Changeset 745 for trunk/server/docs/manpages

trunk/server

Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740

trunk/server/docs/manpages/eventlogadm.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "EVENTLOGADM" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "EVENTLOGADM" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .SH "SYNOPSIS"
 .HP \w'\ 'u
 eventlogadm [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ addsource\ \fIEVENTLOG\fR\ \fISOURCENAME\fR\ \fIMSGFILE\fR
+eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ addsource\ \fIEVENTLOG\fR\ \fISOURCENAME\fR\ \fIMSGFILE\fR
 .HP \w'\ 'u
 eventlogadm [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ write\ \fIEVENTLOG\fR
+eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ write\ \fIEVENTLOG\fR
 .HP \w'\ 'u
 eventlogadm [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ dump\ \fIEVENTLOG\fR\ \fIRECORD_NUMBER\fR
+eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ dump\ \fIEVENTLOG\fR\ \fIRECORD_NUMBER\fR
 .SH "DESCRIPTION"
 .PP
 …
 .SH "OPTIONS"
 .PP
+\fB\-s\fR \fIFILENAME\fR
+.RS 4
+The
+\-s
+option causes
+eventlogadm
+to load the configuration file given as FILENAME instead of the default one used by Samba\&.
+.RE
+.PP
 \fB\-d\fR
 .RS 4
 …
 DAT
 \- This field should be left unset\&.
+.RE
 .SH "EXAMPLES"
 .PP

trunk/server/docs/manpages/findsmb.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "FINDSMB" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "FINDSMB" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/idmap_ad.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "IDMAP_AD" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "IDMAP_AD" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .PP
 The idmap_ad plugin provides a way for Winbind to read id mappings from an AD server that uses RFC2307/SFU schema extensions\&. This module implements only the "idmap" API, and is READONLY\&. Mappings must be provided in advance by the administrator by adding the posixAccount/posixGroup classes and relative attribute/value pairs to the user and group objects in the AD\&.
+.PP
+Note that the idmap_ad module has changed considerably since Samba versions 3\&.0 and 3\&.2\&. Currently, the
+\fIad\fR
+backend does not work as the the default idmap backend, but one has to configure it separately for each domain for which one wants to use it, using disjoint ranges\&. One usually needs to configure a writeable default idmap range, using for example the
+\fItdb\fR
+or
+\fIldap\fR
+backend, in order to be able to map the BUILTIN sids and possibly other trusted domains\&. The writeable default config is also needed in order to be able to create group mappings\&. This catch\-all default idmap configuration should have a range that is disjoint from any explicitly configured domain with idmap backend
+\fIad\fR\&. See the example below\&.
 .SH "IDMAP OPTIONS"
 .PP
 …
 .nf
         [global]
+        idmap backend = tdb
+        idmap uid = 1000000\-1999999
+        idmap gid = 1000000\-1999999
+        idmap config * : backend = tdb
+        idmap config * : range = 1000000\-1999999
         idmap config CORP : backend  = ad

trunk/server/docs/manpages/idmap_adex.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "IDMAP_ADEX" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "IDMAP_ADEX" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .nf
         [global]
+        idmap backend = adex
+        idmap uid = 1000\-4000000000
+        idmap gid = 1000\-4000000000
+        idmap config * : backend = adex
+        idmap config * : range = 1000\-4000000000
         winbind nss info = adex

trunk/server/docs/manpages/idmap_hash.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "IDMAP_HASH" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "IDMAP_HASH" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .nf
         [global]
+        idmap backend = hash
+        idmap uid = 1000\-4000000000
+        idmap gid = 1000\-4000000000
+        idmap config * : backend = hash
+        idmap config * : range = 1000\-4000000000
         winbind nss info = hash

trunk/server/docs/manpages/idmap_ldap.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "IDMAP_LDAP" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "IDMAP_LDAP" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 The idmap_ldap plugin provides a means for Winbind to store and retrieve SID/uid/gid mapping tables in an LDAP directory service\&.
 .PP
+In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. The allocator can be provided by the idmap_ldap backend itself or by any other allocating backend like idmap_tdb or idmap_tdb2\&. This is configured with the parameter
+\fIidmap alloc backend\fR\&.
+.PP
+Note that in order for this (or any other allocating) backend to function at all, the default backend needs to be writeable\&. The ranges used for uid and gid allocation are the default ranges configured by "idmap uid" and "idmap gid"\&.
+.PP
+Furthermore, since there is only one global allocating backend responsible for all domains using writeable idmap backends, any explicitly configured domain with idmap backend ldap should have the same range as the default range, since it needs to use the global uid / gid allocator\&. See the example below\&.
+In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&.
 .SH "IDMAP OPTIONS"
 .PP
 ldap_base_dn = DN
 .RS 4
 Defines the directory base suffix to use when searching for SID/uid/gid mapping entries\&. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb\&.conf\&.
+Defines the directory base suffix to use for SID/uid/gid mapping entries\&. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb\&.conf\&.
 .RE
 .PP
 ldap_user_dn = DN
 .RS 4
+Defines the user DN to be used for authentication\&. If absent an anonymous bind will be performed\&.
+Defines the user DN to be used for authentication\&. The secret for authenticating this user should be stored with net idmap secret (see
+\fBnet\fR(8))\&. If absent, the ldap credentials from the ldap passdb configuration are used, and if these are also absent, an anonymous bind will be performed as last fallback\&.
 .RE
 .PP
 ldap_url = ldap://server/
 .RS 4
 Specifies the LDAP server to use when searching for existing SID/uid/gid map entries\&. If not defined, idmap_ldap will assume that ldap://localhost/ should be used\&.
+Specifies the LDAP server to use for SID/uid/gid map entries\&. If not defined, idmap_ldap will assume that ldap://localhost/ should be used\&.
 .RE
 .PP
 range = low \- high
 .RS 4
+Defines the available matching uid and gid range for which the backend is authoritative\&. If the parameter is absent, Winbind fails over to use the "idmap uid" and "idmap gid" options from smb\&.conf\&.
+.RE
+.SH "IDMAP ALLOC OPTIONS"
+.PP
+ldap_base_dn = DN
+.RS 4
+Defines the directory base suffix under which new SID/uid/gid mapping entries should be stored\&. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb\&.conf\&.
+.RE
+.PP
+ldap_user_dn = DN
+.RS 4
+Defines the user DN to be used for authentication\&. If absent an anonymous bind will be performed\&.
+.RE
+.PP
+ldap_url = ldap://server/
+.RS 4
+Specifies the LDAP server to which modify/add/delete requests should be sent\&. If not defined, idmap_ldap will assume that ldap://localhost/ should be used\&.
+Defines the available matching uid and gid range for which the backend is authoritative\&.
 .RE
 .SH "EXAMPLES"
 .PP
 The follow sets of a LDAP configuration which uses two LDAP directories, one for storing the ID mappings and one for retrieving new IDs\&.
+The following example shows how an ldap directory is used as the default idmap backend\&. It also configures the idmap range and base directory suffix\&. The secret for the ldap_user_dn has to be set with "net idmap secret \'*\' password"\&.
 .sp
 .if n \{\
 …
 .nf
         [global]
+        idmap backend = ldap:ldap://localhost/
+        idmap uid = 1000000\-1999999
+        idmap gid = 1000000\-1999999
+        idmap config * : backend      = ldap
+        idmap config * : range        = 1000000\-1999999
+        idmap config * : ldap_url     = ldap://localhost/
+        idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
+        idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+This example shows how ldap can be used as a readonly backend while tdb is the default backend used to store the mappings\&. It adds an explicit configuration for some domain DOM1, that uses the ldap idmap backend\&. Note that a range disjoint from the default range is used\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+        [global]
+        # "backend = tdb" is redundant here since it is the default
+        idmap config * : backend = tdb
+        idmap config * : range = 1000000\-1999999
+        idmap alloc backend = ldap
+        idmap alloc config : ldap_url   = ldap://id\-master/
+        idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com
+        idmap config DOM1 : backend = ldap
+        idmap config DOM1 : range = 2000000\-2999999
+        idmap config DOM1 : read only = yes
+        idmap config DOM1 : ldap_url = ldap://server/
+        idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
+        idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
 .fi

trunk/server/docs/manpages/idmap_nss.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "IDMAP_NSS" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "IDMAP_NSS" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .nf
         [global]
+        idmap backend = tdb
+        idmap uid = 1000000\-1999999
+        idmap gid = 1000000\-1999999
+        idmap config * : backend = tdb
+        idmap config * : range = 1000000\-1999999
         idmap config SAMBA : backend  = nss

trunk/server/docs/manpages/idmap_rid.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "IDMAP_RID" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "IDMAP_RID" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .PP
 The idmap_rid backend provides a way to use an algorithmic mapping scheme to map UIDs/GIDs and SIDs\&. No database is required in this case as the mapping is deterministic\&.
+.PP
+Note that the idmap_rid module has changed considerably since Samba versions 3\&.0\&. and 3\&.2\&. Currently, there should to be an explicit idmap configuration for each domain that should use the idmap_rid backend, using disjoint ranges\&. One usually needs to define a writeable default idmap range, using a backent like
+\fItdb\fR
+or
+\fIldap\fR
+that can create unix ids, in order to be able to map the BUILTIN sids and other domains, and also in order to be able to create group mappings\&. See the example below\&.
+.PP
+Note that the old syntax
+\fIidmap backend = rid:"DOM1=range DOM2=range2 \&.\&.\&."\fR
+is not supported any more since Samba version 3\&.0\&.25\&.
 .SH "IDMAP OPTIONS"
 .PP
 …
         workgroup = MAIN
+        idmap backend = tdb
+        idmap uid = 1000000\-1999999
+        idmap gid = 1000000\-1999999
+        idmap config * : backend        = tdb
+        idmap config * : range          = 1000000\-1999999
         idmap config MAIN : backend     = rid

trunk/server/docs/manpages/idmap_tdb.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "IDMAP_TDB" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "IDMAP_TDB" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 The idmap_tdb plugin is the default backend used by winbindd for storing SID/uid/gid mapping tables\&.
 .PP
+In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. The allocator can be provided by the idmap_tdb backend itself or by any other allocating backend like idmap_ldap or idmap_tdb2\&. This is configured with the parameter
+\fIidmap alloc backend\fR\&.
+.PP
+Note that in order for this (or any other allocating) backend to function at all, the default backend needs to be writeable\&. The ranges used for uid and gid allocation are the default ranges configured by "idmap uid" and "idmap gid"\&.
+.PP
+Furthermore, since there is only one global allocating backend responsible for all domains using writeable idmap backends, any explicitly configured domain with idmap backend tdb should have the same range as the default range, since it needs to use the global uid / gid allocator\&. See the example below\&.
+In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&.
 .SH "IDMAP OPTIONS"
 .PP
 range = low \- high
 .RS 4
 Defines the available matching uid and gid range for which the backend is authoritative\&. If the parameter is absent, Winbind fails over to use the "idmap uid" and "idmap gid" options from smb\&.conf\&.
+Defines the available matching uid and gid range for which the backend is authoritative\&.
 .RE
 .SH "EXAMPLES"
 .PP
 This example shows how tdb is used as a the default idmap backend\&. It configures the idmap range through the global options for all domains encountered\&. This same range is used for uid/gid allocation\&.
+This example shows how tdb is used as a the default idmap backend\&. This configured range is used for uid and gid allocation\&.
 .sp
 .if n \{\
 …
 .nf
         [global]
+        # "idmap backend = tdb" is redundant here since it is the default
+        idmap backend = tdb
+        idmap uid = 1000000\-2000000
+        idmap gid = 1000000\-2000000
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+This (rather theoretical) example shows how tdb can be used as the allocating backend while ldap is the default backend used to store the mappings\&. It adds an explicit configuration for some domain DOM1, that uses the tdb idmap backend\&. Note that the same range as the default uid/gid range is used, since the allocator has to serve both the default backend and the explicitly configured domain DOM1\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+        [global]
+        idmap backend = ldap
+        idmap uid = 1000000\-2000000
+        idmap gid = 1000000\-2000000
+        # use a different uid/gid allocator:
+        idmap alloc backend = tdb
+        idmap config DOM1 : backend = tdb
+        idmap config DOM1 : range = 1000000\-2000000
+        # "backend = tdb" is redundant here since it is the default
+        idmap config * : backend = tdb
+        idmap config * : range = 1000000\-2000000
 .fi

