Changeset 429 for trunk/server/docs/manpages/smb.conf.5

Timestamp:

Apr 9, 2010, 3:51:41 PM (15 years ago)

Author:

Silvan Scherrer

Message:

Samba 3.5.x: trunk update to 3.5.2

Location:

trunk/server

Files:

• . (modified) (1 prop)
• docs/manpages/smb.conf.5 (modified) (559 diffs)

trunk/server/docs/manpages/smb.conf.5

@@ -1 @@
-'\" t
 .\"     Title: smb.conf
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\"      Date: 02/19/2010
+.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
+.\"      Date: 03/30/2010
 .\"    Manual: File Formats and Conventions
 .\"    Source: Samba 3.5
 .\"  Language: English
 .\"
-.TH "SMB\&.CONF" "5" "02/19/2010" "Samba 3\&.5" "File Formats and Conventions"
+.TH "SMB\&.CONF" "5" "03/30/2010" "Samba 3\&.5" "File Formats and Conventions"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
 .\" -----------------------------------------------------------------
 .\" * set default formatting
@@ -19 +167 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
-.SH "NAME"
+.SH "Name"
 smb.conf \- The configuration file for the Samba suite
 .SH "SYNOPSIS"
 .PP
 The
-smb\&.conf
+\FCsmb\&.conf\F[]
 file is a configuration file for the Samba suite\&.
-smb\&.conf
+\FCsmb\&.conf\F[]
 contains runtime configuration information for the Samba programs\&. The
-smb\&.conf
+\FCsmb\&.conf\F[]
 file is designed to be configured and administered by the
 \fBswat\fR(8)
@@ -39 +187 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 \fIname\fR = \fIvalue \fR
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -55 +217 @@
 .PP
 Any line ending in a
-\(lq\e\(rq
+\(lq\FC\e\F[]\(rq
 is continued on the next line in the customary UNIX fashion\&.
 .PP
@@ -78 +240 @@
 .PP
 Sections other than guest services will require a password to access them\&. The client provides the username\&. As older clients only provide passwords and not usernames, you may specify a list of usernames to check against the password using the
-user =
+\FCuser =\F[]
 option in the share definition\&. For modern clients such as Windows 95/98/ME/NT/2000, this should not be necessary\&.
 .PP
@@ -84 +246 @@
 .PP
 The following sample section defines a file space share\&. The user has write access to the path
-/home/bar\&. The share is accessed via the share name
-foo:
+\FC/home/bar\F[]\&. The share is accessed via the share name
+\FCfoo\F[]:
 .sp
 .if n \{\
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
         \fI[foo]\fR
         \m[blue]\fBpath = /home/bar\fR\m[]
         \m[blue]\fBread only = no\fR\m[]
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -106 +282 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
         \fI[aprinter]\fR
         \m[blue]\fBpath = /usr/spool/public\fR\m[]
@@ -112 +296 @@
         \m[blue]\fBprintable = yes\fR\m[]
         \m[blue]\fBguest ok = yes\fR\m[]
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -159 +349 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 \fBpath = /data/pchome/%S\fR
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -178 +382 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 \fI[homes]\fR
 \m[blue]\fBread only = no\fR\m[]
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -246 +464 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 \fI[printers]\fR
 \m[blue]\fBpath = /usr/spool/public\fR\m[]
 \m[blue]\fBguest ok = yes\fR\m[]
 \m[blue]\fBprintable = yes\fR\m[]
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -261 +493 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 alias|alias|alias|alias\&.\&.\&.    
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -270 +516 @@
 Each alias should be an acceptable printer name for your printing subsystem\&. In the [global] section, specify the new file as your printcap\&. The server will only recognize names found in your pseudo\-printcap, which of course can contain whatever aliases you like\&. The same technique could be used simply to limit access to a subset of your local printers\&.
 .PP
-An alias, by the way, is defined as any component of the first entry of a printcap record\&. Records are separated by newlines, components (if there are more than one) are separated by vertical bar symbols (|)\&.
+An alias, by the way, is defined as any component of the first entry of a printcap record\&. Records are separated by newlines, components (if there are more than one) are separated by vertical bar symbols (\FC|\F[])\&.
 .if n \{\
 .sp
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -285 +532 @@
 .PP
 On SYSV systems which use lpstat to determine what printers are defined on the system you may be able to use
-printcap name = lpstat
+\FCprintcap name = lpstat\F[]
 to automatically obtain a list of printers\&. See the
-printcap name
+\FCprintcap name\F[]
 option for more details\&.
 .sp .5v
+.EM yellow
 .RE
 .SH "USERSHARES"
@@ -333 +581 @@
 .PP
 To allow members of the UNIX group
-foo
+\FCfoo\F[]
 to create user defined shares, create the directory to contain the share definitions as follows:
 .PP
@@ -341 +589 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 mkdir /usr/local/samba/lib/usershares
 chgrp foo /usr/local/samba/lib/usershares
 chmod 1770 /usr/local/samba/lib/usershares
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -355 +617 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
         \m[blue]\fBusershare path = /usr/local/samba/lib/usershares\fR\m[]
         \m[blue]\fBusershare max shares = 10\fR\m[] # (or the desired number of shares)
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -364 +640 @@
 .sp
 to the global section of your
-smb\&.conf\&. Members of the group foo may then manipulate the user defined shares using the following commands\&.
+\FCsmb\&.conf\F[]\&. Members of the group foo may then manipulate the user defined shares using the following commands\&.
 .PP
 net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]
@@ -528 +804 @@
 .RS 4
 the path of the service\'s home directory, obtained from your NIS auto\&.map entry\&. The NIS auto\&.map entry is split up as
-%N:%p\&.
+\FC%N:%p\F[]\&.
 .RE
 .PP
 There are some quite creative things that can be done with these substitutions and other
-smb\&.conf
+\FCsmb\&.conf\F[]
 options\&.
 .SH "NAME MANGLING"
 .PP
 Samba supports
-name mangling
+\FCname mangling\F[]
 so that DOS and Windows clients can use files that don\'t conform to the 8\&.3 format\&. It can also be set to adjust the case of 8\&.3 format filenames\&.
 .PP
@@ -567 +843 @@
 .RS 4
 controls whether new files (ie\&. files that don\'t currently exist in the filesystem) are created with the case that the client passes, or if they are forced to be the
-default
+\FCdefault\F[]
 case\&. Default
 \fIyes\fR\&.
@@ -575 +851 @@
 .RS 4
 controls if new files (ie\&. files that don\'t currently exist in the filesystem) which conform to 8\&.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced to be the
-default
+\FCdefault\F[]
 case\&. This option can be used with
-preserve case = yes
+\FCpreserve case = yes\F[]
 to permit long filenames to retain their case, while short names are lowercased\&. Default
 \fIyes\fR\&.
@@ -600 +876 @@
 .\}
 If the client has passed a username/password pair and that username/password pair is validated by the UNIX system\'s password programs, the connection is made as that username\&. This includes the
-\e\eserver\eservice%\fIusername\fR
+\FC\e\eserver\eservice\F[]%\fIusername\fR
 method of passing a username\&.
 .RE
@@ -646 +922 @@
 .\}
 If a
-user =
+\FCuser = \F[]
 field is given in the
-smb\&.conf
+\FCsmb\&.conf\F[]
 file for the service and the client has supplied a password, and that password matches (according to the UNIX system\'s password checking) with one of the usernames from the
-user =
+\FCuser =\F[]
 field, the connection is made as the username in the
-user =
+\FCuser =\F[]
 line\&. If one of the usernames in the
-user =
+\FCuser =\F[]
 list begins with a
-@, that name expands to a list of names in the group of the same name\&.
+\FC@\F[], that name expands to a list of names in the group of the same name\&.
 .RE
 .sp
@@ -668 +944 @@
 .\}
 If the service is a guest service, a connection is made as the username given in the
-guest account =
+\FCguest account =\F[]
 for the service, irrespective of the supplied password\&.
 .RE
@@ -674 +950 @@
 .PP
 Starting with Samba version 3\&.2\&.0, the capability to store Samba configuration in the registry is available\&. The configuration is stored in the registry key
-\fIHKLM\eSoftware\eSamba\esmbconf\fR\&. There are two levels of registry configuration:
+\fI\FCHKLM\eSoftware\eSamba\esmbconf\F[]\fR\&. There are two levels of registry configuration:
 .sp
 .RS 4
@@ -737 +1013 @@
 \fInet (rpc) registry\fR
 in the key
-\fIHKLM\eSoftware\eSamba\esmbconf\fR\&. More conveniently, the
+\fI\FCHKLM\eSoftware\eSamba\esmbconf\F[]\fR\&. More conveniently, the
 \fIconf\fR
 subcommand of the
@@ -758 +1034 @@
 .sp
 Default:
-\fI\fIabort shutdown script\fR\fR\fI = \fR\fI""\fR\fI \fR
-.sp
-Example:
-\fI\fIabort shutdown script\fR\fR\fI = \fR\fI/sbin/shutdown \-c\fR\fI \fR
+\fI\fIabort shutdown script\fR\fR\fI = \fR\fI\FC""\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIabort shutdown script\fR\fR\fI = \fR\fI\FC/sbin/shutdown \-c\F[]\fR\fI \fR
 .RE
 
@@ -773 +1049 @@
 .sp
 Default:
-\fI\fIaccess based share enum\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIaccess based share enum\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -786 +1062 @@
 .sp
 Default:
-\fI\fIacl check permissions\fR\fR\fI = \fR\fITrue\fR\fI \fR
+\fI\fIacl check permissions\fR\fR\fI = \fR\fI\FCTrue\F[]\fR\fI \fR
 .RE
 
@@ -802 +1078 @@
 .sp
 Default:
-\fI\fIacl compatibility\fR\fR\fI = \fR\fIAuto\fR\fI \fR
-.sp
-Example:
-\fI\fIacl compatibility\fR\fR\fI = \fR\fIwin2k\fR\fI \fR
+\fI\fIacl compatibility\fR\fR\fI = \fR\fI\FCAuto\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIacl compatibility\fR\fR\fI = \fR\fI\FCwin2k\F[]\fR\fI \fR
 .RE
 
@@ -831 +1107 @@
 .sp
 Default:
-\fI\fIacl group control\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIacl group control\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -842 +1118 @@
 .sp
 Default:
-\fI\fIacl map full control\fR\fR\fI = \fR\fITrue\fR\fI \fR
+\fI\fIacl map full control\fR\fR\fI = \fR\fI\FCTrue\F[]\fR\fI \fR
 .RE
 
@@ -858 +1134 @@
 .sp
 Default:
-\fI\fIadd group script\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIadd group script\fR\fR\fI = \fR\fI/usr/sbin/groupadd %g\fR\fI \fR
+\fI\fIadd group script\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIadd group script\fR\fR\fI = \fR\fI\FC/usr/sbin/groupadd %g\F[]\fR\fI \fR
 .RE
 
@@ -876 +1152 @@
 .sp
 Default:
-\fI\fIadd machine script\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIadd machine script\fR\fR\fI = \fR\fI/usr/sbin/adduser \-n \-g machines \-c Machine \-d /var/lib/nobody \-s /bin/false %u\fR\fI \fR
+\fI\fIadd machine script\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIadd machine script\fR\fR\fI = \fR\fI\FC/usr/sbin/adduser \-n \-g machines \-c Machine \-d /var/lib/nobody \-s /bin/false %u\F[]\fR\fI \fR
 .RE
 
@@ -913 +1189 @@
 .sp
 Default:
-\fI\fIadd port command\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIadd port command\fR\fR\fI = \fR\fI/etc/samba/scripts/addport\&.sh\fR\fI \fR
+\fI\fIadd port command\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIadd port command\fR\fR\fI = \fR\fI\FC/etc/samba/scripts/addport\&.sh\F[]\fR\fI \fR
 .RE
 
@@ -928 +1204 @@
 \fIaddprinter command\fR
 defines a script to be run which will perform the necessary operations for adding the printer to the print system and to add the appropriate service definition to the
-smb\&.conf
+\FCsmb\&.conf\F[]
 file in order that it can be shared by
 \fBsmbd\fR(8)\&.
@@ -1007 +1283 @@
 \fIaddprinter command\fR
 has been executed,
-smbd
+\FCsmbd\F[]
 will reparse the
-smb\&.conf
+\FC smb\&.conf\F[]
 to determine if the share defined by the APW exists\&. If the sharename is still invalid, then
-smbd
+\FCsmbd \F[]
 will return an ACCESS_DENIED error to the client\&.
 .sp
@@ -1019 +1295 @@
 .sp
 Default:
-\fI\fIaddprinter command\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIaddprinter command\fR\fR\fI = \fR\fI/usr/bin/addprinter\fR\fI \fR
+\fI\fIaddprinter command\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIaddprinter command\fR\fR\fI = \fR\fI\FC/usr/bin/addprinter\F[]\fR\fI \fR
 .RE
 
@@ -1032 +1308 @@
 \fIadd share command\fR
 is used to define an external program or script which will add a new service definition to
-smb\&.conf\&.
+\FCsmb\&.conf\F[]\&.
 .sp
 In order to successfully execute the
 \fIadd share command\fR,
-smbd
+\FCsmbd\F[]
 requires that the administrator connects using a root account (i\&.e\&. uid == 0) or has the
-SeDiskOperatorPrivilege\&. Scripts defined in the
+\FCSeDiskOperatorPrivilege\F[]\&. Scripts defined in the
 \fIadd share command\fR
 parameter are executed as root\&.
 .sp
 When executed,
-smbd
+\FCsmbd\F[]
 will automatically invoke the
 \fIadd share command\fR
@@ -1058 +1334 @@
 \fIconfigFile\fR
 \- the location of the global
-smb\&.conf
+\FCsmb\&.conf\F[]
 file\&.
 .RE
@@ -1114 +1390 @@
 .sp
 Default:
-\fI\fIadd share command\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIadd share command\fR\fR\fI = \fR\fI/usr/local/bin/addshare\fR\fI \fR
+\fI\fIadd share command\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIadd share command\fR\fR\fI = \fR\fI\FC/usr/local/bin/addshare\F[]\fR\fI \fR
 .RE
 
@@ -1150 +1426 @@
 \m[blue]\fBpassword server\fR\m[]
 and attempts to authenticate the given user with the given password\&. If the authentication succeeds then
-smbd
+\FCsmbd\F[]
 attempts to find a UNIX user in the UNIX password database to map the Windows user into\&. If this lookup fails, and
 \m[blue]\fBadd user script\fR\m[]
 is set then
-smbd
+\FCsmbd\F[]
 will call the specified script
 \fIAS ROOT\fR, expanding any
@@ -1161 +1437 @@
 .sp
 If this script successfully creates the user then
-smbd
+\FCsmbd\F[]
 will continue on as though the UNIX user already existed\&. In this way, UNIX users are dynamically created to match existing Windows NT accounts\&.
 .sp
@@ -1170 +1446 @@
 .sp
 Default:
-\fI\fIadd user script\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIadd user script\fR\fR\fI = \fR\fI/usr/local/samba/bin/add_user %u\fR\fI \fR
+\fI\fIadd user script\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIadd user script\fR\fR\fI = \fR\fI\FC/usr/local/samba/bin/add_user %u\F[]\fR\fI \fR
 .RE
 
@@ -1189 +1465 @@
 .sp
 Note that the
-adduser
+\FCadduser\F[]
 command used in the example below does not support the used syntax on all systems\&.
 .sp
 Default:
-\fI\fIadd user to group script\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIadd user to group script\fR\fR\fI = \fR\fI/usr/sbin/adduser %u %g\fR\fI \fR
+\fI\fIadd user to group script\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIadd user to group script\fR\fR\fI = \fR\fI\FC/usr/sbin/adduser %u %g\F[]\fR\fI \fR
 .RE
 
@@ -1212 +1488 @@
 .sp
 Default:
-\fI\fIadministrative share\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIadministrative share\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -1228 +1504 @@
 .sp
 Default:
-\fI\fIadmin users\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIadmin users\fR\fR\fI = \fR\fIjason\fR\fI \fR
+\fI\fIadmin users\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIadmin users\fR\fR\fI = \fR\fI\FCjason\F[]\fR\fI \fR
 .RE
 
@@ -1243 +1519 @@
 .sp
 Default:
-\fI\fIafs share\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIafs share\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -1255 +1531 @@
 .sp
 Default:
-\fI\fIafs username map\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIafs username map\fR\fR\fI = \fR\fI%u@afs\&.samba\&.org\fR\fI \fR
+\fI\fIafs username map\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIafs username map\fR\fR\fI = \fR\fI\FC%u@afs\&.samba\&.org\F[]\fR\fI \fR
 .RE
 
@@ -1276 +1552 @@
 .sp
 Default:
-\fI\fIaio read size\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fIaio read size\fR\fR\fI = \fR\fI16384 # Use asynchronous I/O for reads bigger than 16KB request size\fR\fI \fR
+\fI\fIaio read size\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIaio read size\fR\fR\fI = \fR\fI\FC16384 # Use asynchronous I/O for reads bigger than 16KB request size\F[]\fR\fI \fR
 .RE
 
@@ -1293 +1569 @@
 .sp
 Default:
-\fI\fIaio write behind\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIaio write behind\fR\fR\fI = \fR\fI/*\&.tmp/\fR\fI \fR
+\fI\fIaio write behind\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIaio write behind\fR\fR\fI = \fR\fI\FC/*\&.tmp/\F[]\fR\fI \fR
 .RE
 
@@ -1314 +1590 @@
 .sp
 Default:
-\fI\fIaio write size\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fIaio write size\fR\fR\fI = \fR\fI16384 # Use asynchronous I/O for writes bigger than 16KB request size\fR\fI \fR
+\fI\fIaio write size\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIaio write size\fR\fR\fI = \fR\fI\FC16384 # Use asynchronous I/O for writes bigger than 16KB request size\F[]\fR\fI \fR
 .RE
 
@@ -1331 +1607 @@
 .sp
 Default:
-\fI\fIalgorithmic rid base\fR\fR\fI = \fR\fI1000\fR\fI \fR
-.sp
-Example:
-\fI\fIalgorithmic rid base\fR\fR\fI = \fR\fI100000\fR\fI \fR
+\fI\fIalgorithmic rid base\fR\fR\fI = \fR\fI\FC1000\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIalgorithmic rid base\fR\fR\fI = \fR\fI\FC100000\F[]\fR\fI \fR
 .RE
 
@@ -1346 +1622 @@
 .sp
 Default:
-\fI\fIallocation roundup size\fR\fR\fI = \fR\fI1048576\fR\fI \fR
-.sp
-Example:
-\fI\fIallocation roundup size\fR\fR\fI = \fR\fI0 # (to disable roundups)\fR\fI \fR
+\fI\fIallocation roundup size\fR\fR\fI = \fR\fI\FC1048576\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIallocation roundup size\fR\fR\fI = \fR\fI\FC0 # (to disable roundups)\F[]\fR\fI \fR
 .RE
 
@@ -1367 +1643 @@
 .sp
 Default:
-\fI\fIallow trusted domains\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIallow trusted domains\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -1379 +1655 @@
 .sp
 Default:
-\fI\fIannounce as\fR\fR\fI = \fR\fINT Server\fR\fI \fR
-.sp
-Example:
-\fI\fIannounce as\fR\fR\fI = \fR\fIWin95\fR\fI \fR
+\fI\fIannounce as\fR\fR\fI = \fR\fI\FCNT Server\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIannounce as\fR\fR\fI = \fR\fI\FCWin95\F[]\fR\fI \fR
 .RE
 
@@ -1392 +1668 @@
 .sp
 Default:
-\fI\fIannounce version\fR\fR\fI = \fR\fI4\&.9\fR\fI \fR
-.sp
-Example:
-\fI\fIannounce version\fR\fR\fI = \fR\fI2\&.0\fR\fI \fR
+\fI\fIannounce version\fR\fR\fI = \fR\fI\FC4\&.9\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIannounce version\fR\fR\fI = \fR\fI\FC2\&.0\F[]\fR\fI \fR
 .RE
 
@@ -1403 +1679 @@
 .RS 4
 This option allows the administrator to chose what authentication methods
-smbd
+\FCsmbd\F[]
 will use when authenticating a user\&. This option defaults to sensible values based on
 \m[blue]\fBsecurity\fR\m[]\&. This should be considered a developer option and used only in rare circumstances\&. In the majority (if not all) of production servers, the default setting should be adequate\&.
@@ -1422 +1698 @@
 .sp
 Default:
-\fI\fIauth methods\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIauth methods\fR\fR\fI = \fR\fIguest sam winbind\fR\fI \fR
+\fI\fIauth methods\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIauth methods\fR\fR\fI = \fR\fI\FCguest sam winbind\F[]\fR\fI \fR
 .RE
 
@@ -1438 +1714 @@
 .sp
 Default:
-\fI\fIavailable\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIavailable\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -1452 +1728 @@
 .sp
 For name service it causes
-nmbd
+\FCnmbd\F[]
 to bind to ports 137 and 138 on the interfaces listed in the
 \m[blue]\fBinterfaces\fR\m[]
 parameter\&.
-nmbd
+\FCnmbd\F[]
 also binds to the "all addresses" interface (0\&.0\&.0\&.0) on ports 137 and 138 for the purposes of reading broadcast messages\&. If this option is not set then
-nmbd
+\FCnmbd\F[]
 will service name requests on all of these sockets\&. If
 \m[blue]\fBbind interfaces only\fR\m[]
 is set then
-nmbd
+\FCnmbd\F[]
 will check the source address of any packets coming in on the broadcast sockets and discard any that don\'t match the broadcast addresses of the interfaces in the
 \m[blue]\fBinterfaces\fR\m[]
 parameter list\&. As unicast packets are received on the other sockets it allows
-nmbd
+\FCnmbd\F[]
 to refuse to serve names to machines that send packets that arrive through any interfaces not listed in the
 \m[blue]\fBinterfaces\fR\m[]
 list\&. IP Source address spoofing does defeat this simple check, however, so it must not be used seriously as a security feature for
-nmbd\&.
+\FCnmbd\F[]\&.
 .sp
 For file service it causes
@@ -1477 +1753 @@
 \m[blue]\fBinterfaces\fR\m[]
 parameter\&. This restricts the networks that
-smbd
+\FCsmbd\F[]
 will serve, to packets coming in on those interfaces\&. Note that you should not use this parameter for machines that are serving PPP or other intermittent or non\-broadcast network interfaces as it will not cope with non\-permanent interfaces\&.
 .sp
@@ -1493 +1769 @@
 .sp
 To change a users SMB password, the
-smbpasswd
+\FCsmbpasswd\F[]
 by default connects to the
 \fIlocalhost \- 127\&.0\&.0\&.1\fR
@@ -1503 +1779 @@
 \m[blue]\fBinterfaces\fR\m[]
 parameter list then
-smbpasswd
+\FC smbpasswd\F[]
 will fail to connect in it\'s default mode\&.
-smbpasswd
+\FCsmbpasswd\F[]
 can be forced to use the primary IP interface of the local host by using its
 \fBsmbpasswd\fR(8)
@@ -1514 +1790 @@
 .sp
 The
-swat
+\FCswat\F[]
 status page tries to connect with
-smbd
+\FCsmbd\F[]
 and
-nmbd
+\FCnmbd\F[]
 at the address
 \fI127\&.0\&.0\&.1\fR
@@ -1524 +1800 @@
 \fI127\&.0\&.0\&.1\fR
 will cause
-smbd
+\FC smbd\F[]
 and
-nmbd
+\FCnmbd\F[]
 to always show "not running" even if they really are\&. This can prevent
-swat
+\FC swat\F[]
 from starting/stopping/restarting
-smbd
+\FCsmbd\F[]
 and
-nmbd\&.
-.sp
-Default:
-\fI\fIbind interfaces only\fR\fR\fI = \fR\fIno\fR\fI \fR
+\FCnmbd\F[]\&.
+.sp
+Default:
+\fI\fIbind interfaces only\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -1552 +1828 @@
 .sp
 Default:
-\fI\fIblocking locks\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIblocking locks\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -1568 +1844 @@
 .sp
 Default:
-\fI\fIblock size\fR\fR\fI = \fR\fI1024\fR\fI \fR
-.sp
-Example:
-\fI\fIblock size\fR\fR\fI = \fR\fI4096\fR\fI \fR
+\fI\fIblock size\fR\fR\fI = \fR\fI\FC1024\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIblock size\fR\fR\fI = \fR\fI\FC4096\F[]\fR\fI \fR
 .RE
 
