Changeset 988 for vendor/current/docs-xml/Samba3-HOWTO

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

Location:

vendor/current/docs-xml/Samba3-HOWTO

Files:

• TOSHARG-AccessControls.xml (modified) (1 diff)
• TOSHARG-BDC.xml (modified) (11 diffs)
• TOSHARG-Bugs.xml (modified) (2 diffs)
• TOSHARG-CUPS-printing.xml (modified) (13 diffs)
• TOSHARG-Compiling.xml (modified) (12 diffs)
• TOSHARG-ConfigSmarts.xml (modified) (1 diff)
• TOSHARG-Diagnosis.xml (modified) (6 diffs)
• TOSHARG-DomainMember.xml (modified) (13 diffs)
• TOSHARG-FastStart.xml (modified) (15 diffs)
• TOSHARG-Group-Mapping.xml (modified) (2 diffs)
• TOSHARG-HighAvailability.xml (deleted)
• TOSHARG-IDMAP.xml (modified) (9 diffs)
• TOSHARG-Install.xml (modified) (3 diffs)
• TOSHARG-InterdomainTrusts.xml (modified) (6 diffs)
• TOSHARG-IntroSMB.xml (modified) (5 diffs)
• TOSHARG-NT4Migration.xml (modified) (18 diffs)
• TOSHARG-NetworkBrowsing.xml (modified) (3 diffs)
• TOSHARG-Other-Clients.xml (deleted)
• TOSHARG-PDC.xml (modified) (32 diffs)
• TOSHARG-Passdb.xml (modified) (19 diffs)
• TOSHARG-Portability.xml (deleted)
• TOSHARG-Printing.xml (modified) (21 diffs)
• TOSHARG-Problems.xml (modified) (1 diff)
• TOSHARG-ProfileMgmt.xml (modified) (1 diff)
• TOSHARG-RightsAndPriviliges.xml (modified) (2 diffs)
• TOSHARG-SWAT.xml (deleted)
• TOSHARG-ServerType.xml (modified) (15 diffs)
• TOSHARG-Speed.xml (deleted)
• TOSHARG-StandAloneServer.xml (modified) (1 diff)
• TOSHARG-Support.xml (modified) (1 diff)
• TOSHARG-TheNetCommand.xml (modified) (8 diffs)
• TOSHARG-Unicode.xml (modified) (2 diffs)
• TOSHARG-VFS.xml (modified) (3 diffs)
• TOSHARG-Winbind.xml (modified) (2 diffs)
• TOSHARG-WindowsClientConfig.xml (modified) (2 diffs)
• TOSHARG-msdfs.xml (modified) (1 diff)
• TOSHARG-preface.xml (modified) (1 diff)
• TOSHARG-upgrading-to-3.0.xml (deleted)
• index.xml (modified) (3 diffs)
• manpages.xml (modified) (1 diff)

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-AccessControls.xml

@@ -55 +55 @@
 <indexterm><primary>network administrator</primary></indexterm>
 The purpose of this chapter is to present each of the points of control that are possible with
-Samba-3 in the hope that this will help the network administrator to find the optimum method
+Samba in the hope that this will help the network administrator to find the optimum method
 for delivering the best environment for MS Windows desktop users.
 </para>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml

@@ -34 +34 @@
 <indexterm><primary>LDAP</primary><secondary>slave</secondary></indexterm>
 <indexterm><primary>scalability</primary></indexterm>
-Samba-3 can act as a Backup Domain Controller (BDC) to another Samba Primary Domain Controller (PDC). A
-Samba-3 PDC can operate with an LDAP account backend. The LDAP backend can be either a common master LDAP
+Samba can act as a Backup Domain Controller (BDC) to another Samba Primary Domain Controller (PDC). A
+Samba PDC can operate with an LDAP account backend. The LDAP backend can be either a common master LDAP
 server or a slave server. The use of a slave LDAP server has the benefit that when the master is down, clients
 may still be able to log onto the network.  This effectively gives Samba a high degree of scalability and is
@@ -48 +48 @@
 <indexterm><primary>non-LDAP</primary><secondary>backend</secondary></indexterm>
 <indexterm><primary>propagate</primary></indexterm>
-While it is possible to run a Samba-3 BDC with a non-LDAP backend, that backend must allow some form of
+It is not possible to run a Samba BDC with a non-LDAP backend, as that backend must allow some form of
 "two-way" propagation of changes from the BDC to the master.  At this time only LDAP delivers the capability
 to propagate identity database changes from the BDC to the PDC. The BDC can use a slave LDAP server, while it
 is preferable for the PDC to use as its primary an LDAP master server.
 </para>
-
-<para>
-<indexterm><primary>non-LDAP</primary><secondary>backend</secondary></indexterm>
-<indexterm><primary>SAM backend</primary><secondary>non-LDAP</secondary></indexterm>
-<indexterm><primary>domain</primary><secondary>member</secondary><tertiary>server</tertiary></indexterm>
-<indexterm><primary>BDC</primary></indexterm>
-<indexterm><primary>PDC</primary></indexterm>
-<indexterm><primary>trust account password</primary></indexterm>
-<indexterm><primary>domain trust</primary></indexterm>
-The use of a non-LDAP backend SAM database is particularly problematic because domain member
-servers and workstations periodically change the Machine Trust Account password. The new
-password is then stored only locally. This means that in the absence of a centrally stored
-accounts database (such as that provided with an LDAP-based solution) if Samba-3 is running
-as a BDC, the BDC instance of the domain member trust account password will not reach the
-PDC (master) copy of the SAM. If the PDC SAM is then replicated to BDCs, this results in 
-overwriting the SAM that contains the updated (changed) trust account password with resulting
-breakage of the domain trust.
-</para>
-
-<para>
-<indexterm><primary>net</primary><secondary>rpc</secondary></indexterm>
-<indexterm><primary>SAM backend</primary><secondary>ldapsam</secondary></indexterm>
-<indexterm><primary>SAM backend</primary><secondary>tdbsam</secondary></indexterm>
-<indexterm><primary>replication</primary><secondary>SAM</secondary></indexterm>
-Considering the number of comments and questions raised concerning how to configure a BDC,
-let's consider each possible option and look at the pros and cons for each possible solution.
-<link linkend="pdc-bdc-table">The Domain Backend Account Distribution Options table below</link> lists 
-possible design configurations for a PDC/BDC infrastructure.
-</para>
-
-<table frame="all" id="pdc-bdc-table"><title>Domain Backend Account Distribution Options</title>
-<tgroup cols="3">
-        <colspec align="center" colwidth="1*"/>
-        <colspec align="center" colwidth="1*"/>
-        <colspec align="left" colwidth="3*"/>
-
-        <thead>
-        <row><entry>PDC Backend</entry><entry>BDC Backend</entry><entry>Notes/Discussion</entry></row>
-        </thead>
-        <tbody>
-        <row>
-        <entry><para>Master LDAP Server</para></entry>
-        <entry><para>Slave LDAP Server</para></entry>
-        <entry><para>The optimal solution that provides high integrity. The SAM will be
-                replicated to a common master LDAP server.</para></entry>
-        </row>
-        <row>
-        <entry><para>Single Central LDAP Server</para></entry>
-        <entry><para>Single Central LDAP Server</para></entry>
-        <entry><para>
-        A workable solution without failover ability. This is a usable solution, but not optimal. 
-        </para></entry>
-        </row>
-        <row>
-        <entry><para>tdbsam</para></entry>
-        <entry><para>tdbsam + <command>net rpc vampire</command></para></entry>
-        <entry><para>
-        Does not work with Samba-3.0; Samba does not implement the
-        server-side protocols required.
-        </para></entry>
-        </row>
-        <row>
-        <entry><para>tdbsam</para></entry>
-        <entry><para>tdbsam + <command>rsync</command></para></entry>
-        <entry><para>
-        Do not use this configuration.
-        Does not work because the TDB files are live and data may not
-        have been flushed to disk.  Furthermore, this will cause
-        domain trust breakdown.
-        </para></entry>
-        </row>
-        <row>
-        <entry><para>smbpasswd file</para></entry>
-        <entry><para>smbpasswd file</para></entry>
-        <entry><para>
-        Do not use this configuration.
-        Not an elegant solution due to the delays in synchronization
-        and also suffers
-        from the issue of domain trust breakdown.
-        </para></entry>
-        </row>
-        </tbody>
-</tgroup>
-</table>
 
 </sect1>
@@ -260 +176 @@
 <indexterm><primary>PDC</primary></indexterm>
 <indexterm><primary>BDC</primary></indexterm>
-Samba-3 cannot participate in true SAM replication and is therefore not able to
-employ precisely the same protocols used by MS Windows NT4. A Samba-3 BDC will
+Samba cannot participate in true SAM replication and is therefore not able to
+employ precisely the same protocols used by MS Windows NT4. A Samba BDC will
 not create SAM update delta files. It will not interoperate with a PDC (NT4 or Samba)
 to synchronize the SAM from delta files that are held by BDCs.
@@ -269 +185 @@
 <indexterm><primary>PDC</primary></indexterm>
 <indexterm><primary>BDC</primary></indexterm>
-Samba-3 cannot function as a BDC to an MS Windows NT4 PDC, and Samba-3 cannot
-function correctly as a PDC to an MS Windows NT4 BDC. Both Samba-3 and MS Windows
+Samba cannot function as a BDC to an MS Windows NT4 PDC, and Samba-3 cannot
+function correctly as a PDC to an MS Windows NT4 BDC. Both Samba and MS Windows
 NT4 can function as a BDC to its own type of PDC.
 </para>
@@ -293 +209 @@
 be promoted to a PDC. If this happens while the original NT4 PDC is online, it is automatically demoted to an
 NT4 BDC. This is an important aspect of domain controller management. The tool that is used to effect a
-promotion or a demotion is the Server Manager for Domains. It should be noted that Samba-3 BDCs cannot be
+promotion or a demotion is the Server Manager for Domains. It should be noted that Samba BDCs cannot be
 promoted in this manner because reconfiguration of Samba requires changes to the &smb.conf; file. It is easy
 enough to manuall change the &smb.conf; file and then restart relevant Samba network services.
@@ -454 +370 @@
 As of the release of MS Windows 2000 and Active Directory, this information is now stored
 in a directory that can be replicated and for which partial or full administrative control
-can be delegated. Samba-3 is not able to be a domain controller within an Active Directory
-tree, and it cannot be an Active Directory server. This means that Samba-3 also cannot
-act as a BDC to an Active Directory domain controller.
+can be delegated. Samba-4.0 is able to be a domain controller within an Active Directory
+tree, and it can be an Active Directory server.  The details for how
+this can be done are documented in the <ulink
+url="https://wiki.samba.org/index.php/Samba4/HOWTO">Samba 4.0 as an
+AD DC HOWTO</ulink>
+
 </para>
 
@@ -554 +473 @@
 
 <itemizedlist>
-        <listitem><para>
-        <indexterm><primary>SID</primary></indexterm>
-        <indexterm><primary>PDC</primary></indexterm>
-        <indexterm><primary>BDC</primary></indexterm>
-        <indexterm><primary>private/secrets.tdb</primary></indexterm>
-        <indexterm><primary>private/MACHINE.SID</primary></indexterm>
-        <indexterm><primary>domain SID</primary></indexterm>
-        The domain SID has to be the same on the PDC and the BDC. In Samba versions pre-2.2.5, the domain SID was
-        stored in the file <filename>private/MACHINE.SID</filename>.  For all versions of Samba released since 2.2.5
-        the domain SID is stored in the file <filename>private/secrets.tdb</filename>. This file is unique to each
-        server and cannot be copied from a PDC to a BDC; the BDC will generate a new SID at startup. It will overwrite
-        the PDC domain SID with the newly created BDC SID.  There is a procedure that will allow the BDC to acquire the
-        domain SID. This is described here.
-        </para>
-
-        <para>
-        <indexterm><primary>domain SID</primary></indexterm>
-        <indexterm><primary>PDC</primary></indexterm>
-        <indexterm><primary>BDC</primary></indexterm>
-        <indexterm><primary>secrets.tdb</primary></indexterm>
-        <indexterm><primary>net</primary><secondary>rpc</secondary><tertiary>getsid</tertiary></indexterm>
-        To retrieve the domain SID from the PDC or an existing BDC and store it in the
-        <filename>secrets.tdb</filename>, execute:
-        </para>
-<screen>
-&rootprompt;<userinput>net rpc getsid</userinput>
-</screen>
-        </listitem>
-
         <listitem><para>
         <indexterm><primary>secrets.tdb</primary></indexterm>
@@ -624 +514 @@
         <indexterm><primary>LDAP</primary></indexterm>
         The Samba password database must be replicated from the PDC to the BDC.
-        Although it is possible to synchronize the <filename>smbpasswd</filename>
-        file with <command>rsync</command> and <command>ssh</command>, this method
-        is broken and flawed, and is therefore not recommended. A better solution
+        The solution
         is to set up slave LDAP servers for each BDC and a master LDAP server for the PDC.
         The use of rsync is inherently flawed by the fact that the data will be replicated
@@ -732 +620 @@
 <indexterm><primary>domain member server</primary></indexterm>
 <indexterm><primary>idmap backend</primary></indexterm>
-Samba-3 has introduced a new ID mapping facility. One of the features of this facility is that it
+Samba has introduced a new ID mapping facility. One of the features of this facility is that it
 allows greater flexibility in how user and group IDs are handled in respect to NT domain user and group
 SIDs. One of the new facilities provides for explicitly ensuring that UNIX/Linux UID and GID values
@@ -805 +693 @@
 <indexterm><primary>PDC</primary></indexterm>
 <indexterm><primary>logon requests</primary></indexterm>
-Can I get the benefits of a BDC with Samba?  Yes, but only to a Samba PDC.The
+Can I get the benefits of a BDC with Samba?  Yes, but only to a Samba
+PDC or as a <ulink
+url="https://wiki.samba.org/index.php/Samba4/HOWTO">Samba 4.0 Active
+Directory domain controller.</ulink>  The
 main reason for implementing a BDC is availability. If the PDC is a Samba
 machine, a second Samba machine can be set up to service logon requests whenever
@@ -813 +704 @@
 </sect2>
 
-<sect2>
-<title>How Do I Replicate the smbpasswd File?</title>
-
-<para>
-<indexterm><primary>replication</primary><secondary>SAM</secondary></indexterm>
-<indexterm><primary>smbpasswd</primary></indexterm>
-<indexterm><primary>SAM</primary></indexterm>
-Replication of the smbpasswd file is sensitive. It has to be done whenever changes
-to the SAM are made. Every user's password change is done in the smbpasswd file and
-has to be replicated to the BDC. So replicating the smbpasswd file very often is necessary.
-</para>
-
-<para>
-<indexterm><primary>plaintext password</primary></indexterm>
-<indexterm><primary>ssh</primary></indexterm>
-<indexterm><primary>rsync</primary></indexterm>
-As the smbpasswd file contains plaintext password equivalents, it must not be
-sent unencrypted over the wire. The best way to set up smbpasswd replication from
-the PDC to the BDC is to use the utility rsync. rsync can use ssh as a transport.
-<command>ssh</command> itself can be set up to accept <emphasis>only</emphasis>
-<command>rsync</command> transfer without requiring the user to type a password.
-</para>
-
-<para>
-<indexterm><primary>machine trust accounts</primary></indexterm>
-<indexterm><primary>LDAP</primary></indexterm>
-As said a few times before, use of this method is broken and flawed. Machine trust 
-accounts will go out of sync, resulting in a broken domain. This method is
-<emphasis>not</emphasis> recommended. Try using LDAP instead.
-</para>
-
-</sect2>
-
-<sect2>
-<title>Can I Do This All with LDAP?</title>
-
-<para>
-<indexterm><primary>pdb_ldap</primary></indexterm>
-<indexterm><primary>LDAP</primary></indexterm>
-The simple answer is yes. Samba's pdb_ldap code supports binding to a replica
-LDAP server and will also follow referrals and rebind to the master if it ever
-needs to make a modification to the database. (Normally BDCs are read-only, so
-this will not occur often).
-</para>
-
-</sect2>
 </sect1>
 </chapter>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml

@@ -33 +33 @@
 
 <para>
-<indexterm><primary>comp.protocols.smb</primary></indexterm>
-<indexterm><primary>newsgroup</primary></indexterm>
 <indexterm><primary>configuration problem</primary></indexterm>
-If you post the bug to the comp.protocols.smb
-newsgroup or the mailing list, do not assume that we will read it. If you suspect that your 
-problem is not a bug but a configuration problem, it is better to send 
+If you suspect that your 
+problem is not a bug but a configuration problem, it is best to send 
 it to the Samba mailing list, as there are thousands of other users on
 that list who may be able to help you.
@@ -261 +258 @@
 of the spinning process and type:
 <screen>
-&rootprompt; gdb /usr/local/samba/sbin/smbd
+&rootprompt; gdb -p PID
 </screen>
 <indexterm><primary>spinning process</primary></indexterm>
-then <quote>attach `pid'</quote> (of the spinning process), then type <quote>bt</quote> to
+then type <quote>bt full</quote> to
 get a backtrace to see where the smbd is in the call path.
 </para>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml

@@ -99 +99 @@
 <indexterm><primary>Printcap</primary></indexterm>
 <indexterm><primary>PrintcapFormat</primary></indexterm>
-Printing with CUPS in the most basic &smb.conf; setup in Samba-3.0 (as was true for 2.2.x) requires just two
-parameters: <smbconfoption name="printing">cups</smbconfoption> and <smbconfoption
-name="printcap">cups</smbconfoption>. CUPS does not need a printcap file.  However, the
+Printing with CUPS in the most basic &smb.conf; setup in Samba requires just this parameter: <smbconfoption name="printing">cups</smbconfoption>. CUPS does not need a printcap file.  However, the
 <filename>cupsd.conf</filename> configuration file knows of two related directives that control how such a
 file will be automatically created and maintained by CUPS for the convenience of third-party applications
@@ -117 +115 @@
         <para>
 <indexterm><primary>libcups.so</primary></indexterm>
-        Samba has a special relationship to CUPS. Samba can be compiled with CUPS library support.
+        Samba has a special relationship to CUPS, and to use CUPS Samba must be compiled with CUPS library support.
         Most recent installations have this support enabled. By default, CUPS linking is compiled
-        into smbd and other Samba binaries. Of course, you can use CUPS even
-        if Samba is not linked against <filename>libcups.so</filename> &smbmdash; but
-        there are some differences in required or supported configuration.
-        </para>
-
-        <para>
-<indexterm><primary>libcups</primary></indexterm>
-<indexterm><primary>ldd</primary></indexterm>
-        When Samba is compiled and linked with <filename>libcups</filename>, <smbconfoption name="printcap">cups</smbconfoption>
-        uses the CUPS API to list printers, submit jobs, query queues, and so on. Otherwise it maps to the System V
-        commands with an additional <command>-oraw</command> option for printing. On a Linux
-        system, you can use the <command>ldd</command> utility to find out if smbd has been linked with the
-        libcups library (<command>ldd</command> may not be present on other OS platforms, or its function may be embodied
-        by a different command):
-<screen>
-&rootprompt;<userinput>ldd `which smbd`</userinput>
-libssl.so.0.9.6 =&gt; /usr/lib/libssl.so.0.9.6 (0x4002d000)
-libcrypto.so.0.9.6 =&gt; /usr/lib/libcrypto.so.0.9.6 (0x4005a000)
-libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)
-[....]
-</screen>
-        </para>
-
-        <para>
-<indexterm><primary>libcups.so.2</primary></indexterm>
-        The line <computeroutput>libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)</computeroutput> shows
-        there is CUPS support compiled into this version of Samba. If this is the case, and printing = cups
-        is set, then <emphasis>any otherwise manually set print command in &smb.conf; is ignored</emphasis>.
-        This is an important point to remember!
-        </para>
-
-        <tip><para> Should it be necessary, for any reason, to set your own print commands, you can do this by setting
-        <smbconfoption name="printing">sysv</smbconfoption>. However, you will lose all the benefits
-        of tight CUPS-Samba integration. When you do this, you must manually configure the printing system commands
-        (most important: 
-        <smbconfoption name="print command"/>; other commands are
-        <smbconfoption name="lppause command"/>,
-        <smbconfoption name="lpresume command"/>,
-        <smbconfoption name="lpq command"/>,
-        <smbconfoption name="lprm command"/>,
-        <smbconfoption name="queuepause command"/> and
-        <smbconfoption name="queue resume command"/>).
-        </para></tip>
+        into smbd and other Samba binaries.  The parameter
+        <smbconfoption name="printing">cups</smbconfoption> will only
+        be accepted if this is the case.
+        </para>
 