trunk/server/docs/manpages/idmap_tdb2.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "IDMAP_TDB2" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "IDMAP_TDB2" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 The idmap_tdb2 plugin is a substitute for the default idmap_tdb backend used by winbindd for storing SID/uid/gid mapping tables in clustered environments with Samba and CTDB\&.
 .PP
+In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. The allocator can be provided by the idmap_tdb2 backend itself or by any other allocating backend like idmap_tdb or idmap_ldap\&. This is configured with the parameter
+\fIidmap alloc backend\fR\&.
+.PP
+Note that in order for this (or any other allocating) backend to function at all, the default backend needs to be writeable\&. The ranges used for uid and gid allocation are the default ranges configured by "idmap uid" and "idmap gid"\&.
+.PP
+Furthermore, since there is only one global allocating backend responsible for all domains using writeable idmap backends, any explicitly configured domain with idmap backend tdb2 should have the same range as the default range, since it needs to use the global uid / gid allocator\&. See the example below\&.
+In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&.
 .SH "IDMAP OPTIONS"
 .PP
 range = low \- high
 .RS 4
+Defines the available matching uid and gid range for which the backend is authoritative\&. If the parameter is absent, Winbind fails over to use the "idmap uid" and "idmap gid" options from smb\&.conf\&.
+Defines the available matching uid and gid range for which the backend is authoritative\&.
+.RE
+.PP
+script
+.RS 4
+This option can be used to configure an external program for performing id mappings instead of using the tdb counter\&. The mappings are then stored int tdb2 idmap database\&. For details see the section on IDMAP SCRIPT below\&.
 .RE
 .SH "IDMAP SCRIPT"
 .PP
+The tdb2 idmap backend supports a script for performing id mappings through the smb\&.conf option
+\fIidmap : script\fR\&. The script should accept the following command line options\&.
+The tdb2 idmap backend supports an external program for performing id mappings through the smb\&.conf option
+\fIidmap config * : script\fR
+or its deprecated legacy form
+\fIidmap : script\fR\&.
+.PP
+The mappings obtained by the script are then stored in the idmap tdb2 database instead of mappings created by the incrementing id counters\&. It is therefore important that the script covers the complete range of SIDs that can be passed in for SID to Unix ID mapping, since otherwise SIDs unmapped by the script might get mapped to IDs that had previously been mapped by the script\&.
+.PP
+The script should accept the following command line options\&.
 .sp
 .if n \{\
 …
 .RE
 .\}
-.PP
-Note that the script should cover the complete range of SIDs that can be passed in for SID to Unix ID mapping, since otherwise SIDs unmapped by the script might get mapped to IDs that had previously been mapped by the script\&.
 .SH "EXAMPLES"
 .PP
 This example shows how tdb2 is used as a the default idmap backend\&. It configures the idmap range through the global options for all domains encountered\&. This same range is used for uid/gid allocation\&.
+This example shows how tdb2 is used as a the default idmap backend\&.
 .sp
 .if n \{\
 …
 .nf
         [global]
+        idmap backend = tdb2
+        idmap uid = 1000000\-2000000
+        idmap gid = 1000000\-2000000
+        idmap config * : backend = tdb2
+        idmap config * : range = 1000000\-2000000
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+This example shows how tdb2 is used as a the default idmap backend using an external program via the script parameter:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+        [global]
+        idmap config * : backend = tdb2
+        idmap config * : range = 1000000\-2000000
+        idmap config * : script = /usr/local/samba/bin/idmap_script\&.sh
 .fi

trunk/server/docs/manpages/ldb.3

-              r620
+              r745
 .\"    Author: [see the "Author" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 06/07/2011
 .\"    Manual: C Library Functions
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "LDB" "3" "08/02/2011" "Samba 3\&.5" "C Library Functions"
+.TH "LDB" "3" "06/07/2011" "Samba 3\&.6" "C Library Functions"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 ldbmodify(1)
 \- modify records in a ldb database using LDIF formatted input
+.RE
 .SH "FUNCTIONS"
 .sp
 …
 \fBldb_set_debug_stderr(3)\fR
 \- set a debug handler for stderr output
+.RE
 .SH "AUTHOR"
 .PP

trunk/server/docs/manpages/ldbadd.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "LDBADD" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "LDBADD" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .SH "VERSION"
 .PP
 This man page is correct for version 4\&.0 of the Samba suite\&.
+This man page is correct for version 3\&.6 of the Samba suite\&.
 .SH "SEE ALSO"
 .PP

trunk/server/docs/manpages/ldbdel.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "LDBDEL" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "LDBDEL" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .SH "VERSION"
 .PP
 This man page is correct for version 4\&.0 of the Samba suite\&.
+This man page is correct for version 3\&.6 of the Samba suite\&.
 .SH "SEE ALSO"
 .PP

trunk/server/docs/manpages/ldbedit.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "LDBEDIT" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "LDBEDIT" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .SH "VERSION"
 .PP
 This man page is correct for version 4\&.0 of the Samba suite\&.
+This man page is correct for version 3\&.6 of the Samba suite\&.
 .SH "SEE ALSO"
 .PP

trunk/server/docs/manpages/ldbmodify.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "LDBMODIFY" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "LDBMODIFY" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .SH "VERSION"
 .PP
 This man page is correct for version 4\&.0 of the Samba suite\&.
+This man page is correct for version 3\&.6 of the Samba suite\&.
 .SH "SEE ALSO"
 .PP

trunk/server/docs/manpages/ldbrename.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "LDBRENAME" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "LDBRENAME" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .SH "VERSION"
 .PP
 This man page is correct for version 4\&.0 of the Samba suite\&.
+This man page is correct for version 3\&.6 of the Samba suite\&.
 .SH "SEE ALSO"
 .PP

trunk/server/docs/manpages/ldbsearch.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 06/07/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "LDBSEARCH" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "LDBSEARCH" "1" "06/07/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .SH "VERSION"
 .PP
 This man page is correct for version 4\&.0 of the Samba suite\&.
+This man page is correct for version 3\&.6 of the Samba suite\&.
 .SH "SEE ALSO"
 .PP

trunk/server/docs/manpages/libsmbclient.7

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: 7
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "LIBSMBCLIENT" "7" "08/02/2011" "Samba 3\&.5" "7"
+.TH "LIBSMBCLIENT" "7" "08/08/2011" "Samba 3\&.6" "7"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/lmhosts.5

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: File Formats and Conventions
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "LMHOSTS" "5" "08/02/2011" "Samba 3\&.5" "File Formats and Conventions"
+.TH "LMHOSTS" "5" "08/08/2011" "Samba 3\&.6" "File Formats and Conventions"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .sp
 If the trailing \'#\' is omitted then the given IP address will be returned for all names that match the given name, whatever the NetBIOS name type in the lookup\&.
+.RE
 .sp
 .RE

trunk/server/docs/manpages/log2pcap.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "LOG2PCAP" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "LOG2PCAP" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/net.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "NET" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "NET" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .\}
 comment \- Freeform text description of the group
+.RE
 .sp
 .RE
 …
 .PP
 List all interdomain trust relationships\&.
+.SS "RPC TRUSTDOM LIST"
+.PP
+List all interdomain trust relationships\&.
+.SS "RPC TRUST"
+.SS "RPC TRUST CREATE"
+.PP
+Create a trust trust object by calling lsaCreateTrustedDomainEx2\&. The can be done on a single server or on two servers at once with the possibility to use a random trust password\&.
+.PP
+\fBOptions:\fR
+.PP
+otherserver
+.RS 4
+Domain controller of the second domain
+.RE
+.PP
+otheruser
+.RS 4
+Admin user in the second domain
+.RE
+.PP
+otherdomainsid
+.RS 4
+SID of the second domain
+.RE
+.PP
+other_netbios_domain
+.RS 4
+NetBIOS (short) name of the second domain
+.RE
+.PP
+otherdomain
+.RS 4
+DNS (full) name of the second domain
+.RE
+.PP
+trustpw
+.RS 4
+Trust password
+.RE
+.PP
+\fBExamples:\fR
+.PP
+Create a trust object on srv1\&.dom1\&.dom for the domain dom2
+.RS 4
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+net rpc trust create \e
+    otherdomainsid=S\-x\-x\-xx\-xxxxxxxxxx\-xxxxxxxxxx\-xxxxxxxxx \e
+    other_netbios_domain=dom2 \e
+    otherdomain=dom2\&.dom \e
+    trustpw=12345678 \e
+    \-S srv1\&.dom1\&.dom
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.PP
+Create a trust relationship between dom1 and dom2
+.RS 4
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+net rpc trust create \e
+    otherserver=srv2\&.dom2\&.test \e
+    otheruser=dom2adm \e
+    \-S srv1\&.dom1\&.dom
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.SS "RPC TRUST DELETE"
+.PP
+Delete a trust trust object by calling lsaDeleteTrustedDomain\&. The can be done on a single server or on two servers at once\&.
+.PP
+\fBOptions:\fR
+.PP
+otherserver
+.RS 4
+Domain controller of the second domain
+.RE
+.PP
+otheruser
+.RS 4
+Admin user in the second domain
+.RE
+.PP
+otherdomainsid
+.RS 4
+SID of the second domain
+.RE
+.PP
+\fBExamples:\fR
+.PP
+Delete a trust object on srv1\&.dom1\&.dom for the domain dom2
+.RS 4
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+net rpc trust delete \e
+    otherdomainsid=S\-x\-x\-xx\-xxxxxxxxxx\-xxxxxxxxxx\-xxxxxxxxx \e
+    \-S srv1\&.dom1\&.dom
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.PP
+Delete a trust relationship between dom1 and dom2
+.RS 4
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+net rpc trust delete \e
+    otherserver=srv2\&.dom2\&.test \e
+    otheruser=dom2adm \e
+    \-S srv1\&.dom1\&.dom
+.fi
+.if n \{\
+.RE
+.\}
+.RE
+.SS ""
 .SS "RPC RIGHTS"
 .PP
 …
 .PP
 Restore the mappings from the specified file or stdin\&.
 .SS "IDMAP SECRET <DOMAIN>|ALLOC <secret>"
+.SS "IDMAP SECRET <DOMAIN> <secret>"
 .PP
 Store a secret for the specified domain, used primarily for domains that use idmap_ldap as a backend\&. In this case the secret is used as the password for the user DN used to bind to the ldap server\&.
+.SS "IDMAP DELETE [\-f] [\-\-db=<DB>] <ID>"
+.PP
+Delete a mapping sid <\-> gid or sid <\-> uid from the IDMAP database\&. The mapping is given by <ID> which may either be a sid: S\-x\-\&.\&.\&., a gid: "GID number" or a uid: "UID number"\&. Use \-f to delete an invalid partial mapping <ID> \-> xx
+.PP
+Use "smbcontrol all idmap \&.\&.\&." to notify running smbd instances\&. See the
+\fBsmbcontrol\fR(1)
+manpage for details\&.
+.SS "IDMAP CHECK [\-v] [\-r] [\-a] [\-T] [\-f] [\-l] [\-\-db=<DB>]"
+.PP
+Check and repair the IDMAP database\&. If no option is given a read only check of the database is done\&. Among others an interactive or automatic repair mode may be chosen with one of the following options:
+.PP
+\-r|\-\-repair
+.RS 4
+Interactive repair mode, ask a lot of questions\&.
+.RE
+.PP
+\-a|\-\-auto
+.RS 4
+Noninteractive repair mode, use default answers\&.
+.RE
+.PP
+\-v|\-\-verbose
+.RS 4
+Produce more output\&.
+.RE
+.PP
+\-f|\-\-force
+.RS 4
+Try to apply changes, even if they do not apply cleanly\&.
+.RE
+.PP
+\-T|\-\-test
+.RS 4
+Dry run, show what changes would be made but don\'t touch anything\&.
+.RE
+.PP
+\-l|\-\-lock
+.RS 4
+Lock the database while doing the check\&.
+.RE
+.PP
+\-\-db <DB>
+.RS 4
+Check the specified database\&.
+.RE
+.PP
+.RS 4
+.RE
+It reports about the finding of the following errors:
+.PP
+Missing reverse mapping:
+.RS 4
+A record with mapping A\->B where there is no B\->A\&. Default action in repair mode is to "fix" this by adding the reverse mapping\&.
+.RE
+.PP
+Invalid mapping:
+.RS 4
+A record with mapping A\->B where B\->C\&. Default action is to "delete" this record\&.
+.RE
+.PP
+Missing or invalid HWM:
+.RS 4
+A high water mark is not at least equal to the largest ID in the database\&. Default action is to "fix" this by setting it to the largest ID found +1\&.
+.RE
+.PP
+Invalid record:
+.RS 4
+Something we failed to parse\&. Default action is to "edit" it in interactive and "delete" it in automatic mode\&.
+.RE
 .SS "USERSHARE"
 .PP
 …
 .PP
 Delete the list of includes from the provided section (global or share)\&.
+.SS "REGISTRY"
+.PP
+Manipulate Samba\'s registry\&.
+.PP
+The registry commands are:
+.RS 4
+net registry enumerate   \- Enumerate registry keys and values\&.
+.RE
+.RS 4
+net registry enumerate_recursive \- Enumerate registry key and its subkeys\&.
+.RE
+.RS 4
+net registry createkey   \- Create a new registry key\&.
+.RE
+.RS 4
+net registry deletekey   \- Delete a registry key\&.
+.RE
+.RS 4
+net registry deletekey_recursive \- Delete a registry key with subkeys\&.
+.RE
+.RS 4
+net registry getvalue    \- Print a registry value\&.
+.RE
+.RS 4
+net registry getvalueraw \- Print a registry value (raw format)\&.
+.RE
+.RS 4
+net registry setvalue    \- Set a new registry value\&.
+.RE
+.RS 4
+net registry increment   \- Increment a DWORD registry value under a lock\&.
+.RE
+.RS 4
+net registry deletevalue \- Delete a registry value\&.
+.RE
+.RS 4
+net registry getsd       \- Get security descriptor\&.
+.RE
+.RS 4
+net registry getsd_sdd1  \- Get security descriptor in sddl format\&.
+.RE
+.RS 4
+net registry setsd_sdd1  \- Set security descriptor from sddl format
+string\&.
+.RE
+.RS 4
+net registry import      \- Import a registration entries (\&.reg) file\&.
+.RE
+.RS 4
+net registry export      \- Export a registration entries (\&.reg) file\&.
+.RE
+.RS 4
+net registry convert     \- Convert a registration entries (\&.reg) file\&.
+.RE
+.SS "REGISTRY ENUMERATE key "
+.PP
+Enumerate subkeys and values of
+\fIkey\fR\&.
+.SS "REGISTRY ENUMERATE_RECURSIVE key "
+.PP
+Enumerate values of
+\fIkey\fR
+and its subkeys\&.
+.SS "REGISTRY CREATEKEY key "
+.PP
+Create a new
+\fIkey\fR
+if not yet existing\&.
+.SS "REGISTRY DELETEKEY key "
+.PP
+Delete the given
+\fIkey\fR
+and its values from the registry, if it has no subkeys\&.
+.SS "REGISTRY DELETEKEY_RECURSIVE key "
+.PP
+Delete the given
+\fIkey\fR
+and all of its subkeys and values from the registry\&.
+.SS "REGISTRY GETVALUE key name"
+.PP
+Output type and actual value of the value
+\fIname\fR
+of the given
+\fIkey\fR\&.
+.SS "REGISTRY GETVALUERAW key name"
+.PP
+Output the actual value of the value
+\fIname\fR
+of the given
+\fIkey\fR\&.
+.SS "REGISTRY SETVALUE key name type value ..."
+.PP
+Set the value
+\fIname\fR
+of an existing
+\fIkey\fR\&.
+\fItype\fR
+may be one of
+\fIsz\fR,
+\fImulti_sz\fR
+or
+\fIdword\fR\&. In case of
+\fImulti_sz\fR
+\fIvalue\fR
+may be given multiple times\&.
+.SS "REGISTRY INCREMENT key name [inc]"
+.PP
+Increment the DWORD value
+\fIname\fR
+of
+\fIkey\fR
+by
+\fIinc\fR
+while holding a g_lock\&.
+\fIinc\fR
+defaults to 1\&.
+.SS "REGISTRY DELETEVALUE key name"
+.PP
+Delete the value
+\fIname\fR
+of the given
+\fIkey\fR\&.
+.SS "REGISTRY GETSD key"
+.PP
+Get the security descriptor of the given
+\fIkey\fR\&.
+.SS "REGISTRY GETSD_SDDL key"
+.PP
+Get the security descriptor of the given
+\fIkey\fR
+as a Security Descriptor Definition Language (SDDL) string\&.
+.SS "REGISTRY SETSD_SDDL keysd"
+.PP
+Set the security descriptor of the given
+\fIkey\fR
+from a Security Descriptor Definition Language (SDDL) string
+\fIsd\fR\&.
+.SS "REGISTRY IMPORT file[opt]"
+.PP
+Import a registration entries (\&.reg)
+\fIfile\fR\&.
+.SS "REGISTRY EXPORT keyfile[opt]"
+.PP
+Export a
+\fIkey\fR
+to a registration entries (\&.reg)
+\fIfile\fR\&.
+.SS "REGISTRY CONVERT in out [[inopt] outopt]"
+.PP
+Convert a registration entries (\&.reg) file
+\fIin\fR\&.
 .SS "EVENTLOG"
 .PP
 …
 \fIREBOOT\fR
 is an optional parameter that can be set to reboot the remote machine after successful join to the domain\&.
+.RE
 .sp
 .RE
 …
 \fIREBOOT\fR
 is an optional parameter that can be set to reboot the remote machine after successful unjoin from the domain\&.
+.RE
 .sp
 .RE
 …
 \fIREBOOT\fR
 is an optional parameter that can be set to reboot the remote machine after successful rename in the domain\&.
+.RE
 .sp
 .RE
 …
 \fICOMMAND\fR
 defines the shell command to execute\&.
+.RE
 .SS "G_LOCK LOCKS"
 .PP

