Changeset 740 for vendor/current/docs-xml

Timestamp:

Nov 14, 2012, 12:59:34 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to 3.6.0

Location:

vendor/current/docs-xml

Files:

• Samba3-HOWTO/TOSHARG-AccessControls.xml (modified) (4 diffs)
• Samba3-HOWTO/TOSHARG-Printing.xml (modified) (4 diffs)
• Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml (modified) (1 diff)
• Samba3-HOWTO/TOSHARG-Winbind.xml (modified) (7 diffs)
• Samba3-HOWTO/manpages.xml (modified) (2 diffs)
• build/catalog.xml.in (modified) (1 diff)
• manpages-3/cifs.upcall.8.xml (deleted)
• manpages-3/eventlogadm.8.xml (modified) (5 diffs)
• manpages-3/findsmb.1.xml (modified) (1 diff)
• manpages-3/idmap_ad.8.xml (modified) (3 diffs)
• manpages-3/idmap_adex.8.xml (modified) (2 diffs)
• manpages-3/idmap_autorid.8.xml (added)
• manpages-3/idmap_hash.8.xml (modified) (2 diffs)
• manpages-3/idmap_ldap.8.xml (modified) (7 diffs)
• manpages-3/idmap_nss.8.xml (modified) (2 diffs)
• manpages-3/idmap_rid.8.xml (modified) (3 diffs)
• manpages-3/idmap_tdb.8.xml (modified) (4 diffs)
• manpages-3/idmap_tdb2.8.xml (modified) (6 diffs)
• manpages-3/ldb.3.xml (deleted)
• manpages-3/ldbadd.1.xml (deleted)
• manpages-3/ldbdel.1.xml (deleted)
• manpages-3/ldbedit.1.xml (deleted)
• manpages-3/ldbmodify.1.xml (deleted)
• manpages-3/ldbrename.1.xml (deleted)
• manpages-3/ldbsearch.1.xml (deleted)
• manpages-3/libsmbclient.7.xml (modified) (1 diff)
• manpages-3/lmhosts.5.xml (modified) (1 diff)
• manpages-3/log2pcap.1.xml (modified) (1 diff)
• manpages-3/mount.cifs.8.xml (deleted)
• manpages-3/net.8.xml (modified) (5 diffs)
• manpages-3/nmbd.8.xml (modified) (1 diff)
• manpages-3/nmblookup.1.xml (modified) (1 diff)
• manpages-3/ntlm_auth.1.xml (modified) (2 diffs)
• manpages-3/pam_winbind.8.xml (modified) (1 diff)
• manpages-3/pdbedit.8.xml (modified) (1 diff)
• manpages-3/profiles.1.xml (modified) (1 diff)
• manpages-3/rpcclient.1.xml (modified) (3 diffs)
• manpages-3/samba.7.xml (modified) (1 diff)
• manpages-3/sharesec.1.xml (modified) (1 diff)
• manpages-3/smb.conf.5.xml (modified) (5 diffs)
• manpages-3/smbcacls.1.xml (modified) (3 diffs)
• manpages-3/smbclient.1.xml (modified) (4 diffs)
• manpages-3/smbcontrol.1.xml (modified) (2 diffs)
• manpages-3/smbcquotas.1.xml (modified) (1 diff)
• manpages-3/smbd.8.xml (modified) (1 diff)
• manpages-3/smbget.1.xml (modified) (2 diffs)
• manpages-3/smbgetrc.5.xml (modified) (1 diff)
• manpages-3/smbpasswd.5.xml (modified) (1 diff)
• manpages-3/smbpasswd.8.xml (modified) (1 diff)
• manpages-3/smbspool.8.xml (modified) (1 diff)
• manpages-3/smbstatus.1.xml (modified) (1 diff)
• manpages-3/smbta-util.8.xml (added)
• manpages-3/smbtar.1.xml (modified) (1 diff)
• manpages-3/smbtree.1.xml (modified) (1 diff)
• manpages-3/swat.8.xml (modified) (1 diff)
• manpages-3/tdbbackup.8.xml (modified) (1 diff)
• manpages-3/tdbdump.8.xml (modified) (1 diff)
• manpages-3/tdbtool.8.xml (modified) (1 diff)
• manpages-3/testparm.1.xml (modified) (3 diffs)
• manpages-3/umount.cifs.8.xml (deleted)
• manpages-3/vfs_acl_tdb.8.xml (modified) (1 diff)
• manpages-3/vfs_acl_xattr.8.xml (modified) (1 diff)
• manpages-3/vfs_audit.8.xml (modified) (1 diff)
• manpages-3/vfs_cacheprime.8.xml (modified) (1 diff)
• manpages-3/vfs_cap.8.xml (modified) (1 diff)
• manpages-3/vfs_catia.8.xml (modified) (1 diff)
• manpages-3/vfs_commit.8.xml (modified) (1 diff)
• manpages-3/vfs_crossrename.8.xml (added)
• manpages-3/vfs_default_quota.8.xml (modified) (1 diff)
• manpages-3/vfs_dirsort.8.xml (modified) (1 diff)
• manpages-3/vfs_extd_audit.8.xml (modified) (1 diff)
• manpages-3/vfs_fake_perms.8.xml (modified) (1 diff)
• manpages-3/vfs_fileid.8.xml (modified) (1 diff)
• manpages-3/vfs_full_audit.8.xml (modified) (5 diffs)
• manpages-3/vfs_gpfs.8.xml (modified) (4 diffs)
• manpages-3/vfs_netatalk.8.xml (modified) (1 diff)
• manpages-3/vfs_notify_fam.8.xml (modified) (1 diff)
• manpages-3/vfs_prealloc.8.xml (modified) (1 diff)
• manpages-3/vfs_preopen.8.xml (modified) (1 diff)
• manpages-3/vfs_readahead.8.xml (modified) (1 diff)
• manpages-3/vfs_readonly.8.xml (modified) (1 diff)
• manpages-3/vfs_recycle.8.xml (modified) (1 diff)
• manpages-3/vfs_scannedonly.8.xml (modified) (2 diffs)
• manpages-3/vfs_shadow_copy.8.xml (modified) (1 diff)
• manpages-3/vfs_shadow_copy2.8.xml (modified) (3 diffs)
• manpages-3/vfs_smb_traffic_analyzer.8.xml (modified) (8 diffs)
• manpages-3/vfs_streams_depot.8.xml (modified) (1 diff)
• manpages-3/vfs_streams_xattr.8.xml (modified) (1 diff)
• manpages-3/vfs_time_audit.8.xml (added)
• manpages-3/vfs_xattr_tdb.8.xml (modified) (1 diff)
• manpages-3/vfstest.1.xml (modified) (1 diff)
• manpages-3/wbinfo.1.xml (modified) (7 diffs)
• manpages-3/winbind_krb5_locator.7.xml (modified) (1 diff)
• manpages-3/winbindd.8.xml (modified) (5 diffs)
• smbdotconf/base/multicastdnsregister.xml (added)
• smbdotconf/locking/posixlocking.xml (modified) (1 diff)
• smbdotconf/logon/enableprivileges.xml (modified) (1 diff)
• smbdotconf/misc/asyncsmbechohandler.xml (added)
• smbdotconf/misc/ctdblocktimewarnthreshold.xml (added)
• smbdotconf/misc/logwriteablefilesonexit.xml (added)
• smbdotconf/misc/ncalrpcdir.xml (added)
• smbdotconf/misc/rpcserver.xml (added)
• smbdotconf/misc/timeoffset.xml (modified) (1 diff)
• smbdotconf/printing/addportcommand.xml (modified) (1 diff)
• smbdotconf/printing/printcapcachetime.xml (modified) (1 diff)
• smbdotconf/printing/printnotifybackchannel.xml (added)
• smbdotconf/protocol/smb2maxcredits.xml (added)
• smbdotconf/protocol/smb2maxread.xml (added)
• smbdotconf/protocol/smb2maxtrans.xml (added)
• smbdotconf/protocol/smb2maxwrite.xml (added)
• smbdotconf/protocol/usespnego.xml (modified) (1 diff)
• smbdotconf/security/clientntlmv2auth.xml (modified) (2 diffs)
• smbdotconf/security/guestok.xml (modified) (1 diff)
• smbdotconf/security/passwordlevel.xml (modified) (1 diff)
• smbdotconf/security/passwordserver.xml (modified) (3 diffs)
• smbdotconf/security/security.xml (modified) (6 diffs)
• smbdotconf/security/sendspengoprincipal.xml (added)
• smbdotconf/security/updateencrypted.xml (deleted)
• smbdotconf/security/username.xml (modified) (1 diff)
• smbdotconf/security/usernamemapcachetime.xml (added)
• smbdotconf/tuning/strictallocate.xml (modified) (1 diff)
• smbdotconf/winbind/idmapallocbackend.xml (deleted)
• smbdotconf/winbind/idmapallocconfig.xml (deleted)
• smbdotconf/winbind/idmapbackend.xml (modified) (1 diff)
• smbdotconf/winbind/idmapconfig.xml (modified) (4 diffs)
• smbdotconf/winbind/idmapgid.xml (modified) (1 diff)
• smbdotconf/winbind/idmapuid.xml (modified) (1 diff)
• smbdotconf/winbind/winbindmaxclients.xml (added)
• smbdotconf/winbind/winbindmaxdomainconnections.xml (added)
• smbdotconf/winbind/winbindusedefaultdomain.xml (modified) (1 diff)
• using_samba/appc.xml (modified) (1 diff)
• using_samba/ch06.xml (modified) (5 diffs)
• xslt/man.xsl (modified) (1 diff)

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml

@@ -490 +490 @@
         <para>
 <indexterm><primary>extended attributes</primary></indexterm>
-<indexterm><primary>immutible</primary></indexterm>
+<indexterm><primary>immutable</primary></indexterm>
 <indexterm><primary>chattr</primary></indexterm>
 <indexterm><primary>CAP_LINUX_IMMUTABLE</primary></indexterm>
         The specific semantics of the extended attributes are not consistent across UNIX and UNIX-like systems such as Linux.
         For example, it is possible on some implementations of the extended attributes to set a flag that prevents the directory
-        or file from being deleted. The extended attribute that may achieve this is called the <constant>immutible</constant> bit.
-        Unfortunately, the implementation of the immutible flag is NOT consistent with published documentation. For example, the
+        or file from being deleted. The extended attribute that may achieve this is called the <constant>immutable</constant> bit.
+        Unfortunately, the implementation of the immutable flag is NOT consistent with published documentation. For example, the
         man page for the <command>chattr</command> on SUSE Linux 9.2 says:
 <screen>
@@ -504 +504 @@
 CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
 </screen>
-        A simple test can be done to check if the immutible flag is supported on files in the file system of the Samba host
+        A simple test can be done to check if the immutable flag is supported on files in the file system of the Samba host
         server.
         </para>
@@ -527 +527 @@
 mystic:/home/hannibal > rm filename
 </screen>
-        It will not be possible to delete the file if the immutible flag is correctly honored.
+        It will not be possible to delete the file if the immutable flag is correctly honored.
         </para></step>
         </procedure>
 
         <para>
-        On operating systems and file system types that support the immutible bit, it is possible to create directories
+        On operating systems and file system types that support the immutable bit, it is possible to create directories
         that cannot be deleted. Check the man page on your particular host system to determine whether or not
         immutable directories are writable. If they are not, then the entire directory and its contents will effectively
@@ -874 +874 @@
 <indexterm><primary>Computer Management</primary></indexterm>
         At this time Samba does not provide a tool for configuring access control settings on the share
-        itself the only way to create those settings is to use either the NT4 Server Manager or the Windows 200x
+        itself.  The only way to create those settings is to use either the NT4 Server Manager or the Windows 200x
         Microsoft Management Console (MMC) for Computer Management. There are currently no plans to provide
         this capability in the Samba command-line tool set.

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Printing.xml

@@ -523 +523 @@
 <para>
 The following is a discussion of the settings from <link linkend="extbsdpr">Extended BSD Printing
-Configuration</link> <link linkend="extbsdpr">Extended BSD Printing Configuration</link>.
+Configuration</link>.
 </para>
 
@@ -1039 +1039 @@
 in the Samba print command is <parameter>%$variable</parameter>.) To give you a working
 <smbconfoption name="print command"/> example, the following will log a print job
-to <filename>/tmp/print.log</filename>, print the file, then remove it. The semicolon (<quote>;</quote>
+to <filename>/tmp/print.log</filename>, print the file, then remove it. The semicolon (<quote>;</quote>)
 is the usual separator for commands in shell scripts:
 </para>
@@ -1319 +1319 @@
 </screen>
                  you can still mount it from any client. This can also be done from the
-                <guimenu>Connect network drive menu></guimenu> from Windows Explorer.
+                <guimenu>Connect network drive</guimenu> menu from Windows Explorer.
                 </para></listitem>
         </varlistentry>
@@ -1642 +1642 @@
 <indexterm><primary>UNC notation</primary></indexterm>
 <indexterm><primary>Windows Explorer</primary></indexterm>
-<indexterm><primary></primary></indexterm>
 Since the <smbconfsection name="[print$]"/> share is usually accessible through the <guiicon>Network
 Neighborhood</guiicon>, you can also use the UNC notation from Windows Explorer to poke at it. The Windows

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml

@@ -370 +370 @@
 
 <sect2>
-<title>Privileges Suppored by Windows 2000 Domain Controllers</title>
+<title>Privileges Supported by Windows 2000 Domain Controllers</title>
 
 <para>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml

@@ -94 +94 @@
 <indexterm><primary>idmap gid</primary></indexterm>
 <indexterm><primary>idmap backend</primary></indexterm>
-<indexterm><primary>LDAP</primary></indexterm>
                 Winbind maintains a database called winbind_idmap.tdb in which it stores
                 mappings between UNIX UIDs, GIDs, and NT SIDs. This mapping is used only
@@ -211 +210 @@
         names as they would <quote>native</quote> UNIX names. They can chown files
         so they are owned by NT domain users or even login to the
-        UNIX machine and run a UNIX X-Window session as a domain user.</para>
+        UNIX machine and run a UNIX X Window session as a domain user.</para>
 