         </sect2>
@@ -180 +139 @@
         <smbconfoption name="load printers">yes</smbconfoption>
         <smbconfoption name="printing">cups</smbconfoption>
-        <smbconfoption name="printcap name">cups</smbconfoption>
 
         <smbconfsection name="[printers]"/>
@@ -189 +147 @@
         <smbconfoption name="writable">no</smbconfoption>
         <smbconfoption name="printable">yes</smbconfoption>
-        <smbconfoption name="printer admin">root, @ntadmins, @smbprintadm</smbconfoption>
         </smbconfblock>
         </example>
@@ -224 +181 @@
         <smbconfsection name="[global]"/>
         <smbconfoption name="printing">cups</smbconfoption>
-        <smbconfoption name="printcap name">cups</smbconfoption>
         <smbconfoption name="load printers">yes</smbconfoption>
 
@@ -233 +189 @@
         <smbconfoption name="writable">no</smbconfoption>
         <smbconfoption name="printable">yes</smbconfoption>
-        <smbconfoption name="printer admin">root, @ntadmins, @smbprintadm</smbconfoption>
 
         <smbconfsection name="[special_printer]"/>
@@ -244 +199 @@
         <smbconfoption name="writable">no</smbconfoption>
         <smbconfoption name="printable">yes</smbconfoption>
-        <smbconfoption name="printer admin">kurt</smbconfoption>
         <smbconfoption name="hosts deny">0.0.0.0</smbconfoption>
         <smbconfoption name="hosts allow">turbo_xp, 10.160.50.23, 10.160.51.60</smbconfoption>
@@ -252 +206 @@
         <para>
         This special share is only for testing purposes. It does not write the print job to a file. It just logs the job parameters
-        known to Samba into the <filename>/tmp/smbprn.log</filename> file and deletes the job-file. Moreover, the
-        <smbconfoption name="printer admin"/> of this share is <quote>kurt</quote> (not the <quote>@ntadmins</quote> group),
-        guest access is not allowed, the share isn't published to the Network Neighborhood (so you need to know it is there), and it
+        known to Samba into the <filename>/tmp/smbprn.log</filename> file and deletes the job-file. Moreover, guest access is not
+        allowed, the share isn't published to the Network Neighborhood (so you need to know it is there), and it
         allows access from only three hosts. To prevent CUPS from kicking in and taking over the print jobs for that share, we need to set
         <smbconfoption name="printing">sysv</smbconfoption> and <smbconfoption name="printcap">lpstat</smbconfoption>.
@@ -2203 +2156 @@
 <smbconfblock>
 <smbconfoption name="printing">cups</smbconfoption>
-<smbconfoption name="printcap">cups</smbconfoption>
 </smbconfblock>
 
@@ -2209 +2161 @@
 When these parameters are specified, all manually set print directives (like <smbconfoption name="print
 command"/> or <smbconfoption name="lppause command"/>) in &smb.conf; (as well as in Samba itself) will be
-ignored. Instead, Samba will directly interface with CUPS through its application program interface (API), as
-long as Samba has been compiled with CUPS library (libcups) support. If Samba has not been compiled with CUPS
-support, and if no other print commands are set up, then printing will use the <emphasis>System V</emphasis>
-AT&amp;T command set, with the -oraw option automatically passing through (if you want your own defined print
-commands to work with a Samba server that has CUPS support compiled in, simply use <smbconfoption
-name="classicalprinting">sysv</smbconfoption>). This is illustrated in <link linkend="f13small">the Printing via
+ignored. Instead, Samba will directly interface with CUPS through its
+application program interface (API). 
+This is illustrated in <link linkend="f13small">the Printing via
 CUPS/Samba Server diagram</link>.
 </para>
@@ -4737 +4686 @@
                         <smbconfoption name="printing">cups</smbconfoption>.</para></listitem>
 
-        <listitem><para>Another Samba &smb.conf; setting of
-                        <smbconfoption name="printcap">cups</smbconfoption>.</para></listitem>
 </itemizedlist>
 
@@ -4752 +4699 @@
 </sect2>
 
-<sect2>
-<title>Manual Configuration</title>
-
-<para>
-If you want to do things manually, replace the <smbconfoption name="printing">cups</smbconfoption>
-by <smbconfoption name="printing">bsd</smbconfoption>. Then your manually set commands may work
-(I haven't tested this), and a <smbconfoption name="print command">lp -d %P %s; rm %s</smbconfoption>
-may do what you need.
-</para>
-</sect2>
 </sect1>
 
@@ -4911 +4848 @@
         <para>
         If <command>cupsaddsmb</command>, or <command>rpcclient addriver</command> emit the error message
-        WERR_BAD_PASSWORD, refer to <link linkend="root-ask-loop">the previous common error</link>.
+        WERR_BAD_PASSWORD/WERR_INVALID_PASSWORD, refer to <link linkend="root-ask-loop">the previous common error</link>.
         </para>
         

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml

@@ -21 +21 @@
 
 <sect1>
-<title>Access Samba Source Code via Subversion</title>
+<title>Access Samba Source Code via GIT</title>
 
 
@@ -29 +29 @@
 <para>
 <indexterm><primary>Subversion</primary></indexterm>
-Samba is developed in an open environment. Developers use a
-Subversion to <quote>checkin</quote> (also known as 
-<quote>commit</quote>) new source code. Samba's various Subversion branches can
-be accessed via anonymous Subversion using the instructions
-detailed in this chapter.
-</para>
-
-<para>
-This chapter is a modified version of the instructions found at the
-<ulink noescape="1" url="http://samba.org/samba/subversion.html">Samba</ulink> Web site.
+Samba is developed in an open environment. Developers use
+GIT to <quote>checkin</quote> (also known as 
+<quote>commit</quote>) new source code.  See the
+<ulink noescape="1"
+       url="https://wiki.samba.org/index.php/Using_Git_for_Samba_Development">Using
+Git for Samba Development page</ulink> in the Samba wiki.
 </para>
 
 </sect2>
 
-<sect2>
-<title>Subversion Access to samba.org</title>
-
-<para>
-The machine samba.org runs a publicly accessible Subversion
-repository for access to the source code of several packages, 
-including Samba, rsync, distcc, ccache, and jitterbug. There are two main ways
-of accessing the Subversion server on this host.
-</para>
-
-<sect3>
-<title>Access via ViewCVS</title>
-
-
-<para>
-<indexterm><primary>SVN</primary><secondary>web</secondary></indexterm>
-You can access the source code via your favorite WWW browser. This allows you to access
-the contents of individual files in the repository and also to look at the revision 
-history and commit logs of individual files. You can also ask for a diff 
-listing between any two versions on the repository.
-</para>
-
-<para>
-Use the URL
-<ulink noescape="1" url="http://viewcvs.samba.org/">http://viewcvs.samba.org/</ulink>.
-</para>
-</sect3>
-
-<sect3>
-<title>Access via Subversion</title>
-
-<para>
-<indexterm><primary>Subversion</primary></indexterm>
-You can also access the source code via a normal Subversion client. This gives you much more control over what
-you can do with the repository and allows you to check out whole source trees and keep them up to date via
-normal Subversion commands. This is the preferred method of access if you are a developer and not just a
-casual browser.
-</para>
-
-<para>In order to be able to download the Samba sources off Subversion, you need 
-a Subversion client. Your distribution might include one, or you can download the 
-sources from <ulink noescape="1" url="http://subversion.tigris.org/">http://subversion.tigris.org/</ulink>.
-</para>
-
-<para>
-To gain access via anonymous Subversion, use the following steps. 
-</para>
-
-<procedure>
-        <title>Retrieving Samba using Subversion</title>
-
-        <step>
-        <para>
-        Install a recent copy of Subversion. All you really need is a 
-        copy of the Subversion client binary. 
-        </para>
-        </step>
-
-        <step>
-        <para>
-        Run the command 
-        <screen>
-        <userinput>svn co svn://svnanon.samba.org/samba/trunk samba</userinput>.
-        </screen>
-        </para>
-        
-        <para>
-        This will create a directory called <filename>samba</filename> containing the 
-        latest Samba source code (usually the branch that is going to be the next major release). This 
-        currently corresponds to the 3.1 development tree. 
-        </para>
-        
-        <para>
-        Subversion branches other then trunk can be obtained by adding branches/BRANCH_NAME to the URL you check
-        out. A list of branch names can be found on the <quote>Development</quote> page of the Samba Web site. A
-        common request is to obtain the latest 3.0 release code. This could be done by using the following command:
-        <screen>
-        <userinput>svn co svn://svnanon.samba.org/samba/branches/SAMBA_3_0 samba_3</userinput>.
-        </screen>
-        </para>
-        </step>
-
-        <step>
-        <para>
-        Whenever you want to merge in the latest code changes, use the following command from within the Samba
-        directory:
-        <screen>
-        <userinput>svn update</userinput>
-        </screen>
-        </para>
-        </step>
-</procedure>
-        
-</sect3>
-</sect2>
 
 </sect1>
@@ -149 +50 @@
         <indexterm><primary>ftp</primary></indexterm>
         <parameter>pserver.samba.org</parameter> also exports unpacked copies of most parts of the Subversion tree
-        at the Samba <ulink noescape="1" url="ftp://pserver.samba.org/pub/unpacked">pserver</ulink> location and also
+        at the Samba <ulink noescape="1" url="ftp://samba.org/pub/unpacked">unpacked</ulink> location and also
         via anonymous rsync at the Samba <ulink noescape="1"
-        url="rsync://pserver.samba.org/ftp/unpacked/">rsync</ulink> server location.  I recommend using rsync rather
+        url="rsync://samba.org/ftp/unpacked/">rsync</ulink> server location.  I recommend using rsync rather
         than ftp, because rsync is capable of compressing data streams, but it is also more useful than FTP because
         during a partial update it will transfer only the data that is missing plus a small overhead.  See <ulink
@@ -159 +60 @@
         <para>
         The disadvantage of the unpacked trees is that they do not support automatic
-        merging of local changes as Subversion does. <command>rsync</command> access is most convenient 
+        merging of local changes as GIT does. <command>rsync</command> access is most convenient 
         for an initial install.                      
         </para>
@@ -182 +83 @@
 
 <para><screen>
-&prompt;<userinput>wget http://us1.samba.org/samba/ftp/samba-3.0.20.tar.asc</userinput>
-&prompt;<userinput>wget http://us1.samba.org/samba/ftp/samba-pubkey.asc</userinput>
+&prompt;<userinput>wget http://samba.org/samba/ftp/samba-latest.tar.asc</userinput>
+&prompt;<userinput>wget http://samba.org/samba/ftp/samba-latest.tar.gz</userinput>
+&prompt;<userinput>wget http://samba.org/samba/ftp/samba-pubkey.asc</userinput>
 </screen></para>
 
@@ -196 +98 @@
 and verify the Samba source code integrity with:
 <screen>
-&prompt;<userinput>gzip -d samba-3.0.20.tar.gz</userinput>
-&prompt;<userinput>gpg --verify samba-3.0.20.tar.asc</userinput>
+&prompt;<userinput>gzip -d samba-latest.tar.gz</userinput>
+&prompt;<userinput>gpg --verify samba-latest.tar.asc</userinput>
 </screen>
 </para>
@@ -216 +118 @@
         
         <para>
-        <indexterm><primary>autogen.sh</primary></indexterm>
-<indexterm><primary>configure</primary></indexterm>
-        After the source tarball has been unpacked, the next step involves
-        configuration to match Samba to your operating system platform.
-        If your source directory does not contain the <command>configure</command> script,
-        it is necessary to build it before you can continue. Building of
-        the configure script requires the correct version of the autoconf
-        tool kit. Where the necessary version of autoconf is present,
-        the configure script can be generated by executing the following
-        (please note that in Samba 3.4.x, the directory is called source3 instead
-        of source):
-<screen>
-&rootprompt; cd samba-3.0.20/source
-&rootprompt; ./autogen.sh
-</screen>
-        </para>
-        
-
-        <para>
         <indexterm><primary>configure</primary></indexterm>
         To build the binaries, run the program <userinput>./configure
-        </userinput> in the source directory. This should automatically 
+        </userinput> in the top level directory of the source tree. This should automatically
         configure Samba for your operating system. If you have unusual 
         needs, then you may wish to first run:
@@ -266 +149 @@
         </para>
         
-        <para>
-        Some people prefer to install binary files and man pages separately. If this is
-        your wish, the binary files can be installed by executing:
-<screen>
-&rootprompt; <userinput>make installbin</userinput>
-</screen>
-        The man pages can be installed using this command:
-<screen>
-&rootprompt; <userinput>make installman</userinput>
-</screen>
-        </para>
-
-        <para>
-        Note that if you are upgrading from a previous version of Samba the old
-        versions of the binaries will be renamed with an <quote>.old</quote> extension.
-        You can go back to the previous version by executing:
-<screen>
-&rootprompt; <userinput>make revert</userinput>
-</screen>
-        As you can see from this, building and installing Samba does not need to
-        result in disaster!
-        </para>
-        
-
         <sect2>
         <title>Compiling Samba with Active Directory Support</title>
@@ -319 +178 @@
         <para>
         After you run configure, make sure that the 
-        <filename>include/config.h</filename> it generates contain lines like this:
+        <filename>bin/default/include/config.h</filename> it generates contain lines like this:
 <programlisting>
 #define HAVE_KRB5 1
@@ -328 +187 @@
         <para>
         If it does not, configure did not find your KRB5 libraries or
-        your LDAP libraries. Look in <filename>config.log</filename> to figure
+        your LDAP libraries. Look in <filename>bin/config.log</filename> to figure
         out why and fix it.
         </para>
@@ -409 +268 @@
 
         <sect2>
-        <title>Starting from inetd.conf</title>
-
-        <indexterm><primary>inetd</primary></indexterm>
-        
-        <note>
-        <para>The following will be different if 
-        you use NIS, NIS+, or LDAP to distribute services maps.</para>
-        </note>
-        
-        <para>Look at your <filename>/etc/services</filename>. 
-        What is defined at port 139/tcp? If nothing is defined, 
-        then add a line like this:</para>
-
-        <para><programlisting>netbios-ssn     139/tcp</programlisting></para>
-
-        <para>Similarly for 137/udp, you should have an entry like:</para>
-
-        <para><programlisting>netbios-ns        137/udp</programlisting></para>
-
-        <para>
-        Next, edit your <filename>/etc/inetd.conf</filename> and add two lines like this:
-<programlisting>
-netbios-ssn stream tcp nowait root /usr/local/samba/sbin/smbd smbd 
-netbios-ns dgram udp wait root /usr/local/samba/sbin/nmbd nmbd 
-</programlisting>
-        </para>
-
-<indexterm><primary>/etc/inetd.conf</primary></indexterm>
-        <para>
-        The exact syntax of <filename>/etc/inetd.conf</filename> 
-        varies between UNIXes. Look at the other entries in inetd.conf 
-        for a guide.
-        </para>
-
-        <para>
-        <indexterm><primary>xinetd</primary></indexterm>
-        Some distributions use xinetd instead of inetd. Consult the 
-        xinetd manual for configuration information.
-        </para>
-
-        <note><para>Some UNIXes already have entries like netbios_ns 
-        (note the underscore) in <filename>/etc/services</filename>. 
-        You must edit <filename>/etc/services</filename> or
-        <filename>/etc/inetd.conf</filename> to make them consistent.
-        </para></note>
-
-        <note><para>
-        <indexterm><primary>ifconfig</primary></indexterm>
-        On many systems you may need to use the
-        <smbconfoption name="interfaces"/> option in &smb.conf; to specify
-        the IP address and netmask of your interfaces. Run 
-        <application>ifconfig</application> as root if you do
-        not know what the broadcast is for your net. &nmbd; tries
-        to determine it at runtime, but fails on some UNIXes. 
-        </para></note>
-
-        <warning><para>
-        Many UNIXes only accept around five parameters on the command
-        line in <filename>inetd.conf</filename>.  This means you shouldn't
-        use spaces between the options and arguments, or you should use
-        a script and start the script from <command>inetd</command>.
-        </para></warning>
-
-        <para>
-        Restart <application>inetd</application>, perhaps just send it a HUP,
-        like this:
-<indexterm><primary>killall</primary></indexterm>
-<screen>
-&rootprompt;<userinput>killall -HUP inetd</userinput>
-</screen>
-        </para>
-                
-        </sect2>
-        
-        <sect2>
-        <title>Alternative: Starting &smbd; as a Daemon</title>
+        <title>Starting &smbd; as a Daemon</title>
                 
         <para>
@@ -521 +305 @@
         <sect3>
         <title>Starting Samba for Red Hat Linux</title>
-
-        <para>
-        Red Hat Linux has not always included all Samba components in the standard installation.
-        So versions of Red Hat Linux do not install the winbind utility, even though it is present
-        on the installation CDROM media. Check to see if the <command>winbindd</command> is present
-        on the system:
-<screen>
-&rootprompt; ls /usr/sbin/winbindd
-/usr/sbin/winbindd
-</screen>
-        This means that the appropriate RPM package was installed. The following response means
-        that it is not installed:
-<screen>
-/bin/ls: /usr/sbin/winbind: No such file or directory
-</screen>
-        In this case, it should be installed if you intend to use <command>winbindd</command>. Search
-        the CDROM installation media for the samba-winbind RPM and install it following Red Hat
-        guidelines.
-        </para>
-
         <para>
         The process for starting Samba will now be outlined. Be sure to configure Samba's &smb.conf;

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-ConfigSmarts.xml

@@ -121 +121 @@
 this book. However, if someone will contribute more comprehensive documentation we will gladly review it, and
 if it is suitable extend this section of this chapter. Until such documentation becomes available the hosting
-of multiple samba servers on a single host is considered not supported for Samba-3 by the Samba Team.
+of multiple samba servers on a single host is considered not supported for Samba by the Samba Team.
 </para>
 

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml

@@ -131 +131 @@
 <note><para>
 <indexterm><primary>/etc/samba</primary></indexterm>
-<indexterm><primary>/usr/local/samba/lib</primary></indexterm>
+<indexterm><primary>/usr/local/samba/etc</primary></indexterm>
 Your &smb.conf; file may be located in <filename>/etc/samba</filename>
-or in <filename>/usr/local/samba/lib</filename>.
+or in <filename>/usr/local/samba/etc</filename>.
 </para></note>
 </step>
@@ -432 +432 @@
 <listitem>
         <para>
-        You have shadow passwords (or some other password system) but didn't
-        compile in support for them in &smbd;.
+        Password encryption is enabled by default, but you have not
+        yet set a password for your samba user. Run
+        <command>smbpasswd -a username</command>
         </para>
 </listitem>
@@ -445 +446 @@
 <listitem>
         <para>
-        You have a mixed-case password and you haven't enabled the <smbconfoption name="password level"/> option at a high enough level.
+        You have explicitly disabled encrypted passwords with
+        <smbconfoption name="encrypt passwords">no</smbconfoption> have a mixed-case password.
         </para>
 </listitem>
@@ -455 +457 @@
 </listitem>
 
-<listitem>
-        <para>
-        You enabled password encryption but didn't map UNIX to Samba users. Run
-        <command>smbpasswd -a username</command>
-        </para>
-</listitem>
 </orderedlist>
 
@@ -545 +541 @@
 
 <para>
-It's also possible that the server can't work out what username to connect you as.
-To see if this is the problem, add the line
-<smbconfoption name="user">username</smbconfoption> to the
-<smbconfsection name="[tmp]"/> section of 
-&smb.conf; where <parameter>username</parameter> is the
-username corresponding to the password you typed. If you find this
-fixes things, you may need the username mapping option. 
-</para>
-
-<para>
-It might also be the case that your client only sends encrypted passwords 
+By default, most clients only sends encrypted passwords 
 and you have <smbconfoption name="encrypt passwords">no</smbconfoption> in &smb.conf;.
 Change this setting to `yes' to fix this.
@@ -588 +574 @@
 specified in &smb.conf;). You should be able to double-click on the name
 of the server and get a list of shares. If you get the error message <quote>invalid password,</quote>
- you are probably running Windows NT and it
-is refusing to browse a server that has no encrypted password
-capability and is in user-level security mode. In this case, either set
-<smbconfoption name="security">server</smbconfoption> and 
-<smbconfoption name="password server">Windows_NT_Machine</smbconfoption> in your
-&smb.conf; file or make sure <smbconfoption name="encrypt passwords"/> is
-set to <quote>yes</quote>.
+your client may be refusing to browse a server that has no encrypted password
+capability. In this case make sure <smbconfoption name="encrypt passwords"/> is
+set to <quote>yes</quote> and repeat the steps in this gude.
 </para>
 