trunk/server/docs/manpages/nmbd.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "NMBD" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "NMBD" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/nmblookup.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "NMBLOOKUP" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "NMBLOOKUP" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/ntlm_auth.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "NTLM_AUTH" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "NTLM_AUTH" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 indicates that one side has finished supplying data to the other\&. (Which in turn could cause the helper to authenticate the user)\&.
 .sp
 Curently implemented parameters from the external program to the helper are:
+Currently implemented parameters from the external program to the helper are:
 .PP
 Username

trunk/server/docs/manpages/pam_winbind.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: 8
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "PAM_WINBIND" "8" "08/02/2011" "Samba 3\&.5" "8"
+.TH "PAM_WINBIND" "8" "08/08/2011" "Samba 3\&.6" "8"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/pam_winbind.conf.5

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: 5
 .\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "PAM_WINBIND\&.CONF" "5" "08/02/2011" "Samba 3\&.6" "5"
+.TH "PAM_WINBIND\&.CONF" "5" "08/08/2011" "Samba 3\&.6" "5"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/pdbedit.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "PDBEDIT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "PDBEDIT" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .\}
 I: Domain Trust Account
+.RE
 .sp
 .RE

trunk/server/docs/manpages/profiles.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "PROFILES" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "PROFILES" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/rpcclient.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "RPCCLIENT" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "RPCCLIENT" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .RE
 .PP
 \-c|\-\-command=\'command string\'
 .RS 4
 execute semicolon separated commands (listed below))
+\-c|\-\-command=<command string>
+.RS 4
+Execute semicolon separated commands (listed below)
 .RE
 .PP
 …
 .RE
 .PP
 deldriver
+deldriver <driver>
 .RS 4
 Delete the specified printer driver for all architectures\&. This does not delete the actual driver files from the server, only the entry from the server\'s list of drivers\&.

trunk/server/docs/manpages/samba.7

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: Miscellanea
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SAMBA" "7" "08/02/2011" "Samba 3\&.5" "Miscellanea"
+.TH "SAMBA" "7" "08/08/2011" "Samba 3\&.6" "Miscellanea"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/sharesec.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SHARESEC" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "SHARESEC" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 \fIO\fR
 \- Take ownership
+.RE
 .sp
 .RE
 …
 \fIFULL\fR
 \- Equivalent to \'RWXDPO\' permissions
+.RE
 .SH "EXIT STATUS"
 .PP