@@ -1589 +1865 @@
 .sp
 Default:
-\fI\fIbrowseable\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIbrowseable\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -1599 +1875 @@
 \fBsmbd\fR(8)
 will serve a browse list to a client doing a
-NetServerEnum
+\FCNetServerEnum\F[]
 call\&. Normally set to
 \fByes\fR\&. You should never need to change this\&.
 .sp
 Default:
-\fI\fIbrowse list\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIbrowse list\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -1621 +1897 @@
 .sp
 Default:
-\fI\fIcache directory\fR\fR\fI = \fR\fI${prefix}/var/locks\fR\fI \fR
-.sp
-Example:
-\fI\fIcache directory\fR\fR\fI = \fR\fI/var/run/samba/locks/cache\fR\fI \fR
+\fI\fIcache directory\fR\fR\fI = \fR\fI\FC${prefix}/var/locks\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIcache directory\fR\fR\fI = \fR\fI\FC/var/run/samba/locks/cache\F[]\fR\fI \fR
 .RE
 
@@ -1643 +1919 @@
 .sp
 Default:
-\fI\fIcase sensitive\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIcase sensitive\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -1655 +1931 @@
 .sp
 Default:
-\fI\fIchange notify\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIchange notify\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -1665 +1941 @@
 \fIchange share command\fR
 is used to define an external program or script which will modify an existing service definition in
-smb\&.conf\&.
+\FCsmb\&.conf\F[]\&.
 .sp
 In order to successfully execute the
 \fIchange share command\fR,
-smbd
+\FCsmbd\F[]
 requires that the administrator connects using a root account (i\&.e\&. uid == 0) or has the
-SeDiskOperatorPrivilege\&. Scripts defined in the
+\FCSeDiskOperatorPrivilege\F[]\&. Scripts defined in the
 \fIchange share command\fR
 parameter are executed as root\&.
 .sp
 When executed,
-smbd
+\FCsmbd\F[]
 will automatically invoke the
 \fIchange share command\fR
@@ -1691 +1967 @@
 \fIconfigFile\fR
 \- the location of the global
-smb\&.conf
+\FCsmb\&.conf\F[]
 file\&.
 .RE
@@ -1746 +2022 @@
 .sp
 Default:
-\fI\fIchange share command\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIchange share command\fR\fR\fI = \fR\fI/usr/local/bin/changeshare\fR\fI \fR
+\fI\fIchange share command\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIchange share command\fR\fR\fI = \fR\fI\FC/usr/local/bin/changeshare\F[]\fR\fI \fR
 .RE
 
@@ -1761 +2037 @@
 .sp
 Note: In the example directory is a sample program called
-crackcheck
+\FCcrackcheck\F[]
 that uses cracklib to check the password quality\&.
 .sp
 Default:
-\fI\fIcheck password script\fR\fR\fI = \fR\fIDisabled\fR\fI \fR
-.sp
-Example:
-\fI\fIcheck password script\fR\fR\fI = \fR\fI/usr/local/sbin/crackcheck\fR\fI \fR
+\fI\fIcheck password script\fR\fR\fI = \fR\fI\FCDisabled\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIcheck password script\fR\fR\fI = \fR\fI\FC/usr/local/sbin/crackcheck\F[]\fR\fI \fR
 .RE
 
@@ -1782 +2058 @@
 .sp
 Disabling this option will also disable the
-client plaintext auth
+\FCclient plaintext auth\F[]
 option\&.
 .sp
 Likewise, if the
-client ntlmv2 auth
+\FCclient ntlmv2 auth\F[]
 parameter is enabled, then only NTLMv2 logins will be attempted\&.
 .sp
 Default:
-\fI\fIclient lanman auth\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIclient lanman auth\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -1811 +2087 @@
 are only available if Samba has been compiled against a modern OpenLDAP version (2\&.3\&.x or higher)\&.
 .sp
-This option is needed in the case of Domain Controllers enforcing the usage of signed LDAP connections (e\&.g\&. Windows 2000 SP3 or higher)\&. LDAP sign and seal can be controlled with the registry key "HKLM\eSystem\eCurrentControlSet\eServices\e
-NTDS\eParameters\eLDAPServerIntegrity" on the Windows server side\&.
+This option is needed in the case of Domain Controllers enforcing the usage of signed LDAP connections (e\&.g\&. Windows 2000 SP3 or higher)\&. LDAP sign and seal can be controlled with the registry key "\FCHKLM\eSystem\eCurrentControlSet\eServices\e\F[]
+\FCNTDS\eParameters\eLDAPServerIntegrity\F[]" on the Windows server side\&.
 .sp
 Depending on the used KRB5 library (MIT and older Heimdal versions) it is possible that the message "integrity only" is not supported\&. In this case,
@@ -1827 +2103 @@
 .sp
 Default:
-\fI\fIclient ldap sasl wrapping\fR\fR\fI = \fR\fIplain\fR\fI \fR
+\fI\fIclient ldap sasl wrapping\fR\fR\fI = \fR\fI\FCplain\F[]\fR\fI \fR
 .RE
 
@@ -1841 +2117 @@
 .sp
 Similarly, if enabled, NTLMv1,
-client lanman auth
+\FCclient lanman auth\F[]
 and
-client plaintext auth
+\FCclient plaintext auth\F[]
 authentication will be disabled\&. This also disables share\-level authentication\&.
 .sp
 If disabled, an NTLM response (and possibly a LANMAN response) will be sent by the client, depending on the value of
-client lanman auth\&.
+\FCclient lanman auth\F[]\&.
 .sp
 Note that some sites (particularly those following \'best practice\' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM\&.
 .sp
 Default:
-\fI\fIclient ntlmv2 auth\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIclient ntlmv2 auth\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -1862 +2138 @@
 .sp
 Default:
-\fI\fIclient plaintext auth\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIclient plaintext auth\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -1878 +2154 @@
 .sp
 Default:
-\fI\fIclient schannel\fR\fR\fI = \fR\fIauto\fR\fI \fR
-.sp
-Example:
-\fI\fIclient schannel\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIclient schannel\fR\fR\fI = \fR\fI\FCauto\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIclient schannel\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -1897 +2173 @@
 .sp
 Default:
-\fI\fIclient signing\fR\fR\fI = \fR\fIauto\fR\fI \fR
+\fI\fIclient signing\fR\fR\fI = \fR\fI\FCauto\F[]\fR\fI \fR
 .RE
 
@@ -1907 +2183 @@
 .sp
 Default:
-\fI\fIclient use spnego\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIclient use spnego\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -1917 +2193 @@
 .sp
 Default:
-\fI\fIcluster addresses\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIcluster addresses\fR\fR\fI = \fR\fI10\&.0\&.0\&.1 10\&.0\&.0\&.2 10\&.0\&.0\&.3\fR\fI \fR
+\fI\fIcluster addresses\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIcluster addresses\fR\fR\fI = \fR\fI\FC10\&.0\&.0\&.1 10\&.0\&.0\&.2 10\&.0\&.0\&.3\F[]\fR\fI \fR
 .RE
 
@@ -1930 +2206 @@
 .sp
 Set this parameter to
-yes
+\FCyes\F[]
 only if you have a cluster setup with ctdb running\&.
 .sp
 Default:
-\fI\fIclustering\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIclustering\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -1942 +2218 @@
 .RS 4
 This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via
-net view
+\FCnet view\F[]
 to list what shares are available\&.
 .sp
@@ -1950 +2226 @@
 .sp
 Default:
-\fI\fIcomment\fR\fR\fI = \fR\fI # No comment\fR\fI \fR
-.sp
-Example:
-\fI\fIcomment\fR\fR\fI = \fR\fIFred\'s Files\fR\fI \fR
+\fI\fIcomment\fR\fR\fI = \fR\fI\FC # No comment\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIcomment\fR\fR\fI = \fR\fI\FCFred\'s Files\F[]\fR\fI \fR
 .RE
 
@@ -1974 +2250 @@
 .sp
 Default:
-\fI\fIconfig backend\fR\fR\fI = \fR\fIfile\fR\fI \fR
-.sp
-Example:
-\fI\fIconfig backend\fR\fR\fI = \fR\fIregistry\fR\fI \fR
+\fI\fIconfig backend\fR\fR\fI = \fR\fI\FCfile\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIconfig backend\fR\fR\fI = \fR\fI\FCregistry\F[]\fR\fI \fR
 .RE
 
@@ -1985 +2261 @@
 .RS 4
 This allows you to override the config file to use, instead of the default (usually
-smb\&.conf)\&. There is a chicken and egg problem here as this option is set in the config file!
+\FCsmb\&.conf\F[])\&. There is a chicken and egg problem here as this option is set in the config file!
 .sp
 For this reason, if the name of the config file has changed when the parameters are loaded then it will reload them from the new config file\&.
@@ -1996 +2272 @@
 .sp
 Example:
-\fI\fIconfig file\fR\fR\fI = \fR\fI/usr/local/samba/lib/smb\&.conf\&.%m\fR\fI \fR
+\fI\fIconfig file\fR\fR\fI = \fR\fI\FC/usr/local/samba/lib/smb\&.conf\&.%m\F[]\fR\fI \fR
 .RE
 
@@ -2008 +2284 @@
 .sp
 Default:
-\fI\fIcopy\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIcopy\fR\fR\fI = \fR\fIotherservice\fR\fI \fR
+\fI\fIcopy\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIcopy\fR\fR\fI = \fR\fI\FCotherservice\F[]\fR\fI \fR
 .RE
 
@@ -2019 +2295 @@
 .RS 4
 Setting this paramter to
-no
+\FCno\F[]
 prevents winbind from creating custom krb5\&.conf files\&. Winbind normally does this because the krb5 libraries are not AD\-site\-aware and thus would pick any domain controller out of potentially very many\&. Winbind is site\-aware and makes the krb5 libraries use a local DC by creating its own krb5\&.conf files\&.
 .sp
@@ -2025 +2301 @@
 .sp
 Default:
-\fI\fIcreate krb5 conf\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIcreate krb5 conf\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -2045 +2321 @@
 .sp
 The default value of this parameter removes the
-group
+\FCgroup\F[]
 and
-other
+\FCother\F[]
 write and execute bits from the UNIX modes\&.
 .sp
@@ -2062 +2338 @@
 .sp
 Default:
-\fI\fIcreate mask\fR\fR\fI = \fR\fI0744\fR\fI \fR
-.sp
-Example:
-\fI\fIcreate mask\fR\fR\fI = \fR\fI0775\fR\fI \fR
+\fI\fIcreate mask\fR\fR\fI = \fR\fI\FC0744\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIcreate mask\fR\fR\fI = \fR\fI\FC0775\F[]\fR\fI \fR
 .RE
 
@@ -2081 +2357 @@
 .sp
 Default:
-\fI\fIcsc policy\fR\fR\fI = \fR\fImanual\fR\fI \fR
-.sp
-Example:
-\fI\fIcsc policy\fR\fR\fI = \fR\fIprograms\fR\fI \fR
+\fI\fIcsc policy\fR\fR\fI = \fR\fI\FCmanual\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIcsc policy\fR\fR\fI = \fR\fI\FCprograms\F[]\fR\fI \fR
 .RE
 
@@ -2092 +2368 @@
 .RS 4
 If you set
-clustering=yes, you need to tell Samba where ctdbd listens on its unix domain socket\&. The default path as of ctdb 1\&.0 is /tmp/ctdb\&.socket which you have to explicitly set for Samba in smb\&.conf\&.
-.sp
-Default:
-\fI\fIctdbd socket\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIctdbd socket\fR\fR\fI = \fR\fI/tmp/ctdb\&.socket\fR\fI \fR
+\FCclustering=yes\F[], you need to tell Samba where ctdbd listens on its unix domain socket\&. The default path as of ctdb 1\&.0 is /tmp/ctdb\&.socket which you have to explicitly set for Samba in smb\&.conf\&.
+.sp
+Default:
+\fI\fIctdbd socket\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIctdbd socket\fR\fR\fI = \fR\fI\FC/tmp/ctdb\&.socket\F[]\fR\fI \fR
 .RE
 
@@ -2117 +2393 @@
 .sp
 Default:
-\fI\fIctdb timeout\fR\fR\fI = \fR\fI0\fR\fI \fR
+\fI\fIctdb timeout\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
 .RE
 
@@ -2132 +2408 @@
 .sp
 Default:
-\fI\fIcups connection timeout\fR\fR\fI = \fR\fI30\fR\fI \fR
-.sp
-Example:
-\fI\fIcups connection timeout\fR\fR\fI = \fR\fI60\fR\fI \fR
+\fI\fIcups connection timeout\fR\fR\fI = \fR\fI\FC30\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIcups connection timeout\fR\fR\fI = \fR\fI\FC60\F[]\fR\fI \fR
 .RE
 
@@ -2155 +2431 @@
 .sp
 Default:
-\fI\fIcups encrypt\fR\fR\fI = \fR\fI"no"\fR\fI \fR
+\fI\fIcups encrypt\fR\fR\fI = \fR\fI\FC"no"\F[]\fR\fI \fR
 .RE
 
@@ -2172 +2448 @@
 \fBraw\fR
 if your CUPS server
-error_log
+\FCerror_log\F[]
 file contains messages such as "Unsupported format \'application/octet\-stream\'" when printing from a Windows client through Samba\&. It is no longer necessary to enable system wide raw printing in
-/etc/cups/mime\&.{convs,types}\&.
-.sp
-Default:
-\fI\fIcups options\fR\fR\fI = \fR\fI""\fR\fI \fR
-.sp
-Example:
-\fI\fIcups options\fR\fR\fI = \fR\fI"raw media=a4"\fR\fI \fR
+\FC/etc/cups/mime\&.{convs,types}\F[]\&.
+.sp
+Default:
+\fI\fIcups options\fR\fR\fI = \fR\fI\FC""\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIcups options\fR\fR\fI = \fR\fI\FC"raw media=a4"\F[]\fR\fI \fR
 .RE
 
@@ -2193 +2469 @@
 .sp
 If set, this option overrides the ServerName option in the CUPS
-client\&.conf\&. This is necessary if you have virtual samba servers that connect to different CUPS daemons\&.
+\FCclient\&.conf\F[]\&. This is necessary if you have virtual samba servers that connect to different CUPS daemons\&.
 .sp
 Optionally, a port can be specified by separating the server name and port number with a colon\&. If no port was specified, the default port for IPP (631) will be used\&.
 .sp
 Default:
-\fI\fIcups server\fR\fR\fI = \fR\fI""\fR\fI \fR
-.sp
-Example:
-\fI\fIcups server\fR\fR\fI = \fR\fImycupsserver\fR\fI \fR
-.sp
-Example:
-\fI\fIcups server\fR\fR\fI = \fR\fImycupsserver:1631\fR\fI \fR
+\fI\fIcups server\fR\fR\fI = \fR\fI\FC""\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIcups server\fR\fR\fI = \fR\fI\FCmycupsserver\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIcups server\fR\fR\fI = \fR\fI\FCmycupsserver:1631\F[]\fR\fI \fR
 .RE
 
@@ -2222 +2498 @@
 .sp
 Default:
-\fI\fIdeadtime\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fIdeadtime\fR\fR\fI = \fR\fI15\fR\fI \fR
+\fI\fIdeadtime\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIdeadtime\fR\fR\fI = \fR\fI\FC15\F[]\fR\fI \fR
 .RE
 
@@ -2238 +2514 @@
 .sp
 Default:
-\fI\fIdebug class\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIdebug class\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2252 +2528 @@
 .sp
 Default:
-\fI\fIdebug hires timestamp\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIdebug hires timestamp\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -2267 +2543 @@
 .sp
 Default:
-\fI\fIdebug pid\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIdebug pid\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2283 +2559 @@
 .sp
 Default:
-\fI\fIdebug prefix timestamp\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIdebug prefix timestamp\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2303 +2579 @@
 .sp
 Default:
-\fI\fIdebug timestamp\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIdebug timestamp\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -2317 +2593 @@
 .sp
 Default:
-\fI\fIdebug uid\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIdebug uid\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2329 +2605 @@
 .sp
 Default:
-\fI\fIdedicated keytab file\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIdedicated keytab file\fR\fR\fI = \fR\fI/usr/local/etc/krb5\&.keytab\fR\fI \fR
+\fI\fIdedicated keytab file\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIdedicated keytab file\fR\fR\fI = \fR\fI\FC/usr/local/etc/krb5\&.keytab\F[]\fR\fI \fR
 .RE
 
@@ -2345 +2621 @@
 .sp
 Default:
-\fI\fIdefault case\fR\fR\fI = \fR\fIlower\fR\fI \fR
+\fI\fIdefault case\fR\fR\fI = \fR\fI\FClower\F[]\fR\fI \fR
 .RE
 
@@ -2359 +2635 @@
 .sp
 This parameter should be used with care and tested with the printer driver in question\&. It is better to leave the device mode to NULL and let the Windows client set the correct values\&. Because drivers do not do this all the time, setting
-default devmode = yes
+\FCdefault devmode = yes\F[]
 will instruct smbd to generate a default one\&.
 .sp
@@ -2366 +2642 @@
 .sp
 Default:
-\fI\fIdefault devmode\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIdefault devmode\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -2399 +2675 @@
 .sp
 Default:
-\fI\fIdefault service\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIdefault service\fR\fR\fI = \fR\fIpub\fR\fI \fR
+\fI\fIdefault service\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIdefault service\fR\fR\fI = \fR\fI\FCpub\F[]\fR\fI \fR
 .RE
 
@@ -2416 +2692 @@
 .sp
 Default:
-\fI\fIdefer sharing violations\fR\fR\fI = \fR\fITrue\fR\fI \fR
+\fI\fIdefer sharing violations\fR\fR\fI = \fR\fI\FCTrue\F[]\fR\fI \fR
 .RE
 
@@ -2431 +2707 @@
 .sp
 Default:
-\fI\fIdelete group script\fR\fR\fI = \fR\fI\fR\fI \fR
+\fI\fIdelete group script\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
 .RE
 
@@ -2443 +2719 @@
 \m[blue]\fBdeleteprinter command\fR\m[]
 defines a script to be run which will perform the necessary operations for removing the printer from the print system and from
-smb\&.conf\&.
+\FCsmb\&.conf\F[]\&.
 .sp
 The
@@ -2453 +2729 @@
 \m[blue]\fBdeleteprinter command\fR\m[]
 has been executed,
-smbd
+\FCsmbd\F[]
 will reparse the
-smb\&.conf
+\FC smb\&.conf\F[]
 to check that the associated printer no longer exists\&. If the sharename is still valid, then
-smbd
+\FCsmbd \F[]
 will return an ACCESS_DENIED error to the client\&.
 .sp
 Default:
-\fI\fIdeleteprinter command\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIdeleteprinter command\fR\fR\fI = \fR\fI/usr/bin/removeprinter\fR\fI \fR
+\fI\fIdeleteprinter command\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIdeleteprinter command\fR\fR\fI = \fR\fI\FC/usr/bin/removeprinter\F[]\fR\fI \fR
 .RE
 
@@ -2476 +2752 @@
 .sp
 Default:
-\fI\fIdelete readonly\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIdelete readonly\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2486 +2762 @@
 \fIdelete share command\fR
 is used to define an external program or script which will remove an existing service definition from
-smb\&.conf\&.
+\FCsmb\&.conf\F[]\&.
 .sp
 In order to successfully execute the
 \fIdelete share command\fR,
-smbd
+\FCsmbd\F[]
 requires that the administrator connects using a root account (i\&.e\&. uid == 0) or has the
-SeDiskOperatorPrivilege\&. Scripts defined in the
+\FCSeDiskOperatorPrivilege\F[]\&. Scripts defined in the
 \fIdelete share command\fR
 parameter are executed as root\&.
 .sp
 When executed,
-smbd
+\FCsmbd\F[]
 will automatically invoke the
 \fIdelete share command\fR
@@ -2512 +2788 @@
 \fIconfigFile\fR
 \- the location of the global
-smb\&.conf
+\FCsmb\&.conf\F[]
 file\&.
 .RE
@@ -2532 +2808 @@
 .sp
 Default:
-\fI\fIdelete share command\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIdelete share command\fR\fR\fI = \fR\fI/usr/local/bin/delshare\fR\fI \fR
+\fI\fIdelete share command\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIdelete share command\fR\fR\fI = \fR\fI\FC/usr/local/bin/delshare\F[]\fR\fI \fR
 .RE
 
@@ -2551 +2827 @@
 .sp
 Default:
-\fI\fIdelete user from group script\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIdelete user from group script\fR\fR\fI = \fR\fI/usr/sbin/deluser %u %g\fR\fI \fR
+\fI\fIdelete user from group script\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIdelete user from group script\fR\fR\fI = \fR\fI\FC/usr/sbin/deluser %u %g\F[]\fR\fI \fR
 .RE
 
@@ -2566 +2842 @@
 .sp
 This script is called when a remote client removes a user from the server, normally using \'User Manager for Domains\' or
-rpcclient\&.
+\FCrpcclient\F[]\&.
 .sp
 This script should delete the given UNIX username\&.
 .sp
 Default:
-\fI\fIdelete user script\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIdelete user script\fR\fR\fI = \fR\fI/usr/local/samba/bin/del_user %u\fR\fI \fR
+\fI\fIdelete user script\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIdelete user script\fR\fR\fI = \fR\fI\FC/usr/local/samba/bin/del_user %u\F[]\fR\fI \fR
 .RE
 
@@ -2589 +2865 @@
 If this option is set to
 \fByes\fR, then Samba will attempt to recursively delete any files and directories within the vetoed directory\&. This can be useful for integration with file serving systems such as NetAtalk which create meta\-files within directories you might normally veto DOS/Windows users from seeing (e\&.g\&.
-\&.AppleDouble)
+\FC\&.AppleDouble\F[])
 .sp
 Setting
@@ -2596 +2872 @@
 .sp
 Default:
-\fI\fIdelete veto files\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIdelete veto files\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2616 +2892 @@
 .sp
 Example:
-\fI\fIdfree cache time\fR\fR\fI = \fR\fIdfree cache time = 60\fR\fI \fR
+\fI\fIdfree cache time\fR\fR\fI = \fR\fI\FCdfree cache time = 60\F[]\fR\fI \fR
 .RE
 
@@ -2634 +2910 @@
 .sp
 The external program will be passed a single parameter indicating a directory in the filesystem being queried\&. This will typically consist of the string
-\&./\&. The script should return two integers in ASCII\&. The first should be the total disk space in blocks, and the second should be the number of available blocks\&. An optional third return value can give the block size in bytes\&. The default blocksize is 1024 bytes\&.
+\FC\&./\F[]\&. The script should return two integers in ASCII\&. The first should be the total disk space in blocks, and the second should be the number of available blocks\&. An optional third return value can give the block size in bytes\&. The default blocksize is 1024 bytes\&.
 .sp
 Note: Your script should
@@ -2645 +2921 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.BB lightgray
  
 #!/bin/sh
 df $1 | tail \-1 | awk \'{print $(NF\-4),$(NF\-2)}\'
+.EB lightgray
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -2659 +2941 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.BB lightgray
  
 #!/bin/sh
 /usr/bin/df \-k $1 | tail \-1 | awk \'{print $3" "$5}\'
+.EB lightgray
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -2675 +2963 @@
 .sp
 Example:
-\fI\fIdfree command\fR\fR\fI = \fR\fI/usr/local/samba/bin/dfree\fR\fI \fR
+\fI\fIdfree command\fR\fR\fI = \fR\fI\FC/usr/local/samba/bin/dfree\F[]\fR\fI \fR
 .RE
 
@@ -2706 +2994 @@
 .sp
 Default:
-\fI\fIdirectory mask\fR\fR\fI = \fR\fI0755\fR\fI \fR
-.sp
-Example:
-\fI\fIdirectory mask\fR\fR\fI = \fR\fI0775\fR\fI \fR
+\fI\fIdirectory mask\fR\fR\fI = \fR\fI\FC0755\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIdirectory mask\fR\fR\fI = \fR\fI\FC0775\F[]\fR\fI \fR
 .RE
 
