, this should always succeed.
 .PP
 The following nsswitch databases are implemented by 
 the winbindd service: 
 .TP
 \fBhosts\fR
 User information traditionally stored in 
 the \fIhosts(5)\fR file and used by 
 \fBgethostbyname(3)\fR functions. Names are
 resolved through the WINS server or by broadcast.
 .TP
 \fBpasswd\fR
 User information traditionally stored in 
 the \fIpasswd(5)\fR file and used by 
 \fBgetpwent(3)\fR functions. 
 .TP
 \fBgroup\fR
 Group information traditionally stored in 
 the \fIgroup(5)\fR file and used by   
 \fBgetgrent(3)\fR functions. 
 .PP
 For example, the following simple configuration in the
 \fI/etc/nsswitch.conf\fR file can be used to initially 
 resolve user and group information from \fI/etc/passwd
 \fR and \fI/etc/group\fR and then from the 
 Windows NT server. 
 .PP
 .PP
 This program is part of the \fBSamba\fR(7) suite\&.
 .PP
 \fBwinbindd\fR is a daemon that provides a service for the Name Service Switch capability that is present in most modern C libraries\&. The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS\&. The exact behaviour can be configured throught the \fI/etc/nsswitch\&.conf\fR file\&. Users and groups are allocated as they are resolved to a range of user and group ids specified by the administrator of the Samba system\&.
 .PP
 The service provided by \fBwinbindd\fR is called `winbind' and can be used to resolve user and group information from a Windows NT server\&. The service can also provide authentication services via an associated PAM module\&.
 .PP
 The \fIpam_winbind\fR module in the 2\&.2\&.2 release only supports the \fIauth\fR and \fIaccount\fR module-types\&. The latter simply performs a getpwnam() to verify that the system can obtain a uid for the user\&. If the \fIlibnss_winbind\fR library has been correctly installed, this should always succeed\&.
 .PP
 The following nsswitch databases are implemented by the winbindd service:
 .TP
 hosts
 User information traditionally stored in the \fIhosts(5)\fR file and used by \fBgethostbyname(3)\fR functions\&. Names are resolved through the WINS server or by broadcast\&.
 .TP
 passwd
 User information traditionally stored in the \fIpasswd(5)\fR file and used by \fBgetpwent(3)\fR functions\&.
 .TP
 group
 Group information traditionally stored in the \fIgroup(5)\fR file and used by \fBgetgrent(3)\fR functions\&.
 .PP
 For example, the following simple configuration in the\fI/etc/nsswitch\&.conf\fR file can be used to initially resolve user and group information from \fI/etc/passwd \fR and \fI/etc/group\fR and then from the Windows NT server\&. 
 .nf
 passwd:         files winbind
 group:          files winbind
 .fi
 .PP
-The following simple configuration in the
+The following simple configuration in the\fI/etc/nsswitch\&.conf\fR file can be used to initially resolve hostnames from \fI/etc/hosts\fR and then from the WINS server\&.
-\fI/etc/nsswitch.conf\fR file can be used to initially
+
 resolve hostnames from \fI/etc/hosts\fR and then from the
 WINS server.
 .SH "OPTIONS"
 .TP
-\fB-F\fR
+-F
-If specified, this parameter causes
+If specified, this parameter causes the main \fBwinbindd\fR process to not daemonize, i\&.e\&. double-fork and disassociate with the terminal\&. Child processes are still created as normal to service each connection request, but the main process does not exit\&. This operation mode is suitable for running \fBwinbindd\fR under process supervisors such as \fBsupervise\fR and \fBsvscan\fR from Daniel J\&. Bernstein's \fBdaemontools\fR package, or the AIX process monitor\&.
-the main \fBwinbindd\fR process to not daemonize,
+
-i.e. double-fork and disassociate with the terminal.
+
 Child processes are still created as normal to service
 each connection request, but the main process does not
 exit. This operation mode is suitable for running
 \fBwinbindd\fR under process supervisors such
 as \fBsupervise\fR and \fBsvscan\fR
 from Daniel J. Bernstein's \fBdaemontools\fR
 package, or the AIX process monitor.
 .TP
-\fB-S\fR
+-S
-If specified, this parameter causes
+If specified, this parameter causes \fBwinbindd\fR to log to standard output rather than a file\&.
-\fBwinbindd\fR to log to standard output rather
+
-than a file.