trunk/server/docs/manpages/smb.conf.5

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: File Formats and Conventions
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMB\&.CONF" "5" "08/02/2011" "Samba 3\&.5" "File Formats and Conventions"
+.TH "SMB\&.CONF" "5" "08/08/2011" "Samba 3\&.6" "File Formats and Conventions"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .\}
 If no path was given, the path is set to the user\'s home directory\&.
+.RE
 .sp
 .RE
 …
 .\}
 If the share does not permit guest access and no username was given, the username is set to the located printer name\&.
+.RE
 .sp
 .RE
 …
 %a
 .RS 4
 The architecture of the remote machine\&. It currently recognizes Samba (\fBSamba\fR), the Linux CIFS file system (\fBCIFSFS\fR), OS/2, (\fBOS2\fR), Windows for Workgroups (\fBWfWg\fR), Windows 9x/ME (\fBWin95\fR), Windows NT (\fBWinNT\fR), Windows 2000 (\fBWin2K\fR), Windows XP (\fBWinXP\fR), Windows XP 64\-bit(\fBWinXP64\fR), Windows 2003 including 2003R2 (\fBWin2K3\fR), and Windows Vista (\fBVista\fR)\&. Anything else will be known as
+The architecture of the remote machine\&. It currently recognizes Samba (\fBSamba\fR), the Linux CIFS file system (\fBCIFSFS\fR), OS/2, (\fBOS2\fR), Mac OS X (\fBOSX\fR), Windows for Workgroups (\fBWfWg\fR), Windows 9x/ME (\fBWin95\fR), Windows NT (\fBWinNT\fR), Windows 2000 (\fBWin2K\fR), Windows XP (\fBWinXP\fR), Windows XP 64\-bit(\fBWinXP64\fR), Windows 2003 including 2003R2 (\fBWin2K3\fR), and Windows Vista (\fBVista\fR)\&. Anything else will be known as
 \fBUNKNOWN\fR\&.
 .RE
 …
 .RS 4
 the IP address of the client machine\&.
+.sp
+Before 3\&.6\&.0 it could contain IPv4 mapped IPv6 addresses, now it only contains IPv4 or IPv6 addresses\&.
 .RE
 .PP
 …
 .RS 4
 the local IP address to which a client connected\&.
+.sp
+Before 3\&.6\&.0 it could contain IPv4 mapped IPv6 addresses, now it only contains IPv4 or IPv6 addresses\&.
 .RE
 .PP
 …
 .RS 4
 controls what the default case is for new filenames (ie\&. files that don\'t currently exist in the filesystem)\&. Default
+\fIlower\fR\&. IMPORTANT NOTE: This option will be used to modify the case of
+\fIlower\fR\&. IMPORTANT NOTE: As part of the optimizations for directories containing large numbers of files, the following special case applies\&. If the options
+\m[blue]\fBcase sensitive = yes\fR\m[],
+\m[blue]\fBpreserve case = No\fR\m[], and
+\m[blue]\fBshort preserve case = No\fR\m[]
+are set, then the case of
 \fIall\fR
+incoming client filenames, not just new filenames if the options
+\m[blue]\fBcase sensitive = yes\fR\m[],
+\m[blue]\fBpreserve case = No\fR\m[],
+\m[blue]\fBshort preserve case = No\fR\m[]
+are set\&. This change is needed as part of the optimisations for directories containing large numbers of files\&.
+incoming client filenames, not just new filenames, will be modified\&. See additional notes below\&.
 .RE
 .PP
 …
 .\}
 \fIdevice URI\fR
+.sp
+.RE
+The deviceURI is in the for of socket://<hostname>[:<portnumber>] or lpd://<hostname>/<queuename>\&.
+.RE
+.sp
+.RE
+The deviceURI is in the format of socket://<hostname>[:<portnumber>] or lpd://<hostname>/<queuename>\&.
 .sp
 Default:
 …
 .\}
 \fIWindows 9x driver location\fR
+.RE
 .sp
 .RE
 …
 \fImax connections\fR
 Number of maximum simultaneous connections to this share\&.
+.RE
 .sp
 .RE
 …
 Example:
 \fI\fIannounce version\fR\fR\fI = \fR\fI2\&.0\fR\fI \fR
+.RE
+async smb echo handler (G)
+.\" async smb echo handler
+.PP
+.RS 4
+This parameter specifies whether Samba should fork the async smb echo handler\&. It can be beneficial if your file system can block syscalls for a very long time\&. In some circumstances, it prolongs the timeout that Windows uses to determine whether a connection is dead\&.
+.sp
+Default:
+\fI\fIasync smb echo handler\fR\fR\fI = \fR\fIno\fR\fI \fR
 .RE
 …
 \fImax connections\fR
 Number of maximum simultaneous connections to this share\&.
+.RE
 .sp
 .RE
 …
 will attempt to authenticate itself to servers using the NTLMv2 encrypted password response\&.
 .sp
 If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent\&. Many servers (including NT4 < SP4, Win9x and Samba 2\&.2) are not compatible with NTLMv2\&.
+If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent\&. Older servers (including NT4 < SP4, Win9x and Samba 2\&.2) are not compatible with NTLMv2 when not in an NTLMv2 supporting domain
 .sp
 Similarly, if enabled, NTLMv1,
 …
 client lanman auth\&.
 .sp
 Note that some sites (particularly those following \'best practice\' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM\&.
 .sp
 Default:
 \fI\fIclient ntlmv2 auth\fR\fR\fI = \fR\fIno\fR\fI \fR
+Note that Windows Vista and later versions already use NTLMv2 by default, and some sites (particularly those following \'best practice\' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM\&.
+.sp
+Default:
+\fI\fIclient ntlmv2 auth\fR\fR\fI = \fR\fIyes\fR\fI \fR
 .RE
 …
 .RE
+ctdb locktime warn threshold (G)
+.\" ctdb locktime warn threshold
+.PP
+.RS 4
+In a cluster environment using Samba and ctdb it is critical that locks on central ctdb\-hosted databases like locking\&.tdb are not held for long\&. With the current Samba architecture it happens that Samba takes a lock and while holding that lock makes file system calls into the shared cluster file system\&. This option makes Samba warn if it detects that it has held locks for the specified number of milliseconds\&. If this happens,
+\fIsmbd\fR
+will emit a debug level 0 message into its logs and potentially into syslog\&. The most likely reason for such a log message is that an operation of the cluster file system Samba exports is taking longer than expected\&. The messages are meant as a debugging aid for potential cluster problems\&.
+.sp
+The default value of 0 disables this logging\&.
+.sp
+Default:
+\fI\fIctdb locktime warn threshold\fR\fR\fI = \fR\fI0\fR\fI \fR
+.RE
 ctdb timeout (G)
 .\" ctdb timeout
 …
 \fIshareName\fR
 \- the name of the existing service\&.
+.RE
 .sp
 .RE
 …
 .PP
 .RS 4
 This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
+This deprecated parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
 net rpc rights
 or one of the Windows user and group manager tools\&. This parameter is enabled by default\&. It can be disabled to prevent members of the Domain Admins group from being able to assign privileges to users or groups which can then result in certain smbd operations running as root that would normally run under the context of the connected user\&.
 …
 .\}
 uid of user or gid of group
+.RE
 .sp
 .RE
 …
 .\}
 \- group default quotas (gid = \-1)
+.RE
 .sp
 .RE
 …
 .\}
 Arg 8(optional) \- the number of bytes in a block(default is 1024)
+.RE
 .sp
 .RE
 …
 \m[blue]\fBguest account\fR\m[]\&.
 .sp
 This paramater nullifies the benifits of setting
+This parameter nullifies the benefits of setting
 \m[blue]\fBrestrict anonymous = 2\fR\m[]
 .sp
 …
 .RE
-idmap alloc backend (G)
-.\" idmap alloc backend
-.PP
-.RS 4
-The idmap alloc backend provides a plugin interface for Winbind to use when allocating Unix uids/gids for Windows SIDs\&. This option refers to the name of the idmap module which will provide the id allocation functionality\&. Please refer to the man page for each idmap plugin to determine whether or not the module implements the allocation feature\&. The most common plugins are the tdb (\fBidmap_tdb\fR(8)) and ldap (\fBidmap_ldap\fR(8)) libraries\&.
-.sp
-This parameter defaults to the value
-\m[blue]\fBidmap backend\fR\m[]
-was set to, so by default winbind will allocate Unix IDs from the default backend\&. You will only need to set this parameter explicitly if you have an external source for Unix IDs, like a central database service somewhere in your company\&.
-.sp
-Also refer to the
-\m[blue]\fBidmap alloc config\fR\m[]
-option\&.
-.sp
-\fINo default\fR
-.sp
-Example:
-\fI\fIidmap alloc backend\fR\fR\fI = \fR\fItdb\fR\fI \fR
-.RE
-idmap alloc config (G)
-.\" idmap alloc config
-.PP
-.RS 4
-The idmap alloc config prefix provides a means of managing settings for the backend defined by the
-\m[blue]\fBidmap alloc backend\fR\m[]
-parameter\&. Refer to the man page for each idmap plugin regarding specific configuration details\&.
-.sp
-\fINo default\fR
-.RE
 idmap backend (G)
 .\" idmap backend
 …
 The idmap backend provides a plugin interface for Winbind to use varying backends to store SID/uid/gid mapping tables\&.
 .sp
+This option specifies the default backend that is used when no special configuration set by
+\m[blue]\fBidmap config\fR\m[]
+matches the specific request\&.
+.sp
+This default backend also specifies the place where winbind\-generated idmap entries will be stored\&. So it is highly recommended that you specify a writable backend like
+\fBidmap_tdb\fR(8)
+or
+\fBidmap_ldap\fR(8)
+as the idmap backend\&. The
+\fBidmap_rid\fR(8)
+and
+\fBidmap_ad\fR(8)
+backends are not writable and thus will generate unexpected results if set as idmap backend\&.
+.sp
+To use the rid and ad backends, please specify them via the
+\m[blue]\fBidmap config\fR\m[]
+parameter, possibly also for the domain your machine is member of, specified by
+\m[blue]\fBworkgroup\fR\m[]\&.
+.sp
+Examples of SID/uid/gid backends include tdb (\fBidmap_tdb\fR(8)), ldap (\fBidmap_ldap\fR(8)), rid (\fBidmap_rid\fR(8)), and ad (\fBidmap_ad\fR(8))\&.
+This option specifies the default backend that is used when no special configuration set, but it is now deprecated in favour of the new spelling
+\m[blue]\fBidmap config * : backend\fR\m[]\&.
 .sp
 Default:
 …
 .PP
 .RS 4
+The idmap config prefix provides a means of managing each trusted domain separately\&. The idmap config prefix should be followed by the name of the domain, a colon, and a setting specific to the chosen backend\&. There are three options available for all domains:
+ID mapping in Samba is the mapping between Windows SIDs and Unix user and group IDs\&. This is performed by Winbindd with a configurable plugin interface\&. Samba\'s ID mapping is configured by options starting with the
+\m[blue]\fBidmap config\fR\m[]
+prefix\&. An idmap option consists of the
+\m[blue]\fBidmap config\fR\m[]
+prefix, followed by a domain name or the asterisk character (*), a colon, and the name of an idmap setting for the chosen domain\&.
+.sp
+The idmap configuration is hence divided into groups, one group for each domain to be configured, and one group with the the asterisk instead of a proper domain name, which speifies the default configuration that is used to catch all domains that do not have an explicit idmap configuration of their own\&.
+.sp
+There are three general options available:
 .PP
 backend = backend_name
 .RS 4
+Specifies the name of the idmap plugin to use as the SID/uid/gid backend for this domain\&.
+This specifies the name of the idmap plugin to use as the SID/uid/gid backend for this domain\&. The standard backends are tdb (\fBidmap_tdb\fR(8)), tdb2 (\fBidmap_tdb2\fR(8)), ldap (\fBidmap_ldap\fR(8)), , rid (\fBidmap_rid\fR(8)), , hash (\fBidmap_hash\fR(8)), , autorid (\fBidmap_autorid\fR(8)), , ad (\fBidmap_ad\fR(8)), , adex (\fBidmap_adex\fR(8)), , and nss\&. (\fBidmap_nss\fR(8)), The corresponding manual pages contain the details, but here is a summary\&.
+.sp
+The first three of these create mappings of their own using internal unixid counters and store the mappings in a database\&. These are suitable for use in the default idmap configuration\&. The rid and hash backends use a pure algorithmic calculation to determine the unixid for a SID\&. The autorid module is a mixture of the tdb and rid backend\&. It creates ranges for each domain encountered and then uses the rid algorithm for each of these automatically configured domains individually\&. The ad and adex backends both use unix IDs stored in Active Directory via the standard schema extensions\&. The nss backend reverses the standard winbindd setup and gets the unixids via names from nsswitch which can be useful in an ldap setup\&.
 .RE
 .PP
 range = low \- high
 .RS 4
+Defines the available matching uid and gid range for which the backend is authoritative\&. Note that the range commonly matches the allocation range due to the fact that the same backend will store and retrieve SID/uid/gid mapping entries\&.
+.sp
+winbind uses this parameter to find the backend that is authoritative for a unix ID to SID mapping, so it must be set for each individually configured domain, and it must be disjoint from the ranges set via
+\m[blue]\fBidmap uid\fR\m[]
+and
+\m[blue]\fBidmap gid\fR\m[]\&.
+Defines the available matching uid and gid range for which the backend is authoritative\&. For allocating backends, this also defines the start and the end of the range for allocating new unid IDs\&.
+.sp
+winbind uses this parameter to find the backend that is authoritative for a unix ID to SID mapping, so it must be set for each individually configured domain and for the default configuration\&. The configured ranges must be mutually disjoint\&.
+.RE
+.PP
+read only = yes|no
+.RS 4
+This option can be used to turn the writing backends tdb, tdb2, and ldap into read only mode\&. This can be useful e\&.g\&. in cases where a pre\-filled database exists that should not be extended automatically\&.
 .RE
 .sp
 The following example illustrates how to configure the
 \fBidmap_ad\fR(8)
 for the CORP domain and the
+backend for the CORP domain and the
 \fBidmap_tdb\fR(8)
 backend for all other domains\&. This configuration assumes that the admin of CORP assigns unix ids below 1000000 via the SFU extensions, and winbind is supposed to use the next million entries for its own mappings from trusted domains and for local groups for example\&.
 …
 .\}
 .nf
+        idmap backend = tdb
+        idmap uid = 1000000\-1999999
+        idmap gid = 1000000\-1999999
+        idmap config * : backend = tdb
+        idmap config * : range = 1000000\-1999999
         idmap config CORP : backend  = ad
 …
 .PP
 .RS 4
 The idmap gid parameter specifies the range of group ids that are allocated for the purpose of mapping UNX groups to NT group SIDs\&. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise\&.
+.sp
+See also the
+\m[blue]\fBidmap backend\fR\m[], and
+The idmap gid parameter specifies the range of group ids for the default idmap configuration\&. It is now deprecated in favour of
+\m[blue]\fBidmap config * : range\fR\m[]\&.
+.sp
+See the
 \m[blue]\fBidmap config\fR\m[]
 options\&.
+option\&.
 .sp
 Default:
 …
 .PP
 .RS 4
+The idmap uid parameter specifies the range of user ids that are allocated for use in mapping UNIX users to NT user SIDs\&. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise\&.
+.sp
+See also the
+\m[blue]\fBidmap backend\fR\m[]
+and
+The idmap uid parameter specifies the range of user ids for the default idmap configuration\&. It is now deprecated in favour of
+\m[blue]\fBidmap config * : range\fR\m[]\&.
+.sp
+See the
 \m[blue]\fBidmap config\fR\m[]
 options\&.
+option\&.
 .sp
 Default:
 …
 .\}
 a broadcast/mask pair\&.
+.RE
 .sp
 .RE
 …
 .\}
 secrets and keytab \- use the secrets\&.tdb first, then the system keytab
+.RE
 .sp
 .RE
 …
 \fIOnly\fR
 = Only update the LDAP password and let the LDAP server do the rest\&.
+.RE
 .sp
 .RE
 …
 \fIstart tls\fR
 = Use the LDAPv3 StartTLS extended operation (RFC2830) for communicating with the directory server\&.
+.RE
 .sp
 .RE
 …
 .\}
 \fIregistry\fR
+.RE
 .sp
 .RE
 …
 .RE
+log writeable files on exit (G)
+.\" log writeable files on exit
+.PP
+.RS 4
+When the network connection between a CIFS client and Samba dies, Samba has no option but to simply shut down the server side of the network connection\&. If this happens, there is a risk of data corruption because the Windows client did not complete all write operations that the Windows application requested\&. Setting this option to "yes" makes smbd log with a level 0 message a list of all files that have been opened for writing when the network connection died\&. Those are the files that are potentially corrupted\&. It is meant as an aid for the administrator to give him a list of files to do consistency checks on\&.
+.sp
+Default:
+\fI\fIlog writeable files on exit\fR\fR\fI = \fR\fIno\fR\fI \fR
+.RE
 lppause command (S)
 .\" lppause command
 …
 .\}
 Files whose UNIX name begins with a dot will be presented as DOS hidden files\&. The mangled name will be created as for other filenames, but with the leading dot removed and "___" as its extension regardless of actual original extension (that\'s three underscores)\&.
+.RE
 .sp
 .RE
 …
 \m[blue]\fBstore dos attributes\fR\m[]
 method\&. This may be useful for exporting mounted CDs\&.
+.RE
 .sp
 .RE
 …
 \fBBad Uid\fR
 \- Is only applicable when Samba is configured in some type of domain mode security (security = {domain|ads}) and means that user logins which are successfully authenticated but which have no valid Unix user account (and smbd is unable to create one) should be mapped to the defined guest account\&. This was the default behavior of Samba 2\&.x releases\&. Note that if a member server is running winbindd, this option should never be required because the nss_winbind library will export the Windows domain users and groups to the underlying OS via the Name Service Switch interface\&.
+.RE
 .sp
 .RE
 …
 .\}
 \fBSMB2\fR: Re\-implementation of the SMB protocol\&. Used by Windows Vista and newer\&. The Samba implementation of SMB2 is currently marked experimental!
+.RE
 .sp
 .RE
 …
 \fI%f\fR
 = who the message is from\&.
+.RE
 .sp
 .RE
 …
 .RE
+multicast dns register (G)
+.\" multicast dns register
+.PP
+.RS 4
+If compiled with proper support for it, Samba will announce itself with multicast DNS services like for example provided by the Avahi daemon\&.
+.sp
+This parameter allows disabling Samba to register itself\&.
+.sp
+Default:
+\fI\fImulticast dns register\fR\fR\fI = \fR\fIyes\fR\fI \fR
+.RE
 name cache timeout (G)
 .\" name cache timeout
 …
 \m[blue]\fBinterfaces\fR\m[]
 parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&.
+.RE
 .sp
 .RE
 …
 Example:
 \fI\fIname resolve order\fR\fR\fI = \fR\fIlmhosts bcast host\fR\fI \fR
+.RE
+ncalrpc dir (G)
+.\" ncalrpc dir
+.PP
+.RS 4
+This directory will hold a series of named pipes to allow RPC over inter\-process communication\&.
+.sp
+\&.
+        This will allow Samba and other unix processes to interact over DCE/RPC without using TCP/IP\&. Additionally a sub\-directory \'np\' has restricted permissions, and allows a trusted communication channel between Samba processes
+.sp
+Default:
+\fI\fIncalrpc dir\fR\fR\fI = \fR\fI${prefix}/var/ncalrpc\fR\fI \fR
+.sp
+Example:
+\fI\fIncalrpc dir\fR\fR\fI = \fR\fI/var/run/samba/ncalrpc\fR\fI \fR
 .RE
 …
 .sp
 Multiple servers may also be specified in double\-quotes\&. Whether multiple servers are supported or not and the exact syntax depends on the LDAP library you use\&.
+.RE
 .sp
 .RE
 …
 Some client/server combinations have difficulty with mixed\-case passwords\&. One offending client is Windows for Workgroups, which for some reason forces passwords to upper case when using the LANMAN1 protocol, but leaves them alone when using COREPLUS! Another problem child is the Windows 95/98 family of operating systems\&. These clients upper case clear text passwords even when NT LM 0\&.12 selected by the protocol negotiation request/response\&.
 .sp
 This parameter defines the maximum number of characters that may be upper case in passwords\&.
+This deprecated parameter defines the maximum number of characters that may be upper case in passwords\&.
 .sp
 For example, say the password given was "FRED"\&. If
 …
 security = [ads|domain|server]
 it is possible to get Samba to do all its username/password validation using a specific remote server\&.
-.sp
-This option sets the name or IP address of the password server to use\&. New syntax has been added to support defining the port to use when connecting to the server the case of an ADS realm\&. To define a port other than the default LDAP port of 389, add the port number using a colon after the name or IP address (e\&.g\&. 192\&.168\&.1\&.100:389)\&. If you do not specify a port, Samba will use the standard LDAP port of tcp/389\&. Note that port numbers have no effect on password servers for Windows NT 4\&.0 domains or netbios connections\&.
-.sp
-If parameter is a name, it is looked up using the parameter
-\m[blue]\fBname resolve order\fR\m[]
-and so may resolved by any method and order described in that parameter\&.
-.sp
-The password server must be a machine capable of using the "LM1\&.2X002" or the "NT LM 0\&.12" protocol, and it must be in user level security mode\&.
-.if n \{\
-.sp
-.\}
-.RS 4
-.it 1 an-trap
-.nr an-no-space-flag 1
-.nr an-break-flag 1
-.br
-.ps +1
-\fBNote\fR
-.ps -1
-.br
-Using a password server means your UNIX box (running Samba) is only as secure as your password server\&.
-\fIDO NOT CHOOSE A PASSWORD SERVER THAT YOU DON\'T COMPLETELY TRUST\fR\&.
-.sp .5v
-.RE
-Never point a Samba server at itself for password serving\&. This will cause a loop and could lock up your Samba server!
-.sp
-The name of the password server takes the standard substitutions, but probably the only useful one is
-\fI%m \fR, which means the Samba server will use the incoming client as the password server\&. If you use this then you better trust your clients, and you had better restrict them with hosts allow!
 .sp
 If the
 …
 \fBdomain\fR
 or
+\fBads\fR, then the list of machines in this option must be a list of Primary or Backup Domain controllers for the Domain or the character \'*\', as the Samba server is effectively in that domain, and will use cryptographically authenticated RPC calls to authenticate the user logging on\&. The advantage of using
+security = domain
+is that if you list several hosts in the
+\fBads\fR, then this option
+\fIshould not\fR
+be used, as the default \'*\' indicates to Samba to determine the best DC to contact dynamically, just as all other hosts in an AD domain do\&. This allows the domain to be maintained without modification to the smb\&.conf file\&. The cryptograpic protection on the authenticated RPC calls used to verify passwords ensures that this default is safe\&.
+.sp
+\fIIt is strongly recommended that you use the default of \'*\'\fR, however if in your particular environment you have reason to specify a particular DC list, then the list of machines in this option must be a list of names or IP addresses of Domain controllers for the Domain\&. If you use the default of \'*\', or list several hosts in the
 \fIpassword server\fR
 option then
 …
 will try each in turn till it finds one that responds\&. This is useful in case your primary server goes down\&.
 .sp
-If the
-\fIpassword server\fR
-option is set to the character \'*\', then Samba will attempt to auto\-locate the Primary or Backup Domain controllers to authenticate against by doing a query for the name
-\fBWORKGROUP<1C>\fR
-and then contacting each server returned in the list of IP addresses from the name resolution source\&.
-.sp
 If the list of servers contains both names/IP\'s and the \'*\' character, the list is treated as a list of preferred domain controllers, but an auto lookup of all remaining DC\'s will be added to the list as well\&. Samba will not attempt to optimize this list by locating the closest DC\&.
+.sp
+If parameter is a name, it is looked up using the parameter
+\m[blue]\fBname resolve order\fR\m[]
+and so may resolved by any method and order described in that parameter\&.
 .sp
 If the
 \fIsecurity\fR
 parameter is set to
+\fBserver\fR, then there are different restrictions that
+security = domain
+doesn\'t suffer from:
+\fBserver\fR, these additional restrictions apply:
 .sp
 .RS 4
 …
 .IP \(bu 2.3
 .\}
 If you are using a Windows NT server as your password server then you will have to ensure that your users are able to login from the Samba server, as when in
+You will have to ensure that your users are able to login from the Samba server, as when in
 security = server
+mode the network logon will appear to come from there rather than from the users workstation\&.
+mode the network logon will appear to come from the Samba server rather than from the users workstation\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The client must not select NTLMv2 authentication\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The password server must be a machine capable of using the "LM1\&.2X002" or the "NT LM 0\&.12" protocol, and it must be in user level security mode\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Using a password server means your UNIX box (running Samba) is only as secure as (a host masqurading as) your password server\&.