@@ -2719 +3007 @@
 .sp
 Default:
-\fI\fIdirectory name cache size\fR\fR\fI = \fR\fI100\fR\fI \fR
+\fI\fIdirectory name cache size\fR\fR\fI = \fR\fI\FC100\F[]\fR\fI \fR
 .RE
 
@@ -2740 +3028 @@
 .sp
 Default:
-\fI\fIdirectory security mask\fR\fR\fI = \fR\fI0777\fR\fI \fR
-.sp
-Example:
-\fI\fIdirectory security mask\fR\fR\fI = \fR\fI0700\fR\fI \fR
+\fI\fIdirectory security mask\fR\fR\fI = \fR\fI\FC0777\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIdirectory security mask\fR\fR\fI = \fR\fI\FC0700\F[]\fR\fI \fR
 .RE
 
@@ -2755 +3043 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -2765 +3054 @@
 Clients that only support netbios won\'t be able to see your samba server when netbios support is disabled\&.
 .sp .5v
-.RE
-Default:
-\fI\fIdisable netbios\fR\fR\fI = \fR\fIno\fR\fI \fR
+.EM yellow
+.RE
+Default:
+\fI\fIdisable netbios\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2778 +3068 @@
 .sp
 Default:
-\fI\fIdisable spoolss\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIdisable spoolss\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2789 +3079 @@
 .sp
 Default:
-\fI\fIdisplay charset\fR\fR\fI = \fR\fI"LOCALE" or "ASCII" (depending on the system)\fR\fI \fR
-.sp
-Example:
-\fI\fIdisplay charset\fR\fR\fI = \fR\fIUTF8\fR\fI \fR
+\fI\fIdisplay charset\fR\fR\fI = \fR\fI\FC"LOCALE" or "ASCII" (depending on the system)\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIdisplay charset\fR\fR\fI = \fR\fI\FCUTF8\F[]\fR\fI \fR
 .RE
 
@@ -2806 +3096 @@
 .sp
 Default:
-\fI\fIdmapi support\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIdmapi support\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2819 +3109 @@
 Note that the maximum length for a NetBIOS name is 15 characters, so the DNS name (or DNS alias) can likewise only be 15 characters, maximum\&.
 .sp
-nmbd
+\FCnmbd\F[]
 spawns a second copy of itself to do the DNS name lookup requests, as doing a name lookup is a blocking action\&.
 .sp
 Default:
-\fI\fIdns proxy\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIdns proxy\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -2836 +3126 @@
 .sp
 Default:
-\fI\fIdomain logons\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIdomain logons\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2846 +3136 @@
 \fBsmbd\fR(8)
 to enable WAN\-wide browse list collation\&. Setting this option causes
-nmbd
+\FCnmbd\F[]
 to claim a special domain specific NetBIOS name that identifies it as a domain master browser for its given
 \m[blue]\fBworkgroup\fR\m[]\&. Local master browsers in the same
 \m[blue]\fBworkgroup\fR\m[]
 on broadcast\-isolated subnets will give this
-nmbd
+\FCnmbd\F[]
 their local browse lists, and then ask
 \fBsmbd\fR(8)
@@ -2861 +3151 @@
 \m[blue]\fBworkgroup\fR\m[]
 by default (i\&.e\&. there is no way to prevent a Windows NT PDC from attempting to do this)\&. This means that if this parameter is set and
-nmbd
+\FCnmbd\F[]
 claims the special name for a
 \m[blue]\fBworkgroup\fR\m[]
@@ -2881 +3171 @@
 .sp
 Default:
-\fI\fIdomain master\fR\fR\fI = \fR\fIauto\fR\fI \fR
+\fI\fIdomain master\fR\fR\fI = \fR\fI\FCauto\F[]\fR\fI \fR
 .RE
 
@@ -2889 +3179 @@
 .RS 4
 There are certain directories on some systems (e\&.g\&., the
-/proc
+\FC/proc\F[]
 tree under Linux) that are either not of interest to clients or are infinitely deep (recursive)\&. This parameter allows you to specify a comma\-delimited list of directories that the server should always show as empty\&.
 .sp
 Note that Samba can be very fussy about the exact format of the "dont descend" entries\&. For example you may need
-\&./proc
+\FC \&./proc\F[]
 instead of just
-/proc\&. Experimentation is the best policy :\-)
-.sp
-Default:
-\fI\fIdont descend\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIdont descend\fR\fR\fI = \fR\fI/proc,/dev\fR\fI \fR
+\FC/proc\F[]\&. Experimentation is the best policy :\-)
+.sp
+Default:
+\fI\fIdont descend\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIdont descend\fR\fR\fI = \fR\fI\FC/proc,/dev\F[]\fR\fI \fR
 .RE
 
@@ -2924 +3214 @@
 .sp
 Default:
-\fI\fIdos filemode\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIdos filemode\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2937 +3227 @@
 .sp
 Default:
-\fI\fIdos filetime resolution\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIdos filetime resolution\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2945 +3235 @@
 .RS 4
 Under DOS and Windows, if a user can write to a file they can change the timestamp on it\&. Under POSIX semantics, only the owner of the file or root may change the timestamp\&. By default, Samba emulates the DOS semantics and allows to change the timestamp on a file if the user
-smbd
+\FCsmbd\F[]
 is acting on behalf has write permissions\&. Due to changes in Microsoft Office 2000 and beyond, the default for this parameter has been changed from "no" to "yes" in Samba 3\&.0\&.14 and above\&. Microsoft Excel will display dialog box warnings about the file being changed by another user if this parameter is not set to "yes" and files are being shared between users\&.
 .sp
 Default:
-\fI\fIdos filetimes\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIdos filetimes\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -2961 +3251 @@
 .sp
 Default:
-\fI\fIea support\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIea support\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2971 +3261 @@
 .sp
 Default:
-\fI\fIenable asu support\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIenable asu support\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2982 +3272 @@
 .sp
 Default:
-\fI\fIenable core files\fR\fR\fI = \fR\fIyes\fR\fI \fR
-.sp
-Example:
-\fI\fIenable core files\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIenable core files\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIenable core files\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -2993 +3283 @@
 .RS 4
 This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
-net rpc rights
+\FCnet rpc rights\F[]
 or one of the Windows user and group manager tools\&. This parameter is enabled by default\&. It can be disabled to prevent members of the Domain Admins group from being able to assign privileges to users or groups which can then result in certain smbd operations running as root that would normally run under the context of the connected user\&.
 .sp
@@ -3001 +3291 @@
 .sp
 Default:
-\fI\fIenable privileges\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIenable privileges\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -3012 +3302 @@
 .sp
 Default:
-\fI\fIenable spoolss\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIenable spoolss\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -3034 +3324 @@
 \m[blue]\fBsecurity = [server|domain|ads]\fR\m[]
 parameter which causes
-smbd
+\FCsmbd\F[]
 to authenticate against another server\&.
 .sp
 Default:
-\fI\fIencrypt passwords\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIencrypt passwords\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -3054 +3344 @@
 .sp
 Default:
-\fI\fIenhanced browsing\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIenhanced browsing\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -3061 +3351 @@
 .PP
 .RS 4
-The concept of a "port" is fairly foreign to UNIX hosts\&. Under Windows NT/2000 print servers, a port is associated with a port monitor and generally takes the form of a local port (i\&.e\&. LPT1:, COM1:, FILE:) or a remote port (i\&.e\&. LPD Port Monitor, etc\&.\&.\&.)\&. By default, Samba has only one port defined\-\-\fB"Samba Printer Port"\fR\&. Under Windows NT/2000, all printers must have a valid port name\&. If you wish to have a list of ports displayed (smbd
+The concept of a "port" is fairly foreign to UNIX hosts\&. Under Windows NT/2000 print servers, a port is associated with a port monitor and generally takes the form of a local port (i\&.e\&. LPT1:, COM1:, FILE:) or a remote port (i\&.e\&. LPD Port Monitor, etc\&.\&.\&.)\&. By default, Samba has only one port defined\-\-\fB"Samba Printer Port"\fR\&. Under Windows NT/2000, all printers must have a valid port name\&. If you wish to have a list of ports displayed (\FCsmbd \F[]
 does not use a port name for anything) other than the default
 \fB"Samba Printer Port"\fR, you can define
@@ -3068 +3358 @@
 .sp
 Default:
-\fI\fIenumports command\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIenumports command\fR\fR\fI = \fR\fI/usr/bin/listports\fR\fI \fR
+\fI\fIenumports command\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIenumports command\fR\fR\fI = \fR\fI\FC/usr/bin/listports\F[]\fR\fI \fR
 .RE
 
@@ -3079 +3369 @@
 .RS 4
 This option defines a list of log names that Samba will report to the Microsoft EventViewer utility\&. The listed eventlogs will be associated with tdb file on disk in the
-$(lockdir)/eventlog\&.
+\FC$(lockdir)/eventlog\F[]\&.
 .sp
 The administrator must use an external process to parse the normal Unix logs such as
-/var/log/messages
+\FC/var/log/messages\F[]
 and write then entries to the eventlog tdb files\&. Refer to the eventlogadm(8) utility for how to write eventlog entries\&.
 .sp
 Default:
-\fI\fIeventlog list\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIeventlog list\fR\fR\fI = \fR\fISecurity Application Syslog Apache\fR\fI \fR
+\fI\fIeventlog list\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIeventlog list\fR\fR\fI = \fR\fI\FCSecurity Application Syslog Apache\F[]\fR\fI \fR
 .RE
 
@@ -3103 +3393 @@
 .sp
 Default:
-\fI\fIfake directory create times\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIfake directory create times\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -3113 +3403 @@
 .sp
 When you set
-fake oplocks = yes,
+\FCfake oplocks = yes\F[],
 \fBsmbd\fR(8)
 will always grant oplock requests no matter how many clients are using the file\&.
@@ -3124 +3414 @@
 .sp
 Default:
-\fI\fIfake oplocks\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIfake oplocks\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -3136 +3426 @@
 \fBno\fR
 prevents any file or directory that is a symbolic link from being followed (the user will get an error)\&. This option is very useful to stop users from adding a symbolic link to
-/etc/passwd
+\FC/etc/passwd\F[]
 in their home directory for instance\&. However it will slow filename lookups down slightly\&.
 .sp
 This option is enabled (i\&.e\&.
-smbd
+\FCsmbd\F[]
 will follow symbolic links) by default\&.
 .sp
 Default:
-\fI\fIfollow symlinks\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIfollow symlinks\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -3160 +3450 @@
 .sp
 Default:
-\fI\fIforce create mode\fR\fR\fI = \fR\fI000\fR\fI \fR
-.sp
-Example:
-\fI\fIforce create mode\fR\fR\fI = \fR\fI0755\fR\fI \fR
+\fI\fIforce create mode\fR\fR\fI = \fR\fI\FC000\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIforce create mode\fR\fR\fI = \fR\fI\FC0755\F[]\fR\fI \fR
 .RE
 
@@ -3179 +3469 @@
 .sp
 Default:
-\fI\fIforce directory mode\fR\fR\fI = \fR\fI000\fR\fI \fR
-.sp
-Example:
-\fI\fIforce directory mode\fR\fR\fI = \fR\fI0755\fR\fI \fR
+\fI\fIforce directory mode\fR\fR\fI = \fR\fI\FC000\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIforce directory mode\fR\fR\fI = \fR\fI\FC0755\F[]\fR\fI \fR
 .RE
 
@@ -3201 +3491 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -3211 +3502 @@
 Users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems\&. Administrators of most normal systems will probably want to leave it set as 0000\&.
 .sp .5v
-.RE
-Default:
-\fI\fIforce directory security mode\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fIforce directory security mode\fR\fR\fI = \fR\fI700\fR\fI \fR
+.EM yellow
+.RE
+Default:
+\fI\fIforce directory security mode\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIforce directory security mode\fR\fR\fI = \fR\fI\FC700\F[]\fR\fI \fR
 .RE
 
@@ -3234 +3526 @@
 .sp
 In Samba 2\&.0\&.5 and above this parameter has extended functionality in the following way\&. If the group name listed here has a \'+\' character prepended to it then the current user accessing the share only has the primary group default assigned to this group if they are already assigned as a member of that group\&. This allows an administrator to decide that only users who are already in a particular group will create files with group ownership set to that group\&. This gives a finer granularity of ownership assignment\&. For example, the setting
-force group = +sys
+\FCforce group = +sys\F[]
 means that only users who are already in group sys will have their default primary group assigned to sys when accessing this Samba share\&. All other users will retain their ordinary primary group\&.
 .sp
@@ -3245 +3537 @@
 .sp
 Default:
-\fI\fIforce group\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIforce group\fR\fR\fI = \fR\fIagroup\fR\fI \fR
+\fI\fIforce group\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIforce group\fR\fR\fI = \fR\fI\FCagroup\F[]\fR\fI \fR
 .RE
 
@@ -3256 +3548 @@
 .RS 4
 When printing from Windows NT (or later), each printer in
-smb\&.conf
+\FCsmb\&.conf\F[]
 has two associated names which can be used by the client\&. The first is the sharename (or shortname) defined in smb\&.conf\&. This is the only printername available for use by Windows 9x clients\&. The second name associated with a printer can be seen when browsing to the "Printers" (or "Printers and Faxes") folder on the Samba server\&. This is referred to simply as the printername (not to be confused with the
 \fIprinter name\fR
@@ -3269 +3561 @@
 .sp
 Default:
-\fI\fIforce printername\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIforce printername\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -3289 +3581 @@
 .sp
 Default:
-\fI\fIforce security mode\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fIforce security mode\fR\fR\fI = \fR\fI700\fR\fI \fR
+\fI\fIforce security mode\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIforce security mode\fR\fR\fI = \fR\fI\FC700\F[]\fR\fI \fR
 .RE
 
@@ -3306 +3598 @@
 .sp
 Default:
-\fI\fIforce unknown acl user\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIforce unknown acl user\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -3320 +3612 @@
 .sp
 Default:
-\fI\fIforce user\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIforce user\fR\fR\fI = \fR\fIauser\fR\fI \fR
+\fI\fIforce user\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIforce user\fR\fR\fI = \fR\fI\FCauser\F[]\fR\fI \fR
 .RE
 
@@ -3341 +3633 @@
 .sp
 Default:
-\fI\fIfstype\fR\fR\fI = \fR\fINTFS\fR\fI \fR
-.sp
-Example:
-\fI\fIfstype\fR\fR\fI = \fR\fISamba\fR\fI \fR
+\fI\fIfstype\fR\fR\fI = \fR\fI\FCNTFS\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIfstype\fR\fR\fI = \fR\fI\FCSamba\F[]\fR\fI \fR
 .RE
 
@@ -3352 +3644 @@
 .RS 4
 The
-get quota command
+\FCget quota command\F[]
 should only be used whenever there is no operating system API available from the OS that samba can use\&.
 .sp
 This option is only available you have compiled Samba with the
-\-\-with\-sys\-quotas
+\FC\-\-with\-sys\-quotas\F[]
 option or on Linux with
-\-\-with\-quotas
+\FC\-\-with\-quotas\F[]
 and a working quota api was found in the system\&.
 .sp
@@ -3535 +3827 @@
 .RE
 Default:
-\fI\fIget quota command\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIget quota command\fR\fR\fI = \fR\fI/usr/local/sbin/query_quota\fR\fI \fR
+\fI\fIget quota command\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIget quota command\fR\fR\fI = \fR\fI\FC/usr/local/sbin/query_quota\F[]\fR\fI \fR
 .RE
 
@@ -3551 +3843 @@
 .sp
 Default:
-\fI\fIgetwd cache\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIgetwd cache\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -3563 +3855 @@
 .sp
 On some systems the default guest account "nobody" may not be able to print\&. Use another account in this case\&. You should test this by trying to log in as your guest user (perhaps by using the
-su \-
+\FCsu \-\F[]
 command) and trying to print using the system print command such as
-lpr(1)
+\FClpr(1)\F[]
 or
-lp(1)\&.
+\FC lp(1)\F[]\&.
 .sp
 This parameter does not accept % macros, because many parts of the system require this value to be constant for correct operation\&.
 .sp
 Default:
-\fI\fIguest account\fR\fR\fI = \fR\fInobody # default can be changed at compile\-time\fR\fI \fR
-.sp
-Example:
-\fI\fIguest account\fR\fR\fI = \fR\fIftp\fR\fI \fR
+\fI\fIguest account\fR\fR\fI = \fR\fI\FCnobody # default can be changed at compile\-time\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIguest account\fR\fR\fI = \fR\fI\FCftp\F[]\fR\fI \fR
 .RE
 
@@ -3603 +3895 @@
 .sp
 Default:
-\fI\fIguest ok\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIguest ok\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -3629 +3921 @@
 .sp
 Default:
-\fI\fIguest only\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIguest only\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -3639 +3931 @@
 .sp
 Default:
-\fI\fIhide dot files\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIhide dot files\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -3665 +3957 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 hide files = /\&.*/DesktopFolderDB/TrashFor%m/resource\&.frk/
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -3673 +3979 @@
 .sp
 Default:
-\fI\fIhide files\fR\fR\fI = \fR\fI # no file are hidden\fR\fI \fR
+\fI\fIhide files\fR\fR\fI = \fR\fI\FC # no file are hidden\F[]\fR\fI \fR
 .RE
 
@@ -3683 +3989 @@
 .sp
 Default:
-\fI\fIhide special files\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIhide special files\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -3693 +3999 @@
 .sp
 Default:
-\fI\fIhide unreadable\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIhide unreadable\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -3703 +4009 @@
 .sp
 Default:
-\fI\fIhide unwriteable files\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIhide unwriteable files\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -3722 +4028 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
-username server:/some/file/system
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
+\FCusername server:/some/file/system\F[]
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -3734 +4054 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -3744 +4065 @@
 A working NIS client is required on the system for this option to work\&.
 .sp .5v
-.RE
-Default:
-\fI\fIhomedir map\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIhomedir map\fR\fR\fI = \fR\fIamd\&.homedir\fR\fI \fR
+.EM yellow
+.RE
+Default:
+\fI\fIhomedir map\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIhomedir map\fR\fR\fI = \fR\fI\FCamd\&.homedir\F[]\fR\fI \fR
 .RE
 
@@ -3764 +4086 @@
 .sp
 Default:
-\fI\fIhost msdfs\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIhost msdfs\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -3772 +4094 @@
 .RS 4
 Specifies whether samba should use (expensive) hostname lookups or use the ip addresses instead\&. An example place where hostname lookups are currently used is when checking the
-hosts deny
+\FChosts deny\F[]
 and
-hosts allow\&.
-.sp
-Default:
-\fI\fIhostname lookups\fR\fR\fI = \fR\fIno\fR\fI \fR
-.sp
-Example:
-\fI\fIhostname lookups\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\FChosts allow\F[]\&.
+.sp
+Default:
+\fI\fIhostname lookups\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIhostname lookups\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -3803 +4125 @@
 .sp
 You can specify the hosts by name or IP number\&. For example, you could restrict access to only the hosts on a Class C subnet with something like
-allow hosts = 150\&.203\&.5\&.\&. The full syntax of the list is described in the man page
-hosts_access(5)\&. Note that this man page may not be present on your system, so a brief description will be given here also\&.
+\FCallow hosts = 150\&.203\&.5\&.\F[]\&. The full syntax of the list is described in the man page
+\FChosts_access(5)\F[]\&. Note that this man page may not be present on your system, so a brief description will be given here also\&.
 .sp
 Note that the localhost address 127\&.0\&.0\&.1 will always be allowed access unless specifically denied by a
@@ -3816 +4138 @@
 Example 1: allow all IPs in 150\&.203\&.*\&.*; except one
 .sp
-hosts allow = 150\&.203\&. EXCEPT 150\&.203\&.6\&.66
+\FChosts allow = 150\&.203\&. EXCEPT 150\&.203\&.6\&.66\F[]
 .sp
 Example 2: allow hosts that match the given network/netmask
 .sp
-hosts allow = 150\&.203\&.15\&.0/255\&.255\&.255\&.0
+\FChosts allow = 150\&.203\&.15\&.0/255\&.255\&.255\&.0\F[]
 .sp
 Example 3: allow a couple of hosts
 .sp
-hosts allow = lapland, arvidsjaur
+\FChosts allow = lapland, arvidsjaur\F[]
 .sp
 Example 4: allow only hosts in NIS netgroup "foonet", but deny access from one particular host
 .sp
-hosts allow = @foonet
-.sp
-hosts deny = pirate
+\FChosts allow = @foonet\F[]
+.sp
+\FChosts deny = pirate\F[]
 .if n \{\
 .sp
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -3845 +4168 @@
 Note that access still requires suitable user\-level passwords\&.
 .sp .5v
+.EM yellow
 .RE
 See
@@ -3851 +4175 @@
 .sp
 Default:
-\fI\fIhosts allow\fR\fR\fI = \fR\fI # none (i\&.e\&., all hosts permitted access)\fR\fI \fR
-.sp
-Example:
-\fI\fIhosts allow\fR\fR\fI = \fR\fI150\&.203\&.5\&. myhost\&.mynet\&.edu\&.au\fR\fI \fR
+\fI\fIhosts allow\fR\fR\fI = \fR\fI\FC # none (i\&.e\&., all hosts permitted access)\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIhosts allow\fR\fR\fI = \fR\fI\FC150\&.203\&.5\&. myhost\&.mynet\&.edu\&.au\F[]\fR\fI \fR
 .RE
 
@@ -3878 +4202 @@
 .sp
 In the event that it is necessary to deny all by default, use the keyword ALL (or the netmask
-0\&.0\&.0\&.0/0) and then explicitly specify to the
+\FC0\&.0\&.0\&.0/0\F[]) and then explicitly specify to the
 \m[blue]\fBhosts allow = hosts allow\fR\m[]
 parameter those hosts that should be permitted access\&.
 .sp
 Default:
-\fI\fIhosts deny\fR\fR\fI = \fR\fI # none (i\&.e\&., no hosts specifically excluded)\fR\fI \fR
-.sp
-Example:
-\fI\fIhosts deny\fR\fR\fI = \fR\fI150\&.203\&.4\&. badhost\&.mynet\&.edu\&.au\fR\fI \fR
+\fI\fIhosts deny\fR\fR\fI = \fR\fI\FC # none (i\&.e\&., no hosts specifically excluded)\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIhosts deny\fR\fR\fI = \fR\fI\FC150\&.203\&.4\&. badhost\&.mynet\&.edu\&.au\F[]\fR\fI \fR
 .RE
 
@@ -3906 +4230 @@
 .sp
 Example:
-\fI\fIidmap alloc backend\fR\fR\fI = \fR\fItdb\fR\fI \fR
+\fI\fIidmap alloc backend\fR\fR\fI = \fR\fI\FCtdb\F[]\fR\fI \fR
 .RE
 
@@ -3948 +4272 @@
 .sp
 Default:
-\fI\fIidmap backend\fR\fR\fI = \fR\fItdb\fR\fI \fR
+\fI\fIidmap backend\fR\fR\fI = \fR\fI\FCtdb\F[]\fR\fI \fR
 .RE
 
@@ -3958 +4282 @@
 .sp
 Default:
-\fI\fIidmap cache time\fR\fR\fI = \fR\fI604800 (one week)\fR\fI \fR
+\fI\fIidmap cache time\fR\fR\fI = \fR\fI\FC604800 (one week)\F[]\fR\fI \fR
 .RE
 
@@ -3991 +4315 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
         idmap backend = tdb
         idmap uid = 1000000\-1999999
@@ -3999 +4331 @@
         idmap config CORP : range = 1000\-999999
         
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -4027 +4365 @@
 .sp
 Default:
-\fI\fIidmap gid\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIidmap gid\fR\fR\fI = \fR\fI10000\-20000\fR\fI \fR
+\fI\fIidmap gid\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIidmap gid\fR\fR\fI = \fR\fI\FC10000\-20000\F[]\fR\fI \fR
 .RE
 
@@ -4040 +4378 @@
 .sp
 Default:
-\fI\fIidmap negative cache time\fR\fR\fI = \fR\fI120\fR\fI \fR
+\fI\fIidmap negative cache time\fR\fR\fI = \fR\fI\FC120\F[]\fR\fI \fR
 .RE
 