         <para>
@@ -572 +571 @@
 <indexterm><primary>PAM</primary></indexterm>
 <indexterm><primary>back up</primary></indexterm>
-<indexterm><primary>boot disk`</primary></indexterm>
+<indexterm><primary>boot disk</primary></indexterm>
 If you have a Samba configuration file that you are currently using, <emphasis>BACK IT UP!</emphasis>
 If your system already uses PAM, <emphasis>back up the <filename>/etc/pam.d</filename> directory
@@ -603 +602 @@
 To allow domain users the ability to access Samba shares and files, as well as potentially other services
 provided by your Samba machine, PAM must be set up properly on your
-machine. In order to compile the Winbind modules, you should have at least the PAM development libraries installed
-on your system. Please refer to the PAM Web site <ulink url="http://www.kernel.org/pub/linux/libs/pam/"/>.
+machine. In order to compile the Winbind modules, the PAM development libraries should be installed
+on your system. Please refer to the <ulink url="http://www.kernel.org/pub/linux/libs/pam/">PAM Web Site</ulink>.
 </para>
 </sect2>
@@ -977 +976 @@
 <indexterm><primary>/etc/init.d/samba</primary></indexterm>
 <indexterm><primary>/usr/local/samba/bin</primary></indexterm>
-<indexterm><primary></primary></indexterm>
-<indexterm><primary></primary></indexterm>
-<indexterm><primary></primary></indexterm>
 The &winbindd; daemon needs to start up after the &smbd; and &nmbd; daemons are running.  To accomplish this
 task, you need to modify the startup scripts of your system.  They are located at
@@ -1120 +1116 @@
 
 <para>
-Again, if you would like to run Samba in dual daemon mode, replace:
+Again, if you would like to run winbindd in dual daemon mode, replace:
 <programlisting>
 /usr/local/samba/sbin/winbindd
@@ -1235 +1231 @@
 <indexterm><primary>ftp access</primary></indexterm>
 The <filename>/etc/pam.d/ftp</filename> file can be changed to allow Winbind ftp access in a manner similar to
-the samba file. My <filename>/etc/pam.d/ftp</filename> file was changed to look like this:
+the <filename>/etc/pam.d/samba</filename>Samba file. My <filename>/etc/pam.d/ftp</filename> file was changed to look like this:
 <programlisting>
 auth       required     /lib/security/pam_listfile.so item=user sense=deny \

vendor/current/docs-xml/Samba3-HOWTO/manpages.xml

@@ -18 +18 @@
         <xi:include href="../manpages-3/lmhosts.5.xml"/>
         <xi:include href="../manpages-3/log2pcap.1.xml"/>
-        <xi:include href="../manpages-3/mount.cifs.8.xml"/>
         <xi:include href="../manpages-3/net.8.xml"/>
         <xi:include href="../manpages-3/nmbd.8.xml"/>
@@ -49 +48 @@
         <xi:include href="../manpages-3/wbinfo.1.xml"/>
         <xi:include href="../manpages-3/winbindd.8.xml"/>
-        <xi:include href="../manpages-3/umount.cifs.8.xml"/>
         <xi:include href="../manpages-3/vfs_audit.8.xml"/>
         <xi:include href="../manpages-3/vfs_cacheprime.8.xml"/>

vendor/current/docs-xml/build/catalog.xml.in

@@ -7 +7 @@
     <rewriteURI
                         uriStartString="http://www.samba.org/samba/DTD/"
-                        rewritePrefix="file://@BUILDDIR@/build/DTD/"/>
+                        rewritePrefix="file://@abs_top_builddir@/build/DTD/"/>
 
     <rewriteURI
                         uriStartString="http://www.gnu.org/licenses/"
-                        rewritePrefix="file://@BUILDDIR@/Samba3-ByExample/"/>
+                        rewritePrefix="file://@abs_top_builddir@/Samba3-ByExample/"/>
 </catalog>

vendor/current/docs-xml/manpages-3/eventlogadm.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -21 +21 @@
 
                 <command>eventlogadm</command>
+                <arg><option>-s</option></arg>
                 <arg><option>-d</option></arg>
                 <arg><option>-h</option></arg>
@@ -33 +34 @@
         <cmdsynopsis>
                 <command>eventlogadm</command>
+                <arg><option>-s</option></arg>
                 <arg><option>-d</option></arg>
                 <arg><option>-h</option></arg>
@@ -43 +45 @@
         <cmdsynopsis>
                 <command>eventlogadm</command>
+                <arg><option>-s</option></arg>
                 <arg><option>-d</option></arg>
                 <arg><option>-h</option></arg>
@@ -73 +76 @@
 
         <variablelist>
+                <varlistentry>
+                <term>
+                <option>-s</option>
+                <replaceable>FILENAME</replaceable>
+                </term>
+                <listitem><para>
+                The <command>-s</command> option causes <command>eventlogadm</command> to load the
+                configuration file given as FILENAME instead of the default one used by Samba.
+                </para></listitem>
+                </varlistentry>
 
                 <varlistentry>

vendor/current/docs-xml/manpages-3/findsmb.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/idmap_ad.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -26 +26 @@
         classes and relative attribute/value pairs to the user and
         group objects in the AD.</para>
+
+        <para>
+        Note that the idmap_ad module has changed considerably since
+        Samba versions 3.0 and 3.2.
+        Currently, the <parameter>ad</parameter> backend
+        does not work as the the default idmap backend, but one has
+        to configure it separately for each domain for which one wants
+        to use it, using disjoint ranges. One usually needs to configure
+        a writeable default idmap range, using for example the
+        <parameter>tdb</parameter> or <parameter>ldap</parameter>
+        backend, in order to be able to map the BUILTIN sids and
+        possibly other trusted domains. The writeable default config
+        is also needed in order to be able to create group mappings.
+        This catch-all default idmap configuration should have a range
+        that is disjoint from any explicitly configured domain with
+        idmap backend <parameter>ad</parameter>. See the example below.
+        </para>
 </refsynopsisdiv>
 
@@ -69 +86 @@
         <programlisting>
         [global]
-        idmap backend = tdb
-        idmap uid = 1000000-1999999
-        idmap gid = 1000000-1999999
+        idmap config * : backend = tdb
+        idmap config * : range = 1000000-1999999
 
         idmap config CORP : backend  = ad

vendor/current/docs-xml/manpages-3/idmap_adex.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -67 +67 @@
         <programlisting>
         [global]
-        idmap backend = adex
-        idmap uid = 1000-4000000000
-        idmap gid = 1000-4000000000
+        idmap config * : backend = adex
+        idmap config * : range = 1000-4000000000
 
         winbind nss info = adex

vendor/current/docs-xml/manpages-3/idmap_hash.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -53 +53 @@
         <programlisting>
         [global]
-        idmap backend = hash
-        idmap uid = 1000-4000000000
-        idmap gid = 1000-4000000000
+        idmap config * : backend = hash
+        idmap config * : range = 1000-4000000000
 
         winbind nss info = hash

vendor/current/docs-xml/manpages-3/idmap_ldap.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -28 +28 @@
         In contrast to read only backends like idmap_rid, it is an allocating
         backend: This means that it needs to allocate new user and group IDs in
-        order to create new mappings. The allocator can be provided by the
-        idmap_ldap backend itself or by any other allocating backend like
-        idmap_tdb or idmap_tdb2. This is configured with the
-        parameter <parameter>idmap alloc backend</parameter>.
+        order to create new mappings.
         </para>
 
-        <para>
-        Note that in order for this (or any other allocating) backend to
-        function at all, the default backend needs to be writeable.
-        The ranges used for uid and gid allocation are the default ranges
-        configured by &quot;idmap uid&quot; and &quot;idmap gid&quot;.
-        </para>
-
-        <para>
-        Furthermore, since there is only one global allocating backend
-        responsible for all domains using writeable idmap backends,
-        any explicitly configured domain with idmap backend ldap
-        should have the same range as the default range, since it needs
-        to use the global uid / gid allocator. See the example below.
-        </para>
 </refsynopsisdiv>
 
@@ -57 +40 @@
                 <term>ldap_base_dn = DN</term>
                 <listitem><para>
-                        Defines the directory base suffix to use when searching for
+                        Defines the directory base suffix to use for
                         SID/uid/gid mapping entries.  If not defined, idmap_ldap will default
                         to using the &quot;ldap idmap suffix&quot; option from smb.conf.
@@ -66 +49 @@
                 <term>ldap_user_dn = DN</term>
                 <listitem><para>
-                        Defines the user DN to be used for authentication. If absent an
-                        anonymous bind will be performed.
+                        Defines the user DN to be used for authentication.
+                        The secret for authenticating this user should be
+                        stored with net idmap secret
+                        (see <citerefentry><refentrytitle>net</refentrytitle>
+                        <manvolnum>8</manvolnum></citerefentry>).
+                        If absent, the ldap credentials from the ldap passdb configuration
+                        are used, and if these are also absent, an anonymous
+                        bind will be performed as last fallback.
                 </para></listitem>
                 </varlistentry>
@@ -74 +63 @@
                 <term>ldap_url = ldap://server/</term>
                 <listitem><para>
-                        Specifies the LDAP server to use when searching for existing
+                        Specifies the LDAP server to use for
                         SID/uid/gid map entries. If not defined, idmap_ldap will
                         assume that ldap://localhost/ should be used.
@@ -85 +74 @@
                         Defines the available matching uid and gid range for which the
                         backend is authoritative.
-                        If the parameter is absent, Winbind fails over to use the
-                        &quot;idmap uid&quot; and &quot;idmap gid&quot; options
-                        from smb.conf.
                 </para></listitem>
                 </varlistentry>
-        </variablelist>
-</refsect1>
-
-<refsect1>
-        <title>IDMAP ALLOC OPTIONS</title>
-
-        <variablelist>
-                <varlistentry>
-                <term>ldap_base_dn = DN</term>
-                <listitem><para>
-                        Defines the directory base suffix under which new SID/uid/gid mapping
-                        entries should be stored.  If not defined, idmap_ldap will default
-                        to using the &quot;ldap idmap suffix&quot; option from smb.conf.
-                </para></listitem>
-                </varlistentry>
-
-                <varlistentry>
-                <term>ldap_user_dn = DN</term>
-                <listitem><para>
-                        Defines the user DN to be used for authentication. If absent an
-                        anonymous bind will be performed.
-                </para></listitem>
-                </varlistentry>
-
-                <varlistentry>
-                <term>ldap_url = ldap://server/</term>
-                <listitem><para>
-                        Specifies the LDAP server to which modify/add/delete requests should
-                        be sent.  If not defined, idmap_ldap will assume that ldap://localhost/
-                        should be used.
-                </para></listitem>
-                </varlistentry>
         </variablelist>
 </refsect1>
@@ -129 +83 @@
 
         <para>
-        The follow sets of a LDAP configuration which uses two LDAP
-        directories, one for storing the ID mappings and one for retrieving
-        new IDs.
+        The following example shows how an ldap directory is used as the
+        default idmap backend. It also configures the idmap range and base
+        directory suffix. The secret for the ldap_user_dn has to be set with
+        &quot;net idmap secret '*' password&quot;.
         </para>
 
         <programlisting>
         [global]
-        idmap backend = ldap:ldap://localhost/
-        idmap uid = 1000000-1999999
-        idmap gid = 1000000-1999999
+        idmap config * : backend      = ldap
+        idmap config * : range        = 1000000-1999999
+        idmap config * : ldap_url     = ldap://localhost/
+        idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
+        idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
+        </programlisting>
 
-        idmap alloc backend = ldap
-        idmap alloc config : ldap_url   = ldap://id-master/
-        idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com
+        <para>
+        This example shows how ldap can be used as a readonly backend while
+        tdb is the default backend used to store the mappings.
+        It adds an explicit configuration for some domain DOM1, that
+        uses the ldap idmap backend. Note that a range disjoint from the
+        default range is used.
+        </para>
+
+        <programlisting>
+        [global]
+        # "backend = tdb" is redundant here since it is the default
+        idmap config * : backend = tdb
+        idmap config * : range = 1000000-1999999
+
+        idmap config DOM1 : backend = ldap
+        idmap config DOM1 : range = 2000000-2999999
+        idmap config DOM1 : read only = yes
+        idmap config DOM1 : ldap_url = ldap://server/
+        idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
+        idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
         </programlisting>
 </refsect1>

vendor/current/docs-xml/manpages-3/idmap_nss.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -39 +39 @@
         <programlisting>
         [global]
-        idmap backend = tdb
-        idmap uid = 1000000-1999999
-        idmap gid = 1000000-1999999
+        idmap config * : backend = tdb
+        idmap config * : range = 1000000-1999999
 
         idmap config SAMBA : backend  = nss

vendor/current/docs-xml/manpages-3/idmap_rid.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -22 +22 @@
         mapping scheme to map UIDs/GIDs and SIDs. No database is required
         in this case as the mapping is deterministic.</para>
+
+        <para>
+        Note that the idmap_rid module has changed considerably since Samba
+        versions 3.0. and 3.2.
+        Currently, there should to be an explicit idmap configuration for each
+        domain that should use the idmap_rid backend, using disjoint ranges.
+        One usually needs to define a writeable default idmap range, using
+        a backent like <parameter>tdb</parameter> or <parameter>ldap</parameter>
+        that can create unix ids, in order to be able to map the BUILTIN sids
+        and other domains, and also in order to be able to create group mappings.
+        See the example below.
+        </para>
+
+        <para>
+        Note that the old syntax
+        <parameter>idmap backend = rid:"DOM1=range DOM2=range2 ..."</parameter>
+        is not supported any more since Samba version 3.0.25.
+        </para>
 </refsynopsisdiv>
 