+
 .TP
-\fB-d debuglevel\fR
+-V
-Sets the debuglevel to an integer between 
+Prints the version number for \fBsmbd\fR\&.
-0 and 100. 0 is for no debugging and 100 is for reams and 
+
-reams. To submit a bug report to the Samba Team, use debug 
+
 level 100 (see BUGS.txt).   
 .TP
-\fB-i\fR
+-s <configuration file>
-Tells \fBwinbindd\fR to not 
+The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&.
-become a daemon and detach from the current terminal. This 
+
-option is used by developers when interactive debugging 
+
 of \fBwinbindd\fR is required.
 \fBwinbindd\fR also logs to standard output,
 as if the \fB-S\fR parameter had been given.
 .TP
-\fB-n\fR
+-d|--debug=debuglevel
-Disable caching. This means winbindd will 
+\fIdebuglevel\fR is an integer from 0 to 10\&. The default value if this parameter is not specified is zero\&.
-always have to wait for a response from the domain controller 
+
-before it can respond to a client and this thus makes things 
+
-slower. The results will however be more accurate, since 
+The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day to day running - it generates a small amount of information about operations carried out\&.
-results from the cache might not be up-to-date. This 
+
-might also temporarily hang winbindd if the DC doesn't respond.
+
 Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&.
 Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&.
 .TP
-\fB-B\fR
+-l|--logfile=logbasename
-Dual daemon mode. This means winbindd will run 
+File name for log/debug files\&. The extension \fB"\&.client"\fR will be appended\&. The log file is never removed by the client\&.
-as 2 threads. The first will answer all requests from the cache, 
+
-thus making responses to clients faster. The other will 
+
 update the cache for the query that the first has just responded. 
 Advantage of this is that responses are accurate and fast.
 .TP
-\fB-s|--conf=smb.conf\fR
+-h|--help
-Specifies the location of the all-important
+Print a summary of command line options\&.
-\fIsmb.conf\fR file. 
+
 .TP
 -i
 Tells \fBwinbindd\fR to not become a daemon and detach from the current terminal\&. This option is used by developers when interactive debugging of \fBwinbindd\fR is required\&. \fBwinbindd\fR also logs to standard output, as if the \fB-S\fR parameter had been given\&.
 .TP
 -n
 Disable caching\&. This means winbindd will always have to wait for a response from the domain controller before it can respond to a client and this thus makes things slower\&. The results will however be more accurate, since results from the cache might not be up-to-date\&. This might also temporarily hang winbindd if the DC doesn't respond\&.
 .TP
 -B
 Dual daemon mode\&. This means winbindd will run as 2 threads\&. The first will answer all requests from the cache, thus making responses to clients faster\&. The other will update the cache for the query that the first has just responded\&. Advantage of this is that responses stay accurate and are faster\&.
 .SH "NAME AND ID RESOLUTION"
 .PP
-Users and groups on a Windows NT server are assigned 
+Users and groups on a Windows NT server are assigned a relative id (rid) which is unique for the domain when the user or group is created\&. To convert the Windows NT user or group into a unix user or group, a mapping between rids and unix user and group ids is required\&. This is one of the jobs that \fB winbindd\fR performs\&.
-a relative id (rid) which is unique for the domain when the 
+
 user or group is created.  To convert the Windows NT user or group 
 into a unix user or group, a mapping between rids and unix user 
 and group ids is required.  This is one of the jobs that \fB winbindd\fR performs. 
 .PP
-As winbindd users and groups are resolved from a server, user 
+As winbindd users and groups are resolved from a server, user and group ids are allocated from a specified range\&. This is done on a first come, first served basis, although all existing users and groups will be mapped as soon as a client performs a user or group enumeration command\&. The allocated unix ids are stored in a database file under the Samba lock directory and will be remembered\&.
-and group ids are allocated from a specified range.  This
+
 is done on a first come, first served basis, although all existing 
 users and groups will be mapped as soon as a client performs a user 
 or group enumeration command.  The allocated unix ids are stored 
 in a database file under the Samba lock directory and will be 
 remembered. 
 .PP
-WARNING: The rid to unix id database is the only location 
+WARNING: The rid to unix id database is the only location where the user and group mappings are stored by winbindd\&. If this file is deleted or corrupted, there is no way for winbindd to determine which user and group ids correspond to Windows NT user and group rids\&.