@@ -4064 +4402 @@
 .sp
 Default:
-\fI\fIidmap uid\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIidmap uid\fR\fR\fI = \fR\fI10000\-20000\fR\fI \fR
+\fI\fIidmap uid\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIidmap uid\fR\fR\fI = \fR\fI\FC10000\-20000\F[]\fR\fI \fR
 .RE
 
@@ -4091 +4429 @@
 .sp
 Default:
-\fI\fIinclude\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIinclude\fR\fR\fI = \fR\fI/usr/local/samba/lib/admin_smb\&.conf\fR\fI \fR
+\fI\fIinclude\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIinclude\fR\fR\fI = \fR\fI\FC/usr/local/samba/lib/admin_smb\&.conf\F[]\fR\fI \fR
 .RE
 
@@ -4104 +4442 @@
 .sp
 Default:
-\fI\fIinherit acls\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIinherit acls\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -4116 +4454 @@
 .sp
 Default:
-\fI\fIinherit owner\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIinherit owner\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -4147 +4485 @@
 .sp
 Default:
-\fI\fIinherit permissions\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIinherit permissions\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -4161 +4499 @@
 .sp
 Default:
-\fI\fIinit logon delayed hosts\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIinit logon delayed hosts\fR\fR\fI = \fR\fI150\&.203\&.5\&. myhost\&.mynet\&.de\fR\fI \fR
+\fI\fIinit logon delayed hosts\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIinit logon delayed hosts\fR\fR\fI = \fR\fI\FC150\&.203\&.5\&. myhost\&.mynet\&.de\F[]\fR\fI \fR
 .RE
 
@@ -4175 +4513 @@
 .sp
 Default:
-\fI\fIinit logon delay\fR\fR\fI = \fR\fI100\fR\fI \fR
+\fI\fIinit logon delay\fR\fR\fI = \fR\fI\FC100\F[]\fR\fI \fR
 .RE
 
@@ -4239 +4577 @@
 .sp
 Default:
-\fI\fIinterfaces\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIinterfaces\fR\fR\fI = \fR\fIeth0 192\&.168\&.2\&.10/24 192\&.168\&.3\&.10/255\&.255\&.255\&.0\fR\fI \fR
+\fI\fIinterfaces\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIinterfaces\fR\fR\fI = \fR\fI\FCeth0 192\&.168\&.2\&.10/24 192\&.168\&.3\&.10/255\&.255\&.255\&.0\F[]\fR\fI \fR
 .RE
 
@@ -4265 +4603 @@
 .sp
 Default:
-\fI\fIinvalid users\fR\fR\fI = \fR\fI # no invalid users\fR\fI \fR
-.sp
-Example:
-\fI\fIinvalid users\fR\fR\fI = \fR\fIroot fred admin @wheel\fR\fI \fR
+\fI\fIinvalid users\fR\fR\fI = \fR\fI\FC # no invalid users\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIinvalid users\fR\fR\fI = \fR\fI\FCroot fred admin @wheel\F[]\fR\fI \fR
 .RE
 
@@ -4281 +4619 @@
 .sp
 If set, this option overrides the ServerName option in the CUPS
-client\&.conf\&. This is necessary if you have virtual samba servers that connect to different CUPS daemons\&.
-.sp
-Default:
-\fI\fIiprint server\fR\fR\fI = \fR\fI""\fR\fI \fR
-.sp
-Example:
-\fI\fIiprint server\fR\fR\fI = \fR\fIMYCUPSSERVER\fR\fI \fR
+\FCclient\&.conf\F[]\&. This is necessary if you have virtual samba servers that connect to different CUPS daemons\&.
+.sp
+Default:
+\fI\fIiprint server\fR\fR\fI = \fR\fI\FC""\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIiprint server\fR\fR\fI = \fR\fI\FCMYCUPSSERVER\F[]\fR\fI \fR
 .RE
 
@@ -4302 +4640 @@
 .sp
 Default:
-\fI\fIkeepalive\fR\fR\fI = \fR\fI300\fR\fI \fR
-.sp
-Example:
-\fI\fIkeepalive\fR\fR\fI = \fR\fI600\fR\fI \fR
+\fI\fIkeepalive\fR\fR\fI = \fR\fI\FC300\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIkeepalive\fR\fR\fI = \fR\fI\FC600\F[]\fR\fI \fR
 .RE
 
@@ -4367 +4705 @@
 .sp
 Default:
-\fI\fIkerberos method\fR\fR\fI = \fR\fIsecrets only\fR\fI \fR
+\fI\fIkerberos method\fR\fR\fI = \fR\fI\FCsecrets only\F[]\fR\fI \fR
 .RE
 
@@ -4379 +4717 @@
 .sp
 Default:
-\fI\fIkernel change notify\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIkernel change notify\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -4402 +4740 @@
 .sp
 Default:
-\fI\fIkernel oplocks\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIkernel oplocks\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -4416 +4754 @@
 .sp
 When this parameter is set to
-no
+\FCno\F[]
 this will also result in sambaLMPassword in Samba\'s passdb being blanked after the next password change\&. As a result of that lanman clients won\'t be able to authenticate, even if lanman auth is reenabled later on\&.
 .sp
 Unlike the
-encrypt passwords
+\FCencrypt passwords\F[]
 option, this parameter cannot alter client behaviour, and the LANMAN response will still be sent over the network\&. See the
-client lanman auth
+\FCclient lanman auth\F[]
 to disable this for Samba\'s clients (such as smbclient)
 .sp
 If this option, and
-ntlm auth
+\FCntlm auth\F[]
 are both disabled, then only NTLMv2 logins will be permited\&. Not all clients support NTLMv2, and most will require special configuration to use it\&.
 .sp
 Default:
-\fI\fIlanman auth\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIlanman auth\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -4442 +4780 @@
 .sp
 Default:
-\fI\fIlarge readwrite\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIlarge readwrite\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -4454 +4792 @@
 \m[blue]\fBldap admin dn\fR\m[]
 is used in conjunction with the admin dn password stored in the
-private/secrets\&.tdb
+\FCprivate/secrets\&.tdb\F[]
 file\&. See the
 \fBsmbpasswd\fR(8)
@@ -4480 +4818 @@
 .sp
 Default:
-\fI\fIldap connection timeout\fR\fR\fI = \fR\fI2\fR\fI \fR
+\fI\fIldap connection timeout\fR\fR\fI = \fR\fI\FC2\F[]\fR\fI \fR
 .RE
 
@@ -4497 +4835 @@
 .sp
 Default:
-\fI\fIldap debug level\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fIldap debug level\fR\fR\fI = \fR\fI1\fR\fI \fR
+\fI\fIldap debug level\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIldap debug level\fR\fR\fI = \fR\fI\FC1\F[]\fR\fI \fR
 .RE
 
@@ -4512 +4850 @@
 .sp
 Default:
-\fI\fIldap debug threshold\fR\fR\fI = \fR\fI10\fR\fI \fR
-.sp
-Example:
-\fI\fIldap debug threshold\fR\fR\fI = \fR\fI5\fR\fI \fR
+\fI\fIldap debug threshold\fR\fR\fI = \fR\fI\FC10\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIldap debug threshold\fR\fR\fI = \fR\fI\FC5\F[]\fR\fI \fR
 .RE
 
@@ -4525 +4863 @@
 .sp
 Default:
-\fI\fIldap delete dn\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIldap delete dn\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -4541 +4879 @@
 .sp
 Default:
-\fI\fIldap deref\fR\fR\fI = \fR\fIauto\fR\fI \fR
-.sp
-Example:
-\fI\fIldap deref\fR\fR\fI = \fR\fIsearching\fR\fI \fR
+\fI\fIldap deref\fR\fR\fI = \fR\fI\FCauto\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIldap deref\fR\fR\fI = \fR\fI\FCsearching\F[]\fR\fI \fR
 .RE
 
@@ -4559 +4897 @@
 .sp
 Default:
-\fI\fIldap follow referral\fR\fR\fI = \fR\fIauto\fR\fI \fR
-.sp
-Example:
-\fI\fIldap follow referral\fR\fR\fI = \fR\fIoff\fR\fI \fR
+\fI\fIldap follow referral\fR\fR\fI = \fR\fI\FCauto\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIldap follow referral\fR\fR\fI = \fR\fI\FCoff\F[]\fR\fI \fR
 .RE
 
@@ -4576 +4914 @@
 .sp
 Default:
-\fI\fIldap group suffix\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIldap group suffix\fR\fR\fI = \fR\fIou=Groups\fR\fI \fR
+\fI\fIldap group suffix\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIldap group suffix\fR\fR\fI = \fR\fI\FCou=Groups\F[]\fR\fI \fR
 .RE
 
@@ -4593 +4931 @@
 .sp
 Default:
-\fI\fIldap idmap suffix\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIldap idmap suffix\fR\fR\fI = \fR\fIou=Idmap\fR\fI \fR
+\fI\fIldap idmap suffix\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIldap idmap suffix\fR\fR\fI = \fR\fI\FCou=Idmap\F[]\fR\fI \fR
 .RE
 
@@ -4610 +4948 @@
 .sp
 Default:
-\fI\fIldap machine suffix\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIldap machine suffix\fR\fR\fI = \fR\fIou=Computers\fR\fI \fR
+\fI\fIldap machine suffix\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIldap machine suffix\fR\fR\fI = \fR\fI\FCou=Computers\F[]\fR\fI \fR
 .RE
 
@@ -4625 +4963 @@
 .sp
 Default:
-\fI\fIldap page size\fR\fR\fI = \fR\fI1024\fR\fI \fR
-.sp
-Example:
-\fI\fIldap page size\fR\fR\fI = \fR\fI512\fR\fI \fR
+\fI\fIldap page size\fR\fR\fI = \fR\fI\FC1024\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIldap page size\fR\fR\fI = \fR\fI\FC512\F[]\fR\fI \fR
 .RE
 
@@ -4678 +5016 @@
 .RE
 Default:
-\fI\fIldap passwd sync\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIldap passwd sync\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -4692 +5030 @@
 .sp
 Default:
-\fI\fIldap replication sleep\fR\fR\fI = \fR\fI1000\fR\fI \fR
+\fI\fIldap replication sleep\fR\fR\fI = \fR\fI\FC1000\F[]\fR\fI \fR
 .RE
 
@@ -4702 +5040 @@
 .sp
 To use this option, a basic ldap tree must be provided and the ldap suffix parameters must be properly configured\&. On virgin servers the default users and groups (Administrator, Guest, Domain Users, Domain Admins, Domain Guests) can be precreated with the command
-net sam provision\&. To run this command the ldap server must be running, Winindd must be running and the smb\&.conf ldap options must be properly configured\&. The typical ldap setup used with the
+\FCnet sam provision\F[]\&. To run this command the ldap server must be running, Winindd must be running and the smb\&.conf ldap options must be properly configured\&. The typical ldap setup used with the
 \m[blue]\fBldapsam:trusted = yes\fR\m[]
 option is usually sufficient to use
@@ -4713 +5051 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
         encrypt passwords = true
         passdb backend = ldapsam
@@ -4733 +5079 @@
         idmap gid = 5000\-50000
         
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -4743 +5095 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
         dn: dc=samba,dc=org
         objectClass: top
@@ -4778 +5138 @@
         ou: computers
         
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -4784 +5150 @@
 .sp
 Default:
-\fI\fIldapsam:editposix\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIldapsam:editposix\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -4800 +5166 @@
 .sp
 Default:
-\fI\fIldapsam:trusted\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIldapsam:trusted\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -4820 +5186 @@
 .sp
 Default:
-\fI\fIldap ssl ads\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIldap ssl ads\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -4830 +5196 @@
 \fINOT\fR
 related to Samba\'s previous SSL support which was enabled by specifying the
-\-\-with\-ssl
+\FC\-\-with\-ssl\F[]
 option to the
-configure
+\FCconfigure\F[]
 script\&.
 .sp
@@ -4885 +5251 @@
 .sp
 Default:
-\fI\fIldap ssl\fR\fR\fI = \fR\fIstart tls\fR\fI \fR
+\fI\fIldap ssl\fR\fR\fI = \fR\fI\FCstart tls\F[]\fR\fI \fR
 .RE
 
@@ -4902 +5268 @@
 .sp
 Default:
-\fI\fIldap suffix\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIldap suffix\fR\fR\fI = \fR\fIdc=samba,dc=org\fR\fI \fR
+\fI\fIldap suffix\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIldap suffix\fR\fR\fI = \fR\fI\FCdc=samba,dc=org\F[]\fR\fI \fR
 .RE
 
@@ -4915 +5281 @@
 .sp
 Default:
-\fI\fIldap timeout\fR\fR\fI = \fR\fI15\fR\fI \fR
+\fI\fIldap timeout\fR\fR\fI = \fR\fI\FC15\F[]\fR\fI \fR
 .RE
 
@@ -4929 +5295 @@
 .sp
 Default:
-\fI\fIldap user suffix\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIldap user suffix\fR\fR\fI = \fR\fIou=people\fR\fI \fR
+\fI\fIldap user suffix\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIldap user suffix\fR\fR\fI = \fR\fI\FCou=people\F[]\fR\fI \fR
 .RE
 
@@ -4959 +5325 @@
 .sp
 Default:
-\fI\fIlevel2 oplocks\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIlevel2 oplocks\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -4983 +5349 @@
 .sp
 Default:
-\fI\fIlm announce\fR\fR\fI = \fR\fIauto\fR\fI \fR
-.sp
-Example:
-\fI\fIlm announce\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIlm announce\fR\fR\fI = \fR\fI\FCauto\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIlm announce\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -5000 +5366 @@
 .sp
 Default:
-\fI\fIlm interval\fR\fR\fI = \fR\fI60\fR\fI \fR
-.sp
-Example:
-\fI\fIlm interval\fR\fR\fI = \fR\fI120\fR\fI \fR
+\fI\fIlm interval\fR\fR\fI = \fR\fI\FC60\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIlm interval\fR\fR\fI = \fR\fI\FC120\F[]\fR\fI \fR
 .RE
 
@@ -5015 +5381 @@
 .sp
 Default:
-\fI\fIload printers\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIload printers\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -5027 +5393 @@
 \fBno\fR
 then
-nmbd
+\FC nmbd\F[]
 will not attempt to become a local master browser on a subnet and will also lose in all browsing elections\&. By default this value is set to
 \fByes\fR\&. Setting this value to
@@ -5034 +5400 @@
 \fIbecome\fR
 the local master browser on a subnet, just that
-nmbd
+\FCnmbd\F[]
 will
 \fIparticipate\fR
@@ -5042 +5408 @@
 \fBno\fR
 will cause
-nmbd
+\FCnmbd\F[]
 \fInever\fR
 to become a local master browser\&.
 .sp
 Default:
-\fI\fIlocal master\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIlocal master\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -5069 +5435 @@
 .sp
 Default:
-\fI\fIlock directory\fR\fR\fI = \fR\fI${prefix}/var/locks\fR\fI \fR
-.sp
-Example:
-\fI\fIlock directory\fR\fR\fI = \fR\fI/var/run/samba/locks\fR\fI \fR
+\fI\fIlock directory\fR\fR\fI = \fR\fI\FC${prefix}/var/locks\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIlock directory\fR\fR\fI = \fR\fI\FC/var/run/samba/locks\F[]\fR\fI \fR
 .RE
 
@@ -5082 +5448 @@
 .sp
 If
-locking = no, all lock and unlock requests will appear to succeed and all lock queries will report that the file in question is available for locking\&.
+\FClocking = no\F[], all lock and unlock requests will appear to succeed and all lock queries will report that the file in question is available for locking\&.
 .sp
 If
-locking = yes, real locking will be performed by the server\&.
+\FClocking = yes\F[], real locking will be performed by the server\&.
 .sp
 This option
@@ -5108 +5474 @@
 .sp
 Default:
-\fI\fIlock spin count\fR\fR\fI = \fR\fI0\fR\fI \fR
+\fI\fIlock spin count\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
 .RE
 
@@ -5120 +5486 @@
 .sp
 Default:
-\fI\fIlock spin time\fR\fR\fI = \fR\fI200\fR\fI \fR
+\fI\fIlock spin time\fR\fR\fI = \fR\fI\FC200\F[]\fR\fI \fR
 .RE
 
@@ -5134 +5500 @@
 .sp
 Example:
-\fI\fIlog file\fR\fR\fI = \fR\fI/usr/local/samba/var/log\&.%m\fR\fI \fR
+\fI\fIlog file\fR\fR\fI = \fR\fI\FC/usr/local/samba/var/log\&.%m\F[]\fR\fI \fR
 .RE
 
@@ -5150 +5516 @@
 .RS 4
 The value of the parameter (a astring) allows the debug level (logging level) to be specified in the
-smb\&.conf
+\FCsmb\&.conf\F[]
 file\&.
 .sp
@@ -5376 +5742 @@
 .RE
 Default:
-\fI\fIlog level\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fIlog level\fR\fR\fI = \fR\fI3 passdb:5 auth:10 winbind:2\fR\fI \fR
+\fI\fIlog level\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIlog level\fR\fR\fI = \fR\fI\FC3 passdb:5 auth:10 winbind:2\F[]\fR\fI \fR
 .RE
 
@@ -5392 +5758 @@
 .sp
 Default:
-\fI\fIlogon drive\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIlogon drive\fR\fR\fI = \fR\fIh:\fR\fI \fR
+\fI\fIlogon drive\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIlogon drive\fR\fR\fI = \fR\fI\FCh:\F[]\fR\fI \fR
 .RE
 
@@ -5405 +5771 @@
 .sp
 
-C:\e>\fBNET USE H: /HOME\fR
+\FCC:\e>\F[]\fBNET USE H: /HOME\fR
 .sp
 from a command prompt, for example\&.
@@ -5414 +5780 @@
 .sp
 
-logon home = \e\e%N\e%U\eprofile
+\FClogon home = \e\e%N\e%U\eprofile\F[]
 .sp
 This tells Samba to return the above string, with substitutions made when a client requests the info, generally in a NetUserGetInfo request\&. Win9X clients truncate the info to \e\eserver\eshare when a user does
-net use /home
+\FCnet use /home\F[]
 but use the whole string when dealing with profiles\&.
 .sp
@@ -5424 +5790 @@
 was returned rather than
 \fIlogon home\fR\&. This broke
-net use /home
+\FCnet use /home\F[]
 but allowed profiles outside the home directory\&. The current implementation is correct, and can be used for profiles if you use the above trick\&.
 .sp
@@ -5434 +5800 @@
 .sp
 Default:
-\fI\fIlogon home\fR\fR\fI = \fR\fI\e\e%N\e%U\fR\fI \fR
-.sp
-Example:
-\fI\fIlogon home\fR\fR\fI = \fR\fI\e\eremote_smb_server\e%U\fR\fI \fR
+\fI\fIlogon home\fR\fR\fI = \fR\fI\FC\e\e%N\e%U\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIlogon home\fR\fR\fI = \fR\fI\FC\e\eremote_smb_server\e%U\F[]\fR\fI \fR
 .RE
 
@@ -5449 +5815 @@
 .sp
 This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine\&. It also specifies the directory from which the "Application Data",
-desktop,
-start menu,
-network neighborhood,
-programs
+\FCdesktop\F[],
+\FCstart menu\F[],
+\FCnetwork neighborhood\F[],
+\FCprograms\F[]
 and other folders, and their contents, are loaded and displayed on your Windows NT client\&.
 .sp
@@ -5465 +5831 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -5477 +5844 @@
 will break profile handling\&. Where the tdbsam or ldapsam passdb backend is used, at the time the user account is created the value configured for this parameter is written to the passdb backend and that value will over\-ride the parameter value present in the smb\&.conf file\&. Any error present in the passdb backend account record must be editted using the appropriate tool (pdbedit on the command\-line, or any other locally provided system tool)\&.
 .sp .5v
+.EM yellow
 .RE
 Note that this option is only useful if Samba is set up as a domain controller\&.
@@ -5488 +5856 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 logon path = \e\ePROFILESERVER\ePROFILE\e%U
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -5496 +5878 @@
 .sp
 Default:
-\fI\fIlogon path\fR\fR\fI = \fR\fI\e\e%N\e%U\eprofile\fR\fI \fR
+\fI\fIlogon path\fR\fR\fI = \fR\fI\FC\e\e%N\e%U\eprofile\F[]\fR\fI \fR
 .RE
 
@@ -5503 +5885 @@
 .PP
 .RS 4
-This parameter specifies the batch file (\&.bat) or NT command file (\&.cmd) to be downloaded and run on a machine when a user successfully logs in\&. The file must contain the DOS style CR/LF line endings\&. Using a DOS\-style editor to create the file is recommended\&.
+This parameter specifies the batch file (\FC\&.bat\F[]) or NT command file (\FC\&.cmd\F[]) to be downloaded and run on a machine when a user successfully logs in\&. The file must contain the DOS style CR/LF line endings\&. Using a DOS\-style editor to create the file is recommended\&.
 .sp
 The script must be a relative path to the
@@ -5510 +5892 @@
 \m[blue]\fBpath\fR\m[]
 of
-/usr/local/samba/netlogon, and
+\FC/usr/local/samba/netlogon\F[], and
 \m[blue]\fBlogon script = STARTUP\&.BAT\fR\m[], then the file that will be downloaded is:
 .sp
@@ -5516 +5898 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
         /usr/local/samba/netlogon/STARTUP\&.BAT
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -5524 +5920 @@
 .sp
 The contents of the batch file are entirely your choice\&. A suggested command would be to add
-NET TIME \e\eSERVER /SET /YES, to force every machine to synchronize clocks with the same time server\&. Another use would be to add
-NET USE U: \e\eSERVER\eUTILS
+\FCNET TIME \e\eSERVER /SET /YES\F[], to force every machine to synchronize clocks with the same time server\&. Another use would be to add
+\FCNET USE U: \e\eSERVER\eUTILS\F[]
 for commonly used utilities, or
 .sp
@@ -5531 +5927 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 \fBNET USE Q: \e\eSERVER\eISO9001_QA\fR
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -5547 +5957 @@
 .sp
 Default:
-\fI\fIlogon script\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIlogon script\fR\fR\fI = \fR\fIscripts\e%U\&.bat\fR\fI \fR
+\fI\fIlogon script\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIlogon script\fR\fR\fI = \fR\fI\FCscripts\e%U\&.bat\F[]\fR\fI \fR
 .RE
 
@@ -5573 +5983 @@
 .sp
 Default:
-\fI\fIlppause command\fR\fR\fI = \fR\fI # Currently no default value is given to this string, unless the value of the \m[blue]\fBprinting\fR\m[] parameter is \fBSYSV\fR, in which case the default is : lp \-i %p\-%j \-H hold or if the value of the \fIprinting\fR parameter is \fBSOFTQ\fR, then the default is: qstat \-s \-j%j \-h\&. \fR\fI \fR
-.sp
-Example:
-\fI\fIlppause command\fR\fR\fI = \fR\fI/usr/bin/lpalt %p\-%j \-p0\fR\fI \fR
+\fI\fIlppause command\fR\fR\fI = \fR\fI\FC # Currently no default value is given to this string, unless the value of the \m[blue]\fBprinting\fR\m[] parameter is \fBSYSV\fR, in which case the default is : \FClp \-i %p\-%j \-H hold\F[] or if the value of the \fIprinting\fR parameter is \fBSOFTQ\fR, then the default is: \FCqstat \-s \-j%j \-h\F[]\&. \F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIlppause command\fR\fR\fI = \fR\fI\FC/usr/bin/lpalt %p\-%j \-p0\F[]\fR\fI \fR
 .RE
 