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml

@@ -56 +56 @@
 <indexterm><primary>domain control</primary></indexterm>
 <indexterm><primary>Server Type</primary><secondary>Domain Member</secondary></indexterm>
-Samba-3 can join an MS Windows NT4-style domain as a native member server, an 
+Samba can join an MS Windows NT4-style domain as a native member server, an
 MS Windows Active Directory domain as a native member server, or a Samba domain
 control network. Domain membership has many advantages:
@@ -194 +194 @@
         A corresponding UNIX account, typically stored in <filename>/etc/passwd</filename>. Work is in progress to
         allow a simplified mode of operation that does not require UNIX user accounts, but this has not been a feature
-        of the early releases of Samba-3, and is not currently planned for release either.
+        of the early releases of Samba, and is not currently planned for release either.
         </para></listitem>
 </itemizedlist>
@@ -607 +607 @@
 
 <sect2>
-<title>Joining an NT4-type Domain with Samba-3</title>
+<title>Joining an NT4-type Domain with Samba</title>
 
 <para><link linkend="assumptions">Assumptions</link> lists names that are used in the remainder of this chapter.</para>
@@ -798 +798 @@
 </sect2>
 
-<sect2>
-<title>Why Is This Better Than <parameter>security = server</parameter>?</title>
-
-<para>
-<indexterm><primary>domain security</primary></indexterm>
-<indexterm><primary>UNIX users</primary></indexterm>
-<indexterm><primary>authentication</primary></indexterm>
-Currently, domain security in Samba does not free you from having to create local UNIX users to represent the
-users attaching to your server. This means that if domain user <constant>DOM\fred</constant> attaches to your
-domain security Samba server, there needs to be a local UNIX user fred to represent that user in the UNIX file
-system. This is similar to the older Samba security mode <smbconfoption
-name="security">server</smbconfoption>, where Samba would pass through the authentication request to a Windows
-NT server in the same way as a Windows 95 or Windows 98 server would.
-</para>
-
-<para>
-<indexterm><primary>winbind</primary></indexterm>
-<indexterm><primary>UID</primary></indexterm>
-<indexterm><primary>GID</primary></indexterm>
-Please refer to <link linkend="winbind">Winbind: Use of Domain Accounts</link>, for information on a system
-to automatically assign UNIX UIDs and GIDs to Windows NT domain users and groups.
-</para>
-
-<para>
-<indexterm><primary>domain-level</primary></indexterm>
-<indexterm><primary>authentication</primary></indexterm>
-<indexterm><primary>RPC</primary></indexterm>
-The advantage of domain-level security is that the authentication in domain-level security is passed down the
-authenticated RPC channel in exactly the same way that an NT server would do it. This means Samba servers now
-participate in domain trust relationships in exactly the same way NT servers do (i.e., you can add Samba
-servers into a resource domain and have the authentication passed on from a resource domain PDC to an account
-domain PDC).
-</para>
-
-<para>
-<indexterm><primary>PDC</primary></indexterm>
-<indexterm><primary>BDC</primary></indexterm>
-<indexterm><primary>connection resources</primary></indexterm>
-In addition, with <smbconfoption name="security">server</smbconfoption>, every Samba daemon on a server has to
-keep a connection open to the authenticating server for as long as that daemon lasts. This can drain the
-connection resources on a Microsoft NT server and cause it to run out of available connections. With
-<smbconfoption name="security">domain</smbconfoption>, however, the Samba daemons connect to the PDC or BDC
-only for as long as is necessary to authenticate the user and then drop the connection, thus conserving PDC
-connection resources.
-</para>
-
-<para>
-<indexterm><primary>PDC</primary></indexterm>
-<indexterm><primary>authentication reply</primary></indexterm>
-<indexterm><primary>SID</primary></indexterm>
-<indexterm><primary>NT groups</primary></indexterm>
-Finally, acting in the same manner as an NT server authenticating to a PDC means that as part of the
-authentication reply, the Samba server gets the user identification information such as the user SID, the list
-of NT groups the user belongs to, and so on.
-</para>
-
-<note>
-<para>
-Much of the text of this document was first published in the Web magazine 
-<ulink url="http://www.linuxworld.com"><emphasis>LinuxWorld</emphasis></ulink> as the article <ulink
-url="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html"/>
-<emphasis>Doing the NIS/NT Samba</emphasis>.
-</para>
-</note>
-
-</sect2>
 </sect1>
 
@@ -874 +808 @@
 <indexterm><primary>KDC</primary></indexterm>
 <indexterm><primary>Kerberos</primary></indexterm>
-This is a rough guide to setting up Samba-3 with Kerberos authentication against a
+This is a rough guide to setting up Samba with Kerberos authentication against a
 Windows 200x KDC. A familiarity with Kerberos is assumed.
 </para> 
@@ -980 +914 @@
 [libdefaults]
         default_realm = YOUR.KERBEROS.REALM
-
-[realms]
-        YOUR.KERBEROS.REALM = {
-        kdc = your.kerberos.server
-        }
+        dns_lookup_kdc = true
 
 [domain_realms]
@@ -992 +922 @@
 
 <para>
-<indexterm><primary>Heimdal</primary></indexterm>
-When using Heimdal versions before 0.6, use the following configuration settings:
+If you must specify the KDC directly, the minimal configuration is:
 <screen>
 [libdefaults]
         default_realm      = YOUR.KERBEROS.REALM
-        default_etypes     = des-cbc-crc des-cbc-md5
-        default_etypes_des = des-cbc-crc des-cbc-md5
 
 [realms]
@@ -1016 +943 @@
 <replaceable>USERNAME</replaceable>@<replaceable>REALM</replaceable></userinput> and
 making sure that your password is accepted by the Win2000 KDC.
-</para>
-
-<para>
-<indexterm><primary>Heimdal</primary></indexterm>
-<indexterm><primary>ADS</primary></indexterm>
-<indexterm><primary>KDC</primary></indexterm>
-<indexterm><primary>Windows 2003</primary></indexterm>
-With Heimdal versions earlier than 0.6.x you can use only newly created accounts
-in ADS or accounts that have had the password changed once after migration, or
-in case of <constant>Administrator</constant> after installation. At the
-moment, a Windows 2003 KDC can only be used with Heimdal releases later than 0.6
-(and no default etypes in krb5.conf). Unfortunately, this whole area is still
-in a state of flux.
 </para>
 
@@ -1053 +967 @@
 <indexterm><primary>Kerberos</primary></indexterm>
 Clock skew limits are configurable in the Kerberos protocols. The default setting is five minutes.
-</para>
-
-<para>
-<indexterm><primary>DNS</primary></indexterm>
-<indexterm><primary>KDC</primary></indexterm>
-<indexterm><primary>hostname</primary></indexterm>
-<indexterm><primary>realm</primary></indexterm>
-You also must ensure that you can do a reverse DNS lookup on the IP address of your KDC. Also, the name that
-this reverse lookup maps to must either be the NetBIOS name of the KDC (i.e., the hostname with no domain
-attached) or it can be the NetBIOS name followed by the realm.
-</para>
-
-<para>
-<indexterm><primary>/etc/hosts</primary></indexterm>
-<indexterm><primary>KDC</primary></indexterm>
-<indexterm><primary>realm</primary></indexterm>
-The easiest way to ensure you get this right is to add a <filename>/etc/hosts</filename> entry mapping the IP
-address of your KDC to its NetBIOS name. If you do not get this correct, then you will get a <errorname>local
-error</errorname> when you try to join the realm.
 </para>
 
@@ -1113 +1008 @@
 <indexterm><primary>net</primary><secondary>ads</secondary><tertiary>join</tertiary></indexterm>
 When making a Windows client a member of an ADS domain within a complex organization, you
-may want to create the machine trust account within a particular organizational unit. Samba-3 permits
+may want to create the machine trust account within a particular organizational unit. Samba permits
 this to be done using the following syntax:
 <screen>
@@ -1160 +1055 @@
         <replaceable>USERNAME</replaceable>@<replaceable>REALM</replaceable></userinput>.
         <replaceable>USERNAME</replaceable> must be a user who has rights to add a machine to the domain.
-        </para></listitem></varlistentry>
-
-        <varlistentry><term>Unsupported encryption/or checksum types</term>
-        <listitem><para>
-        <indexterm><primary>/etc/krb5.conf</primary></indexterm>
-        <indexterm><primary>unsupported encryption</primary></indexterm>
-        <indexterm><primary>Kerberos</primary></indexterm>
-        Make sure that the <filename>/etc/krb5.conf</filename> is correctly configured
-        for the type and version of Kerberos installed on the system.
         </para></listitem></varlistentry>
 </variablelist>
@@ -1218 +1104 @@
 server using &smbclient; and Kerberos. Use &smbclient; as usual, but
 specify the <option>-k</option> option to choose Kerberos authentication.
-</para>
-
-</sect2>
-
-<sect2>
-<title>Notes</title>
-
-<para>
-<indexterm><primary>administrator password</primary></indexterm>
-<indexterm><primary>change password</primary></indexterm>
-<indexterm><primary>encryption types</primary></indexterm>
-You must change the administrator password at least once after installing a domain controller, 
-to create the right encryption types.
-</para>
-
-<para>
-<indexterm><primary>_kerberos._udp</primary></indexterm>
-<indexterm><primary>_ldap._tcp</primary></indexterm>
-<indexterm><primary>default DNS setup</primary></indexterm>
-Windows 200x does not seem to create the <parameter>_kerberos._udp</parameter> and
-<parameter>_ldap._tcp</parameter> in the default DNS setup. Perhaps this will be fixed later in service packs.
 </para>
 
@@ -1401 +1266 @@
 
 </sect2>
-
-<sect2>
-        <title>I Can't Join a Windows 2003 PDC</title>
-
-        <para>
-<indexterm><primary>SMB signing</primary></indexterm>
-<indexterm><primary>SMB</primary></indexterm>
-<indexterm><primary>Windows 2003</primary></indexterm>
-<indexterm><primary>SMB/CIFS</primary></indexterm>
-        Windows 2003 requires SMB signing. Client-side SMB signing has been implemented in Samba-3.0.
-        Set <smbconfoption name="client use spnego">yes</smbconfoption> when communicating 
-        with a Windows 2003 server. This will not interfere with other Windows clients that do not
-        support the more advanced security features of Windows 2003 because the client will simply
-        negotiate a protocol that both it and the server suppport. This is a well-known fall-back facility
-        that is built into the SMB/CIFS protocols.
-        </para>
-
-</sect2>
-
 </sect1>
 </chapter>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml

@@ -183 +183 @@
 <smbconfoption name="workgroup">MIDEARTH</smbconfoption>
 <smbconfoption name="netbios name">HOBBIT</smbconfoption>
-<smbconfoption name="security">share</smbconfoption>
+<smbconfoption name="security">user</smbconfoption>
+<smbconfoption name="map to guest">bad user</smbconfoption>
 
 <smbconfsection name="[data]"/>
@@ -221 +222 @@
         workgroup = MIDEARTH
         netbios name = HOBBIT
-        security = share
+        security = user
+        map to guest = bad user
 
 [data]
@@ -287 +289 @@
 <smbconfoption name="workgroup">MIDEARTH</smbconfoption>
 <smbconfoption name="netbios name">HOBBIT</smbconfoption>
-<smbconfoption name="security">SHARE</smbconfoption>
+<smbconfoption name="security">USER</smbconfoption>
+<smbconfoption name="map to guest">bad user</smbconfoption>
 
 <smbconfsection name="[data]"/>
@@ -341 +344 @@
 <smbconfoption name="workgroup">MIDEARTH</smbconfoption>
 <smbconfoption name="netbios name">LUTHIEN</smbconfoption>
-<smbconfoption name="security">share</smbconfoption>
-<smbconfoption name="printcap name">cups</smbconfoption>
-<smbconfoption name="disable spoolss">Yes</smbconfoption>
-<smbconfoption name="show add printer wizard">No</smbconfoption>
+<smbconfoption name="security">user</smbconfoption>
 <smbconfoption name="printing">cups</smbconfoption>
 
@@ -445 +445 @@
                 encrypted passwords in a file called <filename>/etc/samba/smbpasswd</filename>.
                 The default &smb.conf; entry that makes this happen is
-                <smbconfoption name="passdb backend">smbpasswd, guest</smbconfoption>. Since this is the default,
-                it is not necessary to enter it into the configuration file. Note that the guest backend is
-                added to the list of active passdb backends no matter whether it specified directly in Samba configuration
-                file or not.
+                <smbconfoption name="passdb backend">smbpasswd</smbconfoption>. Since this is the default,
+                it is not necessary to enter it into the configuration file.
                 </para>
 
@@ -475 +473 @@
 <smbconfoption name="workgroup">MIDEARTH</smbconfoption>
 <smbconfoption name="netbios name">OLORIN</smbconfoption>
-<smbconfoption name="printcap name">cups</smbconfoption>
-<smbconfoption name="disable spoolss">Yes</smbconfoption>
 <smbconfoption name="show add printer wizard">No</smbconfoption>
 <smbconfoption name="printing">cups</smbconfoption>
@@ -496 +492 @@
 <smbconfoption name="comment">All Printers</smbconfoption>
 <smbconfoption name="path">/var/spool/samba</smbconfoption>
-<smbconfoption name="printer admin">root, maryo</smbconfoption>
 <smbconfoption name="create mask">0600</smbconfoption>
 <smbconfoption name="guest ok">Yes</smbconfoption>
@@ -730 +725 @@
 <smbconfoption name="comment">All Printers</smbconfoption>
 <smbconfoption name="path">/var/spool/samba</smbconfoption>
-<smbconfoption name="printer admin">root, maryo</smbconfoption>
 <smbconfoption name="create mask">0600</smbconfoption>
 <smbconfoption name="guest ok">Yes</smbconfoption>
@@ -882 +876 @@
         <para>
         A more scalable domain control authentication backend option might use
-        Microsoft Active Directory or an LDAP-based backend. Samba-3 provides
-        for both options as a domain member server. As a PDC, Samba-3 is not able to provide
+        Microsoft Active Directory or an LDAP-based backend. Samba provides
+        for both options as a domain member server. As a PDC, Samba is not able to provide
         an exact alternative to the functionality that is available with Active Directory.
-        Samba-3 can provide a scalable LDAP-based PDC/BDC solution.
+        Samba can provide a scalable LDAP-based PDC/BDC solution.
         </para>
 
@@ -891 +885 @@
         The tdbsam authentication backend provides no facility to replicate
         the contents of the database, except by external means (i.e., there is no self-contained protocol
-        in Samba-3 for Security Account Manager database [SAM] replication).
+        in Samba for Security Account Manager database [SAM] replication).
         </para>
 
@@ -904 +898 @@
                 The engineering office network server we present here is designed to demonstrate use
                 of the new tdbsam password backend. The tdbsam
-                facility is new to Samba-3. It is designed to provide many user and machine account controls
+                facility is new to Samba. It is designed to provide many user and machine account controls
                 that are possible with Microsoft Windows NT4. It is safe to use this in smaller networks.
                 </para>
@@ -962 +956 @@
 <smbconfoption name="comment">All Printers</smbconfoption>
 <smbconfoption name="path">/var/spool/samba</smbconfoption>
-<smbconfoption name="printer admin">root, maryo</smbconfoption>
 <smbconfoption name="create mask">0600</smbconfoption>
 <smbconfoption name="guest ok">Yes</smbconfoption>
@@ -972 +965 @@
 <smbconfoption name="path">/var/lib/samba/drivers</smbconfoption>
 <smbconfoption name="write list">maryo, root</smbconfoption>
-<smbconfoption name="printer admin">maryo, root</smbconfoption>
 
 <smbconfcomment>Needed to support domain logons</smbconfcomment>
@@ -1056 +1048 @@
 
                 <para>
-                In this section we finally get to review in brief a Samba-3 configuration that
+                In this section we finally get to review in brief a Samba configuration that
                 uses a Lightweight Directory Access (LDAP)-based authentication backend. The
                 main reasons for this choice are to provide the ability to host primary
@@ -1067 +1059 @@
 
                         <para>
-                        This is an example of a minimal configuration to run a Samba-3 PDC
+                        This is an example of a minimal configuration to run a Samba PDC
                         using an LDAP authentication backend. It is assumed that the operating system
                         has been correctly configured.

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Group-Mapping.xml

@@ -407 +407 @@
 
         <orderedlist>
-                <listitem><para>For Samba-3 domain controllers and domain member servers/clients.</para></listitem>
+                <listitem><para>For Samba domain controllers and domain member servers/clients.</para></listitem>
                 <listitem><para>To manage domain member Windows workstations.</para></listitem>
         </orderedlist>
@@ -490 +490 @@
         alias entities. Each has a well-known RID. These must be preserved for continued
         integrity of operation. Samba must be provisioned with certain essential domain groups that require
-        the appropriate RID value. When Samba-3 is configured to use <constant>tdbsam</constant>, the essential
+        the appropriate RID value. When Samba is configured to use <constant>tdbsam</constant>, the essential
         domain groups are automatically created. It is the LDAP administrator's responsibility to create
         (provision) the default NT groups.

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-IDMAP.xml

@@ -18 +18 @@
 The Microsoft Windows operating system has a number of features that impose specific challenges
 to interoperability with the operating systems on which Samba is implemented. This chapter deals
-explicitly with the mechanisms Samba-3 (version 3.0.8 and later) uses to overcome one of the
+explicitly with the mechanisms Samba (version 3.0.8 and later) uses to overcome one of the
 key challenges in the integration of Samba servers into an MS Windows networking environment.
 This chapter deals with identity mapping (IDMAP) of Windows security identifiers (SIDs)
@@ -121 +121 @@
         <indexterm><primary>SID</primary></indexterm>
         <indexterm><primary>Active Directory</primary></indexterm>
-        Samba-3 can act as a Windows NT4 PDC or BDC, thereby providing domain control protocols that
-        are compatible with Windows NT4. Samba-3 file and print sharing protocols are compatible with
+        Samba can act as a Windows NT4 PDC or BDC, thereby providing domain control protocols that
+        are compatible with Windows NT4. Samba file and print sharing protocols are compatible with
         all versions of MS Windows products. Windows NT4, as with MS Active Directory,
         extensively makes use of Windows SIDs.
@@ -131 +131 @@
         <indexterm><primary>UID</primary></indexterm>
         <indexterm><primary>GID</primary></indexterm>
-        Samba-3 domain member servers and clients must interact correctly with MS Windows SIDs. Incoming
+        Samba domain member servers and clients must interact correctly with MS Windows SIDs. Incoming
         Windows SIDs must be translated to local UNIX UIDs and GIDs. Outgoing information from the Samba
         server must provide to MS Windows clients and servers appropriate SIDs.
@@ -236 +236 @@
                                 is an appliance like file server on which no local accounts are configured and
                                 winbind is used to obtain account credentials from the domain controllers for the
-                                domain. The domain control can be provided by Samba-3, MS Windows NT4, or MS Windows
+                                domain. The domain control can be provided by Samba, MS Windows NT4, or MS Windows
                                 Active Directory.
                                 </para>
@@ -453 +453 @@
         <para>
         IDMAP information can be written directly to the LDAP server so long as all domain controllers
-        have access to the master (writable) LDAP server. Samba-3 at this time does not handle LDAP redirects
+        have access to the master (writable) LDAP server. Samba at this time does not handle LDAP redirects
         in the IDMAP backend. This means that it is is unsafe to use a slave (replicate) LDAP server with
         the IDMAP facility.
@@ -596 +596 @@
 <smbconfoption name="winbind use default domain">Yes</smbconfoption>
 <smbconfoption name="winbind nested groups">Yes</smbconfoption>
-<smbconfoption name="printer admin">"BUTTERNET\Domain Admins"</smbconfoption>
 </smbconfblock>
 </example>
@@ -729 +728 @@
 <smbconfoption name="winbind enum groups">No</smbconfoption>
 <smbconfoption name="winbind nested groups">Yes</smbconfoption>
-<smbconfoption name="printer admin">"Domain Admins"</smbconfoption>
 </smbconfblock>
 </example>
@@ -822 +820 @@
         <indexterm><primary>ADAM</primary></indexterm>
         <indexterm><primary>ADS</primary></indexterm>
-        The storage of IDMAP information in LDAP can be used with both NT4/Samba-3-style domains and
+        The storage of IDMAP information in LDAP can be used with both NT4/Samba-style domains and
         ADS domains. OpenLDAP is a commonly used LDAP server for this purpose, although any
         standards-complying LDAP server can be used. It is therefore possible to deploy this IDMAP
@@ -858 +856 @@
         <para>
         <indexterm><primary>realm</primary></indexterm>
-        In the case of an NT4 or Samba-3-style domain the <parameter>realm</parameter> is not used, and the
+        In the case of an NT4 or Samba-style domain the <parameter>realm</parameter> is not used, and the
         command used to join the domain is <command>net rpc join</command>. The above example also demonstrates
         advanced error-reporting techniques that are documented in <link linkend="dbglvl">Reporting Bugs</link>.