+\fIDO NOT CHOOSE A PASSWORD SERVER THAT YOU DON\'T COMPLETELY TRUST\fR\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Never point a Samba server at itself for password serving\&. This will cause a loop and could lock up your Samba server!
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The name of the password server takes the standard substitutions, but probably the only useful one is
+\fI%m \fR, which means the Samba server will use the incoming client as the password server\&. If you use this then you better trust your clients, and you had better restrict them with hosts allow!
+.RE
 .sp
 .RE
 …
 The
 \fBsmbd\fR(8)
 daemon maintains an database of file locks obtained by SMB clients\&. The default behavior is to map this internal database to POSIX locks\&. This means that file locks obtained by SMB clients are consistent with those seen by POSIX compliant applications accessing the files via a non\-SMB method (e\&.g\&. NFS or local file access)\&. You should never need to disable this parameter\&.
+daemon maintains an database of file locks obtained by SMB clients\&. The default behavior is to map this internal database to POSIX locks\&. This means that file locks obtained by SMB clients are consistent with those seen by POSIX compliant applications accessing the files via a non\-SMB method (e\&.g\&. NFS or local file access)\&. It is very unlikely that you need to set this parameter to "no", unless you are sharing from an NFS mount, which is not a good idea in the first place\&.
 .sp
 Default:
 …
 .PP
 .RS 4
 This option specifies the number of seconds before the printing subsystem is again asked for the known printers\&. If the value is greater than 60 the initial waiting time is set to 60 seconds to allow an earlier first rescan of the printing subsystem\&.
+This option specifies the number of seconds before the printing subsystem is again asked for the known printers\&.
 .sp
 Setting this parameter to 0 disables any rescanning for new or removed printers after the initial startup\&.
 …
 .RE
+print notify backchannel (S)
+.\" print notify backchannel
+.PP
+.RS 4
+Windows print clients can update print queue status by expecting the server to open a backchannel SMB connection to them\&. Due to client firewall settings this can cause considerable timeouts and will often fail, as there is no guarantee the client is even running an SMB server\&. By setting this parameter to
+\fBno\fR
+the Samba print server will not try to connect back to clients and treat corresponding requests as if the connection back to the client failed\&. The default setting of
+\fByes\fR
+causes smbd to attempt this connection\&.
+.sp
+Default:
+\fI\fIprint notify backchannel\fR\fR\fI = \fR\fIyes\fR\fI \fR
+.RE
 private dir (G)
 .\" private dir
 …
 .RE
+rpc_server (G)
+.\" rpc_server
+.PP
+.RS 4
+Defines what kind of rpc server to use for a named pipe\&. The rpc_server prefix must be followed by the pipe name, and a value\&.
+.sp
+Three possible values are currently supported:
+embedded
+daemon
+external
+.sp
+The classic method is to run every pipe as an internal function
+\fIembedded\fR
+in smbd\&.
+.sp
+An alternative method is to fork a
+\fIdaemon\fR
+early on at smbd startup time\&. This is supported only for selected pipes\&.
+.sp
+Choosing the
+\fIexternal\fR
+option allows to run a completely independent (3rd party) server capable of interfacing with samba via the MS\-RPC interface over named pipes\&.
+.sp
+Currently only the spoolss pipe can be configured in
+\fIdaemon\fR
+mode like this:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+        rpc_server:spoolss = daemon
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+Default:
+\fI\fIrpc_server\fR\fR\fI = \fR\fInone\fR\fI \fR
+.RE
 security mask (S)
 .\" security mask
 …
 .sp
 The alternatives are
+security = share,
+security = server
+security = ads
 or
+security = domain\&.
+security = domain, which support joining Samba to a Windows domain, along with
+security = share
+and
+security = server, both of which are deprecated\&.
 .sp
 In versions of Samba prior to 2\&.0\&.0, the default was
 …
 mainly because that was the only option at one stage\&.
 .sp
+There is a bug in WfWg that has relevance to this setting\&. When in user or server level security a WfWg client will totally ignore the username and password you type in the "connect drive" dialog box\&. This makes it very difficult (if not impossible) to connect to a Samba service as anyone except the user that you are logged into WfWg as\&.
+.sp
+If your PCs use usernames that are the same as their usernames on the UNIX machine then you will want to use
+security = user\&. If you mostly use usernames that don\'t exist on the UNIX box then use
+security = share\&.
+.sp
+You should also use
+security = share
+if you want to mainly setup shares without a password (guest shares)\&. This is commonly used for a shared printer server\&. It is more difficult to setup guest shares with
+security = user, see the
+You should use
+security = user
+and
 \m[blue]\fBmap to guest\fR\m[]
 parameter for details\&.
+if you want to mainly setup shares without a password (guest shares)\&. This is commonly used for a shared printer server\&.
 .sp
 It is possible to use
 …
 The different settings will now be explained\&.
 .sp
-\fISECURITY = SHARE\fR
-.sp
-When clients connect to a share level security server, they need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with a username but no password when talking to a
-security = share
-server)\&. Instead, the clients send authentication information (passwords) on a per\-share basis, at the time they attempt to connect to that share\&.
-.sp
-Note that
-smbd
-\fIALWAYS\fR
-uses a valid UNIX user to act on behalf of the client, even in
-security = share
-level security\&.
-.sp
-As clients are not required to send a username to the server in share level security,
-smbd
-uses several techniques to determine the correct UNIX user to use on behalf of the client\&.
-.sp
-A list of possible UNIX usernames to match with the given client password is constructed using the following methods :
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-If the
-\m[blue]\fBguest only\fR\m[]
-parameter is set, then all the other stages are missed and only the
-\m[blue]\fBguest account\fR\m[]
-username is checked\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-Is a username is sent with the share connection request, then this username (after mapping \- see
-\m[blue]\fBusername map\fR\m[]), is added as a potential username\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-If the client did a previous
-\fIlogon \fR
-request (the SessionSetup SMB call) then the username sent in this SMB will be added as a potential username\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-The name of the service the client requested is added as a potential username\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-The NetBIOS name of the client is added to the list as a potential username\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-Any users on the
-\m[blue]\fBuser\fR\m[]
-list are added as potential usernames\&.
-.sp
-.RE
-If the
-\fIguest only\fR
-parameter is not set, then this list is then tried with the supplied password\&. The first user for whom the password matches will be used as the UNIX user\&.
-.sp
-If the
-\fIguest only\fR
-parameter is set, or no username can be determined then if the share is marked as available to the
-\fIguest account\fR, then this guest user will be used, otherwise access is denied\&.
-.sp
-Note that it can be
-\fIvery\fR
-confusing in share\-level security as to which UNIX username will eventually be used in granting access\&.
-.sp
-See also the section
-NOTE ABOUT USERNAME/PASSWORD VALIDATION\&.
-.sp
 \fISECURITY = USER\fR
 .sp
 This is the default security setting in Samba 3\&.0\&. With user\-level security a client must first "log\-on" with a valid username and password (which can be mapped using the
+This is the default security setting in Samba\&. With user\-level security a client must first "log\-on" with a valid username and password (which can be mapped using the
 \m[blue]\fBusername map\fR\m[]
 parameter)\&. Encrypted passwords (see the
 …
 parameter\&.
 .sp
+\fISECURITY = SERVER\fR
+.sp
+In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box\&. If this fails it will revert to
+security = user\&. It expects the
+\m[blue]\fBencrypted passwords\fR\m[]
+parameter to be set to
+\fByes\fR, unless the remote server does not support them\&. However note that if encrypted passwords have been negotiated then Samba cannot revert back to checking the UNIX password file, it must have a valid
+smbpasswd
+file to check users against\&. See the chapter about the User Database in the Samba HOWTO Collection for details on how to set this up\&.
+\fISECURITY = SHARE\fR
 .if n \{\
 .sp
 …
 .ps -1
 .br
+This mode of operation has significant pitfalls since it is more vulnerable to man\-in\-the\-middle attacks and server impersonation\&. In particular, this mode of operation can cause significant resource consuption on the PDC, as it must maintain an active connection for the duration of the user\'s session\&. Furthermore, if this connection is lost, there is no way to reestablish it, and futher authentications to the Samba server may fail (from a single client, till it disconnects)\&.
+This option is deprecated as it is incompatible with SMB2
+.sp .5v
+.RE
+When clients connect to a share level security server, they need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with a username but no password when talking to a
+security = share
+server)\&. Instead, the clients send authentication information (passwords) on a per\-share basis, at the time they attempt to connect to that share\&.
+.sp
+Note that
+smbd
+\fIALWAYS\fR
+uses a valid UNIX user to act on behalf of the client, even in
+security = share
+level security\&.
+.sp
+As clients are not required to send a username to the server in share level security,
+smbd
+uses several techniques to determine the correct UNIX user to use on behalf of the client\&.
+.sp
+A list of possible UNIX usernames to match with the given client password is constructed using the following methods :
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+If the
+\m[blue]\fBguest only\fR\m[]
+parameter is set, then all the other stages are missed and only the
+\m[blue]\fBguest account\fR\m[]
+username is checked\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Is a username is sent with the share connection request, then this username (after mapping \- see
+\m[blue]\fBusername map\fR\m[]), is added as a potential username\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+If the client did a previous
+\fIlogon \fR
+request (the SessionSetup SMB call) then the username sent in this SMB will be added as a potential username\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The name of the service the client requested is added as a potential username\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The NetBIOS name of the client is added to the list as a potential username\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Any users on the
+\m[blue]\fBuser\fR\m[]
+list are added as potential usernames\&.
+.RE
+.sp
+.RE
+If the
+\fIguest only\fR
+parameter is not set, then this list is then tried with the supplied password\&. The first user for whom the password matches will be used as the UNIX user\&.
+.sp
+If the
+\fIguest only\fR
+parameter is set, or no username can be determined then if the share is marked as available to the
+\fIguest account\fR, then this guest user will be used, otherwise access is denied\&.
+.sp
+Note that it can be
+\fIvery\fR
+confusing in share\-level security as to which UNIX username will eventually be used in granting access\&.
+.sp
+See also the section
+NOTE ABOUT USERNAME/PASSWORD VALIDATION\&.
+.sp
+\fISECURITY = SERVER\fR
+.sp
+In this depicted mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box\&. If this fails it will revert to
+security = user\&. It expects the
+\m[blue]\fBencrypted passwords\fR\m[]
+parameter to be set to
+\fByes\fR, unless the remote server does not support them\&. However note that if encrypted passwords have been negotiated then Samba cannot revert back to checking the UNIX password file, it must have a valid
+smbpasswd
+file to check users against\&. See the chapter about the User Database in the Samba HOWTO Collection for details on how to set this up\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+This mode of operation has significant pitfalls since it is more vulnerable to man\-in\-the\-middle attacks and server impersonation\&. In particular, this mode of operation can cause significant resource consumption on the PDC, as it must maintain an active connection for the duration of the user\'s session\&. Furthermore, if this connection is lost, there is no way to reestablish it, and further authentications to the Samba server may fail (from a single client, till it disconnects)\&.
+.sp .5v
+.RE
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+If the client selects NTLMv2 authentication, then this mode of operation
+\fIwill fail\fR
 .sp .5v
 .RE
 …
 .sp .5v
 .RE
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+This option is deprecated, and may be removed in future
+.sp .5v
+.RE
 \fINote\fR
 that the name of the resource being requested is
 …
 .RE
+send spnego principal (G)
+.\" send spnego principal
+.PP
+.RS 4
+This parameter determines whether or not
+\fBsmbd\fR(8)
+will send the server\-supplied principal sometimes given in the SPNEGO exchange\&.
+.sp
+If enabled, Samba can attempt to help clients to use Kerberos to contact it, even when known only by IP address or a name not registered with our KDC as a service principal name\&. Kerberos relies on names, so ordinarily cannot function in this situation\&.
+.sp
+If disabled, Samba will send the string not_defined_in_RFC4178@please_ignore as the \'rfc4178 hint\', following the updated RFC and Windows 2008 behaviour in this area\&.
+.sp
+Note that Windows XP SP2 and later versions already ignored this value in all circumstances\&.
+.sp
+Default:
+\fI\fIsend spnego principal\fR\fR\fI = \fR\fIno\fR\fI \fR
+.RE
 server schannel (G)
 .\" server schannel
 …
 .\}
 \- group default quotas (gid = \-1)
+.RE
 .sp
 .RE
 …
 .\}
 (optional) \- block size, defaults to 1024
+.RE
 .sp
 .RE
 …
 will be substituted with the switch
 \fI\-f\fR\&. It means force the shutdown even if applications do not respond for NT\&.
+.RE
 .sp
 .RE
 …
 Example:
 \fI\fIshutdown script\fR\fR\fI = \fR\fI/usr/local/samba/sbin/shutdown %m %t %r %f\fR\fI \fR
+.RE
+smb2 max credits (G)
+.\" smb2 max credits
+.PP
+.RS 4
+This option controls the maximum number of outstanding simultaneous SMB2 operations that Samba tells the client it will allow\&. This is similar to the
+\m[blue]\fBmax mux\fR\m[]
+parameter for SMB1\&. You should never need to set this parameter\&.
+.sp
+The default is 8192 credits, which is the same as a Windows 2008R2 SMB2 server\&.
+.sp
+Default:
+\fI\fIsmb2 max credits\fR\fR\fI = \fR\fI128\fR\fI \fR
+.RE
+smb2 max read (G)
+.\" smb2 max read
+.PP
+.RS 4
+This option specifies the protocol value that
+\fBsmbd\fR(8)
+will return to a client, informing the client of the largest size that may be returned by a single SMB2 read call\&.
+.sp
+The default is 1048576 bytes (1MB), which is the same as a Windows7 SMB2 server\&.
+.sp
+Default:
+\fI\fIsmb2 max read\fR\fR\fI = \fR\fI1048576\fR\fI \fR
+.RE
+smb2 max trans (G)
+.\" smb2 max trans
+.PP
+.RS 4
+This option specifies the protocol value that
+\fBsmbd\fR(8)
+will return to a client, informing the client of the largest size of buffer that may be used in querying file meta\-data via QUERY_INFO and related SMB2 calls\&.
+.sp
+The default is 1048576 bytes (1MB), which is the same as a Windows7 SMB2 server\&.
+.sp
+Default:
+\fI\fIsmb2 max trans\fR\fR\fI = \fR\fI1048576\fR\fI \fR
+.RE
+smb2 max write (G)
+.\" smb2 max write
+.PP
+.RS 4
+This option specifies the protocol value that
+\fBsmbd\fR(8)
+will return to a client, informing the client of the largest size that may be sent to the server by a single SMB2 write call\&.
+.sp
+The default is 1048576 bytes (1MB), which is the same as a Windows7 SMB2 server\&.
+.sp
+Default:
+\fI\fIsmb2 max write\fR\fR\fI = \fR\fI1048576\fR\fI \fR
 .RE
 …
 .\}
 SO_RCVLOWAT *
+.RE
 .sp
 .RE
 …
 This is a boolean that controls the handling of disk space allocation in the server\&. When this is set to
 \fByes\fR
+the server will change from UNIX behaviour of not committing real disk storage blocks when a file is extended to the Windows behaviour of actually forcing the disk system to allocate real storage blocks when a file is created or extended to be a given size\&. In UNIX terminology this means that Samba will stop creating sparse files\&. This can be slow on some systems\&. When you work with large files like >100MB or so you may even run into problems with clients running into timeouts\&.
+the server will change from UNIX behaviour of not committing real disk storage blocks when a file is extended to the Windows behaviour of actually forcing the disk system to allocate real storage blocks when a file is created or extended to be a given size\&. In UNIX terminology this means that Samba will stop creating sparse files\&.
+.sp
+This option is really desgined for file systems that support fast allocation of large numbers of blocks such as extent\-based file systems\&. On file systems that don\'t support extents (most notably ext3) this can make Samba slower\&. When you work with large files over >100MB on file systems without extents you may even run into problems with clients running into timeouts\&.
 .sp
 When you have an extent based filesystem it\'s likely that we can make use of unwritten extents which allows Samba to allocate even large amounts of space very fast and you will not see any timeout problems caused by strict allocate\&. With strict allocate in use you will also get much better out of quota messages in case you use quotas\&. Another advantage of activating this setting is that it will help to reduce file fragmentation\&.
 …
 .PP
 .RS 4
+This parameter is a setting in minutes to add to the normal GMT to local time conversion\&. This is useful if you are serving a lot of PCs that have incorrect daylight saving time handling\&.
+.sp
+This deprecated parameter is a setting in minutes to add to the normal GMT to local time conversion\&. This is useful if you are serving a lot of PCs that have incorrect daylight saving time handling\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+This option is deprecated, and will be removed in the next major release
+.sp .5v
+.RE
 Default:
 \fI\fItime offset\fR\fR\fI = \fR\fI0\fR\fI \fR
 …
 .RE
-update encrypted (G)
-.\" update encrypted
-.PP
-.RS 4
-This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) password in the smbpasswd file to be updated automatically as they log on\&. This option allows a site to migrate from plaintext password authentication (users authenticate with plaintext password over the wire, and are checked against a UNIX account database) to encrypted password authentication (the SMB challenge/response authentication mechanism) without forcing all users to re\-enter their passwords via smbpasswd at the time the change is made\&. This is a convenience option to allow the change over to encrypted passwords to be made over a longer period\&. Once all users have encrypted representations of their passwords in the smbpasswd file this parameter should be set to
-\fBno\fR\&.
-.sp
-In order for this parameter to be operative the
-\m[blue]\fBencrypt passwords\fR\m[]
-parameter must be set to
-\fBno\fR\&. The default value of
-\m[blue]\fBencrypt passwords = Yes\fR\m[]\&. Note: This must be set to
-\fBno\fR
-for this
-\m[blue]\fBupdate encrypted\fR\m[]
-to work\&.
-.sp
-Note that even when this parameter is set, a user authenticating to
-smbd
-must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd) passwords\&.
-.sp
-Default:
-\fI\fIupdate encrypted\fR\fR\fI = \fR\fIno\fR\fI \fR
-.RE
 use client driver (S)
 .\" use client driver
 …
 Example:
 \fI\fIusername level\fR\fR\fI = \fR\fI5\fR\fI \fR
+.RE
+username map cache time (G)
+.\" username map cache time
+.PP
+.RS 4
+Mapping usernames with the
+\m[blue]\fBusername map\fR\m[]
+or
+\m[blue]\fBusername map script\fR\m[]
+features of Samba can be relatively expensive\&. During login of a user, the mapping is done several times\&. In particular, calling the
+\m[blue]\fBusername map script\fR\m[]
+can slow down logins if external databases have to be queried from the script being called\&.
+.sp
+The parameter
+\m[blue]\fBusername map cache time\fR\m[]
+controls a mapping cache\&. It specifies the number of seconds a mapping from the username map file or script is to be efficiently cached\&. The default of 0 means no caching is done\&.
+.sp
+Default:
+\fI\fIusername map cache time\fR\fR\fI = \fR\fI0\fR\fI \fR
+.sp
+Example:
+\fI\fIusername map cache time\fR\fR\fI = \fR\fI60\fR\fI \fR
 .RE
 …
 Multiple users may be specified in a comma\-delimited list, in which case the supplied password will be tested against each username in turn (left to right)\&.
 .sp
 The
+The deprecated
 \fIusername\fR
 line is needed only when the PC is unable to supply its own username\&. This is the case for the COREPLUS protocol or where your users have different WfWg usernames to UNIX usernames\&. In both these cases you may also be better using the \e\eserver\eshare%user syntax instead\&.
 …
 .PP
 .RS 4
 This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 clients to agree upon an authentication mechanism\&.
+This deprecated variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 clients to agree upon an authentication mechanism\&.
 .sp
 Unless further issues are discovered with our SPNEGO implementation, there is no reason this should ever be disabled\&.
 …
 .RE
+winbind max clients (G)
+.\" winbind max clients
+.PP
+.RS 4
+This parameter specifies the maximum number of clients the
+\fBwinbindd\fR(8)
+daemon can connect with\&.
+.sp
+Default:
+\fI\fIwinbind max clients\fR\fR\fI = \fR\fI200\fR\fI \fR
+.RE
+winbind max domain connections (G)
+.\" winbind max domain connections
+.PP
+.RS 4
+This parameter specifies the maximum number of simultaneous connections that the
+\fBwinbindd\fR(8)
+daemon should open to the domain controller of one domain\&. Setting this parameter to a value greater than 1 can improve scalability with many simultaneous winbind requests, some of which might be slow\&.
+.sp
+Note that if
+\m[blue]\fBwinbind offline logon\fR\m[]
+is set to
+\fBYes\fR, then only one DC connection is allowed per domain, regardless of this setting\&.
+.sp
+Default:
+\fI\fIwinbind max domain connections\fR\fR\fI = \fR\fI1\fR\fI \fR
+.sp
+Example:
+\fI\fIwinbind max domain connections\fR\fR\fI = \fR\fI10\fR\fI \fR
+.RE
 winbind nested groups (G)
 .\" winbind nested groups
 …
 \fIidmap config DOMAIN:backend\fR
 = ad as well\&.
+.RE
 .sp
 .RE
 …
 This parameter specifies whether the
 \fBwinbindd\fR(8)
+daemon should operate on users without domain component in their username\&. Users without a domain component are treated as is part of the winbindd server\'s own domain\&. While this does not benifit Windows users, it makes SSH, FTP and e\-mail function in a way much closer to the way they would in a native unix system\&.
+daemon should operate on users without domain component in their username\&. Users without a domain component are treated as is part of the winbindd server\'s own domain\&. While this does not benefit Windows users, it makes SSH, FTP and e\-mail function in a way much closer to the way they would in a native unix system\&.
+.sp
+This option should be avoided if possible\&. It can cause confusion about responsibilities for a user or group\&. In many situations it is not clear whether winbind or /etc/passwd should be seen as authoritative for a user, likewise for groups\&.
 .sp
 Default:
 …
 .\}
 The fifth and subsequent arguments are the IP addresses currently registered for that name\&. If this list is empty then the name should be deleted\&.
+.RE
 .sp
 .RE