@@ -5584 +5994 @@
 .RS 4
 This controls how long lpq info will be cached for to prevent the
-lpq
+\FClpq\F[]
 command being called too often\&. A separate cache is kept for each variation of the
-lpq
+\FC lpq\F[]
 command used by the system, so if you use different
-lpq
+\FClpq\F[]
 commands for different users then they won\'t share cache information\&.
 .sp
 The cache files are stored in
-/tmp/lpq\&.xxxx
+\FC/tmp/lpq\&.xxxx\F[]
 where xxxx is a hash of the
-lpq
+\FClpq\F[]
 command in use\&.
 .sp
 The default is 30 seconds, meaning that the cached results of a previous identical
-lpq
+\FClpq\F[]
 command will be used if the cached data is less than 30 seconds old\&. A large value may be advisable if your
-lpq
+\FClpq\F[]
 command is very slow\&.
 .sp
@@ -5606 +6016 @@
 .sp
 Default:
-\fI\fIlpq cache time\fR\fR\fI = \fR\fI30\fR\fI \fR
-.sp
-Example:
-\fI\fIlpq cache time\fR\fR\fI = \fR\fI10\fR\fI \fR
+\fI\fIlpq cache time\fR\fR\fI = \fR\fI\FC30\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIlpq cache time\fR\fR\fI = \fR\fI\FC10\F[]\fR\fI \fR
 .RE
 
@@ -5617 +6027 @@
 .RS 4
 This parameter specifies the command to be executed on the server host in order to obtain
-lpq\-style printer status information\&.
+\FClpq \F[]\-style printer status information\&.
 .sp
 This command should be a program or script which takes a printer name as its only parameter and outputs printer status information\&.
@@ -5640 +6050 @@
 .sp
 Default:
-\fI\fIlpq command\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIlpq command\fR\fR\fI = \fR\fI/usr/bin/lpq \-P%p\fR\fI \fR
+\fI\fIlpq command\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIlpq command\fR\fR\fI = \fR\fI\FC/usr/bin/lpq \-P%p\F[]\fR\fI \fR
 .RE
 
@@ -5675 +6085 @@
 \fBSYSV\fR, in which case the default is:
 .sp
-lp \-i %p\-%j \-H resume
+\FClp \-i %p\-%j \-H resume\F[]
 .sp
 or if the value of the
@@ -5682 +6092 @@
 \fBSOFTQ\fR, then the default is:
 .sp
-qstat \-s \-j%j \-r
+\FCqstat \-s \-j%j \-r\F[]
 .sp
 \fINo default\fR
 .sp
 Example:
-\fI\fIlpresume command\fR\fR\fI = \fR\fI/usr/bin/lpalt %p\-%j \-p2\fR\fI \fR
+\fI\fIlpresume command\fR\fR\fI = \fR\fI\FC/usr/bin/lpalt %p\-%j \-p2\F[]\fR\fI \fR
 .RE
 
@@ -5713 +6123 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 lprm command = /usr/bin/lprm \-P%p %j
 
@@ -5719 +6137 @@
 
 lprm command = /usr/bin/cancel %p\-%j
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -5725 +6149 @@
 .sp
 Default:
-\fI\fIlprm command\fR\fR\fI = \fR\fI determined by printing parameter\fR\fI \fR
+\fI\fIlprm command\fR\fR\fI = \fR\fI\FC determined by printing parameter\F[]\fR\fI \fR
 .RE
 
@@ -5735 +6159 @@
 \m[blue]\fBsecurity = domain\fR\m[]
 parameter) then periodically a running smbd process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called
-private/secrets\&.tdb\&. This parameter specifies how often this password will be changed, in seconds\&. The default is one week (expressed in seconds), the same as a Windows NT Domain member server\&.
+\FCprivate/secrets\&.tdb \F[]\&. This parameter specifies how often this password will be changed, in seconds\&. The default is one week (expressed in seconds), the same as a Windows NT Domain member server\&.
 .sp
 See also
@@ -5743 +6167 @@
 .sp
 Default:
-\fI\fImachine password timeout\fR\fR\fI = \fR\fI604800\fR\fI \fR
+\fI\fImachine password timeout\fR\fR\fI = \fR\fI\FC604800\F[]\fR\fI \fR
 .RE
 
@@ -5757 +6181 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -5769 +6194 @@
 in the same directory the output file content is undefined\&.
 .sp .5v
-.RE
-Default:
-\fI\fImagic output\fR\fR\fI = \fR\fI<magic script name>\&.out\fR\fI \fR
-.sp
-Example:
-\fI\fImagic output\fR\fR\fI = \fR\fImyfile\&.txt\fR\fI \fR
+.EM yellow
+.RE
+Default:
+\fI\fImagic output\fR\fR\fI = \fR\fI\FC<magic script name>\&.out\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImagic output\fR\fR\fI = \fR\fI\FCmyfile\&.txt\F[]\fR\fI \fR
 .RE
 
@@ -5800 +6226 @@
 .sp
 Default:
-\fI\fImagic script\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fImagic script\fR\fR\fI = \fR\fIuser\&.csh\fR\fI \fR
+\fI\fImagic script\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImagic script\fR\fR\fI = \fR\fI\FCuser\&.csh\F[]\fR\fI \fR
 .RE
 
@@ -5862 +6288 @@
 .sp
 Default:
-\fI\fImangled names\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fImangled names\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -5874 +6300 @@
 .sp
 Default:
-\fI\fImangle prefix\fR\fR\fI = \fR\fI1\fR\fI \fR
-.sp
-Example:
-\fI\fImangle prefix\fR\fR\fI = \fR\fI4\fR\fI \fR
+\fI\fImangle prefix\fR\fR\fI = \fR\fI\FC1\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImangle prefix\fR\fR\fI = \fR\fI\FC4\F[]\fR\fI \fR
 .RE
 
@@ -5890 +6316 @@
 .sp
 Default:
-\fI\fImangling char\fR\fR\fI = \fR\fI~\fR\fI \fR
-.sp
-Example:
-\fI\fImangling char\fR\fR\fI = \fR\fI^\fR\fI \fR
+\fI\fImangling char\fR\fR\fI = \fR\fI\FC~\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImangling char\fR\fR\fI = \fR\fI\FC^\F[]\fR\fI \fR
 .RE
 
@@ -5903 +6329 @@
 .sp
 Default:
-\fI\fImangling method\fR\fR\fI = \fR\fIhash2\fR\fI \fR
-.sp
-Example:
-\fI\fImangling method\fR\fR\fI = \fR\fIhash\fR\fI \fR
+\fI\fImangling method\fR\fR\fI = \fR\fI\FChash2\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImangling method\fR\fR\fI = \fR\fI\FChash\F[]\fR\fI \fR
 .RE
 
@@ -5918 +6344 @@
 .sp
 Default:
-\fI\fImap acl inherit\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fImap acl inherit\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -5934 +6360 @@
 .sp
 Default:
-\fI\fImap archive\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fImap archive\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -6016 +6442 @@
 .RE
 Default:
-\fI\fImap readonly\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fImap readonly\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -6032 +6458 @@
 .sp
 Default:
-\fI\fImap system\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fImap system\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -6122 +6548 @@
 .sp
 Default:
-\fI\fImap to guest\fR\fR\fI = \fR\fINever\fR\fI \fR
-.sp
-Example:
-\fI\fImap to guest\fR\fR\fI = \fR\fIBad User\fR\fI \fR
+\fI\fImap to guest\fR\fR\fI = \fR\fI\FCNever\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImap to guest\fR\fR\fI = \fR\fI\FCBad User\F[]\fR\fI \fR
 .RE
 
@@ -6141 +6567 @@
 .sp
 Default:
-\fI\fImap untrusted to domain\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fImap untrusted to domain\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -6157 +6583 @@
 .sp
 Default:
-\fI\fImax connections\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fImax connections\fR\fR\fI = \fR\fI10\fR\fI \fR
+\fI\fImax connections\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImax connections\fR\fR\fI = \fR\fI\FC10\F[]\fR\fI \fR
 .RE
 
@@ -6179 +6605 @@
 .sp
 Default:
-\fI\fImax disk size\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fImax disk size\fR\fR\fI = \fR\fI1000\fR\fI \fR
+\fI\fImax disk size\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImax disk size\fR\fR\fI = \fR\fI\FC1000\F[]\fR\fI \fR
 .RE
 
@@ -6190 +6616 @@
 .RS 4
 This option (an integer in kilobytes) specifies the max size the log file should grow to\&. Samba periodically checks the size and if it is exceeded it will rename the file, adding a
-\&.old
+\FC\&.old\F[]
 extension\&.
 .sp
@@ -6196 +6622 @@
 .sp
 Default:
-\fI\fImax log size\fR\fR\fI = \fR\fI5000\fR\fI \fR
-.sp
-Example:
-\fI\fImax log size\fR\fR\fI = \fR\fI1000\fR\fI \fR
+\fI\fImax log size\fR\fR\fI = \fR\fI\FC5000\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImax log size\fR\fR\fI = \fR\fI\FC1000\F[]\fR\fI \fR
 .RE
 
@@ -6209 +6635 @@
 .sp
 Default:
-\fI\fImax mux\fR\fR\fI = \fR\fI50\fR\fI \fR
+\fI\fImax mux\fR\fR\fI = \fR\fI\FC50\F[]\fR\fI \fR
 .RE
 
@@ -6223 +6649 @@
 .sp
 Default:
-\fI\fImax open files\fR\fR\fI = \fR\fI16404\fR\fI \fR
+\fI\fImax open files\fR\fR\fI = \fR\fI\FC16404\F[]\fR\fI \fR
 .RE
 
@@ -6235 +6661 @@
 .sp
 Default:
-\fI\fImax print jobs\fR\fR\fI = \fR\fI1000\fR\fI \fR
-.sp
-Example:
-\fI\fImax print jobs\fR\fR\fI = \fR\fI5000\fR\fI \fR
+\fI\fImax print jobs\fR\fR\fI = \fR\fI\FC1000\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImax print jobs\fR\fR\fI = \fR\fI\FC5000\F[]\fR\fI \fR
 .RE
 
@@ -6328 +6754 @@
 .sp
 Default:
-\fI\fImax protocol\fR\fR\fI = \fR\fINT1\fR\fI \fR
-.sp
-Example:
-\fI\fImax protocol\fR\fR\fI = \fR\fILANMAN1\fR\fI \fR
+\fI\fImax protocol\fR\fR\fI = \fR\fI\FCNT1\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImax protocol\fR\fR\fI = \fR\fI\FCLANMAN1\F[]\fR\fI \fR
 .RE
 
@@ -6341 +6767 @@
 .sp
 Default:
-\fI\fImax reported print jobs\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fImax reported print jobs\fR\fR\fI = \fR\fI1000\fR\fI \fR
+\fI\fImax reported print jobs\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImax reported print jobs\fR\fR\fI = \fR\fI\FC1000\F[]\fR\fI \fR
 .RE
 
@@ -6358 +6784 @@
 .sp
 Default:
-\fI\fImax smbd processes\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fImax smbd processes\fR\fR\fI = \fR\fI1000\fR\fI \fR
+\fI\fImax smbd processes\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImax smbd processes\fR\fR\fI = \fR\fI\FC1000\F[]\fR\fI \fR
 .RE
 
@@ -6373 +6799 @@
 .sp
 Default:
-\fI\fImax stat cache size\fR\fR\fI = \fR\fI256\fR\fI \fR
-.sp
-Example:
-\fI\fImax stat cache size\fR\fR\fI = \fR\fI100\fR\fI \fR
+\fI\fImax stat cache size\fR\fR\fI = \fR\fI\FC256\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImax stat cache size\fR\fR\fI = \fR\fI\FC100\F[]\fR\fI \fR
 .RE
 
@@ -6386 +6812 @@
 \fBnmbd\fR(8)
 what the default \'time to live\' of NetBIOS names should be (in seconds) when
-nmbd
+\FCnmbd\F[]
 is requesting a name using either a broadcast packet or from a WINS server\&. You should never need to change this parameter\&. The default is 3 days\&.
 .sp
 Default:
-\fI\fImax ttl\fR\fR\fI = \fR\fI259200\fR\fI \fR
+\fI\fImax ttl\fR\fR\fI = \fR\fI\FC259200\F[]\fR\fI \fR
 .RE
 
@@ -6400 +6826 @@
 \fBsmbd\fR(8)
 when acting as a WINS server (\m[blue]\fBwins support = yes\fR\m[]) what the maximum \'time to live\' of NetBIOS names that
-nmbd
+\FCnmbd\F[]
 will grant will be (in seconds)\&. You should never need to change this parameter\&. The default is 6 days (518400 seconds)\&.
 .sp
 Default:
-\fI\fImax wins ttl\fR\fR\fI = \fR\fI518400\fR\fI \fR
+\fI\fImax wins ttl\fR\fR\fI = \fR\fI\FC518400\F[]\fR\fI \fR
 .RE
 
@@ -6414 +6840 @@
 .sp
 Default:
-\fI\fImax xmit\fR\fR\fI = \fR\fI16644\fR\fI \fR
-.sp
-Example:
-\fI\fImax xmit\fR\fR\fI = \fR\fI8192\fR\fI \fR
+\fI\fImax xmit\fR\fR\fI = \fR\fI\FC16644\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImax xmit\fR\fR\fI = \fR\fI\FC8192\F[]\fR\fI \fR
 .RE
 
@@ -6433 +6859 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
-message command = csh \-c \'xedit %s;rm %s\' &
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
+\FCmessage command = csh \-c \'xedit %s;rm %s\' &\F[]
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -6441 +6881 @@
 .sp
 This delivers the message using
-xedit, then removes it afterwards\&.
+\FCxedit\F[], then removes it afterwards\&.
 \fINOTE THAT IT IS VERY IMPORTANT THAT THIS COMMAND RETURN IMMEDIATELY\fR\&. That\'s why I have the \'&\' on the end\&. If it doesn\'t return immediately then your PCs may freeze when sending messages (they should recover after 30 seconds, hopefully)\&.
 .sp
@@ -6494 +6934 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
-message command = /bin/mail \-s \'message from %f on %m\' root < %s; rm %s
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
+\FCmessage command = /bin/mail \-s \'message from %f on %m\' root < %s; rm %s\F[]
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -6508 +6962 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
-message command = rm %s
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
+\FCmessage command = rm %s\F[]
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -6516 +6984 @@
 .sp
 Default:
-\fI\fImessage command\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fImessage command\fR\fR\fI = \fR\fIcsh \-c \'xedit %s; rm %s\' &\fR\fI \fR
+\fI\fImessage command\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImessage command\fR\fR\fI = \fR\fI\FCcsh \-c \'xedit %s; rm %s\' &\F[]\fR\fI \fR
 .RE
 
@@ -6529 +6997 @@
 .sp
 Default:
-\fI\fImin print space\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fImin print space\fR\fR\fI = \fR\fI2000\fR\fI \fR
+\fI\fImin print space\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImin print space\fR\fR\fI = \fR\fI\FC2000\F[]\fR\fI \fR
 .RE
 
@@ -6542 +7010 @@
 \m[blue]\fBmax protocol\fR\m[]
 parameter for a list of valid protocol names and a brief description of each\&. You may also wish to refer to the C source code in
-source/smbd/negprot\&.c
+\FCsource/smbd/negprot\&.c\F[]
 for a listing of known protocol dialects supported by clients\&.
 .sp
@@ -6550 +7018 @@
 .sp
 Default:
-\fI\fImin protocol\fR\fR\fI = \fR\fICORE\fR\fI \fR
-.sp
-Example:
-\fI\fImin protocol\fR\fR\fI = \fR\fINT1\fR\fI \fR
+\fI\fImin protocol\fR\fR\fI = \fR\fI\FCCORE\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fImin protocol\fR\fR\fI = \fR\fI\FCNT1\F[]\fR\fI \fR
 .RE
 
@@ -6569 +7037 @@
 .sp
 Default:
-\fI\fImin receivefile size\fR\fR\fI = \fR\fI0\fR\fI \fR
+\fI\fImin receivefile size\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
 .RE
 
@@ -6579 +7047 @@
 \fBnmbd\fR(8)
 when acting as a WINS server (\m[blue]\fBwins support = yes\fR\m[]) what the minimum \'time to live\' of NetBIOS names that
-nmbd
+\FCnmbd\F[]
 will grant will be (in seconds)\&. You should never need to change this parameter\&. The default is 6 hours (21600 seconds)\&.
 .sp
 Default:
-\fI\fImin wins ttl\fR\fR\fI = \fR\fI21600\fR\fI \fR
+\fI\fImin wins ttl\fR\fR\fI = \fR\fI\FC21600\F[]\fR\fI \fR
 .RE
 
@@ -6601 +7069 @@
 .sp
 Example:
-\fI\fImsdfs proxy\fR\fR\fI = \fR\fI\eotherserver\esomeshare\fR\fI \fR
+\fI\fImsdfs proxy\fR\fR\fI = \fR\fI\FC\eotherserver\esomeshare\F[]\fR\fI \fR
 .RE
 
@@ -6610 +7078 @@
 If set to
 \fByes\fR, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory\&. Dfs links are specified in the share directory by symbolic links of the form
-msdfs:serverA\e\eshareA,serverB\e\eshareB
+\FCmsdfs:serverA\e\eshareA,serverB\e\eshareB\F[]
 and so on\&. For more information on setting up a Dfs tree on Samba, refer to the MSDFS chapter in the Samba3\-HOWTO book\&.
 .sp
 Default:
-\fI\fImsdfs root\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fImsdfs root\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -6624 +7092 @@
 .sp
 Default:
-\fI\fIname cache timeout\fR\fR\fI = \fR\fI660\fR\fI \fR
-.sp
-Example:
-\fI\fIname cache timeout\fR\fR\fI = \fR\fI0\fR\fI \fR
+\fI\fIname cache timeout\fR\fR\fI = \fR\fI\FC660\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIname cache timeout\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
 .RE
 
@@ -6662 +7130 @@
 \fBhost\fR
 : Do a standard host name to IP address resolution, using the system
-/etc/hosts, NIS, or DNS lookups\&. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the
-/etc/nsswitch\&.conf
+\FC/etc/hosts \F[], NIS, or DNS lookups\&. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the
+\FC/etc/nsswitch\&.conf\F[]
 file\&. Note that this method is used only if the NetBIOS name type being queried is the 0x20 (server) name type or 0x1c (domain controllers)\&. The latter case is only useful for active directory domains and results in a DNS query for the SRV RR entry matching _ldap\&._tcp\&.domain\&.
 .RE
@@ -6697 +7165 @@
 The example below will cause the local lmhosts file to be examined first, followed by a broadcast attempt, followed by a normal system hostname lookup\&.
 .sp
-When Samba is functioning in ADS security mode (security = ads) it is advised to use following settings for
+When Samba is functioning in ADS security mode (\FCsecurity = ads\F[]) it is advised to use following settings for
 \fIname resolve order\fR:
 .sp
-name resolve order = wins bcast
+\FCname resolve order = wins bcast\F[]
 .sp
 DC lookups will still be done via DNS, but fallbacks to netbios names will not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups\&.
 .sp
 Default:
-\fI\fIname resolve order\fR\fR\fI = \fR\fIlmhosts host wins bcast\fR\fI \fR
-.sp
-Example:
-\fI\fIname resolve order\fR\fR\fI = \fR\fIlmhosts bcast host\fR\fI \fR
+\fI\fIname resolve order\fR\fR\fI = \fR\fI\FClmhosts host wins bcast\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIname resolve order\fR\fR\fI = \fR\fI\FClmhosts bcast host\F[]\fR\fI \fR
 .RE
 
@@ -6718 +7186 @@
 .sp
 Default:
-\fI\fInetbios aliases\fR\fR\fI = \fR\fI # empty string (no additional names)\fR\fI \fR
-.sp
-Example:
-\fI\fInetbios aliases\fR\fR\fI = \fR\fITEST TEST1 TEST2\fR\fI \fR
+\fI\fInetbios aliases\fR\fR\fI = \fR\fI\FC # empty string (no additional names)\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fInetbios aliases\fR\fR\fI = \fR\fI\FCTEST TEST1 TEST2\F[]\fR\fI \fR
 .RE
 
@@ -6731 +7199 @@
 .sp
 There is a bug in Samba\-3 that breaks operation of browsing and access to shares if the netbios name is set to the literal name
-PIPE\&. To avoid this problem, do not name your Samba\-3 server
-PIPE\&.
-.sp
-Default:
-\fI\fInetbios name\fR\fR\fI = \fR\fI # machine DNS name\fR\fI \fR
-.sp
-Example:
-\fI\fInetbios name\fR\fR\fI = \fR\fIMYNAME\fR\fI \fR
+\FCPIPE\F[]\&. To avoid this problem, do not name your Samba\-3 server
+\FCPIPE\F[]\&.
+.sp
+Default:
+\fI\fInetbios name\fR\fR\fI = \fR\fI\FC # machine DNS name\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fInetbios name\fR\fR\fI = \fR\fI\FCMYNAME\F[]\fR\fI \fR
 .RE
 
@@ -6748 +7216 @@
 .sp
 Default:
-\fI\fInetbios scope\fR\fR\fI = \fR\fI\fR\fI \fR
+\fI\fInetbios scope\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
 .RE
 
@@ -6766 +7234 @@
 .sp
 Default:
-\fI\fInis homedir\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fInis homedir\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -6780 +7248 @@
 .sp
 Default:
-\fI\fInmbd bind explicit broadcast\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fInmbd bind explicit broadcast\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -6792 +7260 @@
 .sp
 Default:
-\fI\fInt acl support\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fInt acl support\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -6804 +7272 @@
 .sp
 If this option, and
-lanman auth
+\FClanman auth\F[]
 are both disabled, then only NTLMv2 logins will be permited\&. Not all clients support NTLMv2, and most will require special configuration to use it\&.
 .sp
 Default:
-\fI\fIntlm auth\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIntlm auth\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -6822 +7290 @@
 .sp
 Default:
-\fI\fInt pipe support\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fInt pipe support\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -6838 +7306 @@
 .sp
 Default:
-\fI\fInt status support\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fInt status support\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -6851 +7319 @@
 .sp
 Default:
-\fI\fInull passwords\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fInull passwords\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -6862 +7330 @@
 .sp
 Default:
-\fI\fIobey pam restrictions\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIobey pam restrictions\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -6878 +7346 @@
 .sp
 Note that this also means Samba won\'t try to deduce usernames from the service name\&. This can be annoying for the [homes] section\&. To get around this you could use
-user = %S
+\FCuser = %S\F[]
 which means your
 \fIuser\fR
@@ -6884 +7352 @@
 .sp
 Default:
-\fI\fIonly user\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIonly user\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -6896 +7364 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -6906 +7375 @@
 DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE\&.
 .sp .5v
-.RE
-Default:
-\fI\fIoplock break wait time\fR\fR\fI = \fR\fI0\fR\fI \fR
+.EM yellow
+.RE
+Default:
+\fI\fIoplock break wait time\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
 .RE
 
@@ -6923 +7393 @@
 In brief it specifies a number, which causes
 \fBsmbd\fR(8)not to grant an oplock even when requested if the approximate number of clients contending for an oplock on the same file goes over this limit\&. This causes
-smbd
+\FCsmbd\F[]
 to behave in a similar way to Windows NT\&.
 .if n \{\
@@ -6929 +7399 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -6939 +7410 @@
 DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND UNDERSTOOD THE SAMBA OPLOCK CODE\&.
 .sp .5v
-.RE
-Default:
-\fI\fIoplock contention limit\fR\fR\fI = \fR\fI2\fR\fI \fR
+.EM yellow
+.RE
+Default:
+\fI\fIoplock contention limit\fR\fR\fI = \fR\fI\FC2\F[]\fR\fI \fR
 .RE
 
@@ -6949 +7421 @@
 .RS 4
 This boolean option tells
-smbd
+\FCsmbd\F[]
 whether to issue oplocks (opportunistic locks) to file open requests on this share\&. The oplock code can dramatically (approx\&. 30% or more) improve the speed of access to files on Samba servers\&. It allows the clients to aggressively cache files locally and you may want to disable this option for unreliable network environments (it is turned on by default in Windows NT Servers)\&.
 .sp
@@ -6959 +7431 @@
 .sp
 Default:
-\fI\fIoplocks\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIoplocks\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -6971 +7443 @@
 .sp
 For example, a valid entry using the HP LaserJet 5 printer driver would appear as
-HP LaserJet 5L = LASERJET\&.HP LaserJet 5L\&.
+\FCHP LaserJet 5L = LASERJET\&.HP LaserJet 5L\F[]\&.
 .sp
 The need for the file is due to the printer driver namespace problem described in the chapter on Classical Printing in the Samba3\-HOWTO book\&. For more details on OS/2 clients, please refer to chapter on other clients in the Samba3\-HOWTO book\&.
 .sp
 Default:
-\fI\fIos2 driver map\fR\fR\fI = \fR\fI\fR\fI \fR
+\fI\fIos2 driver map\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
 .RE
 