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml

@@ -124 +124 @@
 
         <para>
-        This section contains brief descriptions of the databases that are used by Samba-3.
+        This section contains brief descriptions of the databases that are used by Samba.
         </para>
 
         <para>
 <indexterm><primary>tdb file locations</primary></indexterm>
-        The directory in which Samba stores the tdb files is determined by compile-time directives. Samba-3 stores
+        The directory in which Samba stores the tdb files is determined by compile-time directives. Samba stores
         tdb files in two locations. The best way to determine these locations is to execute the following
         command:
@@ -137 +137 @@
 </screen>
         This means that the confidential tdb files are stored in the <filename>/etc/samba/private</filename>
-        directory. Samba-3 also uses a number of tdb files that contain more mundane data. The location of
+        directory. Samba also uses a number of tdb files that contain more mundane data. The location of
         these files can be found by executing:
 <screen>
@@ -658 +658 @@
 
         <para>
-        &winbindd; will run as one or two daemons, depending on whether or not it is being
-        run in <emphasis>split mode</emphasis> (in which case there will be two instances).
-        </para>
-
-        </sect2>
-
-        <sect2>
-                <title>Error Message: open_oplock_ipc</title>
-
-        <para>
-        An error message is observed in the log files when &smbd; is started: <quote>open_oplock_ipc: Failed to
-        get local UDP socket for address 100007f. Error was Cannot assign requested.</quote>
-        </para>
-
-        <para>
-        Your loopback device isn't working correctly. Make sure it is configured correctly. The loopback
-        device is an internal (virtual) network device with the IP address <emphasis>127.0.0.1</emphasis>.
-        Read your OS documentation for details on how to configure the loopback on your system.
+        &winbindd; will run as many processes depending in part on how many
+        domains it needs to contact.
         </para>
 

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-InterdomainTrusts.xml

@@ -28 +28 @@
 <indexterm><primary>ADS</primary></indexterm>
 <indexterm><primary>LDAP-based</primary></indexterm>
-Samba-3 supports NT4-style domain trust relationships. This is a feature that many sites
-will want to use if they migrate to Samba-3 from an NT4-style domain and do not want to
+Samba supports NT4-style domain trust relationships. This is a feature that many sites
+will want to use if they migrate to Samba from an NT4-style domain and do not want to
 adopt Active Directory or an LDAP-based authentication backend. This chapter explains
 some background information regarding trust relationships and how to create them. It is now
-possible for Samba-3 to trust NT4 (and vice versa), as well as to create Samba-to-Samba 
+possible for Samba to trust NT4 (and vice versa), as well as to create Samba-to-Samba
 trusts.
 </para>
@@ -75 +75 @@
 <indexterm><primary>scalability</primary></indexterm>
 <indexterm><primary>trust relationships</primary></indexterm>
-Samba-3 can participate in Samba-to-Samba as well as in Samba-to-MS Windows NT4-style
+Samba can participate in Samba-to-Samba as well as in Samba-to-MS Windows NT4-style
 trust relationships. This imparts to Samba scalability similar to that with MS Windows NT4.
 </para>
@@ -85 +85 @@
 <indexterm><primary>interdomain trusts</primary></indexterm>
 <indexterm><primary>ADS</primary></indexterm>
-Given that Samba-3 can function with a scalable backend authentication database such as LDAP, and given its
+Given that Samba can function with a scalable backend authentication database such as LDAP, and given its
 ability to run in primary as well as backup domain control modes, the administrator would be well-advised to
 consider alternatives to the use of interdomain trusts simply because, by the very nature of how trusts
@@ -166 +166 @@
 Also, all inter-ADS domain trusts are transitive. In the case of the red, white, and blue domains, with
 Windows 2000 and ADS, the red and blue domains can trust each other. This is an inherent feature of ADS
-domains. Samba-3 implements MS Windows NT4-style interdomain trusts and interoperates with MS Windows 200x ADS
+domains. Samba implements MS Windows NT4-style interdomain trusts and interoperates with MS Windows 200x ADS
 security domains in similar manner to MS Windows NT4-style domains.
 </para>
@@ -340 +340 @@
 <indexterm><primary>between domains</primary></indexterm>
 Each of the procedures described next assumes the peer domain in the trust relationship is controlled by a
-Windows NT4 server. However, the remote end could just as well be another Samba-3  domain. It can be clearly
+Windows NT4 server. However, the remote end could just as well be another Samba  domain. It can be clearly
 seen, after reading this document, that combining Samba-specific parts of what's written in the following
 sections leads to trust between domains in a purely Samba environment.
@@ -591 +591 @@
 
 <para>
-It works with Samba-3  and NT4 domains, and also with Samba-3 and Windows 200x ADS in mixed mode.
+It works with Samba  and NT4 domains, and also with Samba-3 and Windows 200x ADS in mixed mode.
 Both domain controllers, Samba and NT must have the same WINS server; otherwise,
 the trust will never work. 

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-IntroSMB.xml

@@ -73 +73 @@
         The real people behind Samba are users like you. You have inspired the
         developers (the Samba Team) to do more than any of them imagined could or should
-        be done. User feedback drives Samba development. Samba-3 in particular incorporates
+        be done. User feedback drives Samba development. Samba in particular incorporates
         a huge amount of work done as a result of user requests, suggestions and direct
         code contributions.
@@ -133 +133 @@
         Existing Samba books are largely addressed to the UNIX administrator.
         From the perspective of this target group the existing books serve
-        an adequate purpose, with one exception &smbmdash; now that Samba-3 is out
+        an adequate purpose, with one exception &smbmdash; now that Samba is out
         they need to be updated!
         </para>
@@ -163 +163 @@
                 <varlistentry><term>General Installation</term>
                         <listitem><para>
-                        Designed to help you get Samba-3 running quickly.
+                        Designed to help you get Samba running quickly.
                         The Fast Start chapter is a direct response to requests from
                         Microsoft network administrators for some sample configurations
@@ -182 +182 @@
                         <listitem><para>
                         The mechanics of network browsing have long been the Achilles heel of
-                        all Microsoft Windows users. Samba-3 introduces new user and machine
+                        all Microsoft Windows users. Samba introduces new user and machine
                         account management facilities, a new way to map UNIX groups and Windows
                         groups, Interdomain trusts, new loadable file system drivers (VFS), and
@@ -216 +216 @@
                 
 <para>
-Welcome to Samba-3 and the first published document to help you and your users to enjoy a whole
+Welcome to Samba and the first published document to help you and your users to enjoy a whole
 new world of interoperability between Microsoft Windows and the rest of the world.
 </para>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-NT4Migration.xml

@@ -7 +7 @@
 </chapterinfo>
 
-<title>Migration from NT4 PDC to Samba-3 PDC</title>
+<title>Migration from NT4 PDC to Samba PDC</title>
 
 <para>
@@ -13 +13 @@
 <indexterm><primary>domain control</primary></indexterm>
 This is a rough guide to assist those wishing to migrate from NT4 domain control to
-Samba-3-based domain control.
+Samba-based domain control.
 </para>
 
@@ -28 +28 @@
 <para>
 <indexterm><primary>migration plan</primary></indexterm>
-Those wishing to migrate from MS Windows NT4 domain control to a Samba-3 domain control
+Those wishing to migrate from MS Windows NT4 domain control to a Samba domain control
 environment would do well to develop a detailed migration plan. So here are a few pointers to
 help migration get underway.
@@ -39 +39 @@
 <indexterm><primary>migration process</primary></indexterm>
 The key objective for most organizations is to make the migration from MS Windows NT4 
-to Samba-3 domain control as painless as possible. One of the challenges you may experience
+to Samba domain control as painless as possible. One of the challenges you may experience
 in your migration process may well be convincing management that the new environment
 should remain in place. Many who have introduced open source technologies have experienced
@@ -47 +47 @@
 <para>
 <indexterm><primary>change motivations</primary></indexterm>
-Before attempting a migration to a Samba-3-controlled network, make every possible effort to
+Before attempting a migration to a Samba-controlled network, make every possible effort to
 gain all-round commitment to the change. Know precisely <emphasis>why</emphasis> the change
 is important for the organization. Possible motivations to make a change include:
@@ -74 +74 @@
 <indexterm><primary>ADS</primary></indexterm>
 <indexterm><primary>without ADS</primary></indexterm>
-Make sure everyone knows that Samba-3 is not MS Windows NT4. Samba-3 offers
+Make sure everyone knows that Samba is not MS Windows NT4. Samba-3 offers
 an alternative solution that is both different from MS Windows NT4 and offers 
-advantages compared with it. Gain recognition that Samba-3 lacks many of the
+advantages compared with it. Gain recognition that Samba lacks many of the
 features that Microsoft has promoted as core values in migration from MS Windows NT4 to 
 MS Windows 2000 and beyond (with or without Active Directory services).
@@ -82 +82 @@
 
 <para>
-What are the features that Samba-3 cannot provide?
+What are the features that Samba cannot provide?
 </para>
 
@@ -100 +100 @@
 
 <para>
-The features that Samba-3 does provide and that may be of compelling interest to your site
+The features that Samba does provide and that may be of compelling interest to your site
 include:
 </para>
@@ -135 +135 @@
 <para>
 <indexterm><primary>successful migration</primary></indexterm>
-Before migrating a network from MS Windows NT4 to Samba-3, consider all necessary factors. Users
+Before migrating a network from MS Windows NT4 to Samba, consider all necessary factors. Users
 should be educated about changes they may experience so the change will be a welcome one
 and not become an obstacle to the work they need to do. The following sections explain factors that will 
@@ -161 +161 @@
 <indexterm><primary>slave servers</primary></indexterm>
 <indexterm><primary>multiple domains</primary></indexterm>
-Samba-3 can be configured as a domain controller, a backup domain controller (probably best called
+Samba can be configured as a domain controller, a backup domain controller (probably best called
 a secondary controller), a domain member, or a standalone server. The Windows network security
 domain context should be sized and scoped before implementation. Particular attention needs to be
 paid to the location of the Primary Domain Controller (PDC) as well as backup controllers (BDCs).
-One way in which Samba-3 differs from Microsoft technology is that if one chooses to use an LDAP
+One way in which Samba differs from Microsoft technology is that if one chooses to use an LDAP
 authentication backend, then the same database can be used by several different domains. In a
 complex organization, there can be a single LDAP database, which itself can be distributed (have
@@ -282 +282 @@
 <indexterm><primary>SID</primary></indexterm>
 <indexterm><primary>NTuser.DAT</primary></indexterm>
-Profiles may also be managed using the Samba-3 tool <command>profiles</command>. This tool allows the MS
+Profiles may also be managed using the Samba tool <command>profiles</command>. This tool allows the MS
 Windows NT-style security identifiers (SIDs) that are stored inside the profile
-<filename>NTuser.DAT</filename> file to be changed to the SID of the Samba-3 domain.
+<filename>NTuser.DAT</filename> file to be changed to the SID of the Samba domain.
 </para>
 </sect3>
@@ -296 +296 @@
 <indexterm><primary>migrate group</primary></indexterm>
 <indexterm><primary>map</primary></indexterm>
-It is possible to migrate all account settings from an MS Windows NT4 domain to Samba-3. Before
-attempting to migrate user and group accounts, you are STRONGLY advised to create in Samba-3 the
+It is possible to migrate all account settings from an MS Windows NT4 domain to Samba. Before
+attempting to migrate user and group accounts, you are STRONGLY advised to create in Samba the
 groups that are present on the MS Windows NT4 domain <emphasis>AND</emphasis> to map them to
 suitable UNIX/Linux groups. By following this simple advice, all user and group attributes
@@ -322 +322 @@
 <indexterm><primary>netlogon share</primary></indexterm>
 <indexterm><primary>BDC</primary></indexterm>
-        Samba-3 is set up as a domain controller with netlogon share, profile share, and so on. Configure the &smb.conf; file
+        Samba is set up as a domain controller with netlogon share, profile share, and so on. Configure the &smb.conf; file
         to function as a BDC: <parameter>domain master = No</parameter>.
         </para></listitem>
@@ -415 +415 @@
 <para>
 There are three basic choices for sites that intend to migrate from MS Windows NT4
-to Samba-3:
+to Samba:
 </para>
 
@@ -473 +473 @@
         </row>
         <row>
-        <entry><para>Move all accounts from NT4 into Samba-3</para></entry>
+        <entry><para>Move all accounts from NT4 into Samba</para></entry>
         <entry><para>Copy and improve</para></entry>
         <entry><para>Authentication regime (database location and access)</para></entry>
@@ -493 +493 @@
         </row>
         <row>
-        <entry><para>Integrate Samba-3, then migrate while users are active, then change of control (swap out)</para></entry>
+        <entry><para>Integrate Samba, then migrate while users are active, then change of control (swap out)</para></entry>
         <entry><para>Take advantage of lower maintenance opportunity</para></entry>
         <entry><para></para></entry>
@@ -503 +503 @@
 
 <sect2>
-<title>Samba-3 Implementation Choices</title>
+<title>Samba Implementation Choices</title>
 
 <variablelist>
                 <varlistentry><term>Authentication Database/Backend</term><listitem>
                 <para>
-                Samba-3 can use an external authentication backend:
+                Samba can use an external authentication backend:
                 </para>
 
@@ -516 +516 @@
                         <listitem><para>External server could use Active Directory or NT4 domain.</para></listitem>
                         <listitem><para>Can use pam_mkhomedir.so to autocreate home directories.</para></listitem>
-                        <listitem><para> Samba-3 can use a local authentication backend: <parameter>smbpasswd</parameter>,
+                        <listitem><para> Samba can use a local authentication backend: <parameter>smbpasswd</parameter>,
                                 <parameter>tdbsam</parameter>, <parameter>ldapsam</parameter>
                         </para></listitem>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-NetworkBrowsing.xml

@@ -44 +44 @@
 <indexterm><primary>ADS</primary></indexterm>
 MS Windows 2000 and later versions can be configured to operate with no NetBIOS
-over TCP/IP. Samba-3 and later versions also support this mode of operation.
+over TCP/IP. Samba and later versions also support this mode of operation.
 When the use of NetBIOS over TCP/IP has been disabled, the primary
 means for resolution of MS Windows machine names is via DNS and Active Directory.
@@ -1563 +1563 @@
 <indexterm><primary>DNS/LDAP/ADS</primary></indexterm>
 <indexterm><primary>name resolution</primary></indexterm>
-MS Windows 2000 and later versions, as with Samba-3 and later versions, can be
+MS Windows 2000 and later versions, as with Samba and later versions, can be
 configured to not use NetBIOS over TCP/IP. When configured this way,
 it is imperative that name resolution (using DNS/LDAP/ADS) be correctly
@@ -1746 +1746 @@
 <indexterm><primary>ADS</primary></indexterm>
 <indexterm><primary>DNS</primary></indexterm>
-It is possible to operate Samba-3 without NetBIOS over TCP/IP. If you do this, be warned that if used outside
+It is possible to operate Samba without NetBIOS over TCP/IP. If you do this, be warned that if used outside
 of MS ADS, this will forgo network browsing support. ADS permits network browsing support through DNS,
 providing appropriate DNS records are inserted for all Samba servers.

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml

@@ -145 +145 @@
 
 <para>
-The following functionalities are new to the Samba-3 release:
+The following functionalities are an overview of some of the features
+in the Samba-4 release:
 </para>
 
@@ -151 +152 @@
         <listitem><para>
         <indexterm><primary>account</primary><secondary>backend</secondary></indexterm>
-        Samba-3 supports the use of a choice of backends that may be used in which user, group and machine
-        accounts may be stored. Multiple passwd backends can be used in combination, either as additive backend
-        data sets, or as fail-over data sets.
+        Samba-4 supports the use of a choice of backends that may be used in which user, group and machine
+        accounts may be stored, but only when acting as a classic
+        (NT4) domain controller,
+        but not when it is acting as an Active Directory Domain Controller.
         </para>
 
@@ -163 +165 @@
         <indexterm><primary>reliability</primary></indexterm>
         An LDAP passdb backend confers the benefit that the account backend can be distributed and replicated,
-        which is of great value because it confers scalability and provides a high degree of reliability. 
+        which is of great value because it confers scalability and
+        provides a high degree of reliability.  This may be used when
+        Samba-4 is acting as an classic (NT4-like) domain controller,
+        but not when it is acting as an Active Directory Domain Controller.
         </para></listitem>
 
@@ -170 +175 @@
         <indexterm><primary>trust account</primary><secondary>interdomain</secondary></indexterm>
         <indexterm><primary>interoperability</primary></indexterm>
-        Windows NT4 domain trusts. Samba-3 supports workstation and server (machine) trust accounts. It also
+        Windows NT4 domain trusts. Samba-4 supports workstation and server (machine) trust accounts. It also
         supports Windows NT4 style interdomain trust accounts, which further assists in network scalability
-        and interoperability.
+        and interoperability, but only when itself is an classic
+        (NT4-like) domain controller.
         </para></listitem>
         
@@ -183 +189 @@
         <indexterm><primary>network</primary><secondary>browsing</secondary></indexterm>
         Operation without NetBIOS over TCP/IP, rather using the raw SMB over TCP/IP. Note, this is feasible
-        only when operating as a Microsoft active directory domain member server. When acting as a Samba domain
+        only when operating as a Microsoft active directory domain
+        member server. When acting as a Samba classic (NT4-like) domain
         controller the use of NetBIOS is necessary to provide network browsing support.
         </para></listitem>
@@ -191 +198 @@
         <indexterm><primary>TCP port</primary></indexterm>
         <indexterm><primary>session services</primary></indexterm>
-        Samba-3 provides NetBIOS name services (WINS), NetBIOS over TCP/IP (TCP port 139) session services, SMB over
+        Samba-4 provides NetBIOS name services (WINS), NetBIOS over TCP/IP (TCP port 139) session services, SMB over
         TCP/IP (TCP port 445) session services, and Microsoft compatible ONC DCE RPC services (TCP port 135)
         services.
         </para></listitem>
 
+
         <listitem><para>
-        <indexterm><primary>Nexus.exe</primary></indexterm>
-        Management of users and groups via the User Manager for Domains. This can be done on any MS Windows client
-        using the <filename>Nexus.exe</filename> toolkit for Windows 9x/Me, or using the SRVTOOLS.EXE package for MS
-        Windows NT4/200x/XP platforms. These packages are available from Microsoft's Web site.
+        <indexterm><primary>kerberos</primary></indexterm>
+        <indexterm><primary>active directory</primary></indexterm>
+        Acting as a Windows 2000 active directory domain controller
+        (i.e., Kerberos and Active Directory).
         </para></listitem>
 
         <listitem><para>
-        Implements full Unicode support. This simplifies cross-locale internationalization support. It also opens up
-        the use of protocols that Samba-2.2.x had but could not use due to the need to fully support Unicode.
+        <indexterm><primary>MMC</primary></indexterm>
+        <indexterm><primary>SVRTOOLS.EXE</primary></indexterm>
+        <indexterm><primary>Microsoft management console</primary><see>MMC</see></indexterm>
+        The Windows 200x/XP Microsoft Management Console (MMC) can be
+        used to manage a Samba-4 server, when it is an Active
+        Directory Domain Controller.  When acting as a classic (NT4)
+        domain controller, you
+        can use only the MS Windows NT4 Domain Server Manager and the MS Windows NT4 Domain User Manager. Both are
+        part of the SVRTOOLS.EXE package mentioned later.
         </para></listitem>
 </itemizedlist>
 
 <para>
-The following functionalities are not provided by Samba-3:
+The following functionalities are not provided by Samba-4:
 </para>
 
@@ -218 +233 @@
         <indexterm><primary>replication</primary></indexterm>
         SAM replication with Windows NT4 domain controllers (i.e., a Samba PDC and a Windows NT BDC, or vice versa).
-        This means Samba cannot operate as a BDC when the PDC is Microsoft-based Windows NT PDC. Samba-3 can not
+        This means Samba cannot operate as a BDC when the PDC is Microsoft-based Windows NT PDC. Samba-4 can not
         participate in replication of account data to Windows PDCs and BDCs.
         </para></listitem>
         