@@ -89 +107 @@
         workgroup = MAIN
 
-        idmap backend = tdb
-        idmap uid = 1000000-1999999
-        idmap gid = 1000000-1999999
+        idmap config * : backend        = tdb
+        idmap config * : range          = 1000000-1999999
 
         idmap config MAIN : backend     = rid

vendor/current/docs-xml/manpages-3/idmap_tdb.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -28 +28 @@
         In contrast to read only backends like idmap_rid, it is an allocating
         backend: This means that it needs to allocate new user and group IDs in
-        order to create new mappings. The allocator can be provided by the
-        idmap_tdb backend itself or by any other allocating backend like
-        idmap_ldap or idmap_tdb2. This is configured with the
-        parameter <parameter>idmap alloc backend</parameter>.
-        </para>
-
-        <para>
-        Note that in order for this (or any other allocating) backend to
-        function at all, the default backend needs to be writeable.
-        The ranges used for uid and gid allocation are the default ranges
-        configured by &quot;idmap uid&quot; and &quot;idmap gid&quot;.
-        </para>
-
-        <para>
-        Furthermore, since there is only one global allocating backend
-        responsible for all domains using writeable idmap backends,
-        any explicitly configured domain with idmap backend tdb
-        should have the same range as the default range, since it needs
-        to use the global uid / gid allocator. See the example below.
+        order to create new mappings.
         </para>
 </refsynopsisdiv>
@@ -59 +41 @@
                         Defines the available matching uid and gid range for which the
                         backend is authoritative.
-                        If the parameter is absent, Winbind fails over to use
-                        the &quot;idmap uid&quot; and &quot;idmap gid&quot; options
-                        from smb.conf.
                 </para></listitem>
                 </varlistentry>
@@ -72 +51 @@
         <para>
         This example shows how tdb is used as a the default idmap backend.
-        It configures the idmap range through the global options for all
-        domains encountered. This same range is used for uid/gid allocation.
+        This configured range is used for uid and gid allocation.
         </para>
 
         <programlisting>
         [global]
-        # "idmap backend = tdb" is redundant here since it is the default
-        idmap backend = tdb
-        idmap uid = 1000000-2000000
-        idmap gid = 1000000-2000000
-        </programlisting>
-
-        <para>
-        This (rather theoretical) example shows how tdb can be used as the
-        allocating backend while ldap is the default backend used to store
-        the mappings.
-        It adds an explicit configuration for some domain DOM1, that
-        uses the tdb idmap backend. Note that the same range as the
-        default uid/gid range is used, since the allocator has to serve
-        both the default backend and the explicitly configured domain DOM1.
-        </para>
-
-        <programlisting>
-        [global]
-        idmap backend = ldap
-        idmap uid = 1000000-2000000
-        idmap gid = 1000000-2000000
-        # use a different uid/gid allocator:
-        idmap alloc backend = tdb
-
-        idmap config DOM1 : backend = tdb
-        idmap config DOM1 : range = 1000000-2000000
+        # "backend = tdb" is redundant here since it is the default
+        idmap config * : backend = tdb
+        idmap config * : range = 1000000-2000000
         </programlisting>
 </refsect1>

vendor/current/docs-xml/manpages-3/idmap_tdb2.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -29 +29 @@
         In contrast to read only backends like idmap_rid, it is an allocating
         backend: This means that it needs to allocate new user and group IDs in
-        order to create new mappings. The allocator can be provided by the
-        idmap_tdb2 backend itself or by any other allocating backend like
-        idmap_tdb or idmap_ldap. This is configured with the
-        parameter <parameter>idmap alloc backend</parameter>.
-        </para>
-
-        <para>
-        Note that in order for this (or any other allocating) backend to
-        function at all, the default backend needs to be writeable.
-        The ranges used for uid and gid allocation are the default ranges
-        configured by &quot;idmap uid&quot; and &quot;idmap gid&quot;.
-        </para>
-
-        <para>
-        Furthermore, since there is only one global allocating backend
-        responsible for all domains using writeable idmap backends,
-        any explicitly configured domain with idmap backend tdb2
-        should have the same range as the default range, since it needs
-        to use the global uid / gid allocator. See the example below.
+        order to create new mappings.
         </para>
 </refsynopsisdiv>
@@ -60 +42 @@
                         Defines the available matching uid and gid range for which the
                         backend is authoritative.
-                        If the parameter is absent, Winbind fails over to use
-                        the &quot;idmap uid&quot; and &quot;idmap gid&quot; options
-                        from smb.conf.
+                </para></listitem>
+                </varlistentry>
+
+                <varlistentry>
+                <term>script</term>
+                <listitem><para>
+                        This option can be used to configure an external program
+                        for performing id mappings instead of using the tdb
+                        counter. The mappings are then stored int tdb2 idmap
+                        database. For details see the section on IDMAP SCRIPT below.
                 </para></listitem>
                 </varlistentry>
@@ -72 +61 @@
 
         <para>
-        The tdb2 idmap backend supports a script for performing id mappings
-        through the smb.conf option <parameter>idmap : script</parameter>.
+        The tdb2 idmap backend supports an external program for performing id mappings
+        through the smb.conf option <parameter>idmap config * : script</parameter> or
+        its deprecated legacy form <parameter>idmap : script</parameter>.
+        </para>
+
+        <para>
+        The mappings obtained by the script are then stored in the idmap tdb2
+        database instead of mappings created by the incrementing id counters.
+        It is therefore important that the script covers the complete range of
+        SIDs that can be passed in for SID to Unix ID mapping, since otherwise
+        SIDs unmapped by the script might get mapped to IDs that had
+        previously been mapped by the script.
+        </para>
+
+        <para>
         The script should accept the following command line options.
         </para>
@@ -94 +96 @@
         ERR:yyyy
         </programlisting>
-
-        <para>
-        Note that the script should cover the complete range of SIDs
-        that can be passed in for SID to Unix ID mapping, since otherwise
-        SIDs unmapped by the script might get mapped to IDs that had
-        previously been mapped by the script.
-        </para>
 </refsect1>
 
@@ -108 +103 @@
         <para>
         This example shows how tdb2 is used as a the default idmap backend.
-        It configures the idmap range through the global options for all
-        domains encountered. This same range is used for uid/gid allocation.
         </para>
 
         <programlisting>
         [global]
-        idmap backend = tdb2
-        idmap uid = 1000000-2000000
-        idmap gid = 1000000-2000000
+        idmap config * : backend = tdb2
+        idmap config * : range = 1000000-2000000
+        </programlisting>
+
+        <para>
+        This example shows how tdb2 is used as a the default idmap backend
+        using an external program via the script parameter:
+        </para>
+
+        <programlisting>
+        [global]
+        idmap config * : backend = tdb2
+        idmap config * : range = 1000000-2000000
+        idmap config * : script = /usr/local/samba/bin/idmap_script.sh
         </programlisting>
 </refsect1>

vendor/current/docs-xml/manpages-3/libsmbclient.7.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">7</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/lmhosts.5.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/log2pcap.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/net.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -796 +796 @@
 
 </refsect3>
-
+<refsect3>
+<title>RPC TRUSTDOM LIST</title>
+
+<para>List all interdomain trust relationships.</para>
+
+</refsect3>
+</refsect2>
+
+<refsect2>
+<title>RPC TRUST</title>
+
+<refsect3>
+<title>RPC TRUST CREATE</title>
+
+<para>Create a trust trust object by calling lsaCreateTrustedDomainEx2.
+The can be done on a single server or on two servers at once with the
+possibility to use a random trust password.</para>
+
+<variablelist><title>Options:</title>
+<varlistentry>
+<term>otherserver</term>
+<listitem><para>Domain controller of the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>otheruser</term>
+<listitem><para>Admin user in the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>otherdomainsid</term>
+<listitem><para>SID of the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>other_netbios_domain</term>
+<listitem><para>NetBIOS (short) name of the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>otherdomain</term>
+<listitem><para>DNS (full) name of the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>trustpw</term>
+<listitem><para>Trust password</para></listitem>
+</varlistentry>
+</variablelist>
+
+<variablelist><title>Examples:</title>
+<varlistentry>
+<term>Create a trust object on srv1.dom1.dom for the domain dom2</term>
+<listitem><literallayout>
+net rpc trust create \
+    otherdomainsid=S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx \
+    other_netbios_domain=dom2 \
+    otherdomain=dom2.dom \
+    trustpw=12345678 \
+    -S srv1.dom1.dom
+</literallayout></listitem>
+</varlistentry>
+<varlistentry>
+<term>Create a trust relationship between dom1 and dom2</term>
+<listitem><literallayout>
+net rpc trust create \
+    otherserver=srv2.dom2.test \
+    otheruser=dom2adm \
+    -S srv1.dom1.dom
+</literallayout></listitem>
+</varlistentry>
+</variablelist>
+</refsect3>
+
+<refsect3>
+<title>RPC TRUST DELETE</title>
+
+<para>Delete a trust trust object by calling lsaDeleteTrustedDomain.
+The can be done on a single server or on two servers at once.</para>
+
+<variablelist><title>Options:</title>
+<varlistentry>
+<term>otherserver</term>
+<listitem><para>Domain controller of the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>otheruser</term>
+<listitem><para>Admin user in the second domain</para></listitem>
+</varlistentry>
+
+<varlistentry>
+<term>otherdomainsid</term>
+<listitem><para>SID of the second domain</para></listitem>
+</varlistentry>
+</variablelist>
+
+<variablelist><title>Examples:</title>
+<varlistentry>
+<term>Delete a trust object on srv1.dom1.dom for the domain dom2</term>
+<listitem><literallayout>
+net rpc trust delete \
+    otherdomainsid=S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx \
+    -S srv1.dom1.dom
+</literallayout></listitem>
+</varlistentry>
+<varlistentry>
+<term>Delete a trust relationship between dom1 and dom2</term>
+<listitem><literallayout>
+net rpc trust delete \
+    otherserver=srv2.dom2.test \
+    otheruser=dom2adm \
+    -S srv1.dom1.dom
+</literallayout></listitem>
+</varlistentry>
+</variablelist>
+</refsect3>
+
+</refsect2>
+
+<refsect2>
 <refsect3>
 <title>RPC RIGHTS</title>
@@ -1268 +1388 @@
 
 <refsect2>
-<title>IDMAP SECRET &lt;DOMAIN&gt;|ALLOC &lt;secret&gt;</title>
+<title>IDMAP SECRET &lt;DOMAIN&gt; &lt;secret&gt;</title>
 
 <para>
@@ -1277 +1397 @@
 
 </refsect2>
+
+<refsect2>
+
+<title>IDMAP DELETE [-f] [--db=&lt;DB&gt;] &lt;ID&gt;</title>
+
+<para>
+Delete a mapping sid &lt;-&gt; gid or sid &lt;-&gt; uid from the IDMAP database.
+The mapping is given by &lt;ID&gt; which may either be a sid: S-x-..., a gid: "GID number" or a uid: "UID number".
+Use -f to delete an invalid partial mapping &lt;ID&gt; -&gt; xx
+</para>
+<para>
+  Use "smbcontrol all idmap ..." to notify running smbd instances.
+  See the <citerefentry><refentrytitle>smbcontrol</refentrytitle>
+  <manvolnum>1</manvolnum></citerefentry> manpage for details.
+</para>
+</refsect2>
+
+<refsect2>
+
+<title>IDMAP CHECK [-v] [-r] [-a] [-T] [-f] [-l] [--db=&lt;DB&gt;]</title>
+
+<para>
+  Check and repair the IDMAP database. If no option is given a read only check
+  of the database is done. Among others an interactive or automatic repair mode
+  may be chosen with one of the following options:
+
+  <variablelist>
+    <varlistentry><term>-r|--repair</term>
+    <listitem><para>
+      Interactive repair mode, ask a lot of questions.
+    </para></listitem>
+    </varlistentry>
+
+    <varlistentry><term>-a|--auto</term>
+    <listitem><para>
+      Noninteractive repair mode, use default answers.
+    </para></listitem>
+    </varlistentry>
+
+    <varlistentry><term>-v|--verbose</term>
+      <listitem><para>
+        Produce more output.
+      </para></listitem>
+    </varlistentry>
+
+    <varlistentry><term>-f|--force</term>
+      <listitem><para>
+        Try to apply changes, even if they do not apply cleanly.
+      </para></listitem>
+    </varlistentry>
+
+    <varlistentry><term>-T|--test</term>
+      <listitem><para>
+        Dry run, show what changes would be made but don't touch anything.
+      </para></listitem>
+    </varlistentry>
+
+    <varlistentry><term>-l|--lock</term>
+      <listitem><para>
+        Lock the database while doing the check.
+      </para></listitem>
+    </varlistentry>
+
+    <varlistentry><term>--db &lt;DB&gt;</term>
+      <listitem><para>
+        Check the specified database.
+      </para></listitem>
+    </varlistentry>
+    <varlistentry><term></term>
+      <listitem><para>
+      </para></listitem>
+    </varlistentry>
+  </variablelist>
+
+  It reports about the finding of the following errors:
+
+  <variablelist>
+    <varlistentry><term>Missing reverse mapping:</term>
+    <listitem><para>
+      A record with mapping A-&gt;B where there is no B-&gt;A. Default action
+      in repair mode is to "fix" this by adding the reverse mapping.
+    </para></listitem>
+    </varlistentry>
+
+    <varlistentry><term>Invalid mapping:</term>
+    <listitem><para>
+      A record with mapping A-&gt;B where B-&gt;C. Default action
+      is to "delete" this record.
+    </para></listitem>
+  </varlistentry>
+
+  <varlistentry><term>Missing or invalid HWM:</term>
+    <listitem><para>
+      A high water mark is not at least equal to the largest ID in the
+      database. Default action is to "fix" this by setting it to the
+      largest ID found +1.
+    </para></listitem>
+  </varlistentry>
+
+  <varlistentry><term>Invalid record:</term>
+    <listitem><para>
+      Something we failed to parse. Default action is to "edit" it
+      in interactive and "delete" it in automatic mode.
+    </para></listitem>
+  </varlistentry>
+</variablelist>
+</para>
+</refsect2>
+
 