-where the user and group mappings are stored by winbindd.  If this 
+
 file is deleted or corrupted, there is no way for winbindd to 
 determine which user and group ids correspond to Windows NT user 
 and group rids. 
 .SH "CONFIGURATION"
 .PP
-Configuration of the \fBwinbindd\fR daemon 
+Configuration of the \fBwinbindd\fR daemon is done through configuration parameters in the \fBsmb.conf\fR(5) file\&. All parameters should be specified in the [global] section of smb\&.conf\&.
-is done through configuration parameters in the \fIsmb.conf(5)
+
-\fR file.  All parameters should be specified in the 
+.TP 3
 [global] section of smb.conf. 
 .TP 0.2i
 \(bu
 \fIwinbind separator\fR
-.TP 0.2i
+
 .TP
 \(bu
 \fIwinbind uid\fR
-.TP 0.2i
+
 .TP
 \(bu
 \fIwinbind gid\fR
-.TP 0.2i
+
 .TP
 \(bu
 \fIwinbind cache time\fR
-.TP 0.2i
+
 .TP
 \(bu
 \fIwinbind enum users\fR
-.TP 0.2i
+
 .TP
 \(bu
 \fIwinbind enum groups\fR
-.TP 0.2i
+
 .TP
 \(bu
 \fItemplate homedir\fR
-.TP 0.2i
+
 .TP
 \(bu
 \fItemplate shell\fR
-.TP 0.2i
+
 .TP
 \(bu
 \fIwinbind use default domain\fR
 .SH "EXAMPLE SETUP"
 .PP
 To setup winbindd for user and group lookups plus 
 authentication from a domain controller use something like the 
 following setup. This was tested on a RedHat 6.2 Linux box. 
 .PP
 In \fI/etc/nsswitch.conf\fR put the 
 following:
 .PP
 .LP
 .SH "EXAMPLE SETUP"
 .PP
 To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup\&. This was tested on a RedHat 6\&.2 Linux box\&.
 .PP
 In \fI/etc/nsswitch\&.conf\fR put the following: 
 .nf
 passwd:     files winbind
 group:      files winbind
 .fi
 .PP
 In \fI/etc/pam.d/*\fR replace the 
 \fIauth\fR lines with something like this: 
 .PP
 .PP
 In \fI/etc/pam\&.d/*\fR replace the \fI auth\fR lines with something like this: 
 .nf
 auth       required	/lib/security/pam_securetty.so
 auth       required	/lib/security/pam_nologin.so
 auth       sufficient	/lib/security/pam_winbind.so
 auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
 auth       required	/lib/security/pam_securetty\&.so
 auth       required	/lib/security/pam_nologin\&.so
 auth       sufficient	/lib/security/pam_winbind\&.so
 auth       required     /lib/security/pam_pwdb\&.so use_first_pass shadow nullok
 .fi
 .PP
-Note in particular the use of the \fIsufficient\fR 
+Note in particular the use of the \fIsufficient \fR keyword and the \fIuse_first_pass\fR keyword\&.
-keyword and the \fIuse_first_pass\fR keyword. 
+
 .PP
 Now replace the account lines with this:
 .PP
 \fBaccount    required /lib/security/pam_winbind.so
 \fR
 .PP
 The next step is to join the domain. To do that use the 
 \fBsmbpasswd\fR program like this:  
 .PP
 \fBsmbpasswd -j DOMAIN -r PDC -U
 Administrator\fR
 .PP
 The username after the \fI-U\fR can be any
 Domain user that has administrator privileges on the machine.
 Substitute your domain name for "DOMAIN" and the name of your PDC
 for "PDC".
 .PP
 Next copy \fIlibnss_winbind.so\fR to 
 \fI/lib\fR and \fIpam_winbind.so\fR
 to \fI/lib/security\fR.  A symbolic link needs to be
 made from \fI/lib/libnss_winbind.so\fR to
 \fI/lib/libnss_winbind.so.2\fR.  If you are using an
 older version of glibc then the target of the link should be
 \fI/lib/libnss_winbind.so.1\fR.
 .PP
 Finally, setup a \fIsmb.conf\fR containing directives like the 
 following:  
 .PP
 .PP
 \fBaccount required /lib/security/pam_winbind.so \fR
 .PP
 The next step is to join the domain\&. To do that use the\fBnet\fR program like this:
 .PP
 \fBnet join -S PDC -U Administrator\fR
 .PP
 The username after the \fI-U\fR can be any Domain user that has administrator privileges on the machine\&. Substitute the name or IP of your PDC for "PDC"\&.