-        <listitem><para>
-        <indexterm><primary>kerberos</primary></indexterm>
-        <indexterm><primary>active directory</primary></indexterm>
-        Acting as a Windows 2000 active directory domain controller (i.e., Kerberos and Active Directory). In point of
-        fact, Samba-3 does have some Active Directory domain control ability that is at this time purely experimental.
-        Active directory domain control is one of the features that is being developed in Samba-4, the next
-        generation Samba release. At this time there are no plans to enable active directory domain control
-        support during the Samba-3 series life-cycle.
-        </para></listitem>
-
-        <listitem><para>
-        <indexterm><primary>MMC</primary></indexterm>
-        <indexterm><primary>SVRTOOLS.EXE</primary></indexterm>
-        <indexterm><primary>Microsoft management console</primary><see>MMC</see></indexterm>
-        The Windows 200x/XP Microsoft Management Console (MMC) cannot be used to manage a Samba-3 server. For this you
-        can use only the MS Windows NT4 Domain Server Manager and the MS Windows NT4 Domain User Manager. Both are
-        part of the SVRTOOLS.EXE package mentioned later.
-        </para></listitem>
 </itemizedlist>
 
 <para>
-<indexterm><primary>Windows XP Home edition</primary></indexterm>
-<indexterm><primary>LanMan</primary></indexterm>
-Windows 9x/Me/XP Home clients are not true members of a domain for reasons outlined in this chapter. The
-protocol for support of Windows 9x/Me-style network (domain) logons is completely different from NT4/Windows
-200x-type domain logons and has been officially supported for some time. These clients use the old LanMan
-network logon facilities that are supported in Samba since approximately the Samba-1.9.15 series.
-</para>
-
-<para>
 <indexterm><primary>group</primary><secondary>mapping</secondary></indexterm>
-Samba-3 implements group mapping between Windows NT groups and UNIX groups (this is really quite complicated
+Samba implements group mapping between Windows NT groups and UNIX groups (this is really quite complicated
 to explain in a short space). This is discussed more fully in <link linkend="groupmapping">Group Mapping: MS
 Windows and UNIX</link>.
@@ -262 +250 @@
 <indexterm><primary>trust account</primary><secondary>machine</secondary></indexterm>
 <indexterm><primary>machine account</primary></indexterm>
-Samba-3, like an MS Windows NT4 PDC or a Windows 200x Active Directory, needs to store user and Machine Trust
+Samba-4, like an MS Windows NT4 PDC or a Windows 200x Active Directory, needs to store user and Machine Trust
 Account information in a suitable backend data-store.  Refer to <link linkend="machine-trust-accounts">MS
-Windows Workstation/Server Machine Trust Accounts</link>. With Samba-3 there can be multiple backends for
-this. A complete discussion of account database backends can be found in <link linkend="passdb">Account
+Windows Workstation/Server Machine Trust Accounts</link>. A complete discussion of account database backends can be found in <link linkend="passdb">Account
 Information Databases</link>.
 </para>
@@ -323 +310 @@
 system. It is often assumed that such a centralized system will use a single authentication infrastructure
 that can be used by all information systems. The Microsoft Windows NT4 security domain architecture and the
-Micrsoft active directory service are often put forward as the ideal foundation for such a system. It is
+Microsoft active directory service are often put forward as the ideal foundation for such a system. It is
 conceptually simple to install an external authentication agent on each of the disparate infromation systems
 that can then use the Microsoft (NT4 domain or ads service) for user authentication and access control. The
@@ -426 +413 @@
 Primary domain control, if it is to be scalable to meet the needs of large sites, must therefore be capable of
 using LDAP. The rapid adoption of OpenLDAP, and Samba configurations that use it, is ample proof that the era
-of the directory has started. Samba-3 does not demand the use of LDAP, but the demand for a mechanism by which
+of the directory has started. Samba does not demand the use of LDAP, but the demand for a mechanism by which
 user and group identity information can be distributed makes it an an unavoidable option.
 </para>
@@ -434 +421 @@
 <indexterm><primary>LDAP</primary></indexterm>
 <indexterm><primary>e-Directory</primary></indexterm>
-At this time, the use of Samba based BDCs, necessitates the use of LDAP. The most commonly used LDAP
+At this time, the use of Samba based BDCs, necessitates the use of
+either the Samba-4 Active Directory Domain controller or, for classic
+(NT4-like)domains an LDAP backend. The most commonly used LDAP
 implementation used by Samba sites is OpenLDAP. It is possible to use any standards compliant LDAP server.
 Those known to work includes those manufactured by: IBM, CA, Novell (e-Directory), and others.
@@ -477 +466 @@
 <indexterm><primary>authenticatior</primary></indexterm>
 <indexterm><primary>synchronization</primary></indexterm>
+<indexterm><primary>FSMO</primary></indexterm>
+<indexterm><primary>Flexible Single Master Operator</primary><see>FSMO</see></indexterm>
 <indexterm><primary>Security Account Manager</primary><see>SAM</see></indexterm>
 In the case of MS Windows NT4-style domains, it is the PDC that initiates a new domain control database.
 This forms a part of the Windows registry called the Security Account Manager (SAM). It plays a key
 part in NT4-type domain user authentication and in synchronization of the domain authentication
-database with BDCs. 
-</para>
-
-<para>
-<indexterm><primary>domain</primary><secondary>controller</secondary><tertiary>hierarchy</tertiary></indexterm>
-<indexterm><primary>LDAP</primary></indexterm>
-<indexterm><primary>account</primary><secondary>backend</secondary></indexterm>
-<indexterm><primary>machine account</primary></indexterm>
-With MS Windows 200x Server-based Active Directory domains, one domain controller initiates a potential
-hierarchy of domain controllers, each with its own area of delegated control. The master domain
-controller has the ability to override any downstream controller, but a downline controller has
-control only over its downline. With Samba-3, this functionality can be implemented using an
-LDAP-based user and machine account backend.
+database with BDCs.  With Active Directory domains, while some servers
+may be a Flexible Single Master Operator (FSMO) role owner (and
+therefore hold the monopoly for certain operations), it is in general
+a distributed, multi-master replicated directory.
 </para>
 
@@ -499 +481 @@
 <indexterm><primary>backend database</primary></indexterm>
 <indexterm><primary>registry</primary></indexterm>
-New to Samba-3 is the ability to use a backend database that holds the same type of data as the NT4-style SAM
-database (one of the registry files)<footnote><para>See also <link linkend="passdb">Account Information
+Samba-4 can use a backend database that holds the same type of data as the NT4-style SAM
+database (one of the registry files).  For BDC/BDC operations in a
+classic domain, this functionality can be implemented using an
+LDAP-based user and machine account backend.  The Samba-4 Active
+Directory Domain controller implements the required storage internally.<footnote><para>See also <link linkend="passdb">Account Information
 Databases</link>.</para></footnote>
 </para>
@@ -527 +512 @@
 <indexterm><primary>demote</primary></indexterm>
 A Windows NT4 BDC can be promoted to a PDC. If the PDC is online at the time that a BDC is promoted to PDC,
-the previous PDC is automatically demoted to a BDC. With Samba-3, this is not an automatic operation; the PDC
+the previous PDC is automatically demoted to a BDC. With Samba, this is not an automatic operation; the PDC
 and BDC must be manually configured, and other appropriate changes also need to be made.
 </para>
@@ -548 +533 @@
 </itemizedlist>
 
-<note><para>
-<indexterm><primary>promote</primary></indexterm>
-Algin Technology LLC provide a commercial tool that makes it possible to promote a Windows NT4 standalone
-server to a PDC or a BDC, and also permits this process to be reversed. Refer to the <ulink
-url="http://utools.com/UPromote.asp">Algin</ulink> web site for further information.
-</para></note>
-
 <para>
 <indexterm><primary>domain</primary><secondary>control</secondary><tertiary>role</tertiary></indexterm>
 <indexterm><primary>native member</primary></indexterm>
-Samba-3 servers can readily be converted to and from domain controller roles through simple changes to the
-&smb.conf; file. Samba-3 is capable of acting fully as a native member of a Windows 200x server Active
+Samba servers can readily be converted to and from domain controller roles through simple changes to the
+&smb.conf; file. Samba is capable of acting fully as a native member of a Windows 200x server Active
 Directory domain.
 </para>
@@ -573 +551 @@
 <indexterm><primary>replication</primary><secondary>SAM</secondary></indexterm>
 <indexterm><primary>SAM</primary><secondary>replication</secondary></indexterm>
-New to Samba-3 is the ability to function fully as an MS Windows NT4-style domain controller,
-excluding the SAM replication components. However, please be aware that Samba-3 also supports the
+New to Samba is the ability to function fully as an MS Windows NT4-style domain controller,
+excluding the SAM replication components. However, please be aware that Samba also supports the
 MS Windows 200x domain control protocols.
 </para>
-
-<para>
-<indexterm><primary>ADS</primary></indexterm>
-At this time any appearance that Samba-3 is capable of acting as a <emphasis>domain controller</emphasis> in
-native ADS mode is limited and experimental in nature.  This functionality should not be used until the Samba
-Team offers formal support for it.  At such a time, the documentation will be revised to duly reflect all
-configuration and management requirements. Samba can act as a NT4-style domain controller in a Windows 2000/XP
-environment. However, there are certain compromises:
-</para>
-
-<itemizedlist>
-        <listitem><para>No machine policy files.</para></listitem>
-        <listitem><para>No Group Policy Objects.</para></listitem>
-        <listitem><para>No synchronously executed Active Directory logon scripts.</para></listitem>
-        <listitem><para>Can't use Active Directory management tools to manage users and machines.</para></listitem>
-        <listitem><para>Registry changes tattoo the main registry, while with Active Directory they do not leave
-                permanent changes in effect.</para></listitem>
-        <listitem><para>Without Active Directory you cannot perform the function of exporting specific
-                applications to specific users or groups.</para></listitem>
-</itemizedlist>
 
 </sect2>
@@ -647 +605 @@
 
 <para>
-The following are necessary for configuring Samba-3 as an MS Windows NT4-style PDC for MS Windows
+The following are necessary for configuring Samba as an MS Windows NT4-style PDC for MS Windows
 NT4/200x/XP clients:
 </para>
@@ -663 +621 @@
 </itemizedlist>
 
-<para>
-The following provisions are required to serve MS Windows 9x/Me clients:
-</para>
-
-<itemizedlist>
-        <listitem><para>Configuration of basic TCP/IP and MS Windows networking.</para></listitem>
-        <listitem><para>Correct designation of the server role (<smbconfoption name="security">user</smbconfoption>).</para></listitem>
-        <listitem><para>Network logon configuration (since Windows 9x/Me/XP Home are not technically domain
-        members, they do not really participate in  the security aspects of Domain logons as such).</para></listitem>
-        <listitem><para>Roaming profile configuration.</para></listitem>
-        <listitem><para>Configuration of system policy handling.</para></listitem>
-        <listitem><para>Installation of the network driver <quote>Client for MS Windows Networks</quote> and configuration
-        to log onto the domain.</para></listitem>
-        <listitem><para>Placing Windows 9x/Me clients in user-level security &smbmdash; if it is desired to allow
-        all client-share access to be controlled according to domain user/group identities.</para></listitem>
-        <listitem><para>Adding and managing domain user accounts.</para></listitem>
-</itemizedlist>
-
 <note><para>
 <indexterm><primary>roaming profiles</primary></indexterm>
@@ -727 +667 @@
 It is rather easy to configure Samba to provide these. Each Samba domain controller must provide the NETLOGON
 service that Samba calls the <smbconfoption name="domain logons"/> functionality (after the name of the
-parameter in the &smb.conf; file). Additionally, one server in a Samba-3 domain must advertise itself as the
+parameter in the &smb.conf; file). Additionally, one server in a Samba domain must advertise itself as the
 domain master browser.<footnote><para>See <link linkend="NetworkBrowsing">Network
 Browsing</link>.</para></footnote> This causes the PDC to claim a domain-specific NetBIOS name that identifies
@@ -755 +695 @@
 <smbconfoption name="workgroup"><replaceable>&example.workgroup;</replaceable></smbconfoption>
 <smbconfoption name="passdb backend">tdbsam</smbconfoption>
-<smbconfoption name="os level">33</smbconfoption>
-<smbconfoption name="preferred master">auto</smbconfoption>
-<smbconfoption name="domain master">yes</smbconfoption>
-<smbconfoption name="local master">yes</smbconfoption>
 <smbconfoption name="security">user</smbconfoption>
 <smbconfoption name="domain logons">yes</smbconfoption>
@@ -810 +746 @@
         <varlistentry><term>Domain Control Parameters </term>
                 <listitem><para>
-                <indexterm><primary>os level</primary></indexterm>
-                <indexterm><primary>preferred master</primary></indexterm>
-                <indexterm><primary>domain master</primary></indexterm>
                 <indexterm><primary>network</primary><secondary>logon</secondary></indexterm>
-                The parameters <emphasis>os level, preferred master, domain master, security, 
-                encrypt passwords</emphasis>, and <emphasis>domain logons</emphasis> play a central role in assuring domain
+                The parameters <emphasis>domain logons</emphasis>
+                parameter is the key parameter indicating domain
                 control and network logon support.
-                </para>
-
-                <para>
-                <indexterm><primary>DMB</primary></indexterm>
-                <indexterm><primary>encryped password</primary></indexterm>
-                The <emphasis>os level</emphasis> must be set at or above a value of 32. A domain controller
-                must be the DMB, must be set in <emphasis>user</emphasis> mode security,
-                must support Microsoft-compatible encrypted passwords, and must provide the network logon
-                service (domain logons). Encrypted passwords must be enabled. For more details on how 
-                to do this, refer to <link linkend="passdb">Account Information Databases</link>.
                 </para></listitem>
         </varlistentry>
@@ -867 +790 @@
                 This share is used to store user desktop profiles. Each user must have a directory at the root
                 of this share. This directory must be write-enabled for the user and must be globally read-enabled.
-                Samba-3 has a VFS module called <quote>fake_permissions</quote> that may be installed on this share. This will
+                Samba has a VFS module called <quote>fake_permissions</quote> that may be installed on this share. This will
                 allow a Samba administrator to make the directory read-only to everyone. Of course this is useful
                 only after the profile has been properly created.
@@ -884 +807 @@
 <smbconfoption name="workgroup">&example.workgroup;</smbconfoption>
 <smbconfoption name="domain logons">Yes</smbconfoption>
-<smbconfoption name="domain master">Yes</smbconfoption>
 <smbconfoption name="security">User</smbconfoption>
 </smbconfblock>
@@ -901 +823 @@
 <para>
 <indexterm><primary>active directory</primary></indexterm>
-Samba-3 is not, and cannot act as, an Active Directory server. It cannot truly function as an Active Directory
-PDC. The protocols for some of the functionality of Active Directory domain controllers has been partially
-implemented on an experimental only basis. Please do not expect Samba-3 to support these protocols. Do not
-depend on any such functionality either now or in the future. The Samba Team may remove these experimental
-features or may change their behavior. This is mentioned for the benefit of those who have discovered secret
-capabilities in Samba-3 and who have asked when this functionality will be completed. The answer is maybe
-someday or maybe never!
+Samba-4 is also available as an Active Directory server. It can truly function as an Active Directory
+PDC. The protocols for some of the functionality of Active Directory
+domain controllers has been implemented.
 </para>
 
@@ -913 +831 @@
 <indexterm><primary>domain controllers</primary></indexterm>
 <indexterm><primary>active directory</primary></indexterm>
-To be sure, Samba-3 is designed to provide most of the functionality that Microsoft Windows NT4-style
-domain controllers have. Samba-3 does not have all the capabilities of Windows NT4, but it does have
-a number of features that Windows NT4 domain controllers do not have. In short, Samba-3 is not NT4 and it
-is not Windows Server 200x: it is not an Active Directory server. We hope this is plain and simple
-enough for all to understand.
+<indexterm><primary>classic domain support</primary></indexterm>
+To be sure, Samba-4 is also designed to provide most of the functionality that Microsoft Windows NT4-style
+domain controllers have. Samba-4 does not have all the capabilities of Windows NT4, but it does have
+a number of features that Windows NT4 domain controllers do not
+have. We call it a <emphasis>classic domain</emphasis> controller for
+this reason, as in short, Samba-4 when acting in this mode is not NT4,
+and the Active Directory Domain Control aspect is a distinct capability.
 </para>
 
@@ -937 +857 @@
 <indexterm><primary>domain logon</primary></indexterm>
 All domain controllers must run the netlogon service (<emphasis>domain logons</emphasis>
-in Samba). One domain controller must be configured with <smbconfoption name="domain master">Yes</smbconfoption>
+in Samba). One domain controller must be configured without the
+<smbconfoption name="domain master"></smbconfoption> parameter
 (the PDC); on all BDCs set the parameter <smbconfoption name="domain master">No</smbconfoption>.
 </para>
@@ -949 +870 @@
 <smbconfsection name="[global]"/>
 <smbconfoption name="domain logons">Yes</smbconfoption>
-<smbconfoption name="domain master">(Yes on PDC, No on BDCs)</smbconfoption>
+<smbconfoption name="domain master">(omit on PDC, No on BDCs)</smbconfoption>
 
 <smbconfsection name="[netlogon]"/>
@@ -961 +882 @@
 </sect3>
 <sect3>
-<title>The Special Case of MS Windows XP Home Edition</title>
-
-<para>
-<indexterm><primary>Windows XP Home edition</primary></indexterm>
-To be completely clear: If you want MS Windows XP Home Edition to integrate with your
+<title>The Special Case of MS Windows Home Editions</title>
+
+<para>
+<indexterm><primary>Windows Home editions</primary></indexterm>
+To be completely clear: If you want MS Windows Home Editions to integrate with your
 MS Windows NT4 or Active Directory domain security, understand it cannot be done.
-The only option is to purchase the upgrade from MS Windows XP Home Edition to
-MS Windows XP Professional.
+The only option is to purchase the upgrade from MS Windows Home Edition to
+a MS Windows Professional edition.
 </para>
 
 <note><para>
-MS Windows XP Home Edition does not have the ability to join any type of domain
-security facility. Unlike MS Windows 9x/Me, MS Windows XP Home Edition also completely
-lacks the ability to log onto a network.
+MS Windows Home Editions do not have the ability to join any type of domain
+security facility. Unlike MS Windows 9x/Me, MS Windows Home Edition
+deliberatly lacks the ability to log onto a network.
 </para></note>
 