 <refsect2>
@@ -1618 +1847 @@
 
 <refsect2>
+<title>REGISTRY</title>
+<para>
+Manipulate Samba's registry.
+</para>
+
+<para>The registry commands are:
+<simplelist>
+<member>net registry enumerate   - Enumerate registry keys and values.</member>
+<member>net registry enumerate_recursive - Enumerate registry key and its subkeys.</member>
+<member>net registry createkey   - Create a new registry key.</member>
+<member>net registry deletekey   - Delete a registry key.</member>
+<member>net registry deletekey_recursive - Delete a registry key with subkeys.</member>
+<member>net registry getvalue    - Print a registry value.</member>
+<member>net registry getvalueraw - Print a registry value (raw format).</member>
+<member>net registry setvalue    - Set a new registry value.</member>
+<member>net registry increment   - Increment a DWORD registry value under a lock.
+</member>
+<member>net registry deletevalue - Delete a registry value.</member>
+<member>net registry getsd       - Get security descriptor.</member>
+<member>net registry getsd_sdd1  - Get security descriptor in sddl format.
+</member>
+<member>net registry setsd_sdd1  - Set security descriptor from sddl format
+string.</member>
+<member>net registry import      - Import a registration entries (.reg) file.
+</member>
+<member>net registry export      - Export a registration entries (.reg) file.
+</member>
+<member>net registry convert     - Convert a registration entries (.reg) file.
+</member>
+</simplelist>
+</para>
+
+<refsect3>
+  <title>REGISTRY ENUMERATE <replaceable>key</replaceable> </title>
+  <para>Enumerate subkeys and values of <emphasis>key</emphasis>.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY ENUMERATE_RECURSIVE <replaceable>key</replaceable> </title>
+  <para>Enumerate values of <emphasis>key</emphasis> and its subkeys.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY CREATEKEY <replaceable>key</replaceable> </title>
+  <para>Create a new <emphasis>key</emphasis> if not yet existing.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY DELETEKEY <replaceable>key</replaceable> </title>
+  <para>Delete the given <emphasis>key</emphasis> and its
+  values from the registry, if it has no subkeys.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY DELETEKEY_RECURSIVE <replaceable>key</replaceable> </title>
+  <para>Delete the given <emphasis>key</emphasis> and all of its
+  subkeys and values from the registry.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY GETVALUE <replaceable>key</replaceable> <!--
+  --><replaceable>name</replaceable></title>
+
+  <para>Output type and actual value of the value <emphasis>name</emphasis>
+  of the given <emphasis>key</emphasis>.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY GETVALUERAW <replaceable>key</replaceable> <!--
+  --><replaceable>name</replaceable></title>
+  <para>Output the actual value of the value <emphasis>name</emphasis>
+  of the given <emphasis>key</emphasis>.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY SETVALUE <replaceable>key</replaceable> <!--
+  --><replaceable>name</replaceable> <replaceable>type</replaceable> <!--
+  --><replaceable>value</replaceable> ...<!--
+  --></title>
+
+  <para>Set the value <emphasis>name</emphasis>
+  of an existing <emphasis>key</emphasis>.
+  <emphasis>type</emphasis> may be one of
+  <emphasis>sz</emphasis>, <emphasis>multi_sz</emphasis> or
+  <emphasis>dword</emphasis>.
+  In case of <emphasis>multi_sz</emphasis> <replaceable>value</replaceable> may
+  be given multiple times.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY INCREMENT <replaceable>key</replaceable> <!--
+  --><replaceable>name</replaceable> <replaceable>[inc]</replaceable><!--
+  --></title>
+
+  <para>Increment the DWORD value <emphasis>name</emphasis>
+  of <emphasis>key</emphasis> by <replaceable>inc</replaceable>
+  while holding a g_lock.
+  <emphasis>inc</emphasis> defaults to 1.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY DELETEVALUE <replaceable>key</replaceable> <!--
+  --><replaceable>name</replaceable></title>
+
+  <para>Delete the value <emphasis>name</emphasis>
+  of the given <emphasis>key</emphasis>.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY GETSD <replaceable>key</replaceable></title>
+
+  <para>Get the security descriptor of the given <emphasis>key</emphasis>.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY GETSD_SDDL <replaceable>key</replaceable></title>
+
+  <para>Get the security descriptor of the given <emphasis>key</emphasis> as a
+  Security Descriptor Definition Language (SDDL) string.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY SETSD_SDDL <replaceable>key</replaceable><!--
+  --><replaceable>sd</replaceable></title>
+
+  <para>Set the security descriptor of the given <emphasis>key</emphasis> from a
+  Security Descriptor Definition Language (SDDL) string <emphasis>sd</emphasis>.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY IMPORT <replaceable>file</replaceable><!--
+  --><replaceable>[opt]</replaceable></title>
+
+  <para>Import a registration entries (.reg) <emphasis>file</emphasis>.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY EXPORT <replaceable>key</replaceable><!--
+  --><replaceable>file</replaceable><!--
+  --><replaceable>[opt]</replaceable></title>
+
+  <para>Export a <emphasis>key</emphasis> to a registration entries (.reg)
+  <emphasis>file</emphasis>.
+  </para>
+</refsect3>
+
+<refsect3>
+  <title>REGISTRY CONVERT <replaceable>in</replaceable> <!--
+  --><replaceable>out</replaceable> <!--
+  --><replaceable>[[inopt] outopt]</replaceable></title>
+
+  <para>Convert a registration entries (.reg) file <emphasis>in</emphasis>.
+  </para>
+</refsect3>
+
+
+</refsect2>
+
+<refsect2>
 <title>EVENTLOG</title>
 

vendor/current/docs-xml/manpages-3/nmbd.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/nmblookup.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/ntlm_auth.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -157 +157 @@
                 user). </para>
 
-                <para>Curently implemented parameters from the
+                <para>Currently implemented parameters from the
                 external program to the helper are:</para>
                 <variablelist>

vendor/current/docs-xml/manpages-3/pam_winbind.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">8</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/pdbedit.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/profiles.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/rpcclient.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -63 +63 @@
 
                 <varlistentry>
-                <term>-c|--command='command string'</term>
-                <listitem><para>execute semicolon separated commands (listed 
-                below)) </para></listitem>
+                <term>-c|--command=&lt;command string&gt;</term>
+                <listitem><para>Execute semicolon separated commands (listed
+                below) </para></listitem>
                 </varlistentry>
 
@@ -268 +268 @@
 
 
-                <varlistentry><term>deldriver</term><listitem><para>Delete the 
+                <varlistentry><term>deldriver &lt;driver&gt;</term><listitem><para>Delete the
                 specified printer driver for all architectures.  This
                 does not delete the actual driver files from the server,

vendor/current/docs-xml/manpages-3/samba.7.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">Miscellanea</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/sharesec.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/smb.conf.5.xml

@@ -7 +7 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -489 +489 @@
                     machine.  It currently recognizes Samba (<constant>Samba</constant>), 
                     the Linux CIFS file system (<constant>CIFSFS</constant>), OS/2, (<constant>OS2</constant>),
-                    Windows for Workgroups (<constant>WfWg</constant>), Windows 9x/ME 
+                    Mac OS X (<constant>OSX</constant>), Windows for Workgroups (<constant>WfWg</constant>), Windows 9x/ME 
                     (<constant>Win95</constant>), Windows NT (<constant>WinNT</constant>),
                     Windows 2000 (<constant>Win2K</constant>),
@@ -504 +504 @@
                 <term>%I</term>
                 <listitem><para>the IP address of the client machine.</para>
+                <para>Before 3.6.0 it could contain IPv4 mapped IPv6 addresses,
+                        now it only contains IPv4 or IPv6 addresses.</para>
                 </listitem>
                 </varlistentry>
@@ -510 +512 @@
                 <term>%i</term>
                 <listitem><para>the local IP address to which a client connected.</para>
+                <para>Before 3.6.0 it could contain IPv4 mapped IPv6 addresses,
+                        now it only contains IPv4 or IPv6 addresses.</para>
                 </listitem>
                 </varlistentry>
@@ -629 +633 @@
                 <listitem><para>
                 controls what the default case is for new filenames (ie. files that don't currently exist in the filesystem).
-                Default <emphasis>lower</emphasis>.  IMPORTANT NOTE: This option will be used to modify the case of
-                <emphasis>all</emphasis> incoming client filenames, not just new filenames if the options <smbconfoption
-                name="case sensitive">yes</smbconfoption>, <smbconfoption name="preserve case">No</smbconfoption>,
-                <smbconfoption name="short preserve case">No</smbconfoption> are set.  This change is needed as part of the
-                optimisations for directories containing large numbers of files.
+                Default <emphasis>lower</emphasis>.  IMPORTANT NOTE: As part of the optimizations for directories containing
+                large numbers of files, the following special case applies. If the options
+                <smbconfoption  name="case sensitive">yes</smbconfoption>, <smbconfoption name="preserve case">No</smbconfoption>, and
+                <smbconfoption name="short preserve case">No</smbconfoption> are set, then the case of <emphasis>all</emphasis>
+                incoming client filenames, not just new filenames, will be modified. See additional notes below.
                 </para></listitem>
                 </varlistentry> 

vendor/current/docs-xml/manpages-3/smbcacls.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -22 +22 @@
                 <arg choice="req">//server/share</arg>
                 <arg choice="req">filename</arg>
-                <arg choice="opt">-D acls</arg>
-                <arg choice="opt">-M acls</arg>
-                <arg choice="opt">-a acls</arg>
-                <arg choice="opt">-S acls</arg>
-                <arg choice="opt">-C name</arg>
-                <arg choice="opt">-G name</arg>
+                <arg choice="opt">-D|--delete acls</arg>
+                <arg choice="opt">-M|--modify acls</arg>
+                <arg choice="opt">-a|--add acls</arg>
+                <arg choice="opt">-S|--set acls</arg>
+                <arg choice="opt">-C|--chown name</arg>
+                <arg choice="opt">-G|--chgrp name</arg>
+                <arg choice="opt">-I allow|romove|copy</arg>
                 <arg choice="opt">--numeric</arg>
                 <arg choice="opt">-t</arg>
@@ -118 +119 @@
                 
                 
+                <varlistentry>
+                <term>-I|--inherit allow|remove|copy</term>
+                <listitem><para>Set or unset the windows "Allow inheritable
+                permissions" check box using the <parameter>-I</parameter>
+                option.  To set the check box pass allow. To unset the check
+                box pass either remove or copy. Remove will remove all
+                inherited acls. Copy will copy all the inherited acls.
+                </para></listitem>
+
+                </varlistentry>
+
+
+
                 <varlistentry>
                 <term>--numeric</term>

vendor/current/docs-xml/manpages-3/smbclient.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -262 +262 @@
 
                 <varlistentry>
-                <term>-P</term>
+                <term>-P|--machine-pass</term>
                 <listitem><para>
                 Make queries to the external server using the machine account of the local server.
@@ -318 +318 @@
                 
                 <varlistentry>
-                <term>-e</term>
+                <term>-e|--encrypt</term>
                 <listitem><para>This command line parameter requires the remote
                 server support the UNIX extensions. Request that the connection be
@@ -470 +470 @@
                 
                 <varlistentry>
-                <term>-c|--comand command string</term>
+                <term>-c|--command command string</term>
                 <listitem><para>command string is a semicolon-separated list of 
                 commands to be executed instead of prompting from stdin. <parameter>

vendor/current/docs-xml/manpages-3/smbcontrol.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -273 +273 @@
         </varlistentry>
 
+        <varlistentry>
+        <term>idmap</term>
+        <listitem><para>Notify about changes of id mapping. Can be sent
+        to <constant>smbd</constant> or (not implemented yet) <constant>winbindd</constant>.
+        </para></listitem>
+
+        <variablelist>
+          <varlistentry>
+            <term>flush [uid|gid]</term>
+            <listitem><para>Flush caches for sid &lt;-&gt; gid and/or sid &lt;-&gt; uid mapping.
+            </para></listitem>
+          </varlistentry>
+          <varlistentry>
+            <term>delete &lt;ID&gt;</term>
+            <listitem><para>Remove a mapping from cache. The mapping is given by &lt;ID&gt;
+            which may either be a sid: S-x-..., a gid: "GID number" or a uid: "UID number".
+            </para></listitem>
+          </varlistentry>
+          <varlistentry>
+            <term>kill &lt;ID&gt;</term>
+            <listitem><para>Remove a mapping from cache. Terminate <constant>smbd</constant> if
+            the id is currently in use.</para></listitem>
+          </varlistentry>
+        </variablelist>
+        </varlistentry>
+
 </variablelist>
 </refsect1>

vendor/current/docs-xml/manpages-3/smbcquotas.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/smbd.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/smbget.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -124 +124 @@
         <varlistentry>
                 <term>-f, --rcfile</term>
-                <listitem><para>Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overriden by the contents of the rcfile.</para></listitem>
+                <listitem><para>Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overridden by the contents of the rcfile.</para></listitem>
         </varlistentry>
 

vendor/current/docs-xml/manpages-3/smbgetrc.5.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/smbpasswd.5.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/smbpasswd.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/smbspool.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/smbstatus.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/smbtar.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/smbtree.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/swat.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/tdbbackup.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/tdbdump.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/tdbtool.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/testparm.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -24 +24 @@
                 <arg choice="opt">-h</arg>
                 <arg choice="opt">-v</arg>
-                <arg choice="opt">-L &lt;servername&gt;</arg>
                 <arg choice="opt">-t &lt;encoding&gt;</arg>
                 <arg choice="req">config filename</arg>
@@ -74 +73 @@
                 &stdarg.version;
                 
-                <varlistentry>
-                <term>-L servername</term>
-                <listitem><para>Sets the value of the %L macro to <replaceable>servername</replaceable>.
-                This is useful for testing include files specified with the 
-                %L macro. </para></listitem>
-                </varlistentry>
-
                 <varlistentry>
                 <term>-v</term>

vendor/current/docs-xml/manpages-3/vfs_acl_tdb.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_acl_xattr.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_audit.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_cacheprime.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_cap.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_catia.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_commit.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_default_quota.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_dirsort.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_extd_audit.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_fake_perms.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_fileid.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_full_audit.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -185 +185 @@
                 <para>LIST is a list of VFS operations that should be
                 recorded if they succeed. Operations are specified using
-                the names listed above.
+                the names listed above. Operations can be unset by prefixing
+                the names with "!".
                 </para>
 
@@ -196 +197 @@
                 <para>LIST is a list of VFS operations that should be
                 recorded if they failed. Operations are specified using
-                the names listed above.
+                the names listed above. Operations can be unset by prefixing
+                the names with "!".
                 </para>
 
@@ -233 +235 @@
         <para>Log file and directory open operations on the [records]
         share using the LOCAL7 facility and ALERT priority, including
-        the username and IP address:</para>
+        the username and IP address. Logging excludes the open VFS function
+        on failures:</para>
 