 .PP
 Next copy \fIlibnss_winbind\&.so\fR to\fI/lib\fR and \fIpam_winbind\&.so \fR to \fI/lib/security\fR\&. A symbolic link needs to be made from \fI/lib/libnss_winbind\&.so\fR to\fI/lib/libnss_winbind\&.so\&.2\fR\&. If you are using an older version of glibc then the target of the link should be\fI/lib/libnss_winbind\&.so\&.1\fR\&.
 .PP
 Finally, setup a \fBsmb.conf\fR(5) containing directives like the following: 
 .nf
 [global]
 	winbind separator = +
        winbind cache time = 10
@ -247,105 +245,97 @@ following:
        workgroup = DOMAIN
        security = domain
        password server = *
 .fi
 .PP
 Now start winbindd and you should find that your user and 
 group database is expanded to include your NT users and groups, 
 and that you can login to your unix box as a domain user, using 
 the DOMAIN+user syntax for the username. You may wish to use the 
 commands \fBgetent passwd\fR and \fBgetent group
 \fR to confirm the correct operation of winbindd.
 .SH "NOTES"
 .PP
 The following notes are useful when configuring and 
 running \fBwinbindd\fR: 
 .PP
 \fBnmbd\fR must be running on the local machine 
 for \fBwinbindd\fR to work. \fBwinbindd\fR
 queries the list of trusted domains for the Windows NT server
 on startup and when a SIGHUP is received.  Thus, for a running \fB winbindd\fR to become aware of new trust relationships between 
 servers, it must be sent a SIGHUP signal. 
 .PP
 Client processes resolving names through the \fBwinbindd\fR
 nsswitch module read an environment variable named \fB $WINBINDD_DOMAIN\fR.  If this variable contains a comma separated
 list of Windows NT domain names, then winbindd will only resolve users
 and groups within those Windows NT domains. 
 .PP
 PAM is really easy to misconfigure.  Make sure you know what 
 you are doing when modifying PAM configuration files.  It is possible 
 to set up PAM such that you can no longer log into your system. 
 .PP
 If more than one UNIX machine is running \fBwinbindd\fR, 
 then in general the user and groups ids allocated by winbindd will not 
 be the same.  The user and group ids will only be valid for the local 
 machine.
 .PP
 If the the Windows NT RID to UNIX user and group id mapping 
 file is damaged or destroyed then the mappings will be lost. 
 .SH "SIGNALS"
 .PP
 The following signals can be used to manipulate the 
 \fBwinbindd\fR daemon. 
 .TP
 \fBSIGHUP\fR
 Reload the \fIsmb.conf(5)\fR
 file and apply any parameter changes to the running 
 version of winbindd.  This signal also clears any cached 
 user and group information.  The list of other domains trusted 
 by winbindd is also reloaded.  
 .TP
 \fBSIGUSR1\fR
 The SIGUSR1 signal will cause \fB  winbindd\fR to write status information to the winbind 
 log file including information about the number of user and 
 group ids allocated by \fBwinbindd\fR.
-Log files are stored in the filename specified by the 
+
-log file parameter.
+.PP
 Now start winbindd and you should find that your user and group database is expanded to include your NT users and groups, and that you can login to your unix box as a domain user, using the DOMAIN+user syntax for the username\&. You may wish to use the commands \fBgetent passwd\fR and \fBgetent group \fR to confirm the correct operation of winbindd\&.
 .SH "NOTES"
 .PP
 The following notes are useful when configuring and running \fBwinbindd\fR:
 .PP
 \fBnmbd\fR(8) must be running on the local machine for \fBwinbindd\fR to work\&. \fBwinbindd\fR queries the list of trusted domains for the Windows NT server on startup and when a SIGHUP is received\&. Thus, for a running \fB winbindd\fR to become aware of new trust relationships between servers, it must be sent a SIGHUP signal\&.
 .PP
 PAM is really easy to misconfigure\&. Make sure you know what you are doing when modifying PAM configuration files\&. It is possible to set up PAM such that you can no longer log into your system\&.
 .PP
 If more than one UNIX machine is running \fBwinbindd\fR, then in general the user and groups ids allocated by winbindd will not be the same\&. The user and group ids will only be valid for the local machine\&.
 .PP
 If the the Windows NT RID to UNIX user and group id mapping file is damaged or destroyed then the mappings will be lost\&.
 .SH "SIGNALS"
 .PP
 The following signals can be used to manipulate the\fBwinbindd\fR daemon\&.
 .TP
 SIGHUP
 Reload the \fBsmb.conf\fR(5) file and apply any parameter changes to the running version of winbindd\&. This signal also clears any cached user and group information\&. The list of other domains trusted by winbindd is also reloaded\&.
 .TP
 SIGUSR1
 The SIGUSR1 signal will cause \fB winbindd\fR to write status information to the winbind log file including information about the number of user and group ids allocated by \fBwinbindd\fR\&.
 Log files are stored in the filename specified by the log file parameter\&.
 .SH "FILES"
 .TP
-\fB\fI/etc/nsswitch.conf(5)\fB\fR
+\fI/etc/nsswitch\&.conf(5)\fR
-Name service switch configuration file.
+Name service switch configuration file\&.
 .TP
-\fB/tmp/.winbindd/pipe\fR
+/tmp/\&.winbindd/pipe
-The UNIX pipe over which clients communicate with 
+The UNIX pipe over which clients communicate with the \fBwinbindd\fR program\&. For security reasons, the winbind client will only attempt to connect to the winbindd daemon if both the \fI/tmp/\&.winbindd\fR directory and \fI/tmp/\&.winbindd/pipe\fR file are owned by root\&.
-the \fBwinbindd\fR program.  For security reasons, the 
+
-winbind client will only attempt to connect to the winbindd daemon 
+
 if both the \fI/tmp/.winbindd\fR directory
 and \fI/tmp/.winbindd/pipe\fR file are owned by 
 root. 
 .TP
-\fB/lib/libnss_winbind.so.X\fR
+$LOCKDIR/winbindd_privilaged/pipe
-Implementation of name service switch library.
+The UNIX pipe over which 'privilaged' clients communicate with the \fBwinbindd\fR program\&. For security reasons, access to some winbindd functions - like those needed by the \fBntlm_auth\fR utility - is restricted\&. By default, only users in the 'root' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privilaged to allow programs like 'squid' to use ntlm_auth\&. Note that the winbind client will only attempt to connect to the winbindd daemon if both the \fI$LOCKDIR/winbindd_privilaged\fR directory and \fI$LOCKDIR/winbindd_privilaged/pipe\fR file are owned by root\&.
 .TP
-\fB$LOCKDIR/winbindd_idmap.tdb\fR
+/lib/libnss_winbind\&.so\&.X
-Storage for the Windows NT rid to UNIX user/group 
+Implementation of name service switch library\&.
-id mapping.  The lock directory is specified when Samba is initially 
+
-compiled using the \fI--with-lockdir\fR option.
+
 This directory is by default \fI/usr/local/samba/var/locks
 \fR. 
 .TP
-\fB$LOCKDIR/winbindd_cache.tdb\fR
+$LOCKDIR/winbindd_idmap\&.tdb
-Storage for cached user and group information.
+Storage for the Windows NT rid to UNIX user/group id mapping\&. The lock directory is specified when Samba is initially compiled using the \fI--with-lockdir\fR option\&. This directory is by default \fI/usr/local/samba/var/locks \fR\&.
 .TP
 $LOCKDIR/winbindd_cache\&.tdb
 Storage for cached user and group information\&.
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of
+This man page is correct for version 3\&.0 of the Samba suite\&.
-the Samba suite.
+
 .SH "SEE ALSO"
 .PP
-\fInsswitch.conf(5)\fR,
+\fInsswitch\&.conf(5)\fR, \fBSamba\fR(7), \fBwbinfo\fR(8), \fBsmb.conf\fR(5)
-samba(7)
+
 wbinfo(1)
 smb.conf(5)
 .SH "AUTHOR"
 .PP
-The original Samba software and related utilities 
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
-were created by Andrew Tridgell. Samba is now developed
+
 by the Samba Team as an Open Source project similar 
 to the way the Linux kernel is developed.
 .PP
-\fBwbinfo\fR and \fBwinbindd\fR
+\fBwbinfo\fR and \fBwinbindd\fR were written by Tim Potter\&.
-were written by Tim Potter.
+
 .PP
-The conversion to DocBook for Samba 2.2 was done 
+The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
-by Gerald Carter
+