@@ -6995 +7467 @@
 .sp
 Default:
-\fI\fIos level\fR\fR\fI = \fR\fI20\fR\fI \fR
-.sp
-Example:
-\fI\fIos level\fR\fR\fI = \fR\fI65\fR\fI \fR
+\fI\fIos level\fR\fR\fI = \fR\fI\FC20\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIos level\fR\fR\fI = \fR\fI\FC65\F[]\fR\fI \fR
 .RE
 
@@ -7011 +7483 @@
 .sp
 Default:
-\fI\fIpam password change\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIpam password change\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -7025 +7497 @@
 .sp
 Default:
-\fI\fIpanic action\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIpanic action\fR\fR\fI = \fR\fI"/bin/sleep 90000"\fR\fI \fR
+\fI\fIpanic action\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIpanic action\fR\fR\fI = \fR\fI\FC"/bin/sleep 90000"\F[]\fR\fI \fR
 .RE
 
@@ -7040 +7512 @@
 .sp
 Default:
-\fI\fIparanoid server security\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIparanoid server security\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -7061 +7533 @@
 .IP \(bu 2.3
 .\}
-smbpasswd
+\FCsmbpasswd\F[]
 \- The old plaintext passdb backend\&. Some Samba features will not work if this passdb backend is used\&. Takes a path to the smbpasswd file as an optional argument\&.
 .RE
@@ -7073 +7545 @@
 .IP \(bu 2.3
 .\}
-tdbsam
+\FCtdbsam\F[]
 \- The TDB based password storage backend\&. Takes a path to the TDB as an optional argument (defaults to passdb\&.tdb in the
 \m[blue]\fBprivate dir\fR\m[]
@@ -7087 +7559 @@
 .IP \(bu 2.3
 .\}
-ldapsam
+\FCldapsam\F[]
 \- The LDAP based passdb backend\&. Takes an LDAP URL as an optional argument (defaults to
-ldap://localhost)
+\FCldap://localhost\F[])
 .sp
 LDAP connections should be secured where possible\&. This may be done using either Start\-TLS (see
@@ -7105 +7577 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 passdb backend = tdbsam:/etc/samba/private/passdb\&.tdb 
 
@@ -7115 +7595 @@
 
 passdb backend = ldapsam:"ldap://ldap\-1\&.example\&.com ldap\-2\&.example\&.com"
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -7121 +7607 @@
 .sp
 Default:
-\fI\fIpassdb backend\fR\fR\fI = \fR\fItdbsam\fR\fI \fR
+\fI\fIpassdb backend\fR\fR\fI = \fR\fI\FCtdbsam\F[]\fR\fI \fR
 .RE
 
@@ -7131 +7617 @@
 .sp
 Default:
-\fI\fIpassdb expand explicit\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIpassdb expand explicit\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -7145 +7631 @@
 \m[blue]\fBdebug level\fR\m[]
 of 100\&. This is a dangerous option as it will allow plaintext passwords to be seen in the
-smbd
+\FCsmbd\F[]
 log\&. It is available to help Samba admins debug their
 \fIpasswd chat\fR
@@ -7155 +7641 @@
 .sp
 Default:
-\fI\fIpasswd chat debug\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIpasswd chat debug\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -7165 +7651 @@
 .sp
 Default:
-\fI\fIpasswd chat timeout\fR\fR\fI = \fR\fI2\fR\fI \fR
+\fI\fIpasswd chat timeout\fR\fR\fI = \fR\fI\FC2\F[]\fR\fI \fR
 .RE
 
@@ -7207 +7693 @@
 .sp
 Default:
-\fI\fIpasswd chat\fR\fR\fI = \fR\fI*new*password* %n\en*new*password* %n\en *changed*\fR\fI \fR
-.sp
-Example:
-\fI\fIpasswd chat\fR\fR\fI = \fR\fI"*Enter NEW password*" %n\en "*Reenter NEW password*" %n\en "*Password changed*"\fR\fI \fR
+\fI\fIpasswd chat\fR\fR\fI = \fR\fI\FC*new*password* %n\en*new*password* %n\en *changed*\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIpasswd chat\fR\fR\fI = \fR\fI\FC"*Enter NEW password*" %n\en "*Reenter NEW password*" %n\en "*Password changed*"\F[]\fR\fI \fR
 .RE
 
@@ -7233 +7719 @@
 \fIAS ROOT\fR
 before the SMB password in the smbpasswd file is changed\&. If this UNIX password change fails, then
-smbd
+\FCsmbd\F[]
 will fail to change the SMB password also (this is by design)\&.
 .sp
@@ -7248 +7734 @@
 .sp
 Default:
-\fI\fIpasswd program\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIpasswd program\fR\fR\fI = \fR\fI/bin/passwd %u\fR\fI \fR
+\fI\fIpasswd program\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIpasswd program\fR\fR\fI = \fR\fI\FC/bin/passwd %u\F[]\fR\fI \fR
 .RE
 
@@ -7284 +7770 @@
 .sp
 Default:
-\fI\fIpassword level\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fIpassword level\fR\fR\fI = \fR\fI4\fR\fI \fR
+\fI\fIpassword level\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIpassword level\fR\fR\fI = \fR\fI\FC4\F[]\fR\fI \fR
 .RE
 
@@ -7295 +7781 @@
 .RS 4
 By specifying the name of another SMB server or Active Directory domain controller with this option, and using
-security = [ads|domain|server]
+\FCsecurity = [ads|domain|server]\F[]
 it is possible to get Samba to do all its username/password validation using a specific remote server\&.
 .sp
@@ -7309 +7795 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -7320 +7807 @@
 \fIDO NOT CHOOSE A PASSWORD SERVER THAT YOU DON\'T COMPLETELY TRUST\fR\&.
 .sp .5v
+.EM yellow
 .RE
 Never point a Samba server at itself for password serving\&. This will cause a loop and could lock up your Samba server!
@@ -7332 +7820 @@
 or
 \fBads\fR, then the list of machines in this option must be a list of Primary or Backup Domain controllers for the Domain or the character \'*\', as the Samba server is effectively in that domain, and will use cryptographically authenticated RPC calls to authenticate the user logging on\&. The advantage of using
-security = domain
+\FC security = domain\F[]
 is that if you list several hosts in the
 \fIpassword server\fR
 option then
-smbd
+\FCsmbd \F[]
 will try each in turn till it finds one that responds\&. This is useful in case your primary server goes down\&.
 .sp
@@ -7351 +7839 @@
 parameter is set to
 \fBserver\fR, then there are different restrictions that
-security = domain
+\FCsecurity = domain\F[]
 doesn\'t suffer from:
 .sp
@@ -7365 +7853 @@
 \fIpassword server\fR
 parameter, however if an
-smbd
+\FCsmbd\F[]
 makes a connection to a password server, and then the password server fails, no more users will be able to be authenticated from this
-smbd\&. This is a restriction of the SMB/CIFS protocol when in
-security = server
+\FCsmbd\F[]\&. This is a restriction of the SMB/CIFS protocol when in
+\FCsecurity = server \F[]
 mode and cannot be fixed in Samba\&.
 .RE
@@ -7381 +7869 @@
 .\}
 If you are using a Windows NT server as your password server then you will have to ensure that your users are able to login from the Samba server, as when in
-security = server
+\FC security = server\F[]
 mode the network logon will appear to come from there rather than from the users workstation\&.
 .sp
 .RE
 Default:
-\fI\fIpassword server\fR\fR\fI = \fR\fI*\fR\fI \fR
-.sp
-Example:
-\fI\fIpassword server\fR\fR\fI = \fR\fINT\-PDC, NT\-BDC1, NT\-BDC2, *\fR\fI \fR
-.sp
-Example:
-\fI\fIpassword server\fR\fR\fI = \fR\fIwindc\&.mydomain\&.com:389 192\&.168\&.1\&.101 *\fR\fI \fR
+\fI\fIpassword server\fR\fR\fI = \fR\fI\FC*\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIpassword server\fR\fR\fI = \fR\fI\FCNT\-PDC, NT\-BDC1, NT\-BDC2, *\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIpassword server\fR\fR\fI = \fR\fI\FCwindc\&.mydomain\&.com:389 192\&.168\&.1\&.101 *\F[]\fR\fI \fR
 .RE
 
@@ -7422 +7910 @@
 .sp
 Default:
-\fI\fIpath\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIpath\fR\fR\fI = \fR\fI/home/fred\fR\fI \fR
+\fI\fIpath\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIpath\fR\fR\fI = \fR\fI\FC/home/fred\F[]\fR\fI \fR
 .RE
 
@@ -7444 +7932 @@
 .sp
 Default:
-\fI\fIpid directory\fR\fR\fI = \fR\fI${prefix}/var/locks\fR\fI \fR
-.sp
-Example:
-\fI\fIpid directory\fR\fR\fI = \fR\fIpid directory = /var/run/\fR\fI \fR
+\fI\fIpid directory\fR\fR\fI = \fR\fI\FC${prefix}/var/locks\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIpid directory\fR\fR\fI = \fR\fI\FCpid directory = /var/run/\F[]\fR\fI \fR
 .RE
 
@@ -7459 +7947 @@
 .sp
 Default:
-\fI\fIposix locking\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIposix locking\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -7470 +7958 @@
 An interesting example may be to unmount server resources:
 .sp
-postexec = /etc/umount /cdrom
-.sp
-Default:
-\fI\fIpostexec\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIpostexec\fR\fR\fI = \fR\fIecho \e"%u disconnected from %S from %m (%I)\e" >> /tmp/log\fR\fI \fR
+\FCpostexec = /etc/umount /cdrom\F[]
+.sp
+Default:
+\fI\fIpostexec\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIpostexec\fR\fR\fI = \fR\fI\FCecho \e"%u disconnected from %S from %m (%I)\e" >> /tmp/log\F[]\fR\fI \fR
 .RE
 
@@ -7488 +7976 @@
 .sp
 Default:
-\fI\fIpreexec close\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIpreexec close\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -7508 +7996 @@
 .sp
 
-preexec = csh \-c \'echo \e"Welcome to %S!\e" | /usr/local/samba/bin/smbclient \-M %m \-I %I\' &
+\FCpreexec = csh \-c \'echo \e"Welcome to %S!\e" | /usr/local/samba/bin/smbclient \-M %m \-I %I\' & \F[]
 .sp
 Of course, this could get annoying after a while :\-)
@@ -7518 +8006 @@
 .sp
 Default:
-\fI\fIpreexec\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIpreexec\fR\fR\fI = \fR\fIecho \e"%u connected to %S from %m (%I)\e" >> /tmp/log\fR\fI \fR
+\fI\fIpreexec\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIpreexec\fR\fR\fI = \fR\fI\FCecho \e"%u connected to %S from %m (%I)\e" >> /tmp/log\F[]\fR\fI \fR
 .RE
 
@@ -7542 +8030 @@
 If this is set to
 \fByes\fR, on startup,
-nmbd
+\FCnmbd\F[]
 will force an election, and it will have a slight advantage in winning the election\&. It is recommended that this parameter is used in conjunction with
 \m[blue]\fBdomain master = yes\fR\m[], so that
-nmbd
+\FCnmbd\F[]
 can guarantee becoming a domain master\&.
 .sp
@@ -7551 +8039 @@
 .sp
 Default:
-\fI\fIpreferred master\fR\fR\fI = \fR\fIauto\fR\fI \fR
+\fI\fIpreferred master\fR\fR\fI = \fR\fI\FCauto\F[]\fR\fI \fR
 .RE
 
@@ -7561 +8049 @@
 .sp
 Default:
-\fI\fIpreload modules\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIpreload modules\fR\fR\fI = \fR\fI/usr/lib/samba/passdb/mysql\&.so\fR\fI \fR
+\fI\fIpreload modules\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIpreload modules\fR\fR\fI = \fR\fI\FC/usr/lib/samba/passdb/mysql\&.so\F[]\fR\fI \fR
 .RE
 
@@ -7586 +8074 @@
 .sp
 Default:
-\fI\fIpreload\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIpreload\fR\fR\fI = \fR\fIfred lp colorlp\fR\fI \fR
+\fI\fIpreload\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIpreload\fR\fR\fI = \fR\fI\FCfred lp colorlp\F[]\fR\fI \fR
 .RE
 
@@ -7604 +8092 @@
 .sp
 Default:
-\fI\fIpreserve case\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIpreserve case\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -7627 +8115 @@
 .sp
 Default:
-\fI\fIprintable\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIprintable\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -7639 +8127 @@
 .sp
 Default:
-\fI\fIprintcap cache time\fR\fR\fI = \fR\fI750\fR\fI \fR
-.sp
-Example:
-\fI\fIprintcap cache time\fR\fR\fI = \fR\fI600\fR\fI \fR
+\fI\fIprintcap cache time\fR\fR\fI = \fR\fI\FC750\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIprintcap cache time\fR\fR\fI = \fR\fI\FC600\F[]\fR\fI \fR
 .RE
 
@@ -7658 +8146 @@
 .RS 4
 This parameter may be used to override the compiled\-in default printcap name used by the server (usually
-/etc/printcap)\&. See the discussion of the
+\FC /etc/printcap\F[])\&. See the discussion of the
 [printers]
 section above for reasons why you might want to do this\&.
 .sp
 To use the CUPS printing interface set
-printcap name = cups\&. This should be supplemented by an addtional setting
+\FCprintcap name = cups \F[]\&. This should be supplemented by an addtional setting
 \m[blue]\fBprinting = cups\fR\m[]
 in the [global] section\&.
-printcap name = cups
+\FCprintcap name = cups\F[]
 will use the "dummy" printcap created by CUPS, as specified in your CUPS configuration file\&.
 .sp
 On System V systems that use
-lpstat
+\FClpstat\F[]
 to list available printers you can use
-printcap name = lpstat
+\FCprintcap name = lpstat \F[]
 to automatically obtain lists of available printers\&. This is the default for systems that define SYSV at configure time in Samba (this includes most System V based systems)\&. If
 \fI printcap name\fR
 is set to
-lpstat
+\FClpstat\F[]
 on these systems then Samba will launch
-lpstat \-v
+\FClpstat \-v\F[]
 and attempt to parse the output to obtain a printer list\&.
 .sp
@@ -7686 +8174 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 print1|My Printer 1
 print2|My Printer 2
@@ -7692 +8188 @@
 print4|My Printer 4
 print5|My Printer 5
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -7702 +8204 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -7711 +8214 @@
 .br
 Under AIX the default printcap name is
-/etc/qconfig\&. Samba will assume the file is in AIX
-qconfig
+\FC/etc/qconfig\F[]\&. Samba will assume the file is in AIX
+\FCqconfig\F[]
 format if the string
-qconfig
+\FCqconfig\F[]
 appears in the printcap filename\&.
 .sp .5v
-.RE
-Default:
-\fI\fIprintcap name\fR\fR\fI = \fR\fI/etc/printcap\fR\fI \fR
-.sp
-Example:
-\fI\fIprintcap name\fR\fR\fI = \fR\fI/etc/myprintcap\fR\fI \fR
+.EM yellow
+.RE
+Default:
+\fI\fIprintcap name\fR\fR\fI = \fR\fI\FC/etc/printcap\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIprintcap name\fR\fR\fI = \fR\fI\FC/etc/myprintcap\F[]\fR\fI \fR
 .RE
 
@@ -7730 +8234 @@
 .RS 4
 After a print job has finished spooling to a service, this command will be used via a
-system()
+\FCsystem()\F[]
 call to process the spool file\&. Typically the command specified will submit the spool file to the host\'s printing subsystem, but there is no requirement that this be the case\&. The server will not remove the spool file, so whatever command you specify should remove the spool file when it has been processed, otherwise you will need to manually remove old spool files\&.
 .sp
@@ -7769 +8273 @@
 You can form quite complex print commands by realizing that they are just passed to a shell\&. For example the following will log a print job, print the file, then remove it\&. Note that \';\' is the usual separator for command in shell scripts\&.
 .sp
-print command = echo Printing %s >> /tmp/print\&.log; lpr \-P %p %s; rm %s
+\FCprint command = echo Printing %s >> /tmp/print\&.log; lpr \-P %p %s; rm %s\F[]
 .sp
 You may have to vary this command considerably depending on how you normally print files on your system\&. The default for the parameter varies depending on the setting of the
@@ -7776 +8280 @@
 .sp
 Default: For
-printing = BSD, AIX, QNX, LPRNG or PLP :
-.sp
-print command = lpr \-r \-P%p %s
+\FCprinting = BSD, AIX, QNX, LPRNG or PLP :\F[]
+.sp
+\FCprint command = lpr \-r \-P%p %s\F[]
 .sp
 For
-printing = SYSV or HPUX :
-.sp
-print command = lp \-c \-d%p %s; rm %s
+\FCprinting = SYSV or HPUX :\F[]
+.sp
+\FCprint command = lp \-c \-d%p %s; rm %s\F[]
 .sp
 For
-printing = SOFTQ :
-.sp
-print command = lp \-d%p \-s %s; rm %s
+\FCprinting = SOFTQ :\F[]
+.sp
+\FCprint command = lp \-d%p \-s %s; rm %s\F[]
 .sp
 For printing = CUPS : If SAMBA is compiled against libcups, then
 \m[blue]\fBprintcap = cups\fR\m[]
 uses the CUPS API to submit jobs, etc\&. Otherwise it maps to the System V commands with the \-oraw option for printing, i\&.e\&. it uses
-lp \-c \-d%p \-oraw; rm %s\&. With
-printing = cups, and if SAMBA is compiled against libcups, any manually set print command will be ignored\&.
+\FClp \-c \-d%p \-oraw; rm %s\F[]\&. With
+\FCprinting = cups\F[], and if SAMBA is compiled against libcups, any manually set print command will be ignored\&.
 .sp
 \fINo default\fR
 .sp
 Example:
-\fI\fIprint command\fR\fR\fI = \fR\fI/usr/local/samba/bin/myprintscript %p %s\fR\fI \fR
+\fI\fIprint command\fR\fR\fI = \fR\fI\FC/usr/local/samba/bin/myprintscript %p %s\F[]\fR\fI \fR
 .RE
 
@@ -7811 +8315 @@
 .sp
 Default:
-\fI\fIprinter admin\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIprinter admin\fR\fR\fI = \fR\fIadmin, @staff\fR\fI \fR
+\fI\fIprinter admin\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIprinter admin\fR\fR\fI = \fR\fI\FCadmin, @staff\F[]\fR\fI \fR
 .RE
 
@@ -7836 +8340 @@
 \m[blue]\fBprinter name\fR\m[]
 may be
-lp
+\FClp\F[]
 on many systems\&.
 .sp
 Default:
-\fI\fIprinter name\fR\fR\fI = \fR\fInone\fR\fI \fR
-.sp
-Example:
-\fI\fIprinter name\fR\fR\fI = \fR\fIlaserwriter\fR\fI \fR
+\fI\fIprinter name\fR\fR\fI = \fR\fI\FCnone\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIprinter name\fR\fR\fI = \fR\fI\FClaserwriter\F[]\fR\fI \fR
 .RE
 
@@ -7882 +8386 @@
 .sp
 Default:
-\fI\fIprinting\fR\fR\fI = \fR\fIDepends on the operating system, see testparm \-v\&.\fR\fI \fR
+\fI\fIprinting\fR\fR\fI = \fR\fI\FCDepends on the operating system, see \FCtestparm \-v\&.\F[]\F[]\fR\fI \fR
 .RE
 
@@ -7892 +8396 @@
 .sp
 Default:
-\fI\fIprintjob username\fR\fR\fI = \fR\fI%U\fR\fI \fR
-.sp
-Example:
-\fI\fIprintjob username\fR\fR\fI = \fR\fI%D\e%U\fR\fI \fR
+\fI\fIprintjob username\fR\fR\fI = \fR\fI\FC%U\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIprintjob username\fR\fR\fI = \fR\fI\FC%D\e%U\F[]\fR\fI \fR
 .RE
 
@@ -7903 +8407 @@
 .RS 4
 This parameters defines the directory smbd will use for storing such files as
-smbpasswd
+\FCsmbpasswd\F[]
 and
-secrets\&.tdb\&.
-.sp
-Default:
-\fI\fIprivate dir\fR\fR\fI = \fR\fI${prefix}/private\fR\fI \fR
+\FCsecrets\&.tdb\F[]\&.
+.sp
+Default:
+\fI\fIprivate dir\fR\fR\fI = \fR\fI\FC${prefix}/private\F[]\fR\fI \fR
 .RE
 
@@ -7922 +8426 @@
 .sp
 Default:
-\fI\fIprofile acls\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIprofile acls\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -7944 +8448 @@
 .sp
 Example:
-\fI\fIqueuepause command\fR\fR\fI = \fR\fIdisable %p\fR\fI \fR
+\fI\fIqueuepause command\fR\fR\fI = \fR\fI\FCdisable %p\F[]\fR\fI \fR
 .RE
 
@@ -7964 +8468 @@
 .sp
 Default:
-\fI\fIqueueresume command\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIqueueresume command\fR\fR\fI = \fR\fIenable %p\fR\fI \fR
+\fI\fIqueueresume command\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIqueueresume command\fR\fR\fI = \fR\fI\FCenable %p\F[]\fR\fI \fR
 .RE
 
@@ -7985 +8489 @@
 .sp
 Default:
-\fI\fIread list\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIread list\fR\fR\fI = \fR\fImary, @students\fR\fI \fR
+\fI\fIread list\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIread list\fR\fR\fI = \fR\fI\FCmary, @students\F[]\fR\fI \fR
 .RE
 
@@ -8001 +8505 @@
 \fByes\fR, then users of a service may not create or modify files in the service\'s directory\&.
 .sp
-Note that a printable service (printable = yes) will
+Note that a printable service (\FCprintable = yes\F[]) will
 \fIALWAYS\fR
 allow writing to the directory (user privileges permitting), but only via spooling operations\&.
 .sp
 Default:
-\fI\fIread only\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIread only\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -8022 +8526 @@
 .sp
 Default:
-\fI\fIread raw\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIread raw\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -8030 +8534 @@
 .RS 4
 This option specifies the kerberos realm to use\&. The realm is used as the ADS equivalent of the NT4
-domain\&. It is usually set to the DNS name of the kerberos server\&.
-.sp
-Default:
-\fI\fIrealm\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIrealm\fR\fR\fI = \fR\fImysambabox\&.mycompany\&.com\fR\fI \fR
+\FCdomain\F[]\&. It is usually set to the DNS name of the kerberos server\&.
+.sp
+Default:
+\fI\fIrealm\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIrealm\fR\fR\fI = \fR\fI\FCmysambabox\&.mycompany\&.com\F[]\fR\fI \fR
 .RE
 
@@ -8056 +8560 @@
 .sp
 Default:
-\fI\fIregistry shares\fR\fR\fI = \fR\fIno\fR\fI \fR
-.sp
-Example:
-\fI\fIregistry shares\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIregistry shares\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIregistry shares\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -8077 +8581 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
-remote announce = 192\&.168\&.2\&.255/SERVERS 192\&.168\&.4\&.255/STAFF
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
+\FCremote announce = 192\&.168\&.2\&.255/SERVERS 192\&.168\&.4\&.255/STAFF\F[]
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -8085 +8603 @@
 .sp
 the above line would cause
-nmbd
+\FCnmbd\F[]
 to announce itself to the two given IP addresses using the given workgroup names\&. If you leave out the workgroup name, then the one given in the
 \m[blue]\fBworkgroup\fR\m[]
@@ -8095 +8613 @@
 .sp
 Default:
-\fI\fIremote announce\fR\fR\fI = \fR\fI\fR\fI \fR
+\fI\fIremote announce\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
 .RE
 