@@ -986 +907 @@
 </sect3>
 
-<sect3>
-<title>The Special Case of Windows 9x/Me</title>
-
-<para>
-<indexterm><primary>domain</primary></indexterm>
-<indexterm><primary>workgroup</primary></indexterm>
-<indexterm><primary>authentication</primary></indexterm>
-<indexterm><primary>browsing</primary></indexterm>
-<indexterm><primary>rights</primary></indexterm>
-A domain and a workgroup are exactly the same in terms of network
-browsing. The difference is that a distributable authentication
-database is associated with a domain, for secure login access to a
-network. Also, different access rights can be granted to users if they
-successfully authenticate against a domain logon server. Samba-3 does this
-now in the same way as MS Windows NT/200x.
-</para>
-
-<para>
-<indexterm><primary>browsing</primary></indexterm>
-The SMB client logging on to a domain has an expectation that every other
-server in the domain should accept the same authentication information.
-Network browsing functionality of domains and workgroups is identical and
-is explained in this documentation under the browsing discussions.
-It should be noted that browsing is totally orthogonal to logon support.
-</para>
-
-<para>
-<indexterm><primary>single-logon</primary></indexterm>
-<indexterm><primary>domain logons</primary></indexterm>
-<indexterm><primary>network logon</primary></indexterm>
-Issues related to the single-logon network model are discussed in this
-section. Samba supports domain logons, network logon scripts, and user
-profiles for MS Windows for Workgroups and MS Windows 9x/Me clients,
-which are the focus of this section.
-</para>
-
-<para>
-<indexterm><primary>broadcast request</primary></indexterm>
-When an SMB client in a domain wishes to log on, it broadcasts requests for a logon server. The first one to
-reply gets the job and validates its password using whatever mechanism the Samba administrator has installed.
-It is possible (but ill advised) to create a domain where the user database is not shared between servers;
-that is, they are effectively workgroup servers advertising themselves as participating in a domain. This
-demonstrates how authentication is quite different from but closely involved with domains.
-</para>
-
-<para>
-Using these features, you can make your clients verify their logon via
-the Samba server, make clients run a batch file when they log on to
-the network and download their preferences, desktop, and start menu.
-</para>
-
-<para><emphasis>
-MS Windows XP Home edition is not able to join a domain and does not permit the use of domain logons.
-</emphasis></para>
-
-<para>
-Before launching into the configuration instructions, it is worthwhile to look at how a Windows 9x/Me client
-performs a logon:
-</para>
-
-<orderedlist>
-<listitem>
-        <para>
-        <indexterm><primary>DOMAIN&lt;1C&gt;</primary></indexterm>
-        <indexterm><primary>logon server</primary></indexterm>
-        The client broadcasts (to the IP broadcast address of the subnet it is in)
-        a NetLogon request. This is sent to the NetBIOS name DOMAIN&lt;1C&gt; at the
-        NetBIOS layer. The client chooses the first response it receives, which
-        contains the NetBIOS name of the logon server to use in the format of 
-        <filename>\\SERVER</filename>. The <literal>1C</literal> name is the name
-        type that is registered by domain controllers (SMB/CIFS servers that provide
-        the netlogon service).
-        </para>
-</listitem>
-
-<listitem>
-        <para>
-        <indexterm><primary>IPC$</primary></indexterm>
-        <indexterm><primary>SMBsessetupX</primary></indexterm>
-        <indexterm><primary>SMBtconX</primary></indexterm>
-        The client connects to that server, logs on (does an SMBsessetupX) and
-        then connects to the IPC$ share (using an SMBtconX).
-        </para>
-</listitem>
-
-<listitem>
-        <para>
-        <indexterm><primary>NetWkstaUserLogon</primary></indexterm>
-        The client does a NetWkstaUserLogon request, which retrieves the name
-        of the user's logon script. 
-        </para>
-</listitem>
-
-<listitem>
-        <para>
-        The client then connects to the NetLogon share and searches for said script.    
-        If it is found and can be read, it is retrieved and executed by the client.
-        After this, the client disconnects from the NetLogon share.
-        </para>
-</listitem>
-
-<listitem>
-        <para>
-        <indexterm><primary>NetUserGetInfo</primary></indexterm>
-        <indexterm><primary>profile</primary></indexterm>
-        The client sends a NetUserGetInfo request to the server to retrieve
-        the user's home share, which is used to search for profiles. Since the
-        response to the NetUserGetInfo request does not contain much more than  
-        the user's home share, profiles for Windows 9x clients must reside in the user
-        home directory.
-        </para>
-</listitem>
-
-<listitem>
-        <para>
-        <indexterm><primary>profiles</primary></indexterm>
-        The client connects to the user's home share and searches for the 
-        user's profile. As it turns out, you can specify the user's home share as
-        a share name and path. For example, <filename>\\server\fred\.winprofile</filename>.
-        If the profiles are found, they are implemented.
-        </para>
-</listitem>
-
-<listitem>
-        <para>
-        <indexterm><primary>CONFIG.POL</primary></indexterm>
-        The client then disconnects from the user's home share and reconnects to
-        the NetLogon share and looks for <filename>CONFIG.POL</filename>, the policies file. If this is
-        found, it is read and implemented.
-        </para>
-</listitem>
-</orderedlist>
-
-<para>
-The main difference between a PDC and a Windows 9x/Me logon server configuration is:
-</para>
-
-<itemizedlist>
-<listitem><para>
-        <indexterm><primary>password</primary><secondary>plaintext</secondary></indexterm>
-        <indexterm><primary>plaintext password</primary></indexterm>
-        Password encryption is not required for a Windows 9x/Me logon server. But note
-        that beginning with MS Windows 98 the default setting is that plaintext
-        password support is disabled. It can be re-enabled with the registry
-        changes that are documented in <link linkend="PolicyMgmt">System and Account Policies</link>.
-        </para></listitem>
-
-        <listitem><para>
-        <indexterm><primary>machine trust account</primary></indexterm>
-        Windows 9x/Me clients do not require and do not use Machine Trust Accounts.
-        </para></listitem>
-</itemizedlist>
-
-<para>
-<indexterm><primary>network logon services</primary></indexterm>
-A Samba PDC will act as a Windows 9x/Me logon server; after all, it does provide the
-network logon services that MS Windows 9x/Me expect to find.
-</para>
-
-<note><para>
-<indexterm><primary>sniffer</primary></indexterm>
-Use of plaintext passwords is strongly discouraged. Where used they are easily detected
-using a sniffer tool to examine network traffic.
-</para></note>
-
-</sect3>
 </sect2>
 
@@ -1338 +1093 @@
 that the account name is the machine NetBIOS name with a <quote>$</quote> appended to it (i.e.,
 computer_name$). There must be an entry in both the POSIX UNIX system account backend as well as in the
-SambaSAMAccount backend. The default backend for Samba-3 (i.e., the parameter <parameter>passdb
+SambaSAMAccount backend. The default backend for Samba (i.e., the parameter <parameter>passdb
 backend</parameter> is not specified in the &smb.conf; file, or if specified is set to
 <literal>smbpasswd</literal>, are respectively the <filename>/etc/passwd</filename> and
@@ -1385 +1140 @@
 effect that the domain controller cannot be found; the other claims that the account does not
 exist in the domain or that the password is incorrect. This may be due to incompatible
-settings between the Windows client and the Samba-3 server for <emphasis>schannel</emphasis>
+settings between the Windows client and the Samba server for <emphasis>schannel</emphasis>
 (secure channel) settings or <emphasis>smb signing</emphasis> settings. Check your Samba
 settings for <emphasis>client schannel</emphasis>, <emphasis>server schannel</emphasis>,
@@ -1401 +1156 @@
 
 <para>
-It is important that these be set consistently with the Samba-3 server settings.
+It is important that these be set consistently with the Samba server settings.
 </para>
 

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml

@@ -21 +21 @@
 
 <para>
-<indexterm><primary>account backends</primary></indexterm>
-<indexterm><primary>password backends</primary></indexterm>
-<indexterm><primary>scalability</primary></indexterm>
-<indexterm><primary>ADS</primary></indexterm>
-Early releases of Samba-3 implemented new capability to work concurrently with multiple account backends. This
-capability was removed beginning with release of Samba 3.0.23. Commencing with Samba 3.0.23 it is possible to
-work with only one specified passwd backend.
-</para>
-
-<para>
 <indexterm><primary>passdb backend</primary></indexterm>
 <indexterm><primary>smbpasswd</primary></indexterm>
@@ -68 +58 @@
 <title>Features and Benefits</title>
 
-<para>
-Samba-3 provides for complete backward compatibility with Samba-2.2.x functionality
-as follows:
-<indexterm><primary>SAM backend</primary><secondary>smbpasswd</secondary></indexterm>
-<indexterm><primary>SAM backend</primary><secondary>ldapsam_compat</secondary></indexterm>
-<indexterm><primary>encrypted passwords</primary></indexterm>
-</para>
-
 <sect2>
         <title>Backward Compatibility Account Storage Systems</title>
@@ -121 +103 @@
                 </listitem>
         </varlistentry>
-
-        <varlistentry><term>ldapsam_compat (Samba-2.2 LDAP Compatibility)</term>
-                <listitem>
-                        <para>
-<indexterm><primary>ldapsam_compat</primary></indexterm>
-<indexterm><primary>Samba-2.2.x LDAP schema</primary></indexterm>
-<indexterm><primary>OpenLDAP backend</primary></indexterm>
-                        There is a password backend option that allows continued operation with
-                        an existing OpenLDAP backend that uses the Samba-2.2.x LDAP schema extension.
-                        This option is provided primarily as a migration tool, although there is
-                        no reason to force migration at this time. This tool will eventually
-                        be deprecated.
-                        </para>
-                </listitem>
-        </varlistentry>
 </variablelist>
 
@@ -144 +111 @@
 
 <para>
-Samba-3 introduces a number of new password backend capabilities.
+Samba introduces a number of new password backend capabilities.
 <indexterm><primary>SAM backend</primary><secondary>tdbsam</secondary></indexterm>
 <indexterm><primary>SAM backend</primary><secondary>ldapsam</secondary></indexterm>
@@ -171 +138 @@
                         smbpasswd</emphasis> information plus the extended MS Windows NT/200x
                         SAM information into a binary format TDB (trivial database) file.
-                        The inclusion of the extended information makes it possible for Samba-3
+                        The inclusion of the extended information makes it possible for Samba
                         to implement the same account and system access controls that are possible
                         with MS Windows NT4/200x-based systems.
@@ -203 +170 @@
 <indexterm><primary>schema file</primary></indexterm>
 <indexterm><primary>examples/LDAP</primary></indexterm>
-                        Samba-3 has a new and extended LDAP implementation that requires configuration
+                        Samba has a new and extended LDAP implementation that requires configuration
                         of OpenLDAP with a new format Samba schema. The new format schema file is
                         included in the <filename class="directory">examples/LDAP</filename> directory of the Samba distribution.
@@ -348 +315 @@
                 <note>
                 <para>
-<indexterm><primary>Windows XP Home</primary></indexterm>
+<indexterm><primary>Windows Home edition</primary></indexterm>
 <indexterm><primary>domain member</primary></indexterm>
 <indexterm><primary>domain logons</primary></indexterm>
-                MS Windows XP Home does not have facilities to become a domain member, and it cannot participate in domain logons.
+                MS Windows Home editions do not have facilities to become a domain member, and cannot participate in domain logons.
                 </para>
                 </note>
@@ -362 +329 @@
                         <listitem><para>Windows NT 3.5x.</para></listitem>
                         <listitem><para>Windows NT 4.0.</para></listitem>
-                        <listitem><para>Windows 2000 Professional.</para></listitem>
-                        <listitem><para>Windows 200x Server/Advanced Server.</para></listitem>
-                        <listitem><para>Windows XP Professional.</para></listitem>
+                        <listitem><para>Windows editions labeled Professional.</para></listitem>
+                        <listitem><para>Windows editions labeled Server/Advanced Server.</para></listitem>
                 </itemizedlist>
 
@@ -420 +386 @@
 <indexterm><primary>SMB encryption</primary></indexterm>
                                 Windows NT does not like talking to a server that does not support encrypted passwords. It will refuse to
-                                browse the server if the server is also in user-level security mode. It will insist on prompting the user for
+                                browse the server. It will insist on prompting the user for
                                 the password on each connection, which is very annoying. The only thing you can do to stop this is to use SMB
                                 encryption.
@@ -515 +481 @@
 <indexterm><primary>NFS</primary></indexterm>
 <indexterm><primary>rsync</primary></indexterm>
-        Samba-3 has a special facility that makes it possible to maintain identical UIDs and GIDs
+        Samba has a special facility that makes it possible to maintain identical UIDs and GIDs
         on all servers in a distributed network. A distributed network is one where there exists
         a PDC, one or more BDCs, and/or one or more domain member servers. Why is this important?
@@ -1009 +975 @@
                 in compliance with government laws and regulations is clear to all. The <command>pdbedit</command> is
                 currently the only Samba tool that provides the capacity to manage account and systems access controls
-                and policies. During the remaining life-cycle of the Samba-3 series it is possible the new tools may
+                and policies. During the remaining life-cycle of the Samba series it is possible the new tools may
                 be implemented to aid in this important area.
                 </para>
@@ -1601 +1567 @@
                         <listitem><para>minimum password age = 7 days.</para></listitem>
                         <listitem><para>bad lockout attempt = 8 bad logon attempts.</para></listitem>
-                        <listitem><para>lockout duration = forever, account must be manually reenabled.</para></listitem>
+                        <listitem><para>lockout duration = forever, account must be manually re-enabled.</para></listitem>
                 </orderedlist>
 
@@ -1635 +1601 @@
 Account policies must be set individually on each PDC and BDC. At this time (Samba 3.0.11 to Samba 3.0.14a)
 account policies are not replicated automatically. This may be fixed before Samba 3.0.20 ships or some
-time there after. Please check the WHATSNEW.txt file in the Samba-3 tarball for specific update notiations
+time there after. Please check the WHATSNEW.txt file in the Samba tarball for specific update notiations
 regarding this facility.
 </para></warning>
@@ -1677 +1643 @@
 <sect1>
 <title>Password Backends</title>
-
-<para>
-<indexterm><primary>account database</primary></indexterm>
-<indexterm><primary>SMB/CIFS server</primary></indexterm>
-Samba offers flexibility in backend account database design. The flexibility is immediately obvious as one
-begins to explore this capability. Recent changes to Samba (since 3.0.23) have removed the mulitple backend
-feature in order to simplify problems that broke some installations. This removal has made the internal
-operation of Samba-3 more consistent and predictable.
-</para>
-
-<para>
-<indexterm><primary>multiple backends</primary></indexterm>
-<indexterm><primary>tdbsam databases</primary></indexterm>
-Beginning with Samba 3.0.23 it is no longer possible to specify use of mulitple passdb backends. Earlier
-versions of Samba-3 made it possible to specify multiple password backends, and even multiple
-backends of the same type. The multiple passdb backend capability caused many problems with name to SID and
-SID to name ID resolution.  The Samba team wrestled with the challenges and decided that this feature needed
-to be removed.
-</para>
 
         <sect2>
@@ -2117 +2064 @@
 dc: quenya
 o: Quenya Org Network
-description: The Samba-3 Network LDAP Example
+description: The Samba Network LDAP Example
 
 # Organizational Role for Directory Management
@@ -2194 +2141 @@
 <indexterm><primary>secrets.tdb</primary></indexterm>
                 Before Samba can access the LDAP server, you need to store the LDAP admin password
-                in the Samba-3 <filename>secrets.tdb</filename> database by:
+                in the Samba <filename>secrets.tdb</filename> database by:
 <indexterm><primary>smbpasswd</primary></indexterm>
 <screen>
@@ -2324 +2271 @@
 <indexterm><primary>Domain Groups</primary></indexterm>
 <indexterm><primary>ADS</primary></indexterm>
-                        In Samba-3, the group management system is based on POSIX
+                        In Samba, the group management system is based on POSIX
                         groups. This means that Samba makes use of the posixGroup ObjectClass.
                         For now, there is no NT-like group system management (global and local
-                        groups). Samba-3 knows only about <constant>Domain Groups</constant>
-                        and, unlike MS Windows 2000 and Active Directory, Samba-3 does not
+                        groups). Samba knows only about <constant>Domain Groups</constant>
+                        and, unlike MS Windows 2000 and Active Directory, Samba does not
                         support nested groups.
                         </para>
@@ -2591 +2538 @@
 
                 <para>
-                Samba-3 and later can update the non-Samba (LDAP) password stored with an account. When
+                Samba and later can update the non-Samba (LDAP) password stored with an account. When
                 using pam_ldap, this allows changing both UNIX and Windows passwords at once.
                 </para>
@@ -2659 +2606 @@
 
         </sect2>
-
-        <sect2>
-        <title>Configuration of <parameter>auth methods</parameter></title>
-
-        <para>
-        When explicitly setting an <smbconfoption name="auth methods"/> parameter,
-        <parameter>guest</parameter> must be specified as the first entry on the line &smbmdash;
-        for example, <smbconfoption name="auth methods">guest sam</smbconfoption>.
-        </para>
-
-        </sect2>
-
 </sect1>
 

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Printing.xml

@@ -283 +283 @@
         show add printer wizard = Yes
         os2 driver map =
-        printer admin =
         min print space = 0
         max print jobs = 1000
@@ -405 +404 @@
         show add printer wizard = Yes
         os2 driver map =
-        printer admin =
         min print space = 0
         max print jobs = 1000
@@ -481 +479 @@
 <smbconfoption name="show add printer wizard">yes</smbconfoption>
 <smbconfoption name="printcap name">/etc/printcap</smbconfoption>
-<smbconfoption name="printer admin">@ntadmin, root</smbconfoption>
 <smbconfoption name="max print jobs">100</smbconfoption>
 <smbconfoption name="lpq cache time">20</smbconfoption>
@@ -499 +496 @@
 <smbconfoption name="comment">Printer with Restricted Access</smbconfoption>
 <smbconfoption name="path">/var/spool/samba_my_printer</smbconfoption>
-<smbconfoption name="printer admin">kurt</smbconfoption>
 <smbconfoption name="browseable">yes</smbconfoption>
 <smbconfoption name="printable">yes</smbconfoption>
@@ -569 +565 @@
                 The <smbconfoption name="printing"/> parameter is normally a service-level parameter. Since it is included
                 here in the <smbconfsection name="[global]"/> section, it will take effect for all printer shares that are not
-                defined differently. Samba-3 no longer supports the SOFTQ printing system.
+                defined differently. Samba no longer supports the SOFTQ printing system.
                 </para></caution>
         </listitem></varlistentry>
@@ -625 +621 @@
         </para></listitem></varlistentry>
 
-        <varlistentry><term><smbconfoption name="printer admin">@ntadmin </smbconfoption></term>
-                <listitem><para>
-<indexterm><primary>add drivers</primary></indexterm>
-<indexterm><primary>/etc/group</primary></indexterm>
-<indexterm><primary>printer share</primary></indexterm>
-<indexterm><primary>set printer properties</primary></indexterm>
-                Members of the ntadmin group should be able to add drivers and set printer properties
-                (<constant>ntadmin</constant> is only an example name; it needs to be a valid UNIX group name); root is
-                implicitly always a <smbconfoption name="printer admin"/>. The <literal>@</literal> sign precedes group names
-                in the <filename>/etc/group</filename>. A printer admin can do anything to printers via the remote
-                administration interfaces offered by MS-RPC (see <link linkend="cups-msrpc">Printing Developments Since
-                Samba-2.2</link>).  In larger installations, the <smbconfoption name="printer admin"/> parameter is normally a
-                per-share parameter. This permits different groups to administer each printer share.
-        </para></listitem></varlistentry>
-
         <varlistentry><term><smbconfoption name="lpq cache time">20 </smbconfoption></term>
                 <listitem><para>
@@ -787 +768 @@
                 Sets the spooling area for this printer to a directory other than the default. It is not
                 necessary to set it differently, but the option is available.
-                </para></listitem>
-        </varlistentry>
-
-        <varlistentry><term><smbconfoption name="printer admin">kurt </smbconfoption></term>
-                <listitem><para>
-                The printer admin definition is different for this explicitly defined printer share from the general
-                <smbconfsection name="[printers]"/> share. It is not a requirement; we did it to show that it is possible.
                 </para></listitem>
         </varlistentry>
@@ -1119 +1093 @@
 <indexterm><primary>ADS</primary></indexterm>
 <indexterm><primary>LDAP</primary></indexterm>
-A benefit of updating is that Samba-3 is able to publish its printers to Active Directory (or LDAP).
+A benefit of updating is that Samba is able to publish its printers to Active Directory (or LDAP).
 </para>
 
@@ -1224 +1198 @@
 <indexterm><primary>ACLs</primary></indexterm>
         These parameters, including the <parameter>printer driver file</parameter> parameter,
-        are now removed and cannot be used in installations of Samba-3. The share name
+        are now removed and cannot be used in installations of Samba. The share name
         <smbconfsection name="[print$]"/> is now used for the location of downloadable printer
         drivers. It is taken from the <smbconfsection name="[print$]"/> service created
@@ -1257 +1231 @@
 <smbconfblock>
 <smbconfsection name="[global]"/>
-<smbconfcomment>members of the ntadmin group should be able to add drivers and set</smbconfcomment>
-<smbconfcomment>printer properties. root is implicitly always a 'printer admin'.</smbconfcomment>
-<smbconfoption name="printer admin">@ntadmin</smbconfoption>
 <smbconfcomment>...</smbconfcomment>
 
@@ -1359 +1330 @@
                 update files on the share. Normally, you will want to name only administrative-level user
                 account in this setting. Check the file system permissions to make sure these accounts
-                can copy files to the share. If this is a non-root account, then the account should also
-                be mentioned in the global <smbconfoption name="printer admin"/>
-                parameter. See the &smb.conf; man page for more information on configuring file shares.
+                can copy files to the share.
                 </para></listitem>
         </varlistentry>
@@ -1404 +1373 @@
                 The account used to connect to the Samba host must have a UID of 0 (i.e., a root account).
                 </para></listitem>
-
-                <listitem><para>
-                The account used to connect to the Samba host must be named in the <emphasis>printer admin</emphasis> list.
-                </para></listitem>
         </itemizedlist>
 