trunk/server/docs/manpages/smbcacls.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMBCACLS" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "SMBCACLS" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .SH "SYNOPSIS"
 .HP \w'\ 'u
 smbcacls {//server/share} {filename} [\-D\ acls] [\-M\ acls] [\-a\ acls] [\-S\ acls] [\-C\ name] [\-G\ name] [\-\-numeric] [\-t] [\-U\ username] [\-h] [\-d]
+smbcacls {//server/share} {filename} [\-D|\-\-delete\ acls] [\-M|\-\-modify\ acls] [\-a|\-\-add\ acls] [\-S|\-\-set\ acls] [\-C|\-\-chown\ name] [\-G|\-\-chgrp\ name] [\-I\ allow|romove|copy] [\-\-numeric] [\-t] [\-U\ username] [\-h] [\-d]
 .SH "DESCRIPTION"
 .PP
 …
 .sp
 This command is a shortcut for \-M GROUP:name\&.
+.RE
+.PP
+\-I|\-\-inherit allow|remove|copy
+.RS 4
+Set or unset the windows "Allow inheritable permissions" check box using the
+\fI\-I\fR
+option\&. To set the check box pass allow\&. To unset the check box pass either remove or copy\&. Remove will remove all inherited acls\&. Copy will copy all the inherited acls\&.
 .RE
 .PP
 …
 .\}
 \fB#define SEC_ACE_FLAG_INHERIT_ONLY 0x8\fR
+.RE
 .sp
 .RE
 …
 \fIO\fR
 \- Take ownership
+.RE
 .sp
 .RE
 …
 \fIFULL\fR
 \- Equivalent to \'RWXDPO\' permissions
+.RE
 .SH "EXIT STATUS"
 .PP

trunk/server/docs/manpages/smbclient.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMBCLIENT" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "SMBCLIENT" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 \fIinterfaces\fR
 parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&.
+.RE
 .sp
 .RE
 …
 .RE
 .PP
 \-P
+\-P|\-\-machine\-pass
 .RS 4
 Make queries to the external server using the machine account of the local server\&.
 …
 .RE
 .PP
 \-e
+\-e|\-\-encrypt
 .RS 4
 This command line parameter requires the remote server support the UNIX extensions\&. Request that the connection be encrypted\&. This is new for Samba 3\&.2 and will only work with Samba 3\&.2 or above servers\&. Negotiates SMB encryption using GSSAPI\&. Uses the given credentials for the encryption negotiaion (either kerberos or NTLMv1/v2 if given domain/username/password triple\&. Fails the connection if encryption cannot be negotiated\&.
 …
 \fIc\fR
 flags\&.
+.RE
 .sp
 .RE
 …
 .RE
 .PP
 \-c|\-\-comand command string
+\-c|\-\-command command string
 .RS 4
 command string is a semicolon\-separated list of commands to be executed instead of prompting from stdin\&.

trunk/server/docs/manpages/smbcontrol.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMBCONTROL" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "SMBCONTROL" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 \fBwinbindd\fR\&.
 .RE
+.PP
+idmap
+.RS 4
+Notify about changes of id mapping\&. Can be sent to
+\fBsmbd\fR
+or (not implemented yet)
+\fBwinbindd\fR\&.
+.PP
+flush [uid|gid]
+.RS 4
+Flush caches for sid <\-> gid and/or sid <\-> uid mapping\&.
+.RE
+.PP
+delete <ID>
+.RS 4
+Remove a mapping from cache\&. The mapping is given by <ID> which may either be a sid: S\-x\-\&.\&.\&., a gid: "GID number" or a uid: "UID number"\&.
+.RE
+.PP
+kill <ID>
+.RS 4
+Remove a mapping from cache\&. Terminate
+\fBsmbd\fR
+if the id is currently in use\&.
+.RE
+.RE
 .SH "VERSION"
 .PP

trunk/server/docs/manpages/smbcquotas.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMBCQUOTAS" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "SMBCQUOTAS" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/smbd.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMBD" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "SMBD" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .\}
 \fISession Management\fR: When not using share level secuirty, users must pass PAM\'s session checks before access is granted\&. Note however, that this is bypassed in share level secuirty\&. Note also that some older pam configuration files may need a line added for session support\&.
+.RE
 .SH "VERSION"
 .PP

trunk/server/docs/manpages/smbget.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMBGET" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "SMBGET" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 \-f, \-\-rcfile
 .RS 4
 Use specified rcfile\&. This will be loaded in the order it was specified \- e\&.g\&. if you specify any options before this one, they might get overriden by the contents of the rcfile\&.
+Use specified rcfile\&. This will be loaded in the order it was specified \- e\&.g\&. if you specify any options before this one, they might get overridden by the contents of the rcfile\&.
 .RE
 .PP

trunk/server/docs/manpages/smbgetrc.5

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: File Formats and Conventions
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMBGETRC" "5" "08/02/2011" "Samba 3\&.5" "File Formats and Conventions"
+.TH "SMBGETRC" "5" "08/08/2011" "Samba 3\&.6" "File Formats and Conventions"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/smbpasswd.5