@@ -8113 +8631 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 \fIremote browse sync = 192\&.168\&.2\&.255 192\&.168\&.4\&.255\fR
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -8121 +8653 @@
 .sp
 the above line would cause
-nmbd
+\FCnmbd\F[]
 to request the master browser on the specified subnets or addresses to synchronize their browse lists with the local server\&.
 .sp
@@ -8131 +8663 @@
 .sp
 Default:
-\fI\fIremote browse sync\fR\fR\fI = \fR\fI\fR\fI \fR
+\fI\fIremote browse sync\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
 .RE
 
@@ -8143 +8675 @@
 .sp
 When a user with admin authority or SeAddUserPrivilege rights renames a user (e\&.g\&.: from the NT4 User Manager for Domains), this script will be run to rename the POSIX user\&. Two variables,
-%uold
+\FC%uold\F[]
 and
-%unew, will be substituted with the old and new usernames, respectively\&. The script should return 0 upon successful completion, and nonzero otherwise\&.
+\FC%unew\F[], will be substituted with the old and new usernames, respectively\&. The script should return 0 upon successful completion, and nonzero otherwise\&.
 .if n \{\
 .sp
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -8160 +8693 @@
 The script has all responsibility to rename all the necessary data that is accessible in this posix method\&. This can mean different requirements for different backends\&. The tdbsam and smbpasswd backends will take care of the contents of their respective files, so the script is responsible only for changing the POSIX username, and other data that may required for your circumstances, such as home directory\&. Please also consider whether or not you need to rename the actual home directories themselves\&. The ldapsam backend will not make any changes, because of the potential issues with renaming the LDAP naming attribute\&. In this case the script is responsible for changing the attribute that samba uses (uid) for locating users, as well as any data that needs to change for other applications using the same directory\&.
 .sp .5v
-.RE
-Default:
-\fI\fIrename user script\fR\fR\fI = \fR\fIno\fR\fI \fR
+.EM yellow
+.RE
+Default:
+\fI\fIrename user script\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -8172 +8706 @@
 .sp
 Default:
-\fI\fIreset on zero vc\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIreset on zero vc\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -8184 +8718 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 HKEY_LOCAL_MACHINE\eSYSTEM\eCurrentControlSet\e
            Control\eLSA\eRestrictAnonymous
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -8199 +8747 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -8211 +8760 @@
 on any share\&.
 .sp .5v
-.RE
-Default:
-\fI\fIrestrict anonymous\fR\fR\fI = \fR\fI0\fR\fI \fR
+.EM yellow
+.RE
+Default:
+\fI\fIrestrict anonymous\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
 .RE
 
@@ -8237 +8787 @@
 .RS 4
 The server will
-chroot()
+\FCchroot()\F[]
 (i\&.e\&. Change its root directory) to this directory on startup\&. This is not strictly necessary for secure operation\&. Even without it the server will deny access to files not in one of the service entries\&. It may also check for, and deny access to, soft links to other parts of the filesystem, or attempts to use "\&.\&." in file names to access other directories (depending on the setting of the
 \m[blue]\fBwide smbconfoptions\fR\m[]
@@ -8251 +8801 @@
 \fIroot directory\fR
 tree\&. In particular you will need to mirror
-/etc/passwd
+\FC/etc/passwd\F[]
 (or a subset of it), and any binaries or configuration files needed for printing (if required)\&. The set of files that must be mirrored is operating system dependent\&.
 .sp
 Default:
-\fI\fIroot directory\fR\fR\fI = \fR\fI/\fR\fI \fR
-.sp
-Example:
-\fI\fIroot directory\fR\fR\fI = \fR\fI/homes/smb\fR\fI \fR
+\fI\fIroot directory\fR\fR\fI = \fR\fI\FC/\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIroot directory\fR\fR\fI = \fR\fI\FC/homes/smb\F[]\fR\fI \fR
 .RE
 
@@ -8270 +8820 @@
 .sp
 Default:
-\fI\fIroot postexec\fR\fR\fI = \fR\fI\fR\fI \fR
+\fI\fIroot postexec\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
 .RE
 
@@ -8282 +8832 @@
 .sp
 Default:
-\fI\fIroot preexec close\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIroot preexec close\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -8294 +8844 @@
 .sp
 Default:
-\fI\fIroot preexec\fR\fR\fI = \fR\fI\fR\fI \fR
+\fI\fIroot preexec\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
 .RE
 
@@ -8315 +8865 @@
 .sp
 Default:
-\fI\fIsecurity mask\fR\fR\fI = \fR\fI0777\fR\fI \fR
-.sp
-Example:
-\fI\fIsecurity mask\fR\fR\fI = \fR\fI0770\fR\fI \fR
+\fI\fIsecurity mask\fR\fR\fI = \fR\fI\FC0777\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIsecurity mask\fR\fR\fI = \fR\fI\FC0770\F[]\fR\fI \fR
 .RE
 
@@ -8326 +8876 @@
 .RS 4
 This option affects how clients respond to Samba and is one of the most important settings in the
-smb\&.conf
+\FC smb\&.conf\F[]
 file\&.
 .sp
@@ -8334 +8884 @@
 .sp
 The default is
-security = user, as this is the most common setting needed when talking to Windows 98 and Windows NT\&.
+\FCsecurity = user\F[], as this is the most common setting needed when talking to Windows 98 and Windows NT\&.
 .sp
 The alternatives are
-security = share,
-security = server
+\FCsecurity = share\F[],
+\FCsecurity = server\F[]
 or
-security = domain\&.
+\FCsecurity = domain \F[]\&.
 .sp
 In versions of Samba prior to 2\&.0\&.0, the default was
-security = share
+\FCsecurity = share\F[]
 mainly because that was the only option at one stage\&.
 .sp
@@ -8349 +8899 @@
 .sp
 If your PCs use usernames that are the same as their usernames on the UNIX machine then you will want to use
-security = user\&. If you mostly use usernames that don\'t exist on the UNIX box then use
-security = share\&.
+\FCsecurity = user\F[]\&. If you mostly use usernames that don\'t exist on the UNIX box then use
+\FCsecurity = share\F[]\&.
 .sp
 You should also use
-security = share
+\FCsecurity = share\F[]
 if you want to mainly setup shares without a password (guest shares)\&. This is commonly used for a shared printer server\&. It is more difficult to setup guest shares with
-security = user, see the
+\FCsecurity = user\F[], see the
 \m[blue]\fBmap to guest\fR\m[]
 parameter for details\&.
 .sp
 It is possible to use
-smbd
+\FCsmbd\F[]
 in a
 \fI hybrid mode\fR
@@ -8371 +8921 @@
 .sp
 When clients connect to a share level security server, they need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with a username but no password when talking to a
-security = share
+\FCsecurity = share \F[]
 server)\&. Instead, the clients send authentication information (passwords) on a per\-share basis, at the time they attempt to connect to that share\&.
 .sp
 Note that
-smbd
+\FCsmbd\F[]
 \fIALWAYS\fR
 uses a valid UNIX user to act on behalf of the client, even in
-security = share
+\FCsecurity = share\F[]
 level security\&.
 .sp
 As clients are not required to send a username to the server in share level security,
-smbd
+\FCsmbd\F[]
 uses several techniques to determine the correct UNIX user to use on behalf of the client\&.
 .sp
@@ -8515 +9065 @@
 \fINote\fR
 that from the client\'s point of view
-security = domain
+\FCsecurity = domain\F[]
 is the same as
-security = user\&. It only affects how the server deals with the authentication, it does not in any way affect what the client sees\&.
+\FCsecurity = user\F[]\&. It only affects how the server deals with the authentication, it does not in any way affect what the client sees\&.
 .sp
 \fINote\fR
@@ -8539 +9089 @@
 .sp
 In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box\&. If this fails it will revert to
-security = user\&. It expects the
+\FCsecurity = user\F[]\&. It expects the
 \m[blue]\fBencrypted passwords\fR\m[]
 parameter to be set to
 \fByes\fR, unless the remote server does not support them\&. However note that if encrypted passwords have been negotiated then Samba cannot revert back to checking the UNIX password file, it must have a valid
-smbpasswd
+\FCsmbpasswd\F[]
 file to check users against\&. See the chapter about the User Database in the Samba HOWTO Collection for details on how to set this up\&.
 .if n \{\
@@ -8549 +9099 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -8559 +9110 @@
 This mode of operation has significant pitfalls since it is more vulnerable to man\-in\-the\-middle attacks and server impersonation\&. In particular, this mode of operation can cause significant resource consuption on the PDC, as it must maintain an active connection for the duration of the user\'s session\&. Furthermore, if this connection is lost, there is no way to reestablish it, and futher authentications to the Samba server may fail (from a single client, till it disconnects)\&.
 .sp .5v
+.EM yellow
 .RE
 .if n \{\
@@ -8564 +9116 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -8573 +9126 @@
 .br
 From the client\'s point of view,
-security = server
+\FCsecurity = server\F[]
 is the same as
-security = user\&. It only affects how the server deals with the authentication, it does not in any way affect what the client sees\&.
+\FCsecurity = user\F[]\&. It only affects how the server deals with the authentication, it does not in any way affect what the client sees\&.
 .sp .5v
+.EM yellow
 .RE
 \fINote\fR
@@ -8604 +9158 @@
 .sp
 Default:
-\fI\fIsecurity\fR\fR\fI = \fR\fIUSER\fR\fI \fR
-.sp
-Example:
-\fI\fIsecurity\fR\fR\fI = \fR\fIDOMAIN\fR\fI \fR
+\fI\fIsecurity\fR\fR\fI = \fR\fI\FCUSER\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIsecurity\fR\fR\fI = \fR\fI\FCDOMAIN\F[]\fR\fI \fR
 .RE
 
@@ -8623 +9177 @@
 .sp
 Please note that with this set to
-no, you will have to apply the WindowsXP
-WinXP_SignOrSeal\&.reg
+\FCno\F[], you will have to apply the WindowsXP
+\FCWinXP_SignOrSeal\&.reg\F[]
 registry patch found in the docs/registry subdirectory of the Samba distribution tarball\&.
 .sp
 Default:
-\fI\fIserver schannel\fR\fR\fI = \fR\fIauto\fR\fI \fR
-.sp
-Example:
-\fI\fIserver schannel\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIserver schannel\fR\fR\fI = \fR\fI\FCauto\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIserver schannel\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -8647 +9201 @@
 .sp
 Default:
-\fI\fIserver signing\fR\fR\fI = \fR\fIDisabled\fR\fI \fR
+\fI\fIserver signing\fR\fR\fI = \fR\fI\FCDisabled\F[]\fR\fI \fR
 .RE
 
@@ -8655 +9209 @@
 .RS 4
 This controls what string will show up in the printer comment box in print manager and next to the IPC connection in
-net view\&. It can be any string that you wish to show to your users\&.
+\FCnet view\F[]\&. It can be any string that you wish to show to your users\&.
 .sp
 It also sets what will appear in browse lists next to the machine name\&.
@@ -8668 +9222 @@
 .sp
 Default:
-\fI\fIserver string\fR\fR\fI = \fR\fISamba %v\fR\fI \fR
-.sp
-Example:
-\fI\fIserver string\fR\fR\fI = \fR\fIUniversity of GNUs Samba Server\fR\fI \fR
+\fI\fIserver string\fR\fR\fI = \fR\fI\FCSamba %v\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIserver string\fR\fR\fI = \fR\fI\FCUniversity of GNUs Samba Server\F[]\fR\fI \fR
 .RE
 
@@ -8679 +9233 @@
 .RS 4
 If
-set directory = no, then users of the service may not use the setdir command to change directory\&.
+\FCset directory = no\F[], then users of the service may not use the setdir command to change directory\&.
 .sp
 The
-setdir
+\FCsetdir\F[]
 command is only implemented in the Digital Pathworks client\&. See the Pathworks documentation for details\&.
 .sp
 Default:
-\fI\fIset directory\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIset directory\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -8694 +9248 @@
 .RS 4
 Thanks to the Posix subsystem in NT a Windows User has a primary group in addition to the auxiliary groups\&. This script sets the primary group in the unix userdatase when an administrator sets the primary group from the windows user manager or when fetching a SAM with
-net rpc vampire\&.
+\FCnet rpc vampire\F[]\&.
 \fI%u\fR
 will be replaced with the user whose primary group is to be set\&.
@@ -8701 +9255 @@
 .sp
 Default:
-\fI\fIset primary group script\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIset primary group script\fR\fR\fI = \fR\fI/usr/sbin/usermod \-g \'%g\' \'%u\'\fR\fI \fR
+\fI\fIset primary group script\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIset primary group script\fR\fR\fI = \fR\fI\FC/usr/sbin/usermod \-g \'%g\' \'%u\'\F[]\fR\fI \fR
 .RE
 
@@ -8712 +9266 @@
 .RS 4
 The
-set quota command
+\FCset quota command\F[]
 should only be used whenever there is no operating system API available from the OS that samba can use\&.
 .sp
 This option is only available if Samba was configured with the argument
-\-\-with\-sys\-quotas
+\FC\-\-with\-sys\-quotas\F[]
 or on linux when
-\&./configure \-\-with\-quotas
+\FC\&./configure \-\-with\-quotas\F[]
 was used and a working quota api was found in the system\&. Most packages are configured with these options already\&.
 .sp
@@ -8861 +9415 @@
 .sp
 Default:
-\fI\fIset quota command\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIset quota command\fR\fR\fI = \fR\fI/usr/local/sbin/set_quota\fR\fI \fR
+\fI\fIset quota command\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIset quota command\fR\fR\fI = \fR\fI\FC/usr/local/sbin/set_quota\F[]\fR\fI \fR
 .RE
 
@@ -8876 +9430 @@
 .sp
 Default:
-\fI\fIshare:fake_fscaps\fR\fR\fI = \fR\fI0\fR\fI \fR
+\fI\fIshare:fake_fscaps\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
 .RE
 
@@ -8900 +9454 @@
 .sp
 Default:
-\fI\fIshare modes\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIshare modes\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -8916 +9470 @@
 .sp
 Default:
-\fI\fIshort preserve case\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIshort preserve case\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -8936 +9490 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -8946 +9501 @@
 This does not prevent the same user from having administrative privilege on an individual printer\&.
 .sp .5v
-.RE
-Default:
-\fI\fIshow add printer wizard\fR\fR\fI = \fR\fIyes\fR\fI \fR
+.EM yellow
+.RE
+Default:
+\fI\fIshow add printer wizard\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -9019 +9575 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 #!/bin/bash
 
@@ -9028 +9592 @@
 /sbin/shutdown $3 $4 +$time $1 &
 
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -9036 +9606 @@
 .sp
 Default:
-\fI\fIshutdown script\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIshutdown script\fR\fR\fI = \fR\fI/usr/local/samba/sbin/shutdown %m %t %r %f\fR\fI \fR
+\fI\fIshutdown script\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIshutdown script\fR\fR\fI = \fR\fI\FC/usr/local/samba/sbin/shutdown %m %t %r %f\F[]\fR\fI \fR
 .RE
 
@@ -9063 +9633 @@
 .sp
 Default:
-\fI\fIsmb encrypt\fR\fR\fI = \fR\fIauto\fR\fI \fR
+\fI\fIsmb encrypt\fR\fR\fI = \fR\fI\FCauto\F[]\fR\fI \fR
 .RE
 
@@ -9077 +9647 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 smb passwd file = /etc/samba/smbpasswd
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -9085 +9669 @@
 .sp
 Default:
-\fI\fIsmb passwd file\fR\fR\fI = \fR\fI${prefix}/private/smbpasswd\fR\fI \fR
+\fI\fIsmb passwd file\fR\fR\fI = \fR\fI\FC${prefix}/private/smbpasswd\F[]\fR\fI \fR
 .RE
 
@@ -9095 +9679 @@
 .sp
 Default:
-\fI\fIsmb ports\fR\fR\fI = \fR\fI445 139\fR\fI \fR
+\fI\fIsmb ports\fR\fR\fI = \fR\fI\FC445 139\F[]\fR\fI \fR
 .RE
 
@@ -9109 +9693 @@
 .sp
 Default:
-\fI\fIsocket address\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIsocket address\fR\fR\fI = \fR\fI192\&.168\&.2\&.20\fR\fI \fR
+\fI\fIsocket address\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIsocket address\fR\fR\fI = \fR\fI\FC192\&.168\&.2\&.20\F[]\fR\fI \fR
 .RE
 
@@ -9124 +9708 @@
 .sp
 This option will typically be used to tune your Samba server for optimal performance for your local network\&. There is no way that Samba can know what the optimal parameters are for your net, so you must experiment and choose them yourself\&. We strongly suggest you read the appropriate documentation for your operating system first (perhaps
-man setsockopt
+\FCman setsockopt\F[]
 will help)\&.
 .sp
@@ -9249 +9833 @@
 .sp
 To specify an argument use the syntax SOME_OPTION = VALUE for example
-SO_SNDBUF = 8192\&. Note that you must not have any spaces before or after the = sign\&.
+\FCSO_SNDBUF = 8192\F[]\&. Note that you must not have any spaces before or after the = sign\&.
 .sp
 If you are on a local network then a sensible option might be:
 .sp
-socket options = IPTOS_LOWDELAY
+\FCsocket options = IPTOS_LOWDELAY\F[]
 .sp
 If you have a local network then you could try:
 .sp
-socket options = IPTOS_LOWDELAY TCP_NODELAY
+\FCsocket options = IPTOS_LOWDELAY TCP_NODELAY\F[]
 .sp
 If you are on a wide area network then perhaps try setting IPTOS_THROUGHPUT\&.
@@ -9264 +9848 @@
 .sp
 Default:
-\fI\fIsocket options\fR\fR\fI = \fR\fITCP_NODELAY\fR\fI \fR
-.sp
-Example:
-\fI\fIsocket options\fR\fR\fI = \fR\fIIPTOS_LOWDELAY\fR\fI \fR
+\fI\fIsocket options\fR\fR\fI = \fR\fI\FCTCP_NODELAY\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIsocket options\fR\fR\fI = \fR\fI\FCIPTOS_LOWDELAY\F[]\fR\fI \fR
 .RE
 
@@ -9279 +9863 @@
 .sp
 Default:
-\fI\fIstat cache\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIstat cache\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -9296 +9880 @@
 .sp
 Default:
-\fI\fIstate directory\fR\fR\fI = \fR\fI${prefix}/var/locks\fR\fI \fR
-.sp
-Example:
-\fI\fIstate directory\fR\fR\fI = \fR\fI/var/run/samba/locks/state\fR\fI \fR
+\fI\fIstate directory\fR\fR\fI = \fR\fI\FC${prefix}/var/locks\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIstate directory\fR\fR\fI = \fR\fI\FC/var/run/samba/locks/state\F[]\fR\fI \fR
 .RE
 
@@ -9318 +9902 @@
 .sp
 Default:
-\fI\fIstore dos attributes\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIstore dos attributes\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -9334 +9918 @@
 .sp
 Default:
-\fI\fIstrict allocate\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIstrict allocate\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -9349 +9933 @@
 .sp
 Well\-behaved clients always ask for lock checks when it is important\&. So in the vast majority of cases,
-strict locking = Auto
+\FCstrict locking = Auto\F[]
 or
-strict locking = no
+\FCstrict locking = no\F[]
 is acceptable\&.
 .sp
 Default:
-\fI\fIstrict locking\fR\fR\fI = \fR\fIAuto\fR\fI \fR
+\fI\fIstrict locking\fR\fR\fI = \fR\fI\FCAuto\F[]\fR\fI \fR
 .RE
 
@@ -9369 +9953 @@
 .sp
 Default:
-\fI\fIstrict sync\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIstrict sync\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -9379 +9963 @@
 .sp
 The administrator must create a directory name
-svcctl
+\FCsvcctl\F[]
 in Samba\'s $(libdir) and create symbolic links to the init scripts in
-/etc/init\&.d/\&. The name of the links must match the names given as part of the
+\FC/etc/init\&.d/\F[]\&. The name of the links must match the names given as part of the
 \fIsvcctl list\fR\&.
 .sp
 Default:
-\fI\fIsvcctl list\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIsvcctl list\fR\fR\fI = \fR\fIcups postfix portmap httpd\fR\fI \fR
+\fI\fIsvcctl list\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIsvcctl list\fR\fR\fI = \fR\fI\FCcups postfix portmap httpd\F[]\fR\fI \fR
 .RE
 
@@ -9400 +9984 @@
 \fByes\fR
 then every write will be followed by a
-fsync()
+\FCfsync() \F[]
 call to ensure the data is written to disk\&. Note that the
 \fIstrict sync\fR
@@ -9408 +9992 @@
 .sp
 Default:
-\fI\fIsync always\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIsync always\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -9420 +10004 @@
 .sp
 Default:
-\fI\fIsyslog only\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIsyslog only\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -9438 +10022 @@
 .sp
 Default:
-\fI\fIsyslog\fR\fR\fI = \fR\fI1\fR\fI \fR
+\fI\fIsyslog\fR\fR\fI = \fR\fI\FC1\F[]\fR\fI \fR
 .RE
 
@@ -9454 +10038 @@
 .sp
 Default:
-\fI\fItemplate homedir\fR\fR\fI = \fR\fI/home/%D/%U\fR\fI \fR
+\fI\fItemplate homedir\fR\fR\fI = \fR\fI\FC/home/%D/%U\F[]\fR\fI \fR
 .RE
 
@@ -9475 +10059 @@
 .sp
 Default:
-\fI\fItime offset\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fItime offset\fR\fR\fI = \fR\fI60\fR\fI \fR
+\fI\fItime offset\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fItime offset\fR\fR\fI = \fR\fI\FC60\F[]\fR\fI \fR
 .RE
 
@@ -9490 +10074 @@
 .sp
 Default:
-\fI\fItime server\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fItime server\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -9502 +10086 @@
 .sp
 Default:
-\fI\fIunix charset\fR\fR\fI = \fR\fIUTF8\fR\fI \fR
-.sp
-Example:
-\fI\fIunix charset\fR\fR\fI = \fR\fIASCII\fR\fI \fR
+\fI\fIunix charset\fR\fR\fI = \fR\fI\FCUTF8\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIunix charset\fR\fR\fI = \fR\fI\FCASCII\F[]\fR\fI \fR
 .RE
 
@@ -9519 +10103 @@
 .sp
 Default:
-\fI\fIunix extensions\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIunix extensions\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -9535 +10119 @@
 .sp
 Default:
-\fI\fIunix password sync\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIunix password sync\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -9556 +10140 @@
 .sp
 Note that even when this parameter is set, a user authenticating to
-smbd
+\FCsmbd\F[]
 must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd) passwords\&.
 .sp
 Default:
-\fI\fIupdate encrypted\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIupdate encrypted\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -9568 +10152 @@
 .RS 4
 This parameter applies only to Windows NT/2000 clients\&. It has no effect on Windows 95/98/ME clients\&. When serving a printer to Windows NT/2000 clients without first installing a valid printer driver on the Samba host, the client will be required to install a local printer driver\&. From this point on, the client will treat the print as a local printer and not a network printer connection\&. This is much the same behavior that will occur when
-disable spoolss = yes\&.
+\FCdisable spoolss = yes\F[]\&.
 .sp
 The differentiating factor is that under normal circumstances, the NT/2000 client will attempt to open the network printer using MS\-RPC\&. The problem is that because the client considers the printer to be local, it will attempt to issue the OpenPrinterEx() call requesting access rights associated with the logged on user\&. If the user possesses local administator rights but not root privilege on the Samba host (often the case), the OpenPrinterEx() call will fail\&. The result is that the client will now display an "Access Denied; Unable to connect" message in the printer queue window (even though jobs may successfully be printed)\&.
@@ -9576 +10160 @@
 .sp
 Default:
-\fI\fIuse client driver\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIuse client driver\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -9588 +10172 @@
 .sp
 Default:
-\fI\fIuse mmap\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIuse mmap\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -9603 +10187 @@
 .sp
 Default:
-\fI\fIusername level\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fIusername level\fR\fR\fI = \fR\fI5\fR\fI \fR
+\fI\fIusername level\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIusername level\fR\fR\fI = \fR\fI\FC5\F[]\fR\fI \fR
 .RE
 
@@ -9618 +10202 @@
 .sp
 Default:
-\fI\fIusername map script\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIusername map script\fR\fR\fI = \fR\fI/etc/samba/scripts/mapusers\&.sh\fR\fI \fR
+\fI\fIusername map script\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIusername map script\fR\fR\fI = \fR\fI\FC/etc/samba/scripts/mapusers\&.sh\F[]\fR\fI \fR
 .RE
 