@@ -1496 +1461 @@
 Once the APW is started, the procedure is exactly the same as the one you are familiar with in Windows (we
 assume here that you are familiar with the printer driver installations procedure on Windows NT). Make sure
-your connection is, in fact, set up as a user with <smbconfoption name="printer admin"/>
-privileges (if in doubt, use <command>smbstatus</command> to check for this). If you wish to install
+your connection is, in fact, set up as a user with printer administrator privileges
+(if in doubt, use <command>smbstatus</command> to check for this). If you wish to install
 printer drivers for client operating systems other than <application>Windows NT x86</application>,
 you will need to use the <guilabel>Sharing</guilabel> tab of the printer properties dialog.
@@ -1503 +1468 @@
 
 <para>
-Assuming you have connected with an administrative (or root) account (as named by the
-<smbconfoption name="printer admin"/> parameter), you will also be able to modify
+Assuming you have connected with an administrative (or root) account, you will also be able to modify
 other printer properties such as ACLs and default device settings using this dialog. For the default
 device settings, please consider the advice given further in <link linkend="inst-rpc">Installing
@@ -2105 +2069 @@
 
 <para>
-Replace root, if needed, by another valid <smbconfoption name="printer admin"/> user as given in
+Replace root, if needed, by another valid printer administrator user as given in
 the definition. Should you already be connected as a different user, you will get an error message. There
 is no easy way to get rid of that connection, because Windows does not seem to know a concept of logging
@@ -2205 +2169 @@
 
 <para>
-Be aware that a valid device mode can only be initiated by a <smbconfoption name="printer admin"/> or root
+Be aware that a valid device mode can only be initiated by a printer administrator or root
 (the reason should be obvious). Device modes can be correctly set only by executing the printer driver program
 itself. Since Samba cannot execute this Win32 platform driver code, it sets this field initially to NULL
@@ -2316 +2280 @@
 
 <sect2>
-<title>Always Make First Client Connection as root or <quote>printer admin</quote></title>
+<title>Always Make First Client Connection as root or printer administrator</title>
 
 <para>
 After you installed the driver on the Samba server (in its <smbconfsection name="[print$]"/> share), you
 should always make sure that your first client installation completes correctly. Make it a habit for yourself
-to build the very first connection from a client as <smbconfoption name="printer admin"/>. This is to make
+to build the very first connection from a client as a printer administrator"/>. This is to make
 sure that:
 </para>
@@ -2355 +2319 @@
 You will be prompted for <constant>root</constant>'s Samba password; type it, wait a few seconds, click on
 <guibutton>Printing Defaults</guibutton>, and proceed to set the job options that should be used as defaults
-by all clients. Alternatively, instead of root you can name one other member of the <smbconfoption
-name="printer admin"/> from the setting.
+by all clients. Alternatively, instead of root you can give one other member printer adminadministrator
+privileges.
 </para>
 
@@ -2459 +2423 @@
 arrived at with steps C.1 through C.6 will permanently save any settings which will then become the defaults
 for new users. If you want all clients to have the same defaults, you need to conduct these steps as
-administrator (<smbconfoption name="printer admin"/>) before a client downloads the driver (the clients can
+administrator before a client downloads the driver (the clients can
 later set their own per-user defaults by following procedures A or B above). Windows 200x/XP allow per-user
 default settings and the ones the administrator gives them before they set up their own. The parents of the
@@ -2603 +2567 @@
         <listitem><para>
         The connected user is able to successfully execute an <command>OpenPrinterEx(\\server)</command> with
-        administrative privileges (i.e., root or <smbconfoption name="printer admin"/>).
+        administrative privileges (i.e., root or a printer administrator).
         </para>
 
@@ -3194 +3158 @@
         <listitem><para>
         An existing <filename>printers.def</filename> file (the one specified in the now removed parameter
-        <parameter>printer driver file</parameter>) will no longer work with Samba-3. In 3.0, smbd attempts
+        <parameter>printer driver file</parameter>) will no longer work with Samba. In 3.0, smbd attempts
         to locate Windows 9x/Me driver files for the printer in <smbconfsection name="[print$]"/>
         and additional settings in the TDB and only there; if it fails, it will <emphasis>not</emphasis>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Problems.xml

@@ -220 +220 @@
 <itemizedlist>
 
-<listitem><para>See how Scott Merrill simulates a BDC behavior at 
-       <ulink noescape="1" url="http://www.skippy.net/linux/smb-howto.html">
-       http://www.skippy.net/linux/smb-howto.html</ulink>. </para></listitem>
-
 <listitem><para>FTP site for older SMB specs, 
        <ulink noescape="1" url="ftp://ftp.microsoft.com/developr/drg/CIFS/">

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-ProfileMgmt.xml

@@ -1175 +1175 @@
 
 <para>
-With Samba-3, you can have a global profile setting in &smb.conf;, and you can override this by
+With Samba, you can have a global profile setting in &smb.conf;, and you can override this by
 per-user settings using the Domain User Manager (as with MS Windows NT4/200x). </para>
 

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml

@@ -111 +111 @@
 <indexterm><primary>privileges</primary></indexterm>
 <indexterm><primary>manage privileges</primary></indexterm>
-Currently, the rights supported in Samba-3 are listed in <link linkend="rp-privs"/>.
+Currently, the rights supported in Samba are listed in <link linkend="rp-privs"/>.
 The remainder of this chapter explains how to manage and use these privileges on Samba servers.
 </para>
@@ -334 +334 @@
 <indexterm><primary>administrative rights</primary></indexterm>
 <indexterm><primary>printers admin</primary></indexterm>
-                This privilege operates identically to the <smbconfoption name="printer admin"/>
-                option in the &smb.conf; file (see section 5 man page for &smb.conf;)
-                except that it is a global right (not on a per-printer basis). 
-                Eventually the smb.conf option will be deprecated and administrative
-                rights to printers will be controlled exclusively by this right and
-                the security descriptor associated with the printer object in the
-                <filename>ntprinters.tdb</filename> file.
+                Administrative rights to printers are only controlled exclusively
+                by this right and the security descriptor associated with the
+                printer object in the registry.
                 </para></listitem>
         </varlistentry>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml

@@ -65 +65 @@
         <listitem><para>
         <indexterm><primary>domain</primary><secondary>controller</secondary></indexterm>
-        Samba-3 can replace an MS Windows NT4 domain controller.
+        Samba can replace an MS Windows NT4 domain controller.
         </para></listitem>
 
         <listitem><para>
         <indexterm><primary>active directory</primary></indexterm>
-        Samba-3 offers excellent interoperability with MS Windows NT4-style
+        Samba offers excellent interoperability with MS Windows NT4-style
         domains as well as natively with Microsoft Active Directory domains.
         </para></listitem>
@@ -76 +76 @@
         <listitem><para>
         <indexterm><primary>interdomain</primary><secondary>trustrs</secondary></indexterm>
-        Samba-3 permits full NT4-style interdomain trusts.
+        Samba permits full NT4-style interdomain trusts.
         </para></listitem>
 
@@ -89 +89 @@
         <indexterm><primary>account</primary><secondary>database</secondary><tertiary>backends</tertiary></indexterm>
         <indexterm><primary>encrypted</primary></indexterm>
-        Samba-3 permits use of multiple concurrent account database backends.
+        Samba permits use of multiple account database backends.
         (Encrypted passwords that are stored in the account database are in
         formats that are unique to Windows networking).
@@ -97 +97 @@
         <indexterm><primary>replicated</primary></indexterm>
         The account database backends can be distributed
-        and replicated using multiple methods. This gives Samba-3
+        and replicated using multiple methods. This gives Samba
         greater flexibility than MS Windows NT4 and in many cases a
         significantly higher utility than Active Directory domains
@@ -178 +178 @@
 <indexterm><primary>security modes</primary></indexterm>
 <indexterm><primary>user-level</primary></indexterm>
-<indexterm><primary>share-level</primary></indexterm>
-In the SMB/CIFS networking world, there are only two types of security: <emphasis>user-level</emphasis> and
-<emphasis>share level</emphasis>. We refer to these collectively as <emphasis>security levels</emphasis>.  In
-implementing these two security levels, Samba provides flexibilities that are not available with MS Windows
-NT4/200x servers. In fact, Samba implements <emphasis>share-level</emphasis> security only one way, but has
-four ways of implementing <emphasis>user-level</emphasis> security. Collectively, we call the Samba
+Samba has three ways of implementing <emphasis>user-level</emphasis> security. Collectively, we call the Samba
 implementations of the security levels <emphasis>security modes</emphasis>. They are known as
-<emphasis>share</emphasis>, <emphasis>user</emphasis>, <emphasis>domain</emphasis>, <emphasis>ADS</emphasis>,
-and <emphasis>server</emphasis> modes.  They are documented in this chapter.
-</para>
-
-<para>
-An SMB server informs the client, at the time of a session setup, the security level the server is running.
-There are two options: share-level and user-level. Which of these two the client receives affects the way the
-client then tries to authenticate itself. It does not directly affect (to any great extent) the way the Samba
-server does security. This may sound strange, but it fits in with the client/server approach of SMB.  In SMB
-everything is initiated and controlled by the client, and the server can only tell the client what is
-available and whether an action is allowed.
+<emphasis>user</emphasis>, <emphasis>domain</emphasis> and
+<emphasis>ADS</emphasis> modes.  They are documented in this chapter.
 </para>
 
@@ -268 +254 @@
 
 </sect2>
-<sect2>
-<title>Share-Level Security</title>
-
-<para>
-<indexterm><primary>share-level</primary></indexterm>
-<indexterm><primary>mount</primary></indexterm>
-In share-level security, the client authenticates itself separately for each share. It sends a password along
-with each tree connection request (share mount), but it does not explicitly send a username with this
-operation. The client expects a password to be associated with each share, independent of the user. This means
-that Samba has to work out what username the client probably wants to use,
-because the username is not explicitly sent to the SMB server. Some commercial SMB servers such as NT actually associate passwords directly with shares
-in share-level security, but Samba always uses the UNIX authentication scheme where it is a username/password
-pair that is authenticated, not a share/password pair.
-</para>
-
-<para>
-To understand the MS Windows networking parallels, think in terms of MS Windows 9x/Me where you can create a
-shared folder that provides read-only or full access, with or without a password.
-</para>
-
-<para>
-Many clients send a session setup request even if the server is in share-level security. They normally send a valid
-username but no password. Samba records this username in a list of possible usernames. When the client then
-issues a tree connection request, it also adds to this list the name of the share they try to connect to (useful for
-home directories) and any users listed in the <smbconfoption name="user"/> parameter in the &smb.conf; file.
-The password is then checked in turn against these possible usernames. If a match is found, then the client is
-authenticated as that user.
-</para>
-
-<para>
-<indexterm><primary>name service switch</primary><see>NSS</see></indexterm>
-<indexterm><primary>/etc/passwd</primary></indexterm>
-<indexterm><primary>nsswitch.conf</primary></indexterm>
-Where the list of possible user names is not provided, Samba makes a UNIX system call to find the user
-account that has a password that matches the one provided from the standard account database. On a system that
-has no name service switch (NSS) facility, such lookups will be from the <filename>/etc/passwd</filename>
-database. On NSS enabled systems, the lookup will go to the libraries that have been specified in the
-<filename>nsswitch.conf</filename> file. The entries in that file in which the libraries are specified are:
-<screen>
-passwd: files nis ldap
-shadow: files nis ldap
-group: files nis ldap
-</screen>
-<indexterm><primary>/etc/passwd</primary></indexterm>
-<indexterm><primary>/etc/group</primary></indexterm>
-<indexterm><primary>NIS</primary></indexterm>
-In the example shown here (not likely to be used in practice) the lookup will check
-<filename>/etc/passwd</filename> and <filename>/etc/group</filename>, if not found it will check NIS, then
-LDAP.
-</para>
-
-<sect3>
-<title>Example Configuration</title>
-
-<para>
-The &smb.conf; parameter that sets share-level security is:
-</para>
-
-<para><smbconfblock>
-<smbconfoption name="security">share</smbconfoption>
-</smbconfblock></para>
-
-</sect3>
-</sect2>
-
 <sect2>
 <title>Domain Security Mode (User-Level Security)</title>
@@ -419 +340 @@
 
 <procedure>
-        <step><para>On the MS Windows NT domain controller, using
-        the Server Manager, add a machine account for the Samba server.
-        </para></step>
-
         <step><para>On the UNIX/Linux system execute:</para>
         
@@ -428 +345 @@
                 </step>
 </procedure>
-
-<note><para>
-<indexterm><primary>smbpasswd</primary></indexterm>
-Samba-2.2.4 and later Samba 2.2.x series releases can autojoin a Windows NT4-style domain just by executing:
-<screen>
-&rootprompt;<userinput>smbpasswd -j <replaceable>DOMAIN_NAME</replaceable> -r <replaceable>PDC_NAME</replaceable> \
-         -U Administrator%<replaceable>password</replaceable></userinput>
-</screen>
-<indexterm><primary>net</primary><secondary>rpc</secondary><tertiary>join</tertiary></indexterm>
-Samba-3 can do the same by executing:
-<screen>
-&rootprompt;<userinput>net rpc join -U Administrator%<replaceable>password</replaceable></userinput>
-</screen>
-It is not necessary with Samba-3 to specify the <replaceable>DOMAIN_NAME</replaceable> or the
-<replaceable>PDC_NAME</replaceable>, as it figures this out from the &smb.conf; file settings.
-</para></note>
 
 <para>
@@ -482 +383 @@
 <indexterm><primary>ADS</primary></indexterm>
 <indexterm><primary>native mode</primary></indexterm>
-Both Samba-2.2, and Samba-3 can join an Active Directory domain using NT4 style RPC based security.  This is
+Samba can join an Active Directory domain using NT4 style RPC based security.  This is
 possible if the domain is run in native mode. Active Directory in native mode perfectly allows NT4-style
 domain members. This is contrary to popular belief.
@@ -488 +389 @@
 
 <para>
-If you are using Active Directory, starting with Samba-3 you can join as a native AD member. Why would you
+If you are using Active Directory, starting with Samba you can join as a native AD member. Why would you
 want to do that?  Your security policy might prohibit the use of NT-compatible authentication protocols. All
 your machines are running Windows 2000 and above and all use Kerberos. In this case, Samba, as an NT4-style
@@ -523 +424 @@
 Please refer to <link linkend="domain-member">Domain Membership</link>, and <link linkend="ads-member">Samba
 ADS Domain Membership</link> for more information regarding this configuration option.
-</para>
-
-</sect3>
-</sect2>
-
-<sect2>
-<title>Server Security (User Level Security)</title>
-
-<para>
-Server security mode is left over from the time when Samba was not capable of acting
-as a domain member server. It is highly recommended not to use this feature. Server
-security mode has many drawbacks that include:
-</para>
-
-<itemizedlist>
-        <listitem><para>Potential account lockout on MS Windows NT4/200x password servers.</para></listitem>
-        <listitem><para>Lack of assurance that the password server is the one specified.</para></listitem>
-        <listitem><para>Does not work with Winbind, which is particularly needed when storing profiles remotely.</para></listitem>
-        <listitem><para>This mode may open connections to the password server and keep them open for extended periods.</para></listitem>
-        <listitem><para>Security on the Samba server breaks badly when the remote password server suddenly shuts down.</para></listitem>
-        <listitem><para>With this mode there is NO security account in the domain that the password server belongs to for the Samba server.</para></listitem>
-</itemizedlist>
-
-<para>
-<indexterm><primary>session setup</primary></indexterm>
-<indexterm><primary>SMB</primary></indexterm>
-In server security mode the Samba server reports to the client that it is in user-level security. The client
-then does a session setup as described earlier.  The Samba server takes the username/password that the client
-sends and attempts to log into the <smbconfoption name="password server"/> by sending exactly the same
-username/password that it got from the client. If that server is in user-level security and accepts the
-password, then Samba accepts the client's connection. This parameter allows the Samba server to use another
-SMB server as the <smbconfoption name="password server"/>.
-</para>
-
-<para>
-<indexterm><primary>security level</primary></indexterm>
-<indexterm><primary>encryption</primary></indexterm>
-You should also note that at the start of all this, when the server tells the client
-what security level it is in, it also tells the client if it supports encryption. If it
-does, it supplies the client with a random cryptkey. The client will then send all
-passwords in encrypted form. Samba supports this type of encryption by default.
-</para>
-
-<para>
-The parameter <smbconfoption name="security">server</smbconfoption> means that Samba reports to clients that
-it is running in <emphasis>user mode</emphasis> but actually passes off all authentication requests to another
-user mode server. This requires an additional parameter <smbconfoption name="password server"/> that points to
-the real authentication server.  The real authentication server can be another Samba server, or it can be a
-Windows NT server, the latter being natively capable of encrypted password support.
-</para>
-
-<note><para>
-<indexterm><primary>password server</primary></indexterm>
-<indexterm><primary>workgroup</primary></indexterm>
-When Samba is running in <emphasis>server security mode</emphasis>, it is essential that the parameter
-<emphasis>password server</emphasis> is set to the precise NetBIOS machine name of the target authentication
-server. Samba cannot determine this from NetBIOS name lookups because the choice of the target authentication
-server is arbitrary and cannot be determined from a domain name. In essence, a Samba server that is in
-<emphasis>server security mode</emphasis> is operating in what used to be known as workgroup mode.
-</para></note>
-
-<sect3>
-<title>Example Configuration</title>
-<para><emphasis>
-Using MS Windows NT as an Authentication Server
-</emphasis></para>
-
-<para>
-This method involves the additions of the following parameters in the &smb.conf; file:
-</para>
-
-<para><smbconfblock>
-<smbconfoption name="encrypt passwords">Yes</smbconfoption>
-<smbconfoption name="security">server</smbconfoption>
-<smbconfoption name="password server">"NetBIOS_name_of_a_DC"</smbconfoption>
-</smbconfblock></para>
-
-
-<para>
-There are two ways of identifying whether or not a username and password pair is valid.
-One uses the reply information provided as part of the authentication messaging
-process, the other uses just an error code.
-</para>
-
-<para>
-<indexterm><primary>bogus</primary></indexterm>
-<indexterm><primary>lockout</primary></indexterm>
-The downside of this mode of configuration is that for security reasons Samba
-will send the password server a bogus username and a bogus password, and if the remote
-server fails to reject the bogus username and password pair, then an alternative mode of
-identification or validation is used. Where a site uses password lockout, after a
-certain number of failed authentication attempts, this will result in user lockouts.
-</para>
-
-<para>
-Use of this mode of authentication requires a standard UNIX account for the user.
-This account can be blocked to prevent logons by non-SMB/CIFS clients.
 </para>
 
@@ -691 +495 @@
 <?latex \newpage ?>
 <smbconfblock>
-<smbconfoption name="password level"><replaceable>integer</replaceable></smbconfoption>
 <smbconfoption name="username level"><replaceable>integer</replaceable></smbconfoption>
 </smbconfblock>
@@ -706 +509 @@
 However, passwords on UNIX systems often make use of mixed-case characters.  This means that in order for a
 user on a Windows 9x/Me client to connect to a Samba server using clear-text authentication, the
-<smbconfoption name="password level"/> must be set to the maximum number of uppercase letters that
-<emphasis>could</emphasis> appear in a password. Note that if the Server OS uses the traditional DES version
-of crypt(), a <smbconfoption name="password level"/> of 8 will result in case-insensitive passwords as seen
-from Windows users. This will also result in longer login times because Samba has to compute the permutations
-of the password string and try them one by one until a match is located (or all combinations fail).
+password must be in lower case.
 </para>
 
@@ -739 +538 @@
 
 <sect2>
-<title>What Makes Samba a Server?</title>
-
-<para>
-To some, the nature of the Samba security mode is obvious, but entirely
-wrong all the same. It is assumed that <smbconfoption name="security">server</smbconfoption> means that Samba
-will act as a server. Not so! This setting means that Samba will <emphasis>try</emphasis>
-to use another SMB server as its source for user authentication alone.
-</para>
-
-<para>
-Samba is a server regardless of which security mode is chosen. When Samba is used outside of a domain security
-context, it is best to leave the security mode at the default setting. By default Samba-3 uses user-mode
-security.
-</para>
-
-</sect2>
-
-<sect2>
 <title>What Makes Samba a Domain Controller?</title>
 
@@ -779 +560 @@
 </sect2>
 
-
-<sect2>
-<title>Constantly Losing Connections to Password Server</title>
-
-<para><quote>
-Why does server_validate() simply give up rather than re-establish its connection to the
-password server?  Though I am not fluent in the SMB protocol, perhaps the cluster server
-process passes along to its client workstation the session key it receives from the password
-server, which means the password hashes submitted by the client would not work on a subsequent
-connection whose session key would be different. So server_validate() must give up.
-</quote></para>
-
-<para>
-Indeed. That's why <smbconfoption name="security">server</smbconfoption>
-is at best a nasty hack. Please use <smbconfoption name="security">domain</smbconfoption>;
-<smbconfoption name="security">server</smbconfoption> mode is also known as pass-through authentication.
-</para>
-
-</sect2>
-
-<sect2>
-<title>Stand-alone Server is converted to Domain Controller &smbmdash; Now User accounts don't work</title>
-
-<para><quote>
-When I try to log in to the DOMAIN, the eventlog shows <emphasis>tried credentials DOMAIN/username; effective
-credentials SERVER/username</emphasis>
-</quote></para>
-
-<para>
-Usually this is due to a user or machine account being created before the Samba server is configured to be a
-domain controller. Accounts created before the server becomes a domain controller will be
-<emphasis>local</emphasis> accounts and authenticated as what looks like a member in the SERVER domain, much
-like local user accounts in Windows 2000 and later.  Accounts created after the Samba server becomes a domain
-controller will be <emphasis>domain</emphasis> accounts and will be authenticated as a member of the DOMAIN
-domain.
-</para>
-
-<para>
-This can be verified by issuing the command <command>pdbedit -L -v username</command>.  If this reports DOMAIN
-then the account is a domain account, if it reports SERVER then the account is a local account.
-</para>
-
-<para>
-The easiest way to resolve this is to remove and recreate the account; however this may cause problems with
-established user profiles. You can also use <command>pdbedit -u username -I DOMAIN</command>. You may also
-need to change the User SID and Primary Group SID to match the domain.
-</para>
-
-</sect2>
-
 </sect1>
 

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-StandAloneServer.xml

@@ -288 +288 @@
 <smbconfoption name="comment">All Printers</smbconfoption>
 <smbconfoption name="path">/var/spool/samba</smbconfoption>
-<smbconfoption name="printer admin">root</smbconfoption>
 <smbconfoption name="guest ok">Yes</smbconfoption>
 <smbconfoption name="printable">Yes</smbconfoption>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Support.xml

@@ -77 +77 @@
         url="https://lists.samba.org/mailman/">web</ulink> site. The public mailing list that can be used to obtain
         free, user contributed, support is called the <literal>samba</literal> list. The email address for this list
-        is at <literal>mail:samba@samba.org</literal>.  Information regarding the Samba IRC channels may be found on
+        is at <literal>mail:samba@lists.samba.org</literal>.  Information regarding the Samba IRC channels may be found on
         the Samba <ulink url="http://www.samba.org/samba.irc.html">IRC</ulink> web page.
         </para>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-TheNetCommand.xml

@@ -17 +17 @@
 <indexterm><primary>command-line</primary></indexterm>
 <indexterm><primary>scripted control</primary></indexterm>
-The <command>net</command> command is one of the new features of Samba-3 and is an attempt to provide a useful
+The <command>net</command> command is one of the new features of Samba and is an attempt to provide a useful
 tool for the majority of remote management operations necessary for common tasks. The <command>net</command>
 tool is flexible by design and is intended for command-line use as well as for scripted control application.
@@ -38 +38 @@
 
 <para>
-A Samba-3 administrator cannot afford to gloss over this chapter because to do so will almost certainly cause
+A Samba administrator cannot afford to gloss over this chapter because to do so will almost certainly cause
 the infliction of self-induced pain, agony, and desperation. Be warned: this is an important chapter.
 </para>
@@ -52 +52 @@
 <indexterm><primary>DMS</primary></indexterm>
 <indexterm><primary>authentication</primary></indexterm>
-        The tasks that follow the installation of a Samba-3 server, whether standalone or domain member, of a
+        The tasks that follow the installation of a Samba server, whether standalone or domain member, of a
         domain controller (PDC or BDC) begins with the need to create administrative rights. Of course, the
         creation of user and group accounts is essential for both a standalone server and a PDC.
@@ -84 +84 @@
 <indexterm><primary>trust accounts</primary></indexterm>
 <indexterm><primary>net</primary></indexterm>
-        UNIX systems that are hosting a Samba-3 server that is running as a member (PDC, BDC, or DMS) must have
+        UNIX systems that are hosting a Samba server that is running as a member (PDC, BDC, or DMS) must have
         a machine security account in the domain authentication database (or directory). The creation of such
         security (or trust) accounts is also handled using the <command>net</command> command.
@@ -108 +108 @@
 <indexterm><primary>man pages</primary></indexterm>
         The overall picture should be clear now: the <command>net</command> command plays a central role
-        on the Samba-3 stage. This role will continue to be developed. The inclusion of this chapter is
+        on the Samba stage. This role will continue to be developed. The inclusion of this chapter is
         evidence of its importance, one that has grown in complexity to the point that it is no longer considered
         prudent to cover its use fully in the online UNIX man pages.
@@ -166 +166 @@
 <indexterm><primary>local</primary><secondary>groups</secondary></indexterm>
 <indexterm><primary>domain user accounts</primary></indexterm>
-        Samba-3 recognizes two types of groups: <emphasis>domain groups</emphasis> and <emphasis>local
+        Samba recognizes two types of groups: <emphasis>domain groups</emphasis> and <emphasis>local
         groups</emphasis>. Domain groups can contain (have as members) only domain user accounts. Local groups
         can contain local users, domain users, and domain groups as members.
@@ -1070 +1070 @@
 
         <para>
-        A Samba-3 server that is a Windows ADS domain member can execute the following command to detach from the
+        A Samba server that is a Windows ADS domain member can execute the following command to detach from the
         domain:
 <indexterm><primary>net</primary><secondary>ads</secondary><tertiary>leave</tertiary></indexterm>
@@ -1761 +1761 @@
 
         <para>
-        When Samba-3 is used within an MS Windows ADS environment, printers shared via Samba will not be browseable
+        When Samba is used within an MS Windows ADS environment, printers shared via Samba will not be browseable
         until they have been published to the ADS domain. Information regarding published printers may be obtained
         from the ADS server by executing the <command>net ads print info</command> command following this syntax:

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Unicode.xml

@@ -39 +39 @@
 <indexterm><primary>codepages</primary></indexterm>
 Samba-2.x supported a single locale through a mechanism called 
-<emphasis>codepages</emphasis>. Samba-3 is destined to become a truly transglobal
+<emphasis>codepages</emphasis>. Samba is destined to become a truly transglobal
 file- and printer-sharing platform.
 </para>
@@ -422 +422 @@
 
                         <para>
-                        To use CAP encoding on Samba-3, you should use the unix charset parameter and VFS 
+                        To use CAP encoding on Samba, you should use the unix charset parameter and VFS
                         as in <link linkend="vfscap-intl">the VFS CAP smb.conf file</link>.
                         </para>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml

@@ -35 +35 @@
 <indexterm><primary>GNU/Linux</primary></indexterm>
 If not supplied with your platform distribution binary Samba package, you may have problems compiling these
-modules, as shared libraries are compiled and linked in different ways on different systems. They currently
-have been tested against GNU/Linux and IRIX.
+modules, as shared libraries are compiled and linked in different ways on different systems.
 </para>
 
@@ -128 +127 @@
 
         <para>
-        This module allows the default quota values, in the windows explorer GUI, to be stored on a Samba-3 server.
+        This module allows the default quota values, in the windows explorer GUI, to be stored on a Samba server.
         The challenge is that linux filesystems only store quotas for users and groups, but no default quotas.
         </para>
@@ -558 +557 @@
         At the time of this writing, not much testing has been done.  I tested the shadow copy VFS module with a
         specific scenario which was not deployed in a production environment, but more as a proof of concept.  The
-        scenario involved a Samba-3 file server on Debian Sarge with an XFS file system and LVM1.  I do NOT recommend
+        scenario involved a Samba file server on Debian Sarge with an XFS file system and LVM1.  I do NOT recommend
         you use this as a solution without doing your own due diligence with regard to all the components presented
         here.  That said, following is an basic outline of how I got things going.

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml

@@ -590 +590 @@
 <indexterm><primary>winbindd</primary></indexterm>
 <indexterm><primary>daemon</primary></indexterm>
-The latest version of Samba-3 includes a functioning winbindd daemon. Please refer to the <ulink
+The latest version of Samba includes a functioning winbindd daemon. Please refer to the <ulink
 url="http://samba.org/">main Samba Web page</ulink>, or better yet, your closest Samba mirror site for
 instructions on downloading the source code.
@@ -634 +634 @@
 <indexterm><primary>/etc/nsswitch.conf</primary></indexterm>
 PAM is a standard component of most current generation UNIX/Linux systems. Unfortunately, few systems install
-the <filename>pam-devel</filename> libraries that are needed to build PAM-enabled Samba. Additionally, Samba-3
+the <filename>pam-devel</filename> libraries that are needed to build PAM-enabled Samba. Additionally, Samba
 may auto-install the Winbind files into their correct locations on your system, so before you get too far down
 the track, be sure to check if the following configuration is really

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-WindowsClientConfig.xml

@@ -433 +433 @@
 <indexterm><primary>configuration wizard</primary></indexterm>
                 Clicking the <guimenu>Network ID</guimenu> button will launch the configuration wizard. Do not use this with
-                Samba-3. If you wish to change the computer name or join or leave the domain, click the <guimenu>Change</guimenu> button.
+                Samba. If you wish to change the computer name or join or leave the domain, click the <guimenu>Change</guimenu> button.
                 See <link linkend="wxpp004"></link>.
                 <figure id="wxpp004"><title>The Computer Name Panel.</title><imagefile>wxpp004</imagefile></figure>
@@ -464 +464 @@
         <para>
 <indexterm><primary>root</primary></indexterm>
-                Enter the name <quote>root</quote> and the root password from your Samba-3 server. See <link linkend="wxpp008"></link>.
+                Enter the name <quote>root</quote> and the root password from your Samba server. See <link linkend="wxpp008"></link>.
                 <figure id="wxpp008">
                         <title>Computer Name Changes &smbmdash; Username and Password Panel.</title><imagefile>wxpp008</imagefile>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-msdfs.xml

@@ -9 +9 @@
                         <orgname>Samba Team &amp; Veritas Software</orgname>
                         <address>
-                                <email>samba@samba.org</email>
+                                <email>samba@lists.samba.org</email>
                         </address>
                 </affiliation>

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-preface.xml

@@ -27 +27 @@
 This book provides example configurations, it documents key aspects of Microsoft
 Windows networking, provides in-depth insight into the important configuration of
-Samba-3, and helps to put all of these into a useful framework.
+Samba, and helps to put all of these into a useful framework.
 </para>
 

vendor/current/docs-xml/Samba3-HOWTO/index.xml

@@ -162 +162 @@
         <xi:include href="TOSHARG-Backup.xml"/>
         <?latex \cleardoublepage ?>
-        <xi:include href="TOSHARG-HighAvailability.xml"/>
-        <?latex \cleardoublepage ?>
         <xi:include href="TOSHARG-LargeFile.xml"/>
         <?latex \cleardoublepage ?>
@@ -175 +173 @@
 
         <?latex \cleardoublepage ?>
-        <xi:include href="TOSHARG-upgrading-to-3.0.xml"/>
-        <?latex \cleardoublepage ?>
         <xi:include href="TOSHARG-NT4Migration.xml"/>
-        <?latex \cleardoublepage ?>
-        <xi:include href="TOSHARG-SWAT.xml"/>
         <?latex \cleardoublepage ?>
 
@@ -204 +198 @@
         <?latex \cleardoublepage ?>
         <xi:include href="TOSHARG-Compiling.xml"/>
-        <?latex \cleardoublepage ?>
-        <xi:include href="TOSHARG-Portability.xml"/>
-        <?latex \cleardoublepage ?>
-        <xi:include href="TOSHARG-Other-Clients.xml"/>
-        <?latex \cleardoublepage ?>
-        <xi:include href="TOSHARG-Speed.xml"/>
         <?latex \cleardoublepage ?>
         <xi:include href="TOSHARG-SecureLDAP.xml"/>

vendor/current/docs-xml/Samba3-HOWTO/manpages.xml

@@ -8 +8 @@
                 <ulink url="http://www.samba.org/samba/team.html">the Samba Team</ulink>.</para>
 
-        <xi:include href="../manpages-3/eventlogadm.8.xml"/>
-        <xi:include href="../manpages-3/findsmb.1.xml"/>
-        <xi:include href="../manpages-3/idmap_ad.8.xml"/>
-        <xi:include href="../manpages-3/idmap_ldap.8.xml"/>
-        <xi:include href="../manpages-3/idmap_nss.8.xml"/>
-        <xi:include href="../manpages-3/idmap_rid.8.xml"/>
-        <xi:include href="../manpages-3/idmap_tdb.8.xml"/>
-        <xi:include href="../manpages-3/libsmbclient.7.xml"/>
-        <xi:include href="../manpages-3/lmhosts.5.xml"/>
-        <xi:include href="../manpages-3/log2pcap.1.xml"/>
-        <xi:include href="../manpages-3/net.8.xml"/>
-        <xi:include href="../manpages-3/nmbd.8.xml"/>
-        <xi:include href="../manpages-3/nmblookup.1.xml"/>
-        <xi:include href="../manpages-3/ntlm_auth.1.xml"/>
-        <xi:include href="../manpages-3/pam_winbind.8.xml"/>
-        <xi:include href="../manpages-3/pdbedit.8.xml"/>
-        <xi:include href="../manpages-3/profiles.1.xml"/>
-        <xi:include href="../manpages-3/rpcclient.1.xml"/>
-        <xi:include href="../manpages-3/smbcacls.1.xml"/>
-        <xi:include href="../manpages-3/smbclient.1.xml"/>
-        <xi:include href="../manpages-3/smb.conf.5.xml"/>
-        <xi:include href="../manpages-3/smbcontrol.1.xml"/>
-        <xi:include href="../manpages-3/smbcquotas.1.xml"/>
-        <xi:include href="../manpages-3/smbd.8.xml"/>
-        <xi:include href="../manpages-3/smbget.1.xml"/>
-        <xi:include href="../manpages-3/smbgetrc.5.xml"/>
-        <xi:include href="../manpages-3/smbpasswd.5.xml"/>
-        <xi:include href="../manpages-3/smbpasswd.8.xml"/>
-        <xi:include href="../manpages-3/smbsh.1.xml"/>
-        <xi:include href="../manpages-3/smbstatus.1.xml"/>
-        <xi:include href="../manpages-3/smbtar.1.xml"/>
-        <xi:include href="../manpages-3/smbtree.1.xml"/>
-        <xi:include href="../manpages-3/smbumount.8.xml"/>
-        <xi:include href="../manpages-3/swat.8.xml"/>
-        <xi:include href="../manpages-3/tdbbackup.8.xml"/>
-        <xi:include href="../manpages-3/tdbdump.8.xml"/>
-        <xi:include href="../manpages-3/tdbtool.8.xml"/>
-        <xi:include href="../manpages-3/testparm.1.xml"/>
-        <xi:include href="../manpages-3/wbinfo.1.xml"/>
-        <xi:include href="../manpages-3/winbindd.8.xml"/>
-        <xi:include href="../manpages-3/vfs_audit.8.xml"/>
-        <xi:include href="../manpages-3/vfs_cacheprime.8.xml"/>
-        <xi:include href="../manpages-3/vfs_cap.8.xml"/>
-        <xi:include href="../manpages-3/vfs_catia.8.xml"/>
-        <xi:include href="../manpages-3/vfs_commit.8.xml"/>
-        <xi:include href="../manpages-3/vfs_default_quota.8.xml"/>
-        <xi:include href="../manpages-3/vfs_extd_audit.8.xml"/>
-        <xi:include href="../manpages-3/vfs_fake_perms.8.xml"/>
-        <xi:include href="../manpages-3/vfs_full_audit.8.xml"/>
-        <xi:include href="../manpages-3/vfs_gpfs.8.xml"/>
-        <xi:include href="../manpages-3/vfs_netatalk.8.xml"/>
-        <xi:include href="../manpages-3/vfs_notify_fam.8.xml"/>
-        <xi:include href="../manpages-3/vfs_prealloc.8.xml"/>
-        <xi:include href="../manpages-3/vfs_readahead.8.xml"/>
-        <xi:include href="../manpages-3/vfs_readonly.8.xml"/>
-        <xi:include href="../manpages-3/vfs_recycle.8.xml"/>
-        <xi:include href="../manpages-3/vfs_shadow_copy.8.xml"/>
-        <xi:include href="../manpages-3/vfstest.1.xml"/>
-        <xi:include href="../manpages-3/wbinfo.1.xml"/>
-        <xi:include href="../manpages-3/winbindd.8.xml"/>
+        <xi:include href="../manpages/eventlogadm.8.xml"/>
+        <xi:include href="../manpages/findsmb.1.xml"/>
+        <xi:include href="../manpages/idmap_ad.8.xml"/>
+        <xi:include href="../manpages/idmap_ldap.8.xml"/>
+        <xi:include href="../manpages/idmap_nss.8.xml"/>
+        <xi:include href="../manpages/idmap_rid.8.xml"/>
+        <xi:include href="../manpages/idmap_tdb.8.xml"/>
+        <xi:include href="../manpages/libsmbclient.7.xml"/>
+        <xi:include href="../manpages/lmhosts.5.xml"/>
+        <xi:include href="../manpages/log2pcap.1.xml"/>
+        <xi:include href="../manpages/net.8.xml"/>
+        <xi:include href="../manpages/nmbd.8.xml"/>
+        <xi:include href="../manpages/nmblookup.1.xml"/>
+        <xi:include href="../manpages/ntlm_auth.1.xml"/>
+        <xi:include href="../manpages/pam_winbind.8.xml"/>
+        <xi:include href="../manpages/pdbedit.8.xml"/>
+        <xi:include href="../manpages/profiles.1.xml"/>
+        <xi:include href="../manpages/rpcclient.1.xml"/>
+        <xi:include href="../manpages/smbcacls.1.xml"/>
+        <xi:include href="../manpages/smbclient.1.xml"/>
+        <xi:include href="../manpages/smb.conf.5.xml"/>
+        <xi:include href="../manpages/smbcontrol.1.xml"/>
+        <xi:include href="../manpages/smbcquotas.1.xml"/>
+        <xi:include href="../manpages/smbd.8.xml"/>
+        <xi:include href="../manpages/smbget.1.xml"/>
+        <xi:include href="../manpages/smbgetrc.5.xml"/>
+        <xi:include href="../manpages/smbpasswd.5.xml"/>
+        <xi:include href="../manpages/smbpasswd.8.xml"/>
+        <xi:include href="../manpages/smbsh.1.xml"/>
+        <xi:include href="../manpages/smbstatus.1.xml"/>
+        <xi:include href="../manpages/smbtar.1.xml"/>
+        <xi:include href="../manpages/smbtree.1.xml"/>
+        <xi:include href="../manpages/smbumount.8.xml"/>
+        <xi:include href="../manpages/swat.8.xml"/>
+        <xi:include href="../manpages/tdbbackup.8.xml"/>
+        <xi:include href="../manpages/tdbdump.8.xml"/>
+        <xi:include href="../manpages/tdbtool.8.xml"/>
+        <xi:include href="../manpages/testparm.1.xml"/>
+        <xi:include href="../manpages/wbinfo.1.xml"/>
+        <xi:include href="../manpages/winbindd.8.xml"/>
+        <xi:include href="../manpages/vfs_audit.8.xml"/>
+        <xi:include href="../manpages/vfs_cacheprime.8.xml"/>
+        <xi:include href="../manpages/vfs_cap.8.xml"/>
+        <xi:include href="../manpages/vfs_catia.8.xml"/>
+        <xi:include href="../manpages/vfs_commit.8.xml"/>
+        <xi:include href="../manpages/vfs_default_quota.8.xml"/>
+        <xi:include href="../manpages/vfs_extd_audit.8.xml"/>
+        <xi:include href="../manpages/vfs_fake_perms.8.xml"/>
+        <xi:include href="../manpages/vfs_full_audit.8.xml"/>
+        <xi:include href="../manpages/vfs_gpfs.8.xml"/>
+        <xi:include href="../manpages/vfs_netatalk.8.xml"/>
+        <xi:include href="../manpages/vfs_prealloc.8.xml"/>
+        <xi:include href="../manpages/vfs_readahead.8.xml"/>
+        <xi:include href="../manpages/vfs_readonly.8.xml"/>
+        <xi:include href="../manpages/vfs_recycle.8.xml"/>
+        <xi:include href="../manpages/vfs_shadow_copy.8.xml"/>
+        <xi:include href="../manpages/vfstest.1.xml"/>
+        <xi:include href="../manpages/wbinfo.1.xml"/>
+        <xi:include href="../manpages/winbindd.8.xml"/>
 
 </reference>