 <programlisting>
@@ -241 +244 @@
         <smbconfoption name="full_audit:prefix">%u|%I</smbconfoption>
         <smbconfoption name="full_audit:success">open opendir</smbconfoption>
-        <smbconfoption name="full_audit:failure">all</smbconfoption>
+        <smbconfoption name="full_audit:failure">all !open</smbconfoption>
         <smbconfoption name="full_audit:facility">LOCAL7</smbconfoption>
         <smbconfoption name="full_audit:priority">ALERT</smbconfoption>

vendor/current/docs-xml/manpages-3/vfs_gpfs.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -61 +61 @@
                 <varlistentry>
 
+                <term>gpfs:sharemodes = [ yes | no ]</term>
+                <listitem>
+                <para>
+                Enable/Disable cross node sharemode handling for GPFS.
+                </para>
+
+                <itemizedlist>
+                <listitem><para>
+                <command>yes(default)</command> - propagate sharemodes across all GPFS nodes.
+                </para></listitem>
+                <listitem><para>
+                <command>no</command> - do not propagate sharemodes across all GPFS nodes.
+                This should only be used if the GPFS file system is
+                exclusively exported by Samba. Access by local unix application or
+                NFS exports could lead to corrupted files.
+                </para></listitem>
+                </itemizedlist>
+                </listitem>
+
+                </varlistentry>
+                <varlistentry>
+
+                <term>gpfs:leases = [ yes | no ]</term>
+                <listitem>
+                <para>
+                Enable/Disable cross node leases (oplocks) for GPFS.
+                You should also set the <command>oplocks</command> and <command>kernel oplocks</command>
+                options to the same value.
+                </para>
+
+                <itemizedlist>
+                <listitem><para>
+                <command>yes(default)</command> - propagate leases across all GPFS nodes.
+                </para></listitem>
+                <listitem><para>
+                <command>no</command> - do not propagate leases across all GPFS nodes.
+                This should only be used if the GPFS file system is
+                exclusively exported by Samba. Access by local unix application or
+                NFS exports could lead to corrupted files.
+                </para></listitem>
+                </itemizedlist>
+                </listitem>
+
+                </varlistentry>
+
+                <varlistentry>
+
+                <term>gpfs:hsm = [ yes | no ]</term>
+                <listitem>
+                <para>
+                Enable/Disable announcing if this FS has HSM enabled.
+                </para>
+
+                <itemizedlist>
+                <listitem><para>
+                <command>no(default)</command> - Do not announce HSM.
+                </para></listitem>
+                <listitem><para>
+                <command>no</command> - Announce HSM.
+                </para></listitem>
+                </itemizedlist>
+                </listitem>
+
+                </varlistentry>
+
+                <varlistentry>
+
+                <term>gpfs:getrealfilename = [ yes | no ]</term>
+                <listitem>
+                <para>
+                Enable/Disable usage of the <command>gpfs_get_realfilename_path()</command> function.
+                This improves the casesensitive wildcard file name access.
+                </para>
+
+                <itemizedlist>
+                <listitem><para>
+                <command>yes(default)</command> - use <command>gpfs_get_realfilename_path()</command>.
+                </para></listitem>
+                <listitem><para>
+                <command>no</command> - do not use <command>gpfs_get_realfilename_path()</command>.
+                It seems that <command>gpfs_get_realfilename_path()</command> doesn't work on AIX.
+                </para></listitem>
+                </itemizedlist>
+                </listitem>
+
+                </varlistentry>
+                <varlistentry>
+
+                <term>gpfs:winattr = [ yes | no ]</term>
+                <listitem>
+                <para>
+                Enable/Disable usage of the windows attributes in GPFS.
+                GPFS is able to store windows file attributes e.g. HIDDEN,
+                READONLY, SYSTEM and others natively. That means Samba doesn't
+                need to map them to permission bits or extended attributes.
+                </para>
+
+                <itemizedlist>
+                <listitem><para>
+                <command>no(default)</command> - do not use GPFS windows attributes.
+                </para></listitem>
+                <listitem><para>
+                <command>yes</command> - use GPFS windows attributes.
+                </para></listitem>
+                </itemizedlist>
+                </listitem>
+
+                </varlistentry>
+                <varlistentry>
+
+                <term>gpfs:merge_writeappend = [ yes | no ]</term>
+                <listitem>
+                <para>
+                GPFS ACLs doesn't know about the 'APPEND' right.
+                This optionen lets Samba map the 'APPEND' right to 'WRITE'.
+                </para>
+
+                <itemizedlist>
+                <listitem><para>
+                <command>yes(default)</command> - map 'APPEND' to 'WRITE'.
+                </para></listitem>
+                <listitem><para>
+                <command>no</command> - do not map 'APPEND' to 'WRITE'.
+                </para></listitem>
+                </itemizedlist>
+                </listitem>
+
+                </varlistentry>
+                <varlistentry>
+
+                <term>gpfs:refuse_dacl_protected = [ yes | no ]</term>
+                <listitem>
+                <para>
+                As GPFS does not support the ACE4_FLAG_NO_PROPAGATE NFSv4 flag (which would be
+                the mapping for the DESC_DACL_PROTECTED flag), the status of this flag is
+                currently silently ignored by Samba. That means that if you deselect the "Allow
+                inheritable permissions..." checkbox in Windows' ACL dialog and then apply the
+                ACL, the flag will be back immediately.
+                </para>
+                <para>
+                To make sure that automatic migration with e.g. robocopy does not lead to
+                ACLs silently (and unintentionally) changed, you can set
+                <command>gpfs:refuse_dacl_protected = yes</command> to enable an explicit
+                check for this flag and if set, it will return NT_STATUS_NOT_SUPPORTED so
+                errors are shown up on the Windows side and the Administrator is aware of
+                the ACLs not being settable like intended
+                </para>
+
+                <itemizedlist>
+                <listitem><para>
+                <command>no(default)</command> - ignore the DESC_DACL_PROTECTED flags.
+                </para></listitem>
+                <listitem><para>
+                <command>yes</command> - reject ACLs with DESC_DACL_PROTECTED.
+                </para></listitem>
+                </itemizedlist>
+                </listitem>
+
+                </varlistentry>
+                <varlistentry>
+
                 <term>nfs4:mode = [ simple | special ]</term>
                 <listitem>
@@ -112 +273 @@
                 <listitem><para><command>yes</command> - Enable chown if as supported by the under filesystem</para></listitem>
                 <listitem><para><command>no (default)</command> - Disable chown</para></listitem>
+                </itemizedlist>
+                </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                <term>gpfs:syncio = [yes|no]</term>
+                <listitem>
+                <para>This parameter makes Samba open all files with O_SYNC.
+                  This triggers optimizations in GPFS for workloads that
+                  heavily share files.</para>
+
+                <para>Following is the behaviour of Samba for different
+                  values:
+                </para>
+                <itemizedlist>
+                <listitem><para><command>yes</command>Open files with O_SYNC
+                </para></listitem>
+                <listitem><para><command>no (default)</command>Open files as
+                    normal Samba would do
+                </para></listitem>
                 </itemizedlist>
                 </listitem>
@@ -135 +316 @@
 <refsect1>
         <title>CAVEATS</title>
-        <para>The gpfs gpl libraries are required by <command>gpfs</command> VFS
-        module during both compilation and runtime.
-        Also this VFS module is tested to work on SLES 9/10 and RHEL 4.4
+        <para>
+        Depending on the version of gpfs, the <command>libgpfs_gpl</command>
+        library or the <command>libgpfs</command> library is needed at
+        runtime by the <command>gpfs</command> VFS module:
+        Starting with gpfs 3.2.1 PTF8, the complete <command>libgpfs</command>
+        is available as open source and <command>libgpfs_gpl</command> does no
+        longer exist. With earlier versions of gpfs, only the
+        <command>libgpfs_gpl</command> library was open source and could be
+        used at run time.
+        </para>
+        <para>
+        At build time, only the header file <command>gpfs_gpl.h</command>
+        is required , which is a symlink to <command>gpfs.h</command> in
+        gpfs versions newer than 3.2.1 PTF8.
         </para>
 </refsect1>

vendor/current/docs-xml/manpages-3/vfs_netatalk.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_notify_fam.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_prealloc.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_preopen.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_readahead.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_readonly.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_recycle.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_scannedonly.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -226 +226 @@
         <title>VERSION</title>
 
-        <para>This man page is correct for version 3.5.0 of the Samba suite.
+        <para>This man page is correct for version 3.6.0 of the Samba suite.
         </para>
 </refsect1>

vendor/current/docs-xml/manpages-3/vfs_shadow_copy.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_shadow_copy2.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -108 +108 @@
 
                 <varlistentry>
+                <term>shadow:sort = asc/desc, or not specified for unsorted (default)
+                </term>
+                <listitem>
+                <para>By this parameter one can specify that the shadow
+                copy directories should be sorted before they are sent to the
+                client.  This can be beneficial as unix filesystems are usually
+                not listed alphabetically sorted. If enabled, you typically
+                want to specify descending order.
+                </para>
+                </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                <term>shadow:localtime = yes/no
+                </term>
+                <listitem>
+                <para>This is an optional parameter that indicates whether the
+                snapshot names are in UTC/GMT or in local time. By default
+                UTC is expected.
+                </para>
+                </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                <term>shadow:format = format specification for snapshot names
+                </term>
+                <listitem>
+                <para>This is an optional parameter that specifies the format
+                specification for the naming of snapshots.  The format must
+                be compatible with the conversion specifications recognized
+                by str[fp]time.  The default value is "@GMT-%Y.%m.%d-%H.%M.%S".
+                </para>
+                </listitem>
+                </varlistentry>
+
+                <varlistentry>
                 <term>shadow:fixinodes = yes/no
                 </term>
@@ -134 +170 @@
         <smbconfoption name="shadow:snapdir">/data/snaphots</smbconfoption>
         <smbconfoption name="shadow:basedir">/data/home</smbconfoption>
+        <smbconfoption name="shadow:sort">desc</smbconfoption>
 </programlisting>
 

vendor/current/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -32 +32 @@
 
         <para>The <command>vfs_smb_traffic_analyzer</command> VFS module logs
-        client write and read operations on a Samba server and sends this data
-        over a socket to a helper program, which feeds a SQL database. More
+        client file operations on a Samba server and sends this data
+        over a socket to a helper program (in the following the "Receiver"),
+        which feeds a SQL database. More
         information on the helper programs can be obtained from the
         homepage of the project at:
         http://holger123.wordpress.com/smb-traffic-analyzer/
-        </para>
-        <para><command>vfs_smb_traffic_analyzer</command> currently is aware
-        of the following VFS operations:</para>
+        Since the VFS module depends on a receiver that is doing something with
+        the data, it is evolving in it's development. Therefore, the module
+        works with different protocol versions, and the receiver has to be able
+        to decode the protocol that is used. The protocol version 1 was
+        introduced to Samba at September 25, 2008. It was a very simple
+        protocol, supporting only a small list of VFS operations, and had
+        several drawbacks. The protocol version 2 is a try to solve the
+        problems version 1 had while at the same time adding new features.
+        With the release of Samba 3.6.0, the module will run protocol version 2
+        by default.
+        </para>
+</refsect1>
+
+<refsect1>
+        <title>Protocol version 1 documentation</title>
+        <para><command>vfs_smb_traffic_analyzer</command> protocol version 1 is aware
+                of the following VFS operations:</para>
 
         <simplelist>
@@ -65 +80 @@
         <listitem><para><command>FILENAME</command> - the name of the file that was used by the VFS operation</para></listitem>
         <listitem><para><command>TIMESTAMP</command> - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occured</para></listitem>
+        <listitem><para><command>IP</command> - The IP Address (v4 or v6) of the client machine that initiated the VFS operation.</para></listitem>
         </itemizedlist>
 
@@ -73 +89 @@
 </refsect1>
 
-
-<refsect1>
-        <title>OPTIONS</title>
+<refsect1>
+        <title>Drawbacks of protocol version 1</title>
+        <para>Several drawbacks have been seen with protocol version 1 over time.</para>
+        <itemizedlist>
+        <listitem>
+                <para>
+                        <command>Problematic parsing - </command>
+                        Protocol version 1 uses hyphen and comma to seperate blocks of data. Once there is a
+                        filename with a hyphen, you will run into problems because the receiver decodes the
+                        data in a wrong way.
+                </para>
+        </listitem>
+        <listitem>
+                <para>
+                        <command>Insecure network transfer - </command>
+                        Protocol version 1 sends all it's data as plaintext over the network.
+                </para>
+        </listitem>
+        <listitem>
+                <para>
+                        <command>Limited set of supported VFS operations - </command>
+                        Protocol version 1 supports only four VFS operations.
+                </para>
+        </listitem>
+        <listitem>
+                <para>
+                        <command>No subreleases of the protocol - </command>
+                        Protocol version 1 is fixed on it's version, making it unable to introduce new
+                        features or bugfixes through compatible sub-releases.
+                </para>
+        </listitem>
+        </itemizedlist>
+</refsect1>
+<refsect1>
+        <title>Version 2 of the protocol</title>
+        <para>Protocol version 2 is an approach to solve the problems introduced with protcol v1.
+        From the users perspective, the following changes are most prominent among other enhancements:
+        </para>
+        <itemizedlist>
+                <listitem>
+                <para>
+                The data from the module may be send encrypted, with a key stored in secrets.tdb. The
+                Receiver then has to use the same key. The module does AES block encryption over the
+                data to send.
+                </para>
+                </listitem>
+                <listitem>
+                <para>
+                The module now can identify itself against the receiver with a sub-release number, where
+                the receiver may run with a different sub-release number than the module. However, as
+                long as both run on the V2.x protocol, the receiver will not crash, even if the module
+                uses features only implemented in the newer subrelease. If the module uses
+                a new feature from a newer subrelease, and the receiver runs an older protocol, it is just
+                ignoring the functionality. Of course it is best to have both the receiver and the module
+                running the same subrelease of the protocol.
+                </para>
+                </listitem>
+                <listitem>
+                <para>
+                The parsing problems of protocol V1 can no longer happen, because V2 is marshalling the
+                data packages in a proper way.
+                </para>
+                </listitem>
+                <listitem>
+                <para>
+                The module now potientially has the ability to create data on every VFS function. As of
+                protocol V2.0, there is support for 8 VFS functions, namely write,read,pread,pwrite,
+                rename,chdir,mkdir and rmdir. Supporting more VFS functions is one of the targets for the
+                upcoming sub-releases.
+                </para>
+                </listitem>
+        </itemizedlist>
+        <para>
+                To enable protocol V2, the protocol_version vfs option has to be used (see OPTIONS).
+        </para>
+                
+</refsect1>             
+
+<refsect1>
+        <title>OPTIONS with protocol V1 and V2.x</title>
 
         <variablelist>
@@ -112 +205 @@
                 <listitem>
                 <para>The module will replace the user names with a prefix
-                given by STRING and a simple hash number.
+                given by STRING and a simple hash number. In version 2.x
+                of the protocol, the users SID will also be anonymized.
                 </para>
 
@@ -126 +220 @@
                 an additional hash number. This means that any transfer data
                 will be mapped to a single user, leading to a total 
-                anonymization of user related data.</para>
+                anonymization of user related data. In version 2.x of the
+                protocol, the users SID will also be anonymized.</para>
+                </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                <term>smb_traffic_analyzer:protocol_version = STRING</term>
+                <listitem>
+                <para>If STRING matches to V1, the module will use version 1 of the
+                protocol. If STRING is not given, the module will use version 2 of the
+                protocol, which is the default.
+                </para>
                 </listitem>
                 </varlistentry>
@@ -135 +240 @@
 <refsect1>
         <title>EXAMPLES</title>
+        <para>Running protocol V2 on share "example_share", using an internet socket.</para>
+        <programlisting>
+        <smbconfsection name="[example_share]"/>
+        <smbconfoption name="path">/data/example</smbconfoption>
+        <smbconfoption name="vfs_objects">smb_traffic_analyzer</smbconfoption>
+        <smbconfoption name="smb_traffic_analyzer:host">examplehost</smbconfoption>
+        <smbconfoption name="smb_traffic_analyzer:port">3491</smbconfoption>
+        </programlisting>
 
         <para>The module running on share "example_share", using a unix domain socket</para>
@@ -184 +297 @@
         helper tools were created by Holger Hetterich.</para>
 </refsect1>
-
 </refentry>

vendor/current/docs-xml/manpages-3/vfs_streams_depot.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_streams_xattr.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfs_xattr_tdb.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/vfstest.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/wbinfo.1.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">User Commands</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -51 +51 @@
                 <arg choice="opt">-r user</arg>
                 <arg choide="opt">-R|--lookup-rids</arg>
-                <arg choice="opt">--remove-uid-mapping uid,sid</arg>
-                <arg choice="opt">--remove-gid-mapping gid,sid</arg>
                 <arg choice="opt">-s sid</arg>
                 <arg choice="opt">--separator</arg>
-                <arg choice="opt">--sequence</arg>
                 <arg choice="opt">--set-auth-user user%password</arg>
-                <arg choice="opt">--set-uid-mapping uid,sid</arg>
-                <arg choice="opt">--set-gid-mapping gid,sid</arg>
                 <arg choice="opt">-S sid</arg>
                 <arg choide="opt">--sid-aliases</arg>
@@ -152 +147 @@
                 the current domain to which <citerefentry><refentrytitle>winbindd</refentrytitle>
                 <manvolnum>8</manvolnum></citerefentry> belongs.  Currently only the
-                <option>--sequence</option>,
                 <option>-u</option>, and <option>-g</option> options honor this parameter.
                 </para></listitem>
@@ -312 +306 @@
 
                 <varlistentry>
+                <term>-P|--ping-dc</term>
+                <listitem><para>Issue a no-effect command to our DC. This
+                    checks if our secure channel connection to our domain
+                    controller is still alive. It has much less impact than
+                    wbinfo -t.
+                </para></listitem>
+                </varlistentry>
+
+                <varlistentry>
                 <term>-r|--user-groups <replaceable>username</replaceable></term>
                 <listitem><para>Try to obtain the list of UNIX group ids
@@ -338 +341 @@
                 <term>--separator</term>
                 <listitem><para>Get the active winbind separator.
-                </para></listitem>
-
-                </varlistentry>
-                <varlistentry>
-                <term>--sequence</term>
-                <listitem><para>Show sequence numbers of all known domains.
                 </para></listitem>
                 </varlistentry>
@@ -427 +424 @@
                 <listitem><para>Try to convert a UNIX user id to a Windows NT
                 SID.  If the uid specified does not refer to one within
-                the idmap uid range then the operation will fail. </para></listitem>
+                the idmap range then the operation will fail. </para></listitem>
                 </varlistentry>
 
@@ -445 +442 @@
                 </varlistentry>
 
-                <varlistentry>
-                <term>--remove-uid-mapping uid,sid</term>
-                <listitem><para>Remove an existing uid to sid mapping
-                entry from the IDmap backend.</para></listitem>
-                </varlistentry>
-
-                <varlistentry>
-                <term>--remove-gid-mapping gid,sid</term>
-                <listitem><para>Remove an existing gid to sid
-                mapping entry from the IDmap backend.</para></listitem>
-                </varlistentry>
-
-                <varlistentry>
-                <term>--set-uid-mapping uid,sid</term>
-                <listitem><para>Create a new or modify an existing uid to sid
-                mapping in the IDmap backend.</para></listitem>
-                </varlistentry>
-
-                <varlistentry>
-                <term>--set-gid-mapping gid,sid</term>
-                <listitem><para>Create a new or modify an existing gid to sid
-                mapping in the IDmap backend.</para></listitem>
-                </varlistentry>
-
                 &stdarg.version;
                 &stdarg.help;

vendor/current/docs-xml/manpages-3/winbind_krb5_locator.7.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">7</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 

vendor/current/docs-xml/manpages-3/winbindd.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -46 +46 @@
         service to <command>smbd</command>, <command>ntlm_auth</command>
         and the <command>pam_winbind.so</command> PAM module, by managing connections to
-        domain controllers.  In this configuraiton the
-        <smbconfoption name="idmap uid"/> and
-        <smbconfoption name="idmap gid"/>
-        parameters are not required. (This is known as `netlogon proxy only mode'.)</para>
+        domain controllers.  In this configuration the
+        <smbconfoption name="idmap config * : range"/>
+        parameter is not required. (This is known as `netlogon proxy only mode'.)</para>
 
         <para> The Name Service Switch allows user
@@ -247 +246 @@
                 <smbconfoption name="winbind separator"/></para></listitem>
                 <listitem><para>
-                <smbconfoption name="idmap uid"/></para></listitem>
-                <listitem><para>
-                <smbconfoption name="idmap gid"/></para></listitem>
-                <listitem><para>
-                <smbconfoption name="idmap backend"/></para></listitem>
+                <smbconfoption name="idmap config * : range"/></para></listitem>
+                <listitem><para>
+                <smbconfoption name="idmap config * : backend"/></para></listitem>
                 <listitem><para>
                 <smbconfoption name="winbind cache time"/></para></listitem>
@@ -341 +338 @@
         template shell = /bin/bash
         template homedir = /home/%D/%U
-        idmap uid = 10000-20000
-        idmap gid = 10000-20000
+        idmap config * : range = 10000-20000
         workgroup = DOMAIN
         security = domain
@@ -375 +371 @@
         then in general the user and groups ids allocated by winbindd will not
         be the same.  The user and group ids will only be valid for the local
-        machine, unless a shared <smbconfoption name="idmap backend"/> is configured.</para>
+        machine, unless a shared <smbconfoption name="idmap config * : backend"/> is configured.</para>
 
         <para>If the the Windows NT SID to UNIX user and group id mapping

vendor/current/docs-xml/smbdotconf/locking/posixlocking.xml

@@ -9 +9 @@
         to map this internal database to POSIX locks. This means that file locks obtained by SMB clients are 
         consistent with those seen by POSIX compliant applications accessing the files via a non-SMB 
-        method (e.g. NFS or local file access). You should never need to disable this parameter.
+        method (e.g. NFS or local file access). It is very unlikely that you need to set this parameter
+        to "no", unless you are sharing from an NFS mount, which is not a good idea in the first place.
         </para>
 </description>

vendor/current/docs-xml/smbdotconf/logon/enableprivileges.xml

@@ -6 +6 @@
 <description>
         <para>
-        This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
+        This deprecated parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
          <command>net rpc rights</command> or one of the Windows user and group manager tools.  This parameter is
         enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to

vendor/current/docs-xml/smbdotconf/misc/timeoffset.xml

@@ -5 +5 @@
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
-        <para>This parameter is a setting in minutes to add 
+        <para>This deprecated parameter is a setting in minutes to add
         to the normal GMT to local time conversion. This is useful if 
         you are serving a lot of PCs that have incorrect daylight 
         saving time handling.</para>
+
+        <note><para>This option is deprecated, and will be removed in the next major release</para></note>
 </description>
 

vendor/current/docs-xml/smbdotconf/printing/addportcommand.xml

@@ -16 +16 @@
     </itemizedlist>
                 
-    <para>The deviceURI is in the for of socket://&lt;hostname&gt;[:&lt;portnumber&gt;]
+    <para>The deviceURI is in the format of socket://&lt;hostname&gt;[:&lt;portnumber&gt;]
         or lpd://&lt;hostname&gt;/&lt;queuename&gt;.</para>
 </description>

vendor/current/docs-xml/smbdotconf/printing/printcapcachetime.xml

@@ -6 +6 @@
 <description>
     <para>This option specifies the number of seconds before the printing
-    subsystem is again asked for the known printers.  If the value
-    is greater than 60 the initial waiting time is set to 60 seconds
-    to allow an earlier first rescan of the printing subsystem.
+    subsystem is again asked for the known printers.
     </para>
 

vendor/current/docs-xml/smbdotconf/protocol/usespnego.xml

@@ -5 +5 @@
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
-    <para>This variable controls controls whether samba will try 
+    <para>This deprecated variable controls controls whether samba will try
     to use Simple and Protected NEGOciation (as specified by rfc2478) with 
     WindowsXP and Windows2000 clients to agree upon an authentication mechanism. 

vendor/current/docs-xml/smbdotconf/security/clientntlmv2auth.xml

@@ -11 +11 @@
 
     <para>If enabled, only an NTLMv2 and LMv2 response (both much more
-    secure than earlier versions) will be sent.  Many servers
+    secure than earlier versions) will be sent.  Older servers
     (including NT4 &lt; SP4, Win9x and Samba 2.2) are not compatible with
-    NTLMv2.  </para>
+    NTLMv2 when not in an NTLMv2 supporting domain</para>
 
     <para>Similarly, if enabled, NTLMv1, <command
@@ -25 +25 @@
     moreinfo="none">client lanman auth</command>.  </para>
 
-    <para>Note that some sites (particularly
-    those following 'best practice' security polices) only allow NTLMv2
-        responses, and not the weaker LM or NTLM.</para>
+    <para>Note that Windows Vista and later versions already use
+    NTLMv2 by default, and some sites (particularly those following
+    'best practice' security polices) only allow NTLMv2 responses, and
+    not the weaker LM or NTLM.</para>
 </description>
-<value type="default">no</value>
+<value type="default">yes</value>
 </samba:parameter>

vendor/current/docs-xml/smbdotconf/security/guestok.xml

@@ -10 +10 @@
     Privileges will be those of the <smbconfoption name="guest account"/>.</para>
 
-    <para>This paramater nullifies the benifits of setting
+    <para>This parameter nullifies the benefits of setting
     <smbconfoption name="restrict anonymous">2</smbconfoption>
         </para>

vendor/current/docs-xml/smbdotconf/security/passwordlevel.xml

@@ -14 +14 @@
     negotiation request/response.</para>
 
-    <para>This parameter defines the maximum number of characters 
+    <para>This deprecated parameter defines the maximum number of characters
     that may be upper case in passwords.</para>
 

vendor/current/docs-xml/smbdotconf/security/passwordserver.xml

@@ -11 +11 @@
     to do all its username/password validation using a specific remote server.</para>
 
-    <para>This option sets the name or IP address of the password server to use. 
-    New syntax has been added to support defining the port to use when connecting 
-    to the server the case of an ADS realm.  To define a port other than the
-    default LDAP port of 389, add the port number using a colon after the 
-    name or IP address (e.g. 192.168.1.100:389).  If you do not specify a port,
-    Samba will use the standard LDAP port of tcp/389.  Note that port numbers
-    have no effect on password servers for Windows NT 4.0 domains or netbios 
-    connections.</para>
+    <para>If the <parameter moreinfo="none">security</parameter> parameter is set to
+    <constant>domain</constant> or <constant>ads</constant>, then this option
+    <emphasis>should not</emphasis> be used, as the default '*' indicates to Samba
+    to determine the best DC to contact dynamically, just as all other hosts in an
+    AD domain do.  This allows the domain to be maintained without modification to
+    the smb.conf file.  The cryptograpic protection on the authenticated RPC calls
+    used to verify passwords ensures that this default is safe.</para>
 
-    <para>If parameter is a name, it is looked up using the 
-    parameter <smbconfoption name="name resolve order"/> and so may resolved
-    by any method and order described in that parameter.</para>
-
-    <para>The password server must be a machine capable of using 
-    the &quot;LM1.2X002&quot; or the &quot;NT LM 0.12&quot; protocol, and it must be in 
-    user level security mode.</para>
-
-    <note><para>Using a password server  means your UNIX box (running
-    Samba) is only as secure as your  password server. <emphasis>DO NOT
-    CHOOSE A PASSWORD SERVER THAT  YOU DON'T COMPLETELY TRUST</emphasis>.
-    </para></note>
-                
-    <para>Never point a Samba server at itself for password serving.
-    This will cause a loop and could lock up your Samba  server!</para>
-
-    <para>The name of the password server takes the standard 
-    substitutions, but probably the only useful one is <parameter moreinfo="none">%m
-    </parameter>, which means the Samba server will use the incoming 
-    client as the password server. If you use this then you better 
-    trust your clients, and you had better restrict them with hosts allow!</para>
-
-    <para>If the <parameter moreinfo="none">security</parameter> parameter is set to
-    <constant>domain</constant> or <constant>ads</constant>, then the list of machines in this 
-    option must be a list of Primary or Backup Domain controllers for the
-    Domain or the character '*', as the Samba server is effectively
-    in that domain, and will use cryptographically authenticated RPC calls
-    to authenticate the user logging on. The advantage of using <command moreinfo="none">
-    security = domain</command> is that if you list several hosts in the 
-    <parameter moreinfo="none">password server</parameter> option then <command moreinfo="none">smbd
-    </command> will try each in turn till it finds one that responds.  This
-    is useful in case your primary server goes down.</para>
-
-    <para>If the <parameter moreinfo="none">password server</parameter> option is set 
-    to the character '*', then Samba will attempt to auto-locate the 
-    Primary or Backup Domain controllers to authenticate against by 
-    doing a query for the name <constant>WORKGROUP&lt;1C&gt;</constant> 
-    and then contacting each server returned in the list of IP 
-    addresses from the name resolution source. </para>
+    <para><emphasis>It is strongly recommended that you use the
+    default of '*'</emphasis>, however if in your particular
+    environment you have reason to specify a particular DC list, then
+    the list of machines in this option must be a list of names or IP
+    addresses of Domain controllers for the Domain. If you use the
+    default of '*', or list several hosts in the <parameter
+    moreinfo="none">password server</parameter> option then <command
+    moreinfo="none">smbd </command> will try each in turn till it
+    finds one that responds.  This is useful in case your primary
+    server goes down.</para>
 
     <para>If the list of servers contains both names/IP's and the '*'
@@ -66 +36 @@
     this list by locating the closest DC.</para>
                 
+    <para>If parameter is a name, it is looked up using the
+    parameter <smbconfoption name="name resolve order"/> and so may resolved
+    by any method and order described in that parameter.</para>
+
     <para>If the <parameter moreinfo="none">security</parameter> parameter is 
-    set to <constant>server</constant>, then there are different
-    restrictions that <command moreinfo="none">security = domain</command> doesn't 
-    suffer from:</para>
+    set to <constant>server</constant>, these additional restrictions apply:</para>
 
     <itemizedlist>
@@ -83 +55 @@
             
         <listitem>
-            <para>If you are using a Windows NT server as your 
-            password server then you will have to ensure that your users 
+            <para>You will have to ensure that your users
             are able to login from the Samba server, as when in <command moreinfo="none">
             security = server</command>  mode the network logon will appear to 
-            come from there rather than from the users workstation.</para>
+            come from the Samba server rather than from the users workstation.</para>
         </listitem>
+
+        <listitem>
+            <para>The client must not select NTLMv2 authentication.</para>
+        </listitem>
+
+        <listitem>
+          <para>The password server must be a machine capable of using
+          the &quot;LM1.2X002&quot; or the &quot;NT LM 0.12&quot; protocol, and it must be in
+          user level security mode.</para>
+        </listitem>
+
+        <listitem>
+          <para>Using a password server  means your UNIX box (running
+          Samba) is only as secure as (a host masqurading as) your password server. <emphasis>DO NOT
+          CHOOSE A PASSWORD SERVER THAT  YOU DON'T COMPLETELY TRUST</emphasis>.
+          </para>
+        </listitem>
+
+        <listitem>
+          <para>Never point a Samba server at itself for password serving.
+          This will cause a loop and could lock up your Samba  server!</para>
+        </listitem>
+
+        <listitem>
+          <para>The name of the password server takes the standard
+          substitutions, but probably the only useful one is <parameter moreinfo="none">%m
+          </parameter>, which means the Samba server will use the incoming
+          client as the password server. If you use this then you better
+          trust your clients, and you had better restrict them with hosts allow!</para>
+        </listitem>
+
     </itemizedlist>
 </description>

vendor/current/docs-xml/smbdotconf/security/security.xml

@@ -23 +23 @@
     Windows NT.</para>
 
-    <para>The alternatives are <command moreinfo="none">security = share</command>,
-    <command moreinfo="none">security = server</command> or <command moreinfo="none">security = domain
-    </command>.</para>
+    <para>The alternatives are
+    <command moreinfo="none">security = ads</command> or <command moreinfo="none">security = domain
+    </command>, which support joining Samba to a Windows domain, along with <command moreinfo="none">security = share</command> and <command moreinfo="none">security = server</command>, both of which are deprecated.</para>
 
     <para>In versions of Samba prior to 2.0.0, the default was 
@@ -31 +31 @@
     the only option at one stage.</para>
 
-    <para>There is a bug in WfWg that has relevance to this 
-    setting. When in user or server level security a WfWg client 
-    will totally ignore the username and password you type in the &quot;connect 
-    drive&quot; dialog box. This makes it very difficult (if not impossible) 
-    to connect to a Samba service as anyone except the user that 
-    you are logged into WfWg as.</para>
-
-    <para>If your PCs use usernames that are the same as their 
-    usernames on the UNIX machine then you will want to use 
-    <command moreinfo="none">security = user</command>. If you mostly use usernames 
-    that don't exist on the UNIX box then use <command moreinfo="none">security = 
-    share</command>.</para>
-
-    <para>You should also use <command moreinfo="none">security = share</command> if you 
+    <para>You should use <command moreinfo="none">security = user</command> and
+    <smbconfoption name="map to guest"/> if you
     want to mainly setup shares without a password (guest shares). This 
-    is commonly used for a shared printer server. It is more difficult 
-    to setup guest shares with <command moreinfo="none">security = user</command>, see 
-    the <smbconfoption name="map to guest"/> parameter for details.</para>
+    is commonly used for a shared printer server. </para>
                 
     <para>It is possible to use <command moreinfo="none">smbd</command> in a <emphasis>
@@ -57 +43 @@
 
 
+    <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER</emphasis></para>
+
+    <para>This is the default security setting in Samba.
+    With user-level security a client must first &quot;log-on&quot; with a
+    valid username and password (which can be mapped using the <smbconfoption name="username map"/>
+    parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also
+    be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption
+        name="guest only"/> if set      are then applied and
+    may change the UNIX user to use on this connection, but only after
+    the user has been successfully authenticated.</para>
+
+    <para><emphasis>Note</emphasis> that the name of the resource being
+    requested is <emphasis>not</emphasis> sent to the server until after
+    the server has successfully authenticated the client. This is why
+    guest shares don't work in user level security without allowing
+    the server to automatically map unknown users into the <smbconfoption name="guest account"/>.
+    See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
+
+    <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
+
+    <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para>
+
+    <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle>
+    <manvolnum>8</manvolnum></citerefentry> has been used to add this
+    machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/>
+        parameter to be set to <constant>yes</constant>. In this
+    mode Samba will try to validate the username/password by passing
+    it to a Windows NT Primary or Backup Domain Controller, in exactly
+    the same way that a Windows NT Server would do.</para>
+
+    <para><emphasis>Note</emphasis> that a valid UNIX user must still
+    exist as well as the account on the Domain Controller to allow
+    Samba to have a valid UNIX account to map file access to.</para>
+
+    <para><emphasis>Note</emphasis> that from the client's point
+    of view <command moreinfo="none">security = domain</command> is the same
+    as <command moreinfo="none">security = user</command>. It only
+    affects how the server deals with the authentication,
+    it does not in any way affect what the client sees.</para>
+
+    <para><emphasis>Note</emphasis> that the name of the resource being
+    requested is <emphasis>not</emphasis> sent to the server until after
+    the server has successfully authenticated the client. This is why
+    guest shares don't work in user level security without allowing
+    the server to automatically map unknown users into the <smbconfoption name="guest account"/>.
+    See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
+
+    <para>See also the section <link linkend="VALIDATIONSECT">
+    NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
+
+    <para>See also the <smbconfoption name="password server"/> parameter and
+         the <smbconfoption name="encrypted passwords"/> parameter.</para>
+
     <para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE</emphasis></para> 
+
+    <note><para>This option is deprecated as it is incompatible with SMB2</para></note>
                 
     <para>When clients connect to a share level security server, they 
@@ -136 +177 @@
     NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
 
-    <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER</emphasis></para>
-
-    <para>This is the default security setting in Samba 3.0. 
-    With user-level security a client must first &quot;log-on&quot; with a 
-    valid username and password (which can be mapped using the <smbconfoption name="username map"/> 
-    parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also
-    be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption
-        name="guest only"/> if set      are then applied and 
-    may change the UNIX user to use on this connection, but only after 
-    the user has been successfully authenticated.</para>
-
-    <para><emphasis>Note</emphasis> that the name of the resource being 
-    requested is <emphasis>not</emphasis> sent to the server until after 
-    the server has successfully authenticated the client. This is why 
-    guest shares don't work in user level security without allowing 
-    the server to automatically map unknown users into the <smbconfoption name="guest account"/>. 
-    See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
-
-    <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
-
-    <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para>
-
-    <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle>
-    <manvolnum>8</manvolnum></citerefentry> has been used to add this
-    machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/>
-        parameter to be set to <constant>yes</constant>. In this 
-    mode Samba will try to validate the username/password by passing
-    it to a Windows NT Primary or Backup Domain Controller, in exactly 
-    the same way that a Windows NT Server would do.</para>
-
-    <para><emphasis>Note</emphasis> that a valid UNIX user must still 
-    exist as well as the account on the Domain Controller to allow 
-    Samba to have a valid UNIX account to map file access to.</para>
-
-    <para><emphasis>Note</emphasis> that from the client's point 
-    of view <command moreinfo="none">security = domain</command> is the same 
-    as <command moreinfo="none">security = user</command>. It only 
-    affects how the server deals with the authentication, 
-    it does not in any way affect what the client sees.</para>
-
-    <para><emphasis>Note</emphasis> that the name of the resource being 
-    requested is <emphasis>not</emphasis> sent to the server until after 
-    the server has successfully authenticated the client. This is why 
-    guest shares don't work in user level security without allowing 
-    the server to automatically map unknown users into the <smbconfoption name="guest account"/>. 
-    See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
-
-    <para>See also the section <link linkend="VALIDATIONSECT">
-    NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
-
-    <para>See also the <smbconfoption name="password server"/> parameter and
-         the <smbconfoption name="encrypted passwords"/> parameter.</para>
-
     <para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER</emphasis></para>
 
     <para>
-        In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an
+        In this depicted mode Samba will try to validate the username/password by passing it to another SMB server, such as an
         NT box. If this fails it will revert to <command moreinfo="none">security = user</command>. It expects the
         <smbconfoption name="encrypted passwords"/> parameter to be set to <constant>yes</constant>, unless the remote
@@ -204 +192 @@
     significant pitfalls since it is more vulnerable to
     man-in-the-middle attacks and server impersonation.  In particular,
-    this mode of operation can cause significant resource consuption on
+    this mode of operation can cause significant resource consumption on
     the PDC, as it must maintain an active connection for the duration
     of the user's session.  Furthermore, if this connection is lost,
-    there is no way to reestablish it, and futher authentications to the
+    there is no way to reestablish it, and further authentications to the
     Samba server may fail (from a single client, till it disconnects).
+        </para></note>
+
+        <note><para>If the client selects NTLMv2 authentication, then this mode of operation <emphasis>will fail</emphasis>
         </para></note>
 
@@ -216 +207 @@
     only affects how the server deals  with the authentication, it does
         not in any way affect what the  client sees.</para></note>
+
+    <note><para>This option is deprecated, and may be removed in future</para></note>
 
     <para><emphasis>Note</emphasis> that the name of the resource being 

vendor/current/docs-xml/smbdotconf/security/username.xml

@@ -10 +10 @@
     each username in turn (left to right).</para>
 
-    <para>The <parameter moreinfo="none">username</parameter> line is needed only when 
+    <para>The deprecated <parameter moreinfo="none">username</parameter> line is needed only when
     the PC is unable to supply its own username. This is the case 
     for the COREPLUS protocol or where your users have different WfWg 

vendor/current/docs-xml/smbdotconf/tuning/strictallocate.xml

@@ -10 +10 @@
     of actually forcing the disk system to allocate real storage blocks
     when a file is created or extended to be a given size. In UNIX
-    terminology this means that Samba will stop creating sparse files.
-    This can be slow on some systems. When you work with large files like
-    >100MB or so you may even run into problems with clients running into
-    timeouts.</para>
+    terminology this means that Samba will stop creating sparse files.</para>
+
+    <para>This option is really desgined for file systems that support
+    fast allocation of large numbers of blocks such as extent-based file systems.
+    On file systems that don't support extents (most notably ext3) this can
+    make Samba slower. When you work with large files over >100MB on file
+    systems without extents you may even run into problems with clients
+    running into timeouts.</para>
 
     <para>When you have an extent based filesystem it's likely that we can make

vendor/current/docs-xml/smbdotconf/winbind/idmapbackend.xml

@@ -12 +12 @@
         <para>
         This option specifies the default backend that is used when no special
-        configuration set by <smbconfoption name="idmap config"/> matches the
-        specific request.
-        </para>
-
-        <para>
-        This default backend also specifies the place where winbind-generated
-        idmap entries will be stored. So it is highly recommended that you
-        specify a writable backend like <citerefentry>
-        <refentrytitle>idmap_tdb</refentrytitle> <manvolnum>8</manvolnum>
-        </citerefentry> or <citerefentry>
-        <refentrytitle>idmap_ldap</refentrytitle> <manvolnum>8</manvolnum>
-        </citerefentry> as the idmap backend. The <citerefentry>
-        <refentrytitle>idmap_rid</refentrytitle> <manvolnum>8</manvolnum>
-        </citerefentry> and <citerefentry>
-        <refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum>
-        </citerefentry> backends are not writable and thus will generate
-        unexpected results if set as idmap backend.
-        </para>
-
-        <para>
-        To use the rid and ad backends, please specify them via the
-        <smbconfoption name="idmap config"/> parameter, possibly also for the
-        domain your machine is member of, specified by <smbconfoption
-        name="workgroup"/>.
-        </para>
-
-        <para>Examples of SID/uid/gid backends include tdb (<citerefentry>
-        <refentrytitle>idmap_tdb</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
-        ldap (<citerefentry><refentrytitle>idmap_ldap</refentrytitle>
-        <manvolnum>8</manvolnum></citerefentry>), rid (<citerefentry>
-        <refentrytitle>idmap_rid</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
-        and ad (<citerefentry><refentrytitle>idmap_ad</refentrytitle>
-        <manvolnum>8</manvolnum></citerefentry>).
+        configuration set, but it is now deprecated in favour of the new
+        spelling <smbconfoption name="idmap config * :  backend"/>.
         </para>
 </description>

vendor/current/docs-xml/smbdotconf/winbind/idmapconfig.xml

@@ -7 +7 @@
 
         <para>
-        The idmap config prefix provides a means of managing each trusted
-        domain separately. The idmap config prefix should be followed by the
-        name of the domain, a colon, and a setting specific to the chosen
-        backend. There are three options available for all domains:
+        ID mapping in Samba is the mapping between Windows SIDs and Unix user
+        and group IDs. This is performed by Winbindd with a configurable plugin
+        interface. Samba's ID mapping is configured by options starting with the
+        <smbconfoption name="idmap config"/> prefix.
+        An idmap option consists of the <smbconfoption name="idmap config"/>
+        prefix, followed by a domain name or the asterisk character (*),
+        a colon, and the name of an idmap setting for the chosen domain.
         </para>
 
-        <variablelist>  
+        <para>
+        The idmap configuration is hence divided into groups, one group
+        for each domain to be configured, and one group with the the
+        asterisk instead of a proper domain name, which speifies the
+        default configuration that is used to catch all domains that do
+        not have an explicit idmap configuration of their own.
+        </para>
+
+        <para>
+        There are three general options available:
+        </para>
+
+        <variablelist>
                 <varlistentry>
                 <term>backend = backend_name</term>
                 <listitem><para>
-                        Specifies the name of the idmap plugin to use as the 
-                        SID/uid/gid backend for this domain.
+                This specifies the name of the idmap plugin to use as the
+                SID/uid/gid backend for this domain. The standard backends are
+                tdb
+                (<citerefentry><refentrytitle>idmap_tdb</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>),
+                tdb2
+                (<citerefentry><refentrytitle>idmap_tdb2</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+                ldap
+                (<citerefentry><refentrytitle>idmap_ldap</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+                ,
+                rid
+                (<citerefentry><refentrytitle>idmap_rid</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+                ,
+                hash
+                (<citerefentry><refentrytitle>idmap_hash</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+                ,
+                autorid
+                (<citerefentry><refentrytitle>idmap_autorid</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+                ,
+                ad
+                (<citerefentry><refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+                ,
+                adex
+                (<citerefentry><refentrytitle>idmap_adex</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+                ,
+                and nss.
+                (<citerefentry><refentrytitle>idmap_nss</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+                The corresponding manual pages contain the details, but
+                here is a summary.
+                </para>
+                <para>
+                The first three of these create mappings of their own using
+                internal unixid counters and store the mappings in a database.
+                These are suitable for use in the default idmap configuration.
+                The rid and hash backends use a pure algorithmic calculation
+                to determine the unixid for a SID. The autorid module is a
+                mixture of the tdb and rid backend. It creates ranges for
+                each domain encountered and then uses the rid algorithm for each
+                of these automatically configured domains individually.
+                The ad and adex
+                backends both use unix IDs stored in Active Directory via
+                the standard schema extensions. The nss backend reverses
+                the standard winbindd setup and gets the unixids via names
+                from nsswitch which can be useful in an ldap setup.
                 </para></listitem>
                 </varlistentry>
@@ -24 +80 @@
                 <varlistentry>
                 <term>range = low - high</term>
-                <listitem><para>
+                <listitem><para>
                 Defines the available matching uid and gid range for which the
-                backend is authoritative.  Note that the range commonly
-                matches the allocation range due to the fact that the same
-                backend will store and retrieve SID/uid/gid mapping entries.
-                </para>
+                backend is authoritative. For allocating backends, this also
+                defines the start and the end of the range for allocating
+                new unid IDs.
+                </para>
                 <para>
                 winbind uses this parameter to find the backend that is
-                authoritative for a unix ID to SID mapping, so it must be set
-                for each individually configured domain, and it must be
-                disjoint from the ranges set via <smbconfoption name="idmap
-                uid"/> and <smbconfoption name="idmap gid"/>.
+                authoritative for a unix ID to SID mapping, so it must be set
+                for each individually configured domain and for the default
+                configuration. The configured ranges must be mutually disjoint.
                 </para></listitem>
+                </varlistentry>
 
+                <varlistentry>
+                <term>read only = yes|no</term>
+                <listitem><para>
+                This option can be used to turn the writing backends
+                tdb, tdb2, and ldap into read only mode. This can be useful
+                e.g. in cases where a pre-filled database exists that should
+                not be extended automatically.
+                </para></listitem>
                 </varlistentry>
         </variablelist>
@@ -44 +108 @@
         The following example illustrates how to configure the <citerefentry>
         <refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum>
-        </citerefentry> for the CORP domain and the
+        </citerefentry> backend for the CORP domain and the
         <citerefentry><refentrytitle>idmap_tdb</refentrytitle>
         <manvolnum>8</manvolnum></citerefentry> backend for all other
@@ -54 +118 @@
 
         <programlisting>
-        idmap backend = tdb
-        idmap uid = 1000000-1999999
-        idmap gid = 1000000-1999999
+        idmap config * : backend = tdb
+        idmap config * : range = 1000000-1999999
 
         idmap config CORP : backend  = ad

vendor/current/docs-xml/smbdotconf/winbind/idmapgid.xml

@@ -6 +6 @@
                 <synonym>winbind gid</synonym>
 <description>
-        <para>The idmap gid parameter specifies the range of group ids 
-        that are allocated for the purpose of mapping UNX groups to NT group 
-        SIDs. This range of group ids should have no 
-        existing local or NIS groups within it as strange conflicts can 
-        occur otherwise.</para>
-
-        <para>See also the <smbconfoption name="idmap backend"/>, and
-        <smbconfoption name="idmap config"/> options.
+        <para>
+        The idmap gid parameter specifies the range of group ids
+        for the default idmap configuration. It is now deprecated
+        in favour of <smbconfoption name="idmap config * : range"/>.
         </para>
 
+        <para>See the <smbconfoption name="idmap config"/> option.</para>
 </description>
 

vendor/current/docs-xml/smbdotconf/winbind/idmapuid.xml

@@ -7 +7 @@
 <description>
         <para>
-        The idmap uid parameter specifies the range of user ids that are 
-        allocated for use in mapping UNIX users to NT user SIDs. This 
-        range of ids should have no existing local
-        or NIS users within it as strange conflicts can occur otherwise.</para>
+        The idmap uid parameter specifies the range of user ids for
+        the default idmap configuration. It is now deprecated in favour
+        of <smbconfoption name="idmap config * : range"/>.
+        </para>
 
-        <para>See also the <smbconfoption name="idmap backend"/> and
-        <smbconfoption name="idmap config"/> options.
-        </para>
+        <para>See the <smbconfoption name="idmap config"/> option.</para>
 </description>
 

vendor/current/docs-xml/smbdotconf/winbind/winbindusedefaultdomain.xml

@@ -10 +10 @@
         without domain component in their username. Users without a domain
         component are treated as is part of the winbindd server's own
-        domain. While this does not benifit Windows users, it makes SSH, FTP and
+        domain. While this does not benefit Windows users, it makes SSH, FTP and
         e-mail function in a way much closer to the way they
         would in a native unix system.</para>
+        <para>This option should be avoided if possible. It can cause confusion
+        about responsibilities for a user or group. In many situations it is
+        not clear whether winbind or /etc/passwd should be seen as authoritative
+        for a user, likewise for groups.</para>
 </description>
 

vendor/current/docs-xml/using_samba/appc.xml

@@ -2729 +2729 @@
 </refentry>
 
-<refentry id="appc-refentry-194">
-<refmeta>
-<refmiscinfo class="allowable values">YES, NO</refmiscinfo>
-<refmiscinfo class="default">NO</refmiscinfo>
-</refmeta>
-<refnamediv>
-<refname>update encrypted = boolean</refname>
-</refnamediv>
-<refsynopsisdiv>
-<para>Updates the Microsoft-format password file when a user logs in with unencrypted passwords. Provided to ease conversion to encryped passwords for Windows 95/98 and NT. Added in Samba 1.9.18p5.</para>
-
-</refsynopsisdiv>
-</refentry>
-
 <refentry id="appc-refentry-195">
 <refmeta>

vendor/current/docs-xml/using_samba/ch06.xml

@@ -1593 +1593 @@
 <row>
 
-<entry colname="col1"><para><literal>update encrypted</literal></para></entry>
-
-<entry colname="col2"><para>boolean</para></entry>
-
-<entry colname="col3"><para>If <literal>yes</literal>, Samba updates the encrypted password file when a client connects to a share with a plaintext password.</para></entry>
-
-<entry colname="col4"><para><literal>no</literal></para></entry>
-
-<entry colname="col5"><para>Global</para></entry>
-
-</row>
-
-<row>
-
 <entry colname="col1"><para><literal>null passwords</literal></para></entry>
 
@@ -1770 +1756 @@
 
 <sect3 role="" label="6.4.4.7" id="ch06-SECT-4.3.7">
-<indexterm id="ch06-idx-969481-0"><primary>pdate encrypted option</primary></indexterm>
-<title>update encrypted</title>
-
-
-<para>For sites switching over to the <indexterm id="ch06-idx-967799-0"><primary>encrypted passwords</primary><secondary>Microsoft format</secondary></indexterm>encrypted password format, Samba provides an option that should help with the transition. The <literal>update</literal> <literal>encrypted</literal> option allows a site to ease into using encrypted passwords from plaintext passwords. You can activate this option as follows:</para>
-
-
-<programlisting>[global]
-    update encrypted = yes</programlisting>
-
-
-<para>This instructs Samba to create an encrypted version of each user's Unix password in the <filename>smbpasswd</filename> file each time he or she connects to a share. When this option is enabled, you must have the <literal>encrypt</literal> <literal>passwords</literal> option set to <literal>no</literal> so that the client will pass plaintext passwords to Samba to use to update the files. Once each user has connected at least once, you can set <literal>encrypted</literal> <literal>passwords</literal> <literal>=</literal> <literal>yes</literal>, allowing you to use only the encrypted passwords. The user must already have a valid entry in the <filename>smbpasswd</filename> file for this option to work.</para>
-</sect3>
-
-
-
-<sect3 role="" label="6.4.4.8" id="ch06-SECT-4.3.8">
 <title>null passwords</title>
 
@@ -1802 +1771 @@
 
 
-<sect3 role="" label="6.4.4.9" id="ch06-SECT-4.3.9">
+<sect3 role="" label="6.4.4.8" id="ch06-SECT-4.3.8">
 <indexterm id="ch06-idx-969483-0"><primary>smb passwd file option</primary></indexterm>
 <title>
@@ -1821 +1790 @@
 
 
-<sect3 role="" label="6.4.4.10" id="ch06-SECT-4.3.10">
+<sect3 role="" label="6.4.4.9" id="ch06-SECT-4.3.9">
 <indexterm id="ch06-idx-969486-0"><primary>hosts equiv option</primary></indexterm>
 <title>
@@ -1839 +1808 @@
 
 
-<sect3 role="" label="6.4.4.11" id="ch06-SECT-4.3.11">
+<sect3 role="" label="6.4.4.10" id="ch06-SECT-4.3.10">
 <indexterm id="ch06-idx-969487-0"><primary>use rhosts option</primary></indexterm>
 <title>

vendor/current/docs-xml/xslt/man.xsl

@@ -27 +27 @@
   <xsl:if test="$content = ''">
     <xsl:apply-templates mode="italic" select="@url" />
-  </xsl:if>
-</xsl:template>
-
-<xsl:template match="itemizedlist/listitem">
-  <!-- * We output a real bullet here (rather than, "\(bu", -->
-  <!-- * the roff bullet) because, when we do character-map -->
-  <!-- * processing before final output, the character-map will -->
-  <!-- * handle conversion of the &#x2022; to "\(bu" for us -->
-  <xsl:text>&#10;</xsl:text>
-  <xsl:text>.sp</xsl:text>
-  <xsl:text>&#10;</xsl:text>
-  <xsl:text>.RS</xsl:text>
-  <xsl:if test="not($list-indent = '')">
-    <xsl:text> </xsl:text>
-    <xsl:value-of select="$list-indent"/>
-  </xsl:if>
-  <xsl:text>&#10;</xsl:text>
-  <!-- * if "n" then we are using "nroff", which means the output is for -->
-  <!-- * TTY; so we do some fixed-width-font hackery with \h to make a -->
-  <!-- * hanging indent (instead of using .IP, which has some -->
-  <!-- * undesirable side effects under certain circumstances) -->
-  <xsl:call-template name="roff-if-else-start"/>
-  <xsl:text>\h'-</xsl:text>
-  <xsl:choose>
-    <xsl:when test="not($list-indent = '')">
-      <xsl:text>0</xsl:text>
-      <xsl:value-of select="$list-indent"/>
-    </xsl:when>
-    <xsl:otherwise>
-      <xsl:text>\n(INu</xsl:text>
-    </xsl:otherwise>
-  </xsl:choose>
-  <xsl:text>'</xsl:text>
-  <xsl:text>&#x2022;</xsl:text>
-  <xsl:text>\h'+</xsl:text>
-  <xsl:choose>
-    <xsl:when test="not($list-indent = '')">
-      <xsl:text>0</xsl:text>
-      <xsl:value-of select="$list-indent - 1"/>
-    </xsl:when>
-    <xsl:otherwise>
-      <xsl:text>\n(INu-1</xsl:text>
-    </xsl:otherwise>
-  </xsl:choose>
-  <xsl:text>'\c&#10;</xsl:text>
-  <!-- * else, we are not using for "nroff", but instead "troff" - which -->
-  <!-- * means not for TTY, but for PS or whatever; so we’re not using a -->
-  <!-- * fixed-width font, so use a real .IP instead -->
-  <xsl:call-template name="roff-else"/>
-  <!-- * .IP generates a blank like of space, so let’s go backwards one -->
-  <!-- * line up to compensate for that -->
-  <xsl:text>.sp -1&#10;</xsl:text>
-  <xsl:text>.IP \(bu 2.3&#10;</xsl:text>
-  <!-- * The value 2.3 is the amount of indentation; we use 2.3 instead -->
-  <!-- * of 2 because when the font family is New Century Schoolbook it -->
-  <!-- * seems to require the extra space. -->
-  <xsl:call-template name="roff-if-end"/>
-  <xsl:apply-templates/>
-  <xsl:if test=" following-sibling::listitem">
-         <xsl:text>&#10;.RE&#10;</xsl:text>
   </xsl:if>
 </xsl:template>