@@ -9631 +10215 @@
 .sp
 Please note that for user or share mode security, the username map is applied prior to validating the user credentials\&. Domain member servers (domain or ads) apply the username map after the user has been successfully authenticated by the domain controller and require fully qualified enties in the map table (e\&.g\&. biddle =
-DOMAIN\efoo)\&.
+\FCDOMAIN\efoo\F[])\&.
 .sp
 The map file is parsed line by line\&. Each line should contain a single UNIX username on the left then a \'=\' followed by a list of usernames on the right\&. The list of usernames on the right may contain names of the form @group in which case they will match any UNIX username in that group\&. The special client name \'*\' is a wildcard and matches any name\&. Each line of the map file may be up to 1023 characters long\&.
@@ -9652 +10236 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
-root = admin administrator
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
+\FCroot = admin administrator\F[]
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -9668 +10266 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
-sys = @system
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
+\FCsys = @system\F[]
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -9678 +10290 @@
 .sp
 If your system supports the NIS NETGROUP option then the netgroup database is checked before the
-/etc/group
+\FC/etc/group \F[]
 database for matching groups\&.
 .sp
@@ -9686 +10298 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
-tridge = "Andrew Tridgell"
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
+\FCtridge = "Andrew Tridgell"\F[]
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -9700 +10326 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 !sys = mary fred
 guest = *
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -9722 +10362 @@
 .sp
 Samba versions prior to 3\&.0\&.8 would only support reading the fully qualified username (e\&.g\&.:
-DOMAIN\euser) from the username map when performing a kerberos login from a client\&. However, when looking up a map entry for a user authenticated by NTLM[SSP], only the login name would be used for matches\&. This resulted in inconsistent behavior sometimes even on the same server\&.
+\FCDOMAIN\euser\F[]) from the username map when performing a kerberos login from a client\&. However, when looking up a map entry for a user authenticated by NTLM[SSP], only the login name would be used for matches\&. This resulted in inconsistent behavior sometimes even on the same server\&.
 .sp
 The following functionality is obeyed in version 3\&.0\&.8 and later:
@@ -9729 +10369 @@
 .sp
 When relying upon a external domain controller for validating authentication requests, smbd will apply the username map to the fully qualified username (i\&.e\&.
-DOMAIN\euser) only after the user has been successfully authenticated\&.
+\FCDOMAIN\euser\F[]) only after the user has been successfully authenticated\&.
 .sp
 An example of use is:
@@ -9736 +10376 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 username map = /usr/local/samba/lib/users\&.map
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -9744 +10398 @@
 .sp
 Default:
-\fI\fIusername map\fR\fR\fI = \fR\fI # no username map\fR\fI \fR
+\fI\fIusername map\fR\fR\fI = \fR\fI\FC # no username map\F[]\fR\fI \fR
 .RE
 
@@ -9798 +10452 @@
 .sp
 Default:
-\fI\fIusername\fR\fR\fI = \fR\fI # The guest account if a guest service, else <empty string>\&.\fR\fI \fR
-.sp
-Example:
-\fI\fIusername\fR\fR\fI = \fR\fIfred, mary, jack, jane, @users, @pcgroup\fR\fI \fR
+\fI\fIusername\fR\fR\fI = \fR\fI\FC # The guest account if a guest service, else <empty string>\&.\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIusername\fR\fR\fI = \fR\fI\FCfred, mary, jack, jane, @users, @pcgroup\F[]\fR\fI \fR
 .RE
 
@@ -9813 +10467 @@
 .sp
 Default:
-\fI\fIusershare allow guests\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIusershare allow guests\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -9823 +10477 @@
 .sp
 Default:
-\fI\fIusershare max shares\fR\fR\fI = \fR\fI0\fR\fI \fR
+\fI\fIusershare max shares\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
 .RE
 
@@ -9833 +10487 @@
 .sp
 Default:
-\fI\fIusershare owner only\fR\fR\fI = \fR\fITrue\fR\fI \fR
+\fI\fIusershare owner only\fR\fR\fI = \fR\fI\FCTrue\F[]\fR\fI \fR
 .RE
 
@@ -9849 +10503 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
         ls \-ld /usr/local/samba/lib/usershares/
         drwxrwx\-\-T  2 root power_users 4096 2006\-05\-05 12:27 /usr/local/samba/lib/usershares/
         
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -9861 +10529 @@
 .sp
 Default:
-\fI\fIusershare path\fR\fR\fI = \fR\fINULL\fR\fI \fR
+\fI\fIusershare path\fR\fR\fI = \fR\fI\FCNULL\F[]\fR\fI \fR
 .RE
 
@@ -9873 +10541 @@
 .sp
 Default:
-\fI\fIusershare prefix allow list\fR\fR\fI = \fR\fINULL\fR\fI \fR
-.sp
-Example:
-\fI\fIusershare prefix allow list\fR\fR\fI = \fR\fI/home /data /space\fR\fI \fR
+\fI\fIusershare prefix allow list\fR\fR\fI = \fR\fI\FCNULL\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIusershare prefix allow list\fR\fR\fI = \fR\fI\FC/home /data /space\F[]\fR\fI \fR
 .RE
 
@@ -9888 +10556 @@
 .sp
 Default:
-\fI\fIusershare prefix deny list\fR\fR\fI = \fR\fINULL\fR\fI \fR
-.sp
-Example:
-\fI\fIusershare prefix deny list\fR\fR\fI = \fR\fI/etc /dev /private\fR\fI \fR
+\fI\fIusershare prefix deny list\fR\fR\fI = \fR\fI\FCNULL\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIusershare prefix deny list\fR\fR\fI = \fR\fI\FC/etc /dev /private\F[]\fR\fI \fR
 .RE
 
@@ -9903 +10571 @@
 .sp
 Default:
-\fI\fIusershare template share\fR\fR\fI = \fR\fINULL\fR\fI \fR
-.sp
-Example:
-\fI\fIusershare template share\fR\fR\fI = \fR\fItemplate_share\fR\fI \fR
+\fI\fIusershare template share\fR\fR\fI = \fR\fI\FCNULL\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIusershare template share\fR\fR\fI = \fR\fI\FCtemplate_share\F[]\fR\fI \fR
 .RE
 
@@ -9919 +10587 @@
 .sp
 Default:
-\fI\fIuse sendfile\fR\fR\fI = \fR\fIfalse\fR\fI \fR
+\fI\fIuse sendfile\fR\fR\fI = \fR\fI\FCfalse\F[]\fR\fI \fR
 .RE
 
@@ -9931 +10599 @@
 .sp
 Default:
-\fI\fIuse spnego\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIuse spnego\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -9939 +10607 @@
 .RS 4
 This parameter is only available if Samba has been configured and compiled with the option
-\-\-with\-utmp\&. It specifies a directory pathname that is used to store the utmp or utmpx files (depending on the UNIX system) that record user connections to a Samba server\&. By default this is not set, meaning the system will use whatever utmp file the native system is set to use (usually
-/var/run/utmp
+\FC \-\-with\-utmp\F[]\&. It specifies a directory pathname that is used to store the utmp or utmpx files (depending on the UNIX system) that record user connections to a Samba server\&. By default this is not set, meaning the system will use whatever utmp file the native system is set to use (usually
+\FC/var/run/utmp\F[]
 on Linux)\&.
 .sp
 Default:
-\fI\fIutmp directory\fR\fR\fI = \fR\fI # Determined automatically\fR\fI \fR
-.sp
-Example:
-\fI\fIutmp directory\fR\fR\fI = \fR\fI/var/run/utmp\fR\fI \fR
+\fI\fIutmp directory\fR\fR\fI = \fR\fI\FC # Determined automatically\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIutmp directory\fR\fR\fI = \fR\fI\FC/var/run/utmp\F[]\fR\fI \fR
 .RE
 
@@ -9955 +10623 @@
 .RS 4
 This boolean parameter is only available if Samba has been configured and compiled with the option
-\-\-with\-utmp\&. If set to
+\FC\-\-with\-utmp\F[]\&. If set to
 \fByes\fR
 then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server\&. Sites may use this to record the user connecting to a Samba share\&.
@@ -9962 +10630 @@
 .sp
 Default:
-\fI\fIutmp\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIutmp\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -9981 +10649 @@
 .sp
 Default:
-\fI\fIvalid users\fR\fR\fI = \fR\fI # No valid users list (anyone can login) \fR\fI \fR
-.sp
-Example:
-\fI\fIvalid users\fR\fR\fI = \fR\fIgreg, @pcusers\fR\fI \fR
+\fI\fIvalid users\fR\fR\fI = \fR\fI\FC # No valid users list (anyone can login) \F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIvalid users\fR\fR\fI = \fR\fI\FCgreg, @pcusers\F[]\fR\fI \fR
 .RE
 
@@ -9996 +10664 @@
 .sp
 Default:
-\fI\fI\-valid\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fI\-valid\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -10027 +10695 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 ; Veto any files containing the word Security,
 ; any ending in \&.tmp, and any directory containing the
@@ -10036 +10712 @@
 ; creates\&.
 veto files = /\&.AppleDouble/\&.bin/\&.AppleDesktop/Network Trash Folder/
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -10042 +10724 @@
 .sp
 Default:
-\fI\fIveto files\fR\fR\fI = \fR\fINo files or directories are vetoed\&.\fR\fI \fR
+\fI\fIveto files\fR\fR\fI = \fR\fI\FCNo files or directories are vetoed\&.\F[]\fR\fI \fR
 .RE
 
@@ -10056 +10738 @@
 .sp
 You might want to do this on files that you know will be heavily contended for by clients\&. A good example of this is in the NetBench SMB benchmark program, which causes heavy client contention for files ending in
-\&.SEM\&. To cause Samba not to grant oplocks on these files you would use the line (either in the [global] section or in the section for the particular NetBench share\&.
+\FC\&.SEM\F[]\&. To cause Samba not to grant oplocks on these files you would use the line (either in the [global] section or in the section for the particular NetBench share\&.
 .sp
 An example of use is:
@@ -10063 +10745 @@
 .RS 4
 .\}
+.fam C
+.ps -1
 .nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+
 veto oplock files = /\&.*SEM/
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
 .fi
+.fam
+.ps +1
 .if n \{\
 .RE
@@ -10071 +10767 @@
 .sp
 Default:
-\fI\fIveto oplock files\fR\fR\fI = \fR\fI # No files are vetoed for oplock grants\fR\fI \fR
+\fI\fIveto oplock files\fR\fR\fI = \fR\fI\FC # No files are vetoed for oplock grants\F[]\fR\fI \fR
 .RE
 
@@ -10089 +10785 @@
 .sp
 Default:
-\fI\fIvfs objects\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIvfs objects\fR\fR\fI = \fR\fIextd_audit recycle\fR\fI \fR
+\fI\fIvfs objects\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIvfs objects\fR\fR\fI = \fR\fI\FCextd_audit recycle\F[]\fR\fI \fR
 .RE
 
@@ -10102 +10798 @@
 .sp
 Default:
-\fI\fIvolume\fR\fR\fI = \fR\fI # the name of the share\fR\fI \fR
+\fI\fIvolume\fR\fR\fI = \fR\fI\FC # the name of the share\F[]\fR\fI \fR
 .RE
 
@@ -10116 +10812 @@
 .sp
 Default:
-\fI\fIwide links\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIwide links\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -10132 +10828 @@
 .sp
 Default:
-\fI\fIwinbind cache time\fR\fR\fI = \fR\fI300\fR\fI \fR
+\fI\fIwinbind cache time\fR\fR\fI = \fR\fI\FC300\F[]\fR\fI \fR
 .RE
 
@@ -10142 +10838 @@
 \fBwinbindd\fR(8)
 it may be necessary to suppress the enumeration of groups through the
-setgrent(),
-getgrent()
+\FCsetgrent()\F[],
+\FCgetgrent()\F[]
 and
-endgrent()
+\FCendgrent()\F[]
 group of system calls\&. If the
 \fIwinbind enum groups\fR
 parameter is
 \fBno\fR, calls to the
-getgrent()
+\FCgetgrent()\F[]
 system call will not return any data\&.
 .if n \{\
@@ -10156 +10852 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -10166 +10863 @@
 Turning off group enumeration may cause some programs to behave oddly\&.
 .sp .5v
-.RE
-Default:
-\fI\fIwinbind enum groups\fR\fR\fI = \fR\fIno\fR\fI \fR
+.EM yellow
+.RE
+Default:
+\fI\fIwinbind enum groups\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -10178 +10876 @@
 \fBwinbindd\fR(8)
 it may be necessary to suppress the enumeration of users through the
-setpwent(),
-getpwent()
+\FCsetpwent()\F[],
+\FCgetpwent()\F[]
 and
-endpwent()
+\FCendpwent()\F[]
 group of system calls\&. If the
 \fIwinbind enum users\fR
 parameter is
 \fBno\fR, calls to the
-getpwent
+\FCgetpwent\F[]
 system call will not return any data\&.
 .if n \{\
@@ -10192 +10890 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -10202 +10901 @@
 Turning off user enumeration may cause some programs to behave oddly\&. For example, the finger program relies on having access to the full user list when searching for matching usernames\&.
 .sp .5v
-.RE
-Default:
-\fI\fIwinbind enum users\fR\fR\fI = \fR\fIno\fR\fI \fR
+.EM yellow
+.RE
+Default:
+\fI\fIwinbind enum users\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -10218 +10918 @@
 .sp
 Default:
-\fI\fIwinbind expand groups\fR\fR\fI = \fR\fI1\fR\fI \fR
+\fI\fIwinbind expand groups\fR\fR\fI = \fR\fI\FC1\F[]\fR\fI \fR
 .RE
 
@@ -10228 +10928 @@
 .sp
 Default:
-\fI\fIwinbind nested groups\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIwinbind nested groups\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -10240 +10940 @@
 .sp
 Default:
-\fI\fIwinbind normalize names\fR\fR\fI = \fR\fIno\fR\fI \fR
-.sp
-Example:
-\fI\fIwinbind normalize names\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIwinbind normalize names\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIwinbind normalize names\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -10285 +10985 @@
 .sp
 Default:
-\fI\fIwinbind nss info\fR\fR\fI = \fR\fItemplate\fR\fI \fR
-.sp
-Example:
-\fI\fIwinbind nss info\fR\fR\fI = \fR\fItemplate sfu\fR\fI \fR
+\fI\fIwinbind nss info\fR\fR\fI = \fR\fI\FCtemplate\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIwinbind nss info\fR\fR\fI = \fR\fI\FCtemplate sfu\F[]\fR\fI \fR
 .RE
 
@@ -10300 +11000 @@
 .sp
 Default:
-\fI\fIwinbind offline logon\fR\fR\fI = \fR\fIfalse\fR\fI \fR
-.sp
-Example:
-\fI\fIwinbind offline logon\fR\fR\fI = \fR\fItrue\fR\fI \fR
+\fI\fIwinbind offline logon\fR\fR\fI = \fR\fI\FCfalse\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIwinbind offline logon\fR\fR\fI = \fR\fI\FCtrue\F[]\fR\fI \fR
 .RE
 
@@ -10315 +11015 @@
 .sp
 Default:
-\fI\fIwinbind reconnect delay\fR\fR\fI = \fR\fI30\fR\fI \fR
+\fI\fIwinbind reconnect delay\fR\fR\fI = \fR\fI\FC30\F[]\fR\fI \fR
 .RE
 
@@ -10327 +11027 @@
 .sp
 Default:
-\fI\fIwinbind refresh tickets\fR\fR\fI = \fR\fIfalse\fR\fI \fR
-.sp
-Example:
-\fI\fIwinbind refresh tickets\fR\fR\fI = \fR\fItrue\fR\fI \fR
+\fI\fIwinbind refresh tickets\fR\fR\fI = \fR\fI\FCfalse\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIwinbind refresh tickets\fR\fR\fI = \fR\fI\FCtrue\F[]\fR\fI \fR
 .RE
 
@@ -10338 +11038 @@
 .RS 4
 Setting this parameter to
-yes
+\FCyes\F[]
 forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers\&.
 .sp
 Default:
-\fI\fIwinbind rpc only\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIwinbind rpc only\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -10351 +11051 @@
 This parameter allows an admin to define the character used when listing a username of the form of
 \fIDOMAIN \fR\e\fIuser\fR\&. This parameter is only applicable when using the
-pam_winbind\&.so
+\FCpam_winbind\&.so\F[]
 and
-nss_winbind\&.so
+\FCnss_winbind\&.so\F[]
 modules for UNIX services\&.
 .sp
@@ -10359 +11059 @@
 .sp
 Default:
-\fI\fIwinbind separator\fR\fR\fI = \fR\fI\'\e\'\fR\fI \fR
-.sp
-Example:
-\fI\fIwinbind separator\fR\fR\fI = \fR\fI+\fR\fI \fR
+\fI\fIwinbind separator\fR\fR\fI = \fR\fI\FC\'\e\'\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIwinbind separator\fR\fR\fI = \fR\fI\FC+\F[]\fR\fI \fR
 .RE
 
@@ -10370 +11070 @@
 .RS 4
 This parameter is designed to allow Samba servers that are members of a Samba controlled domain to use UNIX accounts distributed via NIS, rsync, or LDAP as the uid\'s for winbindd users in the hosts primary domain\&. Therefore, the user
-DOMAIN\euser1
+\FCDOMAIN\euser1\F[]
 would be mapped to the account user1 in /etc/passwd instead of allocating a new uid for him or her\&.
 .sp
@@ -10378 +11078 @@
 .sp
 Default:
-\fI\fIwinbind trusted domains only\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIwinbind trusted domains only\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -10390 +11090 @@
 .sp
 Default:
-\fI\fIwinbind use default domain\fR\fR\fI = \fR\fIno\fR\fI \fR
-.sp
-Example:
-\fI\fIwinbind use default domain\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIwinbind use default domain\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIwinbind use default domain\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -10404 +11104 @@
 The wins hook parameter specifies the name of a script or executable that will be called as follows:
 .sp
-wins_hook operation name nametype ttl IP_list
+\FCwins_hook operation name nametype ttl IP_list\F[]
 .sp
 .RS 4
@@ -10462 +11162 @@
 .RE
 An example script that calls the BIND dynamic DNS update program
-nsupdate
+\FCnsupdate\F[]
 is provided in the examples directory of the Samba source code\&.
 .sp
@@ -10479 +11179 @@
 .sp
 Default:
-\fI\fIwins proxy\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIwins proxy\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -10497 +11197 @@
 .\}
 .RS 4
+.BM yellow
 .it 1 an-trap
 .nr an-no-space-flag 1
@@ -10507 +11208 @@
 You need to set up Samba to point to a WINS server if you have multiple subnets and wish cross\-subnet browsing to work correctly\&.
 .sp .5v
+.EM yellow
 .RE
 See the chapter in the Samba3\-HOWTO on Network Browsing\&.
 .sp
 Default:
-\fI\fIwins server\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIwins server\fR\fR\fI = \fR\fImary:192\&.9\&.200\&.1 fred:192\&.168\&.3\&.199 mary:192\&.168\&.2\&.61 # For this example when querying a certain name, 192\&.19\&.200\&.1 will be asked first and if that doesn\'t respond 192\&.168\&.2\&.61\&. If either of those doesn\'t know the name 192\&.168\&.3\&.199 will be queried\&.\fR\fI \fR
-.sp
-Example:
-\fI\fIwins server\fR\fR\fI = \fR\fI192\&.9\&.200\&.1 192\&.168\&.2\&.61\fR\fI \fR
+\fI\fIwins server\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIwins server\fR\fR\fI = \fR\fI\FCmary:192\&.9\&.200\&.1 fred:192\&.168\&.3\&.199 mary:192\&.168\&.2\&.61 # For this example when querying a certain name, 192\&.19\&.200\&.1 will be asked first and if that doesn\'t respond 192\&.168\&.2\&.61\&. If either of those doesn\'t know the name 192\&.168\&.3\&.199 will be queried\&.\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIwins server\fR\fR\fI = \fR\fI\FC192\&.9\&.200\&.1 192\&.168\&.2\&.61\F[]\fR\fI \fR
 .RE
 
@@ -10529 +11231 @@
 \fByes\fR
 unless you have a multi\-subnetted network and you wish a particular
-nmbd
+\FCnmbd\F[]
 to be your WINS server\&. Note that you should
 \fINEVER\fR
@@ -10537 +11239 @@
 .sp
 Default:
-\fI\fIwins support\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIwins support\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -10549 +11251 @@
 .sp
 Default:
-\fI\fIworkgroup\fR\fR\fI = \fR\fIWORKGROUP\fR\fI \fR
-.sp
-Example:
-\fI\fIworkgroup\fR\fR\fI = \fR\fIMYGROUP\fR\fI \fR
+\fI\fIworkgroup\fR\fR\fI = \fR\fI\FCWORKGROUP\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIworkgroup\fR\fR\fI = \fR\fI\FCMYGROUP\F[]\fR\fI \fR
 .RE
 
@@ -10571 +11273 @@
 .sp
 Default:
-\fI\fIwriteable\fR\fR\fI = \fR\fIno\fR\fI \fR
+\fI\fIwriteable\fR\fR\fI = \fR\fI\FCno\F[]\fR\fI \fR
 .RE
 
@@ -10587 +11289 @@
 .sp
 Default:
-\fI\fIwrite cache size\fR\fR\fI = \fR\fI0\fR\fI \fR
-.sp
-Example:
-\fI\fIwrite cache size\fR\fR\fI = \fR\fI262144 # for a 256k cache size per file\fR\fI \fR
+\fI\fIwrite cache size\fR\fR\fI = \fR\fI\FC0\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIwrite cache size\fR\fR\fI = \fR\fI\FC262144 # for a 256k cache size per file\F[]\fR\fI \fR
 .RE
 
@@ -10608 +11310 @@
 .sp
 Default:
-\fI\fIwrite list\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIwrite list\fR\fR\fI = \fR\fIadmin, root, @staff\fR\fI \fR
+\fI\fIwrite list\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIwrite list\fR\fR\fI = \fR\fI\FCadmin, root, @staff\F[]\fR\fI \fR
 .RE
 
@@ -10621 +11323 @@
 .sp
 Default:
-\fI\fIwrite raw\fR\fR\fI = \fR\fIyes\fR\fI \fR
+\fI\fIwrite raw\fR\fR\fI = \fR\fI\FCyes\F[]\fR\fI \fR
 .RE
 
@@ -10629 +11331 @@
 .RS 4
 This parameter is only available if Samba has been configured and compiled with the option
-\-\-with\-utmp\&. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on the UNIX system) that record user connections to a Samba server\&. The difference with the utmp directory is the fact that user info is kept after a user has logged out\&.
+\FC \-\-with\-utmp\F[]\&. It specifies a directory pathname that is used to store the wtmp or wtmpx files (depending on the UNIX system) that record user connections to a Samba server\&. The difference with the utmp directory is the fact that user info is kept after a user has logged out\&.
 .sp
 By default this is not set, meaning the system will use whatever utmp file the native system is set to use (usually
-/var/run/wtmp
+\FC/var/run/wtmp\F[]
 on Linux)\&.
 .sp
 Default:
-\fI\fIwtmp directory\fR\fR\fI = \fR\fI\fR\fI \fR
-.sp
-Example:
-\fI\fIwtmp directory\fR\fR\fI = \fR\fI/var/log/wtmp\fR\fI \fR
+\fI\fIwtmp directory\fR\fR\fI = \fR\fI\FC\F[]\fR\fI \fR
+.sp
+Example:
+\fI\fIwtmp directory\fR\fR\fI = \fR\fI\FC/var/log/wtmp\F[]\fR\fI \fR
 .RE
 .SH "WARNINGS"
@@ -10650 +11352 @@
 .PP
 Use of the
-[homes]
+\FC[homes]\F[]
 and
-[printers]
+\FC[printers]\F[]
 special sections make life for an administrator easy, but the various combinations of default attributes can be tricky\&. Take extreme care when designing these sections\&. In particular, ensure that the permissions on spool directories are correct\&.
 .SH "VERSION"