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: File Formats and Conventions
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMBPASSWD" "5" "08/02/2011" "Samba 3\&.5" "File Formats and Conventions"
+.TH "SMBPASSWD" "5" "08/08/2011" "Samba 3\&.6" "File Formats and Conventions"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 \fIW\fR
 \- This means this account is a "Workstation Trust" account\&. This kind of account is used in the Samba PDC code stream to allow Windows NT Workstations and Servers to join a Domain hosted by a Samba PDC\&.
+.RE
 .sp
 .RE

trunk/server/docs/manpages/smbpasswd.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMBPASSWD" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "SMBPASSWD" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 \fIinterfaces\fR
 parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&.
+.RE
 .sp
 .RE

trunk/server/docs/manpages/smbspool.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMBSPOOL" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "SMBSPOOL" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .\}
 smb://username:password@workgroup/server[:port]/printer
+.RE
 .sp
 .RE
 …
 .\}
 The filename argument (argv[6]) contains the name of the file to print\&. If this argument is not specified then the print file is read from the standard input\&.
+.RE
 .SH "VERSION"
 .PP

trunk/server/docs/manpages/smbstatus.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMBSTATUS" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "SMBSTATUS" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/smbtar.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMBTAR" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "SMBTAR" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/smbtree.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMBTREE" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "SMBTREE" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/swat.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SWAT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "SWAT" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .\}
 /usr/local/samba/swat/help/*
+.RE
 .sp
 .RE

trunk/server/docs/manpages/tdbbackup.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "TDBBACKUP" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "TDBBACKUP" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 *\&.tdb
 located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories\&.
+.RE
 .SH "VERSION"
 .PP

trunk/server/docs/manpages/tdbdump.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "TDBDUMP" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "TDBDUMP" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/tdbtool.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "TDBTOOL" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "TDBTOOL" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/testparm.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "TESTPARM" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "TESTPARM" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .SH "SYNOPSIS"
 .HP \w'\ 'u
 testparm [\-s] [\-h] [\-v] [\-L\ <servername>] [\-t\ <encoding>] {config\ filename} [hostname\ hostIP]
+testparm [\-s] [\-h] [\-v] [\-t\ <encoding>] {config\ filename} [hostname\ hostIP]
 .SH "DESCRIPTION"
 .PP
 …
 .RS 4
 Prints the program version number\&.
-.RE
-.PP
-\-L servername
-.RS 4
-Sets the value of the %L macro to
-\fIservername\fR\&. This is useful for testing include files specified with the %L macro\&.
 .RE
 .PP

trunk/server/docs/manpages/vfs_acl_tdb.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_ACL_TDB" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_ACL_TDB" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_acl_xattr.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_ACL_XATTR" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_ACL_XATTR" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_audit.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_AUDIT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_AUDIT" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_cacheprime.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_CACHEPRIME" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_CACHEPRIME" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
+G
 \- BYTES is a number of gigabytes
+.RE
 .sp
 .RE

trunk/server/docs/manpages/vfs_cap.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_CAP" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_CAP" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_catia.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_CATIA" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_CATIA" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_commit.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_COMMIT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_COMMIT" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
+G
 \- BYTES is a number of gigabytes
+.RE
 .sp
 .RE

trunk/server/docs/manpages/vfs_default_quota.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_DEFAULT_QUOTA" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_DEFAULT_QUOTA" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_dirsort.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_DIRSORT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_DIRSORT" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_extd_audit.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_EXTD_AUDIT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_EXTD_AUDIT" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_fake_perms.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_FAKE_PERMS" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_FAKE_PERMS" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_fileid.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_FILEID" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_FILEID" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_full_audit.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_FULL_AUDIT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_FULL_AUDIT" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 FILE
 \- the name of the file or directory the operation was performed on
+.RE
 .sp
 .RE
 …
 vfs_full_audit:success = LIST
 .RS 4
 LIST is a list of VFS operations that should be recorded if they succeed\&. Operations are specified using the names listed above\&.
+LIST is a list of VFS operations that should be recorded if they succeed\&. Operations are specified using the names listed above\&. Operations can be unset by prefixing the names with "!"\&.
 .RE
 .PP
 vfs_full_audit:failure = LIST
 .RS 4
 LIST is a list of VFS operations that should be recorded if they failed\&. Operations are specified using the names listed above\&.
+LIST is a list of VFS operations that should be recorded if they failed\&. Operations are specified using the names listed above\&. Operations can be unset by prefixing the names with "!"\&.
 .RE
 .PP
 …
 .SH "EXAMPLES"
 .PP
 Log file and directory open operations on the [records] share using the LOCAL7 facility and ALERT priority, including the username and IP address:
+Log file and directory open operations on the [records] share using the LOCAL7 facility and ALERT priority, including the username and IP address\&. Logging excludes the open VFS function on failures:
 .sp
 .if n \{\
 …
         \m[blue]\fBfull_audit:prefix = %u|%I\fR\m[]
         \m[blue]\fBfull_audit:success = open opendir\fR\m[]
         \m[blue]\fBfull_audit:failure = all\fR\m[]
+        \m[blue]\fBfull_audit:failure = all !open\fR\m[]
         \m[blue]\fBfull_audit:facility = LOCAL7\fR\m[]
         \m[blue]\fBfull_audit:priority = ALERT\fR\m[]

trunk/server/docs/manpages/vfs_gpfs.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_GPFS" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_GPFS" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .\}
 Lease support on GPFS
+.RE
 .sp
 .RE
 …
 .SH "OPTIONS"
 .PP
+gpfs:sharemodes = [ yes | no ]
+.RS 4
+Enable/Disable cross node sharemode handling for GPFS\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+yes(default)
+\- propagate sharemodes across all GPFS nodes\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+no
+\- do not propagate sharemodes across all GPFS nodes\&. This should only be used if the GPFS file system is exclusively exported by Samba\&. Access by local unix application or NFS exports could lead to corrupted files\&.
+.RE
+.sp
+.RE
+.RE
+.PP
+gpfs:leases = [ yes | no ]
+.RS 4
+Enable/Disable cross node leases (oplocks) for GPFS\&. You should also set the
+oplocks
+and
+kernel oplocks
+options to the same value\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+yes(default)
+\- propagate leases across all GPFS nodes\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+no
+\- do not propagate leases across all GPFS nodes\&. This should only be used if the GPFS file system is exclusively exported by Samba\&. Access by local unix application or NFS exports could lead to corrupted files\&.
+.RE
+.sp
+.RE
+.RE
+.PP
+gpfs:hsm = [ yes | no ]
+.RS 4
+Enable/Disable announcing if this FS has HSM enabled\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+no(default)
+\- Do not announce HSM\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+no
+\- Announce HSM\&.
+.RE
+.sp
+.RE
+.RE
+.PP
+gpfs:getrealfilename = [ yes | no ]
+.RS 4
+Enable/Disable usage of the
+gpfs_get_realfilename_path()
+function\&. This improves the casesensitive wildcard file name access\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+yes(default)
+\- use
+gpfs_get_realfilename_path()\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+no
+\- do not use
+gpfs_get_realfilename_path()\&. It seems that
+gpfs_get_realfilename_path()
+doesn\'t work on AIX\&.
+.RE
+.sp
+.RE
+.RE
+.PP
+gpfs:winattr = [ yes | no ]
+.RS 4
+Enable/Disable usage of the windows attributes in GPFS\&. GPFS is able to store windows file attributes e\&.g\&. HIDDEN, READONLY, SYSTEM and others natively\&. That means Samba doesn\'t need to map them to permission bits or extended attributes\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+no(default)
+\- do not use GPFS windows attributes\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+yes
+\- use GPFS windows attributes\&.
+.RE
+.sp
+.RE
+.RE
+.PP
+gpfs:merge_writeappend = [ yes | no ]
+.RS 4
+GPFS ACLs doesn\'t know about the \'APPEND\' right\&. This optionen lets Samba map the \'APPEND\' right to \'WRITE\'\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+yes(default)
+\- map \'APPEND\' to \'WRITE\'\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+no
+\- do not map \'APPEND\' to \'WRITE\'\&.
+.RE
+.sp
+.RE
+.RE
+.PP
+gpfs:refuse_dacl_protected = [ yes | no ]
+.RS 4
+As GPFS does not support the ACE4_FLAG_NO_PROPAGATE NFSv4 flag (which would be the mapping for the DESC_DACL_PROTECTED flag), the status of this flag is currently silently ignored by Samba\&. That means that if you deselect the "Allow inheritable permissions\&.\&.\&." checkbox in Windows\' ACL dialog and then apply the ACL, the flag will be back immediately\&.
+.sp
+To make sure that automatic migration with e\&.g\&. robocopy does not lead to ACLs silently (and unintentionally) changed, you can set
+gpfs:refuse_dacl_protected = yes
+to enable an explicit check for this flag and if set, it will return NT_STATUS_NOT_SUPPORTED so errors are shown up on the Windows side and the Administrator is aware of the ACLs not being settable like intended
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+no(default)
+\- ignore the DESC_DACL_PROTECTED flags\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+yes
+\- reject ACLs with DESC_DACL_PROTECTED\&.
+.RE
+.sp
+.RE
+.RE
+.PP
 nfs4:mode = [ simple | special ]
 .RS 4
 …
 special
 \- use special IDs in GPFS ACEs\&.
+.RE
 .sp
 .RE
 …
 merge
 \- bitwise OR the 2 ace\&.flag fields and 2 ace\&.mask fields of the 2 duplicate ACEs into 1 ACE
+.RE
 .sp
 .RE
 …
 no (default)
 \- Disable chown
+.RE
+.sp
+.RE
+.RE
+.PP
+gpfs:syncio = [yes|no]
+.RS 4
+This parameter makes Samba open all files with O_SYNC\&. This triggers optimizations in GPFS for workloads that heavily share files\&.
+.sp
+Following is the behaviour of Samba for different values:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+yesOpen files with O_SYNC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+no (default)Open files as normal Samba would do
+.RE
 .sp
 .RE
 …
 .SH "CAVEATS"
 .PP
+The gpfs gpl libraries are required by
+Depending on the version of gpfs, the
+libgpfs_gpl
+library or the
+libgpfs
+library is needed at runtime by the
 gpfs
+VFS module during both compilation and runtime\&. Also this VFS module is tested to work on SLES 9/10 and RHEL 4\&.4
+VFS module: Starting with gpfs 3\&.2\&.1 PTF8, the complete
+libgpfs
+is available as open source and
+libgpfs_gpl
+does no longer exist\&. With earlier versions of gpfs, only the
+libgpfs_gpl
+library was open source and could be used at run time\&.
+.PP
+At build time, only the header file
+gpfs_gpl\&.h
+is required , which is a symlink to
+gpfs\&.h
+in gpfs versions newer than 3\&.2\&.1 PTF8\&.
 .SH "VERSION"
 .PP

trunk/server/docs/manpages/vfs_netatalk.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_NETATALK" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_NETATALK" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_notify_fam.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_NOTIFY_FAM" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_NOTIFY_FAM" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_prealloc.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_PREALLOC" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_PREALLOC" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
+G
 \- BYTES is a number of gigabytes
+.RE
 .sp
 .RE

trunk/server/docs/manpages/vfs_preopen.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_PREOPEN" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_PREOPEN" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_readahead.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_READAHEAD" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_READAHEAD" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
+G
 \- BYTES is a number of gigabytes
+.RE
 .SH "EXAMPLES"
 .sp

trunk/server/docs/manpages/vfs_readonly.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_READONLY" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_READONLY" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_recycle.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_RECYCLE" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_RECYCLE" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_scannedonly.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_SCANNEDONLY" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_SCANNEDONLY" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .SH "VERSION"
 .PP
 This man page is correct for version 3\&.5\&.0 of the Samba suite\&.
+This man page is correct for version 3\&.6\&.0 of the Samba suite\&.
 .SH "AUTHOR"
 .PP

trunk/server/docs/manpages/vfs_shadow_copy.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_SHADOW_COPY" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_SHADOW_COPY" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 ss
 is the 2 digit second\&.
+.RE
 .sp
 .RE

trunk/server/docs/manpages/vfs_shadow_copy2.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_SHADOW_COPY2" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_SHADOW_COPY2" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 ss
 is the 2 digit second\&.
+.RE
 .sp
 .RE
 …
 .RS 4
 Path to the base directory that snapshots are from\&.
+.RE
+.PP
+shadow:sort = asc/desc, or not specified for unsorted (default)
+.RS 4
+By this parameter one can specify that the shadow copy directories should be sorted before they are sent to the client\&. This can be beneficial as unix filesystems are usually not listed alphabetically sorted\&. If enabled, you typically want to specify descending order\&.
+.RE
+.PP
+shadow:localtime = yes/no
+.RS 4
+This is an optional parameter that indicates whether the snapshot names are in UTC/GMT or in local time\&. By default UTC is expected\&.
+.RE
+.PP
+shadow:format = format specification for snapshot names
+.RS 4
+This is an optional parameter that specifies the format specification for the naming of snapshots\&. The format must be compatible with the conversion specifications recognized by str[fp]time\&. The default value is "@GMT\-%Y\&.%m\&.%d\-%H\&.%M\&.%S"\&.
 .RE
 .PP
 …
         \m[blue]\fBshadow:snapdir = /data/snaphots\fR\m[]
         \m[blue]\fBshadow:basedir = /data/home\fR\m[]
+        \m[blue]\fBshadow:sort = desc\fR\m[]
 .fi
 .if n \{\

trunk/server/docs/manpages/vfs_smb_traffic_analyzer.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "SMB_TRAFFIC_ANALYZER" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "SMB_TRAFFIC_ANALYZER" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 The
 vfs_smb_traffic_analyzer
+VFS module logs client write and read operations on a Samba server and sends this data over a socket to a helper program, which feeds a SQL database\&. More information on the helper programs can be obtained from the homepage of the project at: http://holger123\&.wordpress\&.com/smb\-traffic\-analyzer/
+VFS module logs client file operations on a Samba server and sends this data over a socket to a helper program (in the following the "Receiver"), which feeds a SQL database\&. More information on the helper programs can be obtained from the homepage of the project at: http://holger123\&.wordpress\&.com/smb\-traffic\-analyzer/ Since the VFS module depends on a receiver that is doing something with the data, it is evolving in it\'s development\&. Therefore, the module works with different protocol versions, and the receiver has to be able to decode the protocol that is used\&. The protocol version 1 was introduced to Samba at September 25, 2008\&. It was a very simple protocol, supporting only a small list of VFS operations, and had several drawbacks\&. The protocol version 2 is a try to solve the problems version 1 had while at the same time adding new features\&. With the release of Samba 3\&.6\&.0, the module will run protocol version 2 by default\&.
+.SH "PROTOCOL VERSION 1 DOCUMENTATION"
 .PP
 vfs_smb_traffic_analyzer
 currently is aware of the following VFS operations:
+protocol version 1 is aware of the following VFS operations:
 .RS 4
 write
 …
 TIMESTAMP
 \- a timestamp, formatted as "yyyy\-mm\-dd hh\-mm\-ss\&.ms" indicating when the VFS operation occured
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+IP
+\- The IP Address (v4 or v6) of the client machine that initiated the VFS operation\&.
+.RE
 .sp
 .RE
 .PP
 This module is stackable\&.
+.SH "OPTIONS"
+.SH "DRAWBACKS OF PROTOCOL VERSION 1"
+.PP
+Several drawbacks have been seen with protocol version 1 over time\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Problematic parsing \-
+Protocol version 1 uses hyphen and comma to seperate blocks of data\&. Once there is a filename with a hyphen, you will run into problems because the receiver decodes the data in a wrong way\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Insecure network transfer \-
+Protocol version 1 sends all it\'s data as plaintext over the network\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Limited set of supported VFS operations \-
+Protocol version 1 supports only four VFS operations\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+No subreleases of the protocol \-
+Protocol version 1 is fixed on it\'s version, making it unable to introduce new features or bugfixes through compatible sub\-releases\&.
+.RE
+.SH "VERSION 2 OF THE PROTOCOL"
+.PP
+Protocol version 2 is an approach to solve the problems introduced with protcol v1\&. From the users perspective, the following changes are most prominent among other enhancements:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The data from the module may be send encrypted, with a key stored in secrets\&.tdb\&. The Receiver then has to use the same key\&. The module does AES block encryption over the data to send\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The module now can identify itself against the receiver with a sub\-release number, where the receiver may run with a different sub\-release number than the module\&. However, as long as both run on the V2\&.x protocol, the receiver will not crash, even if the module uses features only implemented in the newer subrelease\&. If the module uses a new feature from a newer subrelease, and the receiver runs an older protocol, it is just ignoring the functionality\&. Of course it is best to have both the receiver and the module running the same subrelease of the protocol\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The parsing problems of protocol V1 can no longer happen, because V2 is marshalling the data packages in a proper way\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The module now potientially has the ability to create data on every VFS function\&. As of protocol V2\&.0, there is support for 8 VFS functions, namely write,read,pread,pwrite, rename,chdir,mkdir and rmdir\&. Supporting more VFS functions is one of the targets for the upcoming sub\-releases\&.
+.RE
+.sp
+.RE
+.PP
+To enable protocol V2, the protocol_version vfs option has to be used (see OPTIONS)\&.
+.SH "OPTIONS WITH PROTOCOL V1 AND V2.X"
 .PP
 smb_traffic_analyzer:mode = STRING
 …
 smb_traffic_analyzer:anonymize_prefix = STRING
 .RS 4
 The module will replace the user names with a prefix given by STRING and a simple hash number\&.
+The module will replace the user names with a prefix given by STRING and a simple hash number\&. In version 2\&.x of the protocol, the users SID will also be anonymized\&.
 .RE
 .PP
 smb_traffic_analyzer:total_anonymization = STRING
 .RS 4
+If STRING matches to \'yes\', the module will replace any user name with the string given by the option smb_traffic_analyzer:anonymize_prefix, without generating an additional hash number\&. This means that any transfer data will be mapped to a single user, leading to a total anonymization of user related data\&.
+If STRING matches to \'yes\', the module will replace any user name with the string given by the option smb_traffic_analyzer:anonymize_prefix, without generating an additional hash number\&. This means that any transfer data will be mapped to a single user, leading to a total anonymization of user related data\&. In version 2\&.x of the protocol, the users SID will also be anonymized\&.
+.RE
+.PP
+smb_traffic_analyzer:protocol_version = STRING
+.RS 4
+If STRING matches to V1, the module will use version 1 of the protocol\&. If STRING is not given, the module will use version 2 of the protocol, which is the default\&.
 .RE
 .SH "EXAMPLES"
+.PP
+Running protocol V2 on share "example_share", using an internet socket\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+        \fI[example_share]\fR
+        \m[blue]\fBpath = /data/example\fR\m[]
+        \m[blue]\fBvfs_objects = smb_traffic_analyzer\fR\m[]
+        \m[blue]\fBsmb_traffic_analyzer:host = examplehost\fR\m[]
+        \m[blue]\fBsmb_traffic_analyzer:port = 3491\fR\m[]
+.fi
+.if n \{\
+.RE
+.\}
 .PP
 The module running on share "example_share", using a unix domain socket

trunk/server/docs/manpages/vfs_streams_depot.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_STREAMS_DEPOT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_STREAMS_DEPOT" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_streams_xattr.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_STREAMS_XATTR" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_STREAMS_XATTR" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfs_xattr_tdb.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFS_XATTR_TDB" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "VFS_XATTR_TDB" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/vfstest.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "VFSTEST" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "VFSTEST" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 realpath
 \- VFS realpath()
+.RE
 .sp
 .RE
 …
 exit
 \- Exit vfstest
+.RE
 .SH "VERSION"
 .PP

trunk/server/docs/manpages/wbinfo.1

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: User Commands
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "WBINFO" "1" "08/02/2011" "Samba 3\&.5" "User Commands"
+.TH "WBINFO" "1" "08/08/2011" "Samba 3\&.6" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 .SH "SYNOPSIS"
 .HP \w'\ 'u
 wbinfo [\-a\ user%password] [\-\-all\-domains] [\-\-allocate\-gid] [\-\-allocate\-uid] [\-c] [\-\-ccache\-save] [\-\-change\-user\-password] [\-D\ domain] [\-\-domain\ domain] [\-\-dsgetdcname\ domain] [\-g] [\-\-getdcname\ domain] [\-\-get\-auth\-user] [\-G\ gid] [\-\-gid\-info] [\-\-group\-info] [\-\-help|\-?] [\-i\ user] [\-I\ ip] [\-K\ user%password] [\-\-lanman] [\-m] [\-n\ name] [\-N\ netbios\-name] [\-\-ntlmv2] [\-\-online\-status] [\-\-own\-domain] [\-p] [\-P|\-\-ping\-dc] [\-r\ user] [\-R|\-\-lookup\-rids] [\-\-remove\-uid\-mapping\ uid,sid] [\-\-remove\-gid\-mapping\ gid,sid] [\-s\ sid] [\-\-separator] [\-\-sequence] [\-\-set\-auth\-user\ user%password] [\-\-set\-uid\-mapping\ uid,sid] [\-\-set\-gid\-mapping\ gid,sid] [\-S\ sid] [\-\-sid\-aliases] [\-\-sid\-to\-fullname] [\-t] [\-u] [\-\-uid\-info\ uid] [\-\-usage] [\-\-user\-domgroups\ sid] [\-\-user\-sids\ sid] [\-U\ uid] [\-V] [\-\-verbose] [\-Y\ sid]
+wbinfo [\-a\ user%password] [\-\-all\-domains] [\-\-allocate\-gid] [\-\-allocate\-uid] [\-c] [\-\-ccache\-save] [\-\-change\-user\-password] [\-D\ domain] [\-\-domain\ domain] [\-\-dsgetdcname\ domain] [\-g] [\-\-getdcname\ domain] [\-\-get\-auth\-user] [\-G\ gid] [\-\-gid\-info] [\-\-group\-info] [\-\-help|\-?] [\-i\ user] [\-I\ ip] [\-K\ user%password] [\-\-lanman] [\-m] [\-n\ name] [\-N\ netbios\-name] [\-\-ntlmv2] [\-\-online\-status] [\-\-own\-domain] [\-p] [\-P|\-\-ping\-dc] [\-r\ user] [\-R|\-\-lookup\-rids] [\-s\ sid] [\-\-separator] [\-\-set\-auth\-user\ user%password] [\-S\ sid] [\-\-sid\-aliases] [\-\-sid\-to\-fullname] [\-t] [\-u] [\-\-uid\-info\ uid] [\-\-usage] [\-\-user\-domgroups\ sid] [\-\-user\-sids\ sid] [\-U\ uid] [\-V] [\-\-verbose] [\-Y\ sid]
 .SH "DESCRIPTION"
 .PP
 …
 \fBwinbindd\fR(8)
 belongs\&. Currently only the
-\fB\-\-sequence\fR,
 \fB\-u\fR, and
 \fB\-g\fR
 …
 \fBwinbindd\fR(8)
 is still alive\&. Prints out either \'succeeded\' or \'failed\'\&.
+.RE
+.PP
+\-P|\-\-ping\-dc
+.RS 4
+Issue a no\-effect command to our DC\&. This checks if our secure channel connection to our domain controller is still alive\&. It has much less impact than wbinfo \-t\&.
 .RE
 .PP
 …
 .RE
 .PP
-\-\-sequence
-.RS 4
-Show sequence numbers of all known domains\&.
-.RE
-.PP
 \-\-set\-auth\-user \fIusername%password\fR
 .RS 4
 …
 \-U|\-\-uid\-to\-sid \fIuid\fR
 .RS 4
 Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified does not refer to one within the idmap uid range then the operation will fail\&.
+Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified does not refer to one within the idmap range then the operation will fail\&.
 .RE
 .PP
 …
 \fBwinbindd\fR(8)
 then the operation will fail\&.
-.RE
-.PP
-\-\-remove\-uid\-mapping uid,sid
-.RS 4
-Remove an existing uid to sid mapping entry from the IDmap backend\&.
-.RE
-.PP
-\-\-remove\-gid\-mapping gid,sid
-.RS 4
-Remove an existing gid to sid mapping entry from the IDmap backend\&.
-.RE
-.PP
-\-\-set\-uid\-mapping uid,sid
-.RS 4
-Create a new or modify an existing uid to sid mapping in the IDmap backend\&.
-.RE
-.PP
-\-\-set\-gid\-mapping gid,sid
-.RS 4
-Create a new or modify an existing gid to sid mapping in the IDmap backend\&.
 .RE
 .PP

trunk/server/docs/manpages/winbind_krb5_locator.7

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: 7
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "WINBIND_KRB5_LOCATOR" "7" "08/02/2011" "Samba 3\&.5" "7"
+.TH "WINBIND_KRB5_LOCATOR" "7" "08/08/2011" "Samba 3\&.6" "7"
 .\" -----------------------------------------------------------------
 .\" * set default formatting

trunk/server/docs/manpages/winbindd.8

-              r620
+              r745
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
 .\"      Date: 08/02/2011
+.\"      Date: 08/08/2011
 .\"    Manual: System Administration tools
 .\"    Source: Samba 3.5
+.\"    Source: Samba 3.6
 .\"  Language: English
 .\"
 .TH "WINBINDD" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
+.TH "WINBINDD" "8" "08/08/2011" "Samba 3\&.6" "System Administration tools"
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 …
 and the
 pam_winbind\&.so
+PAM module, by managing connections to domain controllers\&. In this configuraiton the
+\m[blue]\fBidmap uid\fR\m[]
+and
+\m[blue]\fBidmap gid\fR\m[]
+parameters are not required\&. (This is known as `netlogon proxy only mode\'\&.)
+PAM module, by managing connections to domain controllers\&. In this configuration the
+\m[blue]\fBidmap config * : range\fR\m[]
+parameter is not required\&. (This is known as `netlogon proxy only mode\'\&.)
 .PP
 The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS\&. The exact behaviour can be configured through the
 …
 .\}
+\m[blue]\fBidmap uid\fR\m[]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\m[blue]\fBidmap gid\fR\m[]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\m[blue]\fBidmap backend\fR\m[]
+\m[blue]\fBidmap config * : range\fR\m[]
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\m[blue]\fBidmap config * : backend\fR\m[]
 .RE
 .sp
 …
 \m[blue]\fBwinbind: rpc only\fR\m[]
 Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers\&.
+.RE
 .SH "EXAMPLE SETUP"
 .PP
 …
         template shell = /bin/bash
         template homedir = /home/%D/%U
+        idmap uid = 10000\-20000
+        idmap gid = 10000\-20000
+        idmap config * : range = 10000\-20000
         workgroup = DOMAIN
         security = domain
 …
 If more than one UNIX machine is running
 winbindd, then in general the user and groups ids allocated by winbindd will not be the same\&. The user and group ids will only be valid for the local machine, unless a shared
 \m[blue]\fBidmap backend\fR\m[]
+\m[blue]\fBidmap config * : backend\fR\m[]
 is configured\&.
 .PP

Context Navigation

Legend:

Download in